Analysis
-
max time kernel
150s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
12-06-2024 01:43
General
-
Target
9e983a288cff68d96b789d23f1c7263863e80a5ddcb000b87d06d47a53b7ea12.exe
-
Size
335KB
-
MD5
3451a2b089e7fcdb50fa611f83f14a4f
-
SHA1
92e7fd7827f5174a448251c48eb72c6b30603626
-
SHA256
9e983a288cff68d96b789d23f1c7263863e80a5ddcb000b87d06d47a53b7ea12
-
SHA512
af8e00bd3b707c1e06cf64ee1346e2b446f5335bcf7ed4ffd88b9b05698314768b1d93321c744c9a6f797db43d6e44e99b4cb93686fee7e19c0a0c8c98634b79
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LCgnilBxBqwZK2q6sYTsmZDSFdBE0rXE4efG:n3C9BRo/CEilXBG2qZSlSFdBXExG
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
UPX dump on OEP (original entry point) 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9e983a288cff68d96b789d23f1c7263863e80a5ddcb000b87d06d47a53b7ea12.exe"C:\Users\Admin\AppData\Local\Temp\9e983a288cff68d96b789d23f1c7263863e80a5ddcb000b87d06d47a53b7ea12.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvv.exec:\dpdvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlfxx.exec:\rxrlfxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtthh.exec:\nhtthh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pdvv.exec:\9pdvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tbttt.exec:\1tbttt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjpj.exec:\jpjpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbttb.exec:\nnbttb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdvv.exec:\5vdvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfxrl.exec:\fxxfxrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjj.exec:\dpvjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrfxr.exec:\rlxrfxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbtnn.exec:\1hbtnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlfxr.exec:\rrrlfxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjd.exec:\ddjjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxrlrl.exec:\5xxrlrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnbb.exec:\hbnnbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrfrrl.exec:\ffrfrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttnh.exec:\bnttnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jdvp.exec:\9jdvp.exe23⤵
- Executes dropped EXE
-
\??\c:\lrlfrrl.exec:\lrlfrrl.exe24⤵
- Executes dropped EXE
-
\??\c:\5htnhh.exec:\5htnhh.exe25⤵
- Executes dropped EXE
-
\??\c:\5hnhnn.exec:\5hnhnn.exe26⤵
- Executes dropped EXE
-
\??\c:\dddpd.exec:\dddpd.exe27⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe28⤵
- Executes dropped EXE
-
\??\c:\dvjpj.exec:\dvjpj.exe29⤵
- Executes dropped EXE
-
\??\c:\xrrlllr.exec:\xrrlllr.exe30⤵
- Executes dropped EXE
-
\??\c:\5hbtnn.exec:\5hbtnn.exe31⤵
- Executes dropped EXE
-
\??\c:\jvpjv.exec:\jvpjv.exe32⤵
- Executes dropped EXE
-
\??\c:\xfrlxxr.exec:\xfrlxxr.exe33⤵
- Executes dropped EXE
-
\??\c:\ffxrllf.exec:\ffxrllf.exe34⤵
- Executes dropped EXE
-
\??\c:\hhnnnh.exec:\hhnnnh.exe35⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe36⤵
- Executes dropped EXE
-
\??\c:\fxlfxxr.exec:\fxlfxxr.exe37⤵
- Executes dropped EXE
-
\??\c:\xrffxxx.exec:\xrffxxx.exe38⤵
- Executes dropped EXE
-
\??\c:\thnhbt.exec:\thnhbt.exe39⤵
- Executes dropped EXE
-
\??\c:\vjppd.exec:\vjppd.exe40⤵
- Executes dropped EXE
-
\??\c:\7rlfrll.exec:\7rlfrll.exe41⤵
- Executes dropped EXE
-
\??\c:\hhhhbn.exec:\hhhhbn.exe42⤵
- Executes dropped EXE
-
\??\c:\nbnbbt.exec:\nbnbbt.exe43⤵
- Executes dropped EXE
-
\??\c:\lllfrrr.exec:\lllfrrr.exe44⤵
- Executes dropped EXE
-
\??\c:\httnhh.exec:\httnhh.exe45⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe46⤵
