Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
12-06-2024 06:14
General
-
Target
eafd5d60ee3814d89231114c995ff23a6fbf254e9646dba612bd556842158f30.exe
-
Size
83KB
-
MD5
28bf184021871f69603c2203842cb27f
-
SHA1
74952714a78d9dedcf5038f9e6f6def10fb41d26
-
SHA256
eafd5d60ee3814d89231114c995ff23a6fbf254e9646dba612bd556842158f30
-
SHA512
a4324340e349aea6a0c6764824b2de0d9691436cc1f483fbb93d44b0a31cb5534a16e1a1edcb7201070b295dad8f49367d320948e47ac95d9c4cb1c25d7c2fff
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73yqKH/KjvHo+WdNc:ymb3NkkiQ3mdBjFo73yX+vI+qW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\eafd5d60ee3814d89231114c995ff23a6fbf254e9646dba612bd556842158f30.exe"C:\Users\Admin\AppData\Local\Temp\eafd5d60ee3814d89231114c995ff23a6fbf254e9646dba612bd556842158f30.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxrff.exec:\fffxrff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhtnn.exec:\bhhtnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppdv.exec:\7ppdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjd.exec:\jvpjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrrll.exec:\rffrrll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxlxr.exec:\xxfxlxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nnbtn.exec:\5nnbtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbtn.exec:\tnhbtn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpj.exec:\ddvpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtbn.exec:\ttbtbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjd.exec:\dppjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrlxxr.exec:\5lrlxxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrllff.exec:\llrllff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjv.exec:\ddjjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrxxr.exec:\rxfrxxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxrlf.exec:\xrrxrlf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrlfr.exec:\rxxrlfr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbtt.exec:\bthbtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjdv.exec:\9pjdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrfrlf.exec:\9rrfrlf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ffxllx.exec:\7ffxllx.exe23⤵
- Executes dropped EXE
-
\??\c:\hhnbtn.exec:\hhnbtn.exe24⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe25⤵
- Executes dropped EXE
-
\??\c:\1fxrrxx.exec:\1fxrrxx.exe26⤵
- Executes dropped EXE
-
\??\c:\lrrlfff.exec:\lrrlfff.exe27⤵
- Executes dropped EXE
-
\??\c:\7lrlffx.exec:\7lrlffx.exe28⤵
- Executes dropped EXE
-
\??\c:\httnnh.exec:\httnnh.exe29⤵
- Executes dropped EXE
-
\??\c:\dvvvv.exec:\dvvvv.exe30⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe31⤵
- Executes dropped EXE
-
\??\c:\lxfrrrx.exec:\lxfrrrx.exe32⤵
- Executes dropped EXE
-
\??\c:\1htntt.exec:\1htntt.exe33⤵
- Executes dropped EXE
-
\??\c:\3nbttt.exec:\3nbttt.exe34⤵
- Executes dropped EXE
-
\??\c:\9jjpj.exec:\9jjpj.exe35⤵
- Executes dropped EXE
-
\??\c:\1xffrll.exec:\1xffrll.exe36⤵
- Executes dropped EXE
-
\??\c:\frxrlll.exec:\frxrlll.exe37⤵
- Executes dropped EXE
-
\??\c:\1nntnn.exec:\1nntnn.exe38⤵
- Executes dropped EXE
-
\??\c:\tnnhbh.exec:\tnnhbh.exe39⤵
- Executes dropped EXE
-
\??\c:\pjvdd.exec:\pjvdd.exe40⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe41⤵
- Executes dropped EXE
-
\??\c:\3fxrffr.exec:\3fxrffr.exe42⤵
- Executes dropped EXE
-
\??\c:\rrrlllf.exec:\rrrlllf.exe43⤵
- Executes dropped EXE
-
\??\c:\7nnnhn.exec:\7nnnhn.exe44⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe45⤵
