Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
12/06/2024, 01:43
General
-
Target
9e983a288cff68d96b789d23f1c7263863e80a5ddcb000b87d06d47a53b7ea12.exe
-
Size
335KB
-
MD5
3451a2b089e7fcdb50fa611f83f14a4f
-
SHA1
92e7fd7827f5174a448251c48eb72c6b30603626
-
SHA256
9e983a288cff68d96b789d23f1c7263863e80a5ddcb000b87d06d47a53b7ea12
-
SHA512
af8e00bd3b707c1e06cf64ee1346e2b446f5335bcf7ed4ffd88b9b05698314768b1d93321c744c9a6f797db43d6e44e99b4cb93686fee7e19c0a0c8c98634b79
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LCgnilBxBqwZK2q6sYTsmZDSFdBE0rXE4efG:n3C9BRo/CEilXBG2qZSlSFdBXExG
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9e983a288cff68d96b789d23f1c7263863e80a5ddcb000b87d06d47a53b7ea12.exe"C:\Users\Admin\AppData\Local\Temp\9e983a288cff68d96b789d23f1c7263863e80a5ddcb000b87d06d47a53b7ea12.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbbn.exec:\tntbbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjddj.exec:\vjddj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fllxxf.exec:\9fllxxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffffl.exec:\rfffffl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvj.exec:\dvpvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjv.exec:\jdjjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxlfl.exec:\frxxlfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhtb.exec:\hbbhtb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjpp.exec:\jdjpp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrffr.exec:\llfrffr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtbt.exec:\hbbtbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbnnt.exec:\5bbnnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppd.exec:\pdppd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxrrl.exec:\xxrxrrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxxxf.exec:\xxrxxxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbth.exec:\nnnbth.exe17⤵
- Executes dropped EXE
-
\??\c:\7vdjj.exec:\7vdjj.exe18⤵
- Executes dropped EXE
-
\??\c:\rlfxrlx.exec:\rlfxrlx.exe19⤵
- Executes dropped EXE
-
\??\c:\7rrfrrx.exec:\7rrfrrx.exe20⤵
- Executes dropped EXE
-
\??\c:\5ntbnt.exec:\5ntbnt.exe21⤵
- Executes dropped EXE
-
\??\c:\7jvpv.exec:\7jvpv.exe22⤵
- Executes dropped EXE
-
\??\c:\9fllffl.exec:\9fllffl.exe23⤵
- Executes dropped EXE
-
\??\c:\hthbbh.exec:\hthbbh.exe24⤵
- Executes dropped EXE
-
\??\c:\jvvdd.exec:\jvvdd.exe25⤵
- Executes dropped EXE
-
\??\c:\lfrrxxx.exec:\lfrrxxx.exe26⤵
- Executes dropped EXE
-
\??\c:\lfrrflr.exec:\lfrrflr.exe27⤵
- Executes dropped EXE
-
\??\c:\nbntbh.exec:\nbntbh.exe28⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe29⤵
- Executes dropped EXE
-
\??\c:\xxrxflx.exec:\xxrxflx.exe30⤵
- Executes dropped EXE
-
\??\c:\tntbbb.exec:\tntbbb.exe31⤵
- Executes dropped EXE
-
\??\c:\1bttbn.exec:\1bttbn.exe32⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe33⤵
- Executes dropped EXE
-
\??\c:\rfllfxx.exec:\rfllfxx.exe34⤵
- Executes dropped EXE
-
\??\c:\7frlllr.exec:\7frlllr.exe35⤵
- Executes dropped EXE
-
\??\c:\3nbbnt.exec:\3nbbnt.exe36⤵
- Executes dropped EXE
-
\??\c:\nhtbnt.exec:\nhtbnt.exe37⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe38⤵
- Executes dropped EXE
-
\??\c:\lxlrxrf.exec:\lxlrxrf.exe39⤵
- Executes dropped EXE
-
\??\c:\1bhnnt.exec:\1bhnnt.exe40⤵
- Executes dropped EXE
-
\??\c:\nhntbh.exec:\nhntbh.exe41⤵
- Executes dropped EXE
-
\??\c:\vdvdd.exec:\vdvdd.exe42⤵
- Executes dropped EXE
-
\??\c:\9dvvv.exec:\9dvvv.exe43⤵
- Executes dropped EXE
-
\??\c:\lfxlxfr.exec:\lfxlxfr.exe44⤵
- Executes dropped EXE