- Executes dropped EXE
-
\??\c:\rllfrrl.exec:\rllfrrl.exe47⤵
- Executes dropped EXE
-
\??\c:\bttnhh.exec:\bttnhh.exe48⤵
- Executes dropped EXE
-
\??\c:\jvdjd.exec:\jvdjd.exe49⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe50⤵
- Executes dropped EXE
-
\??\c:\1flfrrl.exec:\1flfrrl.exe51⤵
- Executes dropped EXE
-
\??\c:\nhbtnn.exec:\nhbtnn.exe52⤵
- Executes dropped EXE
-
\??\c:\btnhtb.exec:\btnhtb.exe53⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe54⤵
- Executes dropped EXE
-
\??\c:\frrrffx.exec:\frrrffx.exe55⤵
- Executes dropped EXE
-
\??\c:\nntnhb.exec:\nntnhb.exe56⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe57⤵
- Executes dropped EXE
-
\??\c:\1dppd.exec:\1dppd.exe58⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe59⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe60⤵
- Executes dropped EXE
-
\??\c:\lxxrffx.exec:\lxxrffx.exe61⤵
- Executes dropped EXE
-
\??\c:\bbhbtt.exec:\bbhbtt.exe62⤵
- Executes dropped EXE
-
\??\c:\nbnhnn.exec:\nbnhnn.exe63⤵
- Executes dropped EXE
-
\??\c:\vvpvp.exec:\vvpvp.exe64⤵
- Executes dropped EXE
-
\??\c:\llrlrlx.exec:\llrlrlx.exe65⤵
- Executes dropped EXE
-
\??\c:\9xrlffx.exec:\9xrlffx.exe66⤵
-
\??\c:\bhnhtt.exec:\bhnhtt.exe67⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe68⤵
-
\??\c:\xrlfrll.exec:\xrlfrll.exe69⤵
-
\??\c:\xrfxrrl.exec:\xrfxrrl.exe70⤵
-
\??\c:\hnbtnn.exec:\hnbtnn.exe71⤵
-
\??\c:\nbhbnn.exec:\nbhbnn.exe72⤵
-
\??\c:\7pddp.exec:\7pddp.exe73⤵
-
\??\c:\rxffrrl.exec:\rxffrrl.exe74⤵
-
\??\c:\frrlxrl.exec:\frrlxrl.exe75⤵
-
\??\c:\tnnbtn.exec:\tnnbtn.exe76⤵
-
\??\c:\1vpjd.exec:\1vpjd.exe77⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe78⤵
-
\??\c:\lfrlfxx.exec:\lfrlfxx.exe79⤵
-
\??\c:\rrxxxxf.exec:\rrxxxxf.exe80⤵
-
\??\c:\hnbhnt.exec:\hnbhnt.exe81⤵
-
\??\c:\3vddv.exec:\3vddv.exe82⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe83⤵
-
\??\c:\bbnntb.exec:\bbnntb.exe84⤵
-
\??\c:\7bbtnh.exec:\7bbtnh.exe85⤵
-
\??\c:\vpddv.exec:\vpddv.exe86⤵
-
\??\c:\pvdpd.exec:\pvdpd.exe87⤵
-
\??\c:\xfrlfrf.exec:\xfrlfrf.exe88⤵
-
\??\c:\5xlffff.exec:\5xlffff.exe89⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe90⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe91⤵
-
\??\c:\5vdvp.exec:\5vdvp.exe92⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe93⤵
-
\??\c:\fflllfx.exec:\fflllfx.exe94⤵
-
\??\c:\1flfxrl.exec:\1flfxrl.exe95⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe96⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe97⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe98⤵
-
\??\c:\xlxxfxr.exec:\xlxxfxr.exe99⤵
-
\??\c:\ntbttn.exec:\ntbttn.exe100⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe101⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe102⤵
-
\??\c:\3hnbtt.exec:\3hnbtt.exe103⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe104⤵
-
\??\c:\frrrfrr.exec:\frrrfrr.exe105⤵
-
\??\c:\7lrlffx.exec:\7lrlffx.exe106⤵
-
\??\c:\tthbbt.exec:\tthbbt.exe107⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe108⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe109⤵
-
\??\c:\xlrxllf.exec:\xlrxllf.exe110⤵
-
\??\c:\xrfxffl.exec:\xrfxffl.exe111⤵
-
\??\c:\hhttbt.exec:\hhttbt.exe112⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe113⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe114⤵
-
\??\c:\lxfxrll.exec:\lxfxrll.exe115⤵
-
\??\c:\xrffrxr.exec:\xrffrxr.exe116⤵
-
\??\c:\tbhbtb.exec:\tbhbtb.exe117⤵
-
\??\c:\pdvpd.exec:\pdvpd.exe118⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe119⤵
-
\??\c:\lxfxxxl.exec:\lxfxxxl.exe120⤵
-
\??\c:\7hnhhh.exec:\7hnhhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-