- Executes dropped EXE
-
\??\c:\vvjjd.exec:\vvjjd.exe46⤵
- Executes dropped EXE
-
\??\c:\xllfxrl.exec:\xllfxrl.exe47⤵
- Executes dropped EXE
-
\??\c:\rffxrrr.exec:\rffxrrr.exe48⤵
- Executes dropped EXE
-
\??\c:\btbbtb.exec:\btbbtb.exe49⤵
- Executes dropped EXE
-
\??\c:\tbhbtt.exec:\tbhbtt.exe50⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe51⤵
- Executes dropped EXE
-
\??\c:\jpddv.exec:\jpddv.exe52⤵
- Executes dropped EXE
-
\??\c:\xlrlfxr.exec:\xlrlfxr.exe53⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe55⤵
- Executes dropped EXE
-
\??\c:\9vvdj.exec:\9vvdj.exe56⤵
- Executes dropped EXE
-
\??\c:\frlllrl.exec:\frlllrl.exe57⤵
- Executes dropped EXE
-
\??\c:\lxfxllf.exec:\lxfxllf.exe58⤵
- Executes dropped EXE
-
\??\c:\3bbbbb.exec:\3bbbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe60⤵
- Executes dropped EXE
-
\??\c:\ppdvp.exec:\ppdvp.exe61⤵
- Executes dropped EXE
-
\??\c:\frxrfff.exec:\frxrfff.exe62⤵
- Executes dropped EXE
-
\??\c:\7rffxff.exec:\7rffxff.exe63⤵
- Executes dropped EXE
-
\??\c:\nbthhh.exec:\nbthhh.exe64⤵
- Executes dropped EXE
-
\??\c:\vvdjd.exec:\vvdjd.exe65⤵
- Executes dropped EXE
-
\??\c:\vdjdp.exec:\vdjdp.exe66⤵
-
\??\c:\lrlflfx.exec:\lrlflfx.exe67⤵
-
\??\c:\thbthb.exec:\thbthb.exe68⤵
-
\??\c:\tnnbtt.exec:\tnnbtt.exe69⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe70⤵
-
\??\c:\frlxrlx.exec:\frlxrlx.exe71⤵
-
\??\c:\5rrxllr.exec:\5rrxllr.exe72⤵
-
\??\c:\1nnttt.exec:\1nnttt.exe73⤵
-
\??\c:\vppjv.exec:\vppjv.exe74⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe75⤵
-
\??\c:\xllfrrl.exec:\xllfrrl.exe76⤵
-
\??\c:\hbhbnn.exec:\hbhbnn.exe77⤵
-
\??\c:\hbhtnn.exec:\hbhtnn.exe78⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe79⤵
-
\??\c:\xllfrrl.exec:\xllfrrl.exe80⤵
-
\??\c:\xxllllf.exec:\xxllllf.exe81⤵
-
\??\c:\3dppv.exec:\3dppv.exe82⤵
-
\??\c:\1jpjv.exec:\1jpjv.exe83⤵
-
\??\c:\xrxrrlf.exec:\xrxrrlf.exe84⤵
-
\??\c:\1tnnhb.exec:\1tnnhb.exe85⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe86⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe87⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe88⤵
-
\??\c:\fxrlxfx.exec:\fxrlxfx.exe89⤵
-
\??\c:\bhbtnn.exec:\bhbtnn.exe90⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe91⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe92⤵
-
\??\c:\fxffflf.exec:\fxffflf.exe93⤵
-
\??\c:\fflfllr.exec:\fflfllr.exe94⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe95⤵
-
\??\c:\dppjd.exec:\dppjd.exe96⤵
-
\??\c:\pjppd.exec:\pjppd.exe97⤵
-
\??\c:\rlxlrrr.exec:\rlxlrrr.exe98⤵
-
\??\c:\fflllll.exec:\fflllll.exe99⤵
-
\??\c:\bhhnnh.exec:\bhhnnh.exe100⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe101⤵
-
\??\c:\jppjv.exec:\jppjv.exe102⤵
-
\??\c:\3ffxrlf.exec:\3ffxrlf.exe103⤵
-
\??\c:\hbhhtt.exec:\hbhhtt.exe104⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe105⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe106⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe107⤵
-
\??\c:\9frlffx.exec:\9frlffx.exe108⤵
-
\??\c:\rxffxrl.exec:\rxffxrl.exe109⤵
-
\??\c:\tntbtt.exec:\tntbtt.exe110⤵
-
\??\c:\9vvvp.exec:\9vvvp.exe111⤵
-
\??\c:\7ddvj.exec:\7ddvj.exe112⤵
-
\??\c:\5lrfxrr.exec:\5lrfxrr.exe113⤵
-
\??\c:\lffxxrr.exec:\lffxxrr.exe114⤵
-
\??\c:\7hbbtn.exec:\7hbbtn.exe115⤵
-
\??\c:\1ntnbb.exec:\1ntnbb.exe116⤵
-
\??\c:\vppjv.exec:\vppjv.exe117⤵
-
\??\c:\frfxrlf.exec:\frfxrlf.exe118⤵
-
\??\c:\fxrxxxr.exec:\fxrxxxr.exe119⤵
-
\??\c:\bttnnh.exec:\bttnnh.exe120⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-