-
\??\c:\7ffrxfl.exec:\7ffrxfl.exe45⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe46⤵
- Executes dropped EXE
-
\??\c:\bththt.exec:\bththt.exe47⤵
- Executes dropped EXE
-
\??\c:\9jpvv.exec:\9jpvv.exe48⤵
- Executes dropped EXE
-
\??\c:\jvdjj.exec:\jvdjj.exe49⤵
- Executes dropped EXE
-
\??\c:\lrxxfff.exec:\lrxxfff.exe50⤵
- Executes dropped EXE
-
\??\c:\5ttbhh.exec:\5ttbhh.exe51⤵
- Executes dropped EXE
-
\??\c:\nbnbhh.exec:\nbnbhh.exe52⤵
- Executes dropped EXE
-
\??\c:\1btbhn.exec:\1btbhn.exe53⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe54⤵
- Executes dropped EXE
-
\??\c:\xlrlfxf.exec:\xlrlfxf.exe55⤵
- Executes dropped EXE
-
\??\c:\9xllrxf.exec:\9xllrxf.exe56⤵
- Executes dropped EXE
-
\??\c:\5thnhn.exec:\5thnhn.exe57⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe58⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe59⤵
- Executes dropped EXE
-
\??\c:\ffrfrxf.exec:\ffrfrxf.exe60⤵
- Executes dropped EXE
-
\??\c:\xxrxxrf.exec:\xxrxxrf.exe61⤵
- Executes dropped EXE
-
\??\c:\tbhhnh.exec:\tbhhnh.exe62⤵
- Executes dropped EXE
-
\??\c:\hhtbhn.exec:\hhtbhn.exe63⤵
- Executes dropped EXE
-
\??\c:\vvjjj.exec:\vvjjj.exe64⤵
- Executes dropped EXE
-
\??\c:\9jjdj.exec:\9jjdj.exe65⤵
- Executes dropped EXE
-
\??\c:\rfxrxlf.exec:\rfxrxlf.exe66⤵
-
\??\c:\frxrxlx.exec:\frxrxlx.exe67⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe68⤵
-
\??\c:\7hhntt.exec:\7hhntt.exe69⤵
-
\??\c:\dvppd.exec:\dvppd.exe70⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe71⤵
-
\??\c:\xrlrllr.exec:\xrlrllr.exe72⤵
-
\??\c:\lflfrrf.exec:\lflfrrf.exe73⤵
-
\??\c:\hhbhbt.exec:\hhbhbt.exe74⤵
-
\??\c:\1nhntn.exec:\1nhntn.exe75⤵
-
\??\c:\1jpvj.exec:\1jpvj.exe76⤵
-
\??\c:\pjppv.exec:\pjppv.exe77⤵
-
\??\c:\fxlllrx.exec:\fxlllrx.exe78⤵
-
\??\c:\xrfxxxf.exec:\xrfxxxf.exe79⤵
-
\??\c:\rfrrfxl.exec:\rfrrfxl.exe80⤵
-
\??\c:\bntttt.exec:\bntttt.exe81⤵
-
\??\c:\1nhhtn.exec:\1nhhtn.exe82⤵
-
\??\c:\ddddd.exec:\ddddd.exe83⤵
-
\??\c:\ddddj.exec:\ddddj.exe84⤵
-
\??\c:\xlffrrx.exec:\xlffrrx.exe85⤵
-
\??\c:\lfxrxrf.exec:\lfxrxrf.exe86⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe87⤵
-
\??\c:\thtnnn.exec:\thtnnn.exe88⤵
-
\??\c:\pjddj.exec:\pjddj.exe89⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe90⤵
-
\??\c:\jjddp.exec:\jjddp.exe91⤵
-
\??\c:\lxlrflx.exec:\lxlrflx.exe92⤵
-
\??\c:\1lxxffr.exec:\1lxxffr.exe93⤵
-
\??\c:\bnhhnb.exec:\bnhhnb.exe94⤵
-
\??\c:\3bhnhn.exec:\3bhnhn.exe95⤵
-
\??\c:\5jddd.exec:\5jddd.exe96⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe97⤵
-
\??\c:\3lllrff.exec:\3lllrff.exe98⤵
-
\??\c:\fxrxrrf.exec:\fxrxrrf.exe99⤵
-
\??\c:\fxrxfxl.exec:\fxrxfxl.exe100⤵
-
\??\c:\9htbhn.exec:\9htbhn.exe101⤵
-
\??\c:\tnnnnt.exec:\tnnnnt.exe102⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe103⤵
-
\??\c:\pjddj.exec:\pjddj.exe104⤵
-
\??\c:\5rlxxlx.exec:\5rlxxlx.exe105⤵
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe106⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe107⤵
-
\??\c:\thnbth.exec:\thnbth.exe108⤵
-
\??\c:\3vddd.exec:\3vddd.exe109⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe110⤵
-
\??\c:\rrflllr.exec:\rrflllr.exe111⤵
-
\??\c:\fxlfllr.exec:\fxlfllr.exe112⤵
-
\??\c:\xrflllr.exec:\xrflllr.exe113⤵
-
\??\c:\9bbtbb.exec:\9bbtbb.exe114⤵
-
\??\c:\hbtbnn.exec:\hbtbnn.exe115⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe116⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe117⤵
-
\??\c:\frfxflr.exec:\frfxflr.exe118⤵
-
\??\c:\lxlrxxf.exec:\lxlrxxf.exe119⤵
-
\??\c:\xrflxxf.exec:\xrflxxf.exe120⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-