Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
14/06/2024, 18:49
General
-
Target
10fa6a3c879539dc8e7f6ca6fc758313752d13b306f8d131f958e7d6f1255c69.exe
-
Size
61KB
-
MD5
7c1651b6adf4912bdc3760c129c79a1c
-
SHA1
1e3ab0acec576f8fbe4cd35a1d6c46dd9597234f
-
SHA256
10fa6a3c879539dc8e7f6ca6fc758313752d13b306f8d131f958e7d6f1255c69
-
SHA512
b58b96bbd23291b32ced209c8b6dbfaf49c647fa66ba95793420e7009cd62ceb5d4ace68aee5aca083de27335921b86e79fbf9d058fbb59001e4602538818d5b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27r:ymb3NkkiQ3mdBjFI9a
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 32 IoCs
-
UPX dump on OEP (original entry point) 32 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\10fa6a3c879539dc8e7f6ca6fc758313752d13b306f8d131f958e7d6f1255c69.exe"C:\Users\Admin\AppData\Local\Temp\10fa6a3c879539dc8e7f6ca6fc758313752d13b306f8d131f958e7d6f1255c69.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpj.exec:\pvvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflxxl.exec:\llflxxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbtbt.exec:\3tbtbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbtnh.exec:\5tbtnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvp.exec:\jvdvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjd.exec:\dvjjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxllf.exec:\xlfxllf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbtn.exec:\hhhbtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvp.exec:\vddvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrlfx.exec:\rrxrlfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ffrfxr.exec:\1ffrfxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhbt.exec:\bnhhbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpv.exec:\pjvpv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ffxrfx.exec:\1ffxrfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnhbt.exec:\9nnhbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpv.exec:\vpdpv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrfrlf.exec:\lxrfrlf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbtn.exec:\bhhbtn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhnn.exec:\bnnhnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvv.exec:\pjpvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthbb.exec:\ttthbb.exe23⤵
- Executes dropped EXE
-
\??\c:\tthbhb.exec:\tthbhb.exe24⤵
- Executes dropped EXE
-
\??\c:\1rxlfxf.exec:\1rxlfxf.exe25⤵
- Executes dropped EXE
-
\??\c:\rrrrlfr.exec:\rrrrlfr.exe26⤵
- Executes dropped EXE
-
\??\c:\tnnhtt.exec:\tnnhtt.exe27⤵
- Executes dropped EXE
-
\??\c:\jvdvj.exec:\jvdvj.exe28⤵
- Executes dropped EXE
-
\??\c:\1flxlxl.exec:\1flxlxl.exe29⤵
- Executes dropped EXE
-
\??\c:\bnnhbb.exec:\bnnhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\ntthtb.exec:\ntthtb.exe31⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe32⤵
- Executes dropped EXE
-
\??\c:\9rlxlfx.exec:\9rlxlfx.exe33⤵
- Executes dropped EXE
-
\??\c:\5xrlxxr.exec:\5xrlxxr.exe34⤵
- Executes dropped EXE
-
\??\c:\hbtnbt.exec:\hbtnbt.exe35⤵
- Executes dropped EXE
-
\??\c:\1vppj.exec:\1vppj.exe36⤵
- Executes dropped EXE
-
\??\c:\dpjvp.exec:\dpjvp.exe37⤵
- Executes dropped EXE
-
\??\c:\lfffxxx.exec:\lfffxxx.exe38⤵
- Executes dropped EXE
-
\??\c:\rrrfxxr.exec:\rrrfxxr.exe39⤵
- Executes dropped EXE
-
\??\c:\hntbtt.exec:\hntbtt.exe40⤵
- Executes dropped EXE
-
\??\c:\nhhbnn.exec:\nhhbnn.exe41⤵
- Executes dropped EXE
-
\??\c:\vpvjj.exec:\vpvjj.exe42⤵
- Executes dropped EXE
-
\??\c:\vjdpj.exec:\vjdpj.exe43⤵
- Executes dropped EXE
-
\??\c:\fxlffxr.exec:\fxlffxr.exe44⤵
- Executes dropped EXE
-
\??\c:\rlllfxr.exec:\rlllfxr.exe45⤵
- Executes dropped EXE
-
\??\c:\bbnnbb.exec:\bbnnbb.exe46⤵
- Executes dropped EXE
-
\??\c:\tnbthh.exec:\tnbthh.exe47⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe48⤵
- Executes dropped EXE
-
\??\c:\pvvpd.exec:\pvvpd.exe49⤵
- Executes dropped EXE
-
\??\c:\rllrrlr.exec:\rllrrlr.exe50⤵
- Executes dropped EXE
-
\??\c:\lfrlfxx.exec:\lfrlfxx.exe51⤵
- Executes dropped EXE
-
\??\c:\nbbbtn.exec:\nbbbtn.exe52⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe53⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe54⤵
- Executes dropped EXE
-
\??\c:\jjjdj.exec:\jjjdj.exe55⤵
- Executes dropped EXE
-
\??\c:\frfrlfl.exec:\frfrlfl.exe56⤵
- Executes dropped EXE
-
\??\c:\3ttnbt.exec:\3ttnbt.exe57⤵
- Executes dropped EXE
-
\??\c:\bnnhtn.exec:\bnnhtn.exe58⤵
- Executes dropped EXE
-
\??\c:\hhnbhb.exec:\hhnbhb.exe59⤵
- Executes dropped EXE
-
\??\c:\vdvpd.exec:\vdvpd.exe60⤵
- Executes dropped EXE
-
\??\c:\xrlfllf.exec:\xrlfllf.exe61⤵
- Executes dropped EXE
-
\??\c:\rffrfxl.exec:\rffrfxl.exe62⤵
- Executes dropped EXE
-
\??\c:\7bbtth.exec:\7bbtth.exe63⤵
- Executes dropped EXE
-
\??\c:\hbtnbt.exec:\hbtnbt.exe64⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe65⤵
- Executes dropped EXE
-
\??\c:\fxlfxrl.exec:\fxlfxrl.exe66⤵
-
\??\c:\rfxrlfx.exec:\rfxrlfx.exe67⤵
-
\??\c:\ntnhbt.exec:\ntnhbt.exe68⤵
-
\??\c:\tnnbnn.exec:\tnnbnn.exe69⤵
-
\??\c:\9dvpd.exec:\9dvpd.exe70⤵
-
\??\c:\jvvjp.exec:\jvvjp.exe71⤵
-
\??\c:\xfxrxrl.exec:\xfxrxrl.exe72⤵
-
\??\c:\frrlxrl.exec:\frrlxrl.exe73⤵
-
\??\c:\5tbthb.exec:\5tbthb.exe74⤵
-
\??\c:\bnnhnn.exec:\bnnhnn.exe75⤵
-
\??\c:\vdppj.exec:\vdppj.exe76⤵
-
\??\c:\pjddv.exec:\pjddv.exe77⤵
-
\??\c:\fflfxxf.exec:\fflfxxf.exe78⤵
-
\??\c:\ntbbtb.exec:\ntbbtb.exe79⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe80⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe81⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe82⤵
-
\??\c:\rrrlxrl.exec:\rrrlxrl.exe83⤵
-
\??\c:\7jdvp.exec:\7jdvp.exe84⤵
-
\??\c:\1pjvj.exec:\1pjvj.exe85⤵
-
\??\c:\7lrlrrf.exec:\7lrlrrf.exe86⤵
-
\??\c:\nhhnht.exec:\nhhnht.exe87⤵
-
\??\c:\thtnnh.exec:\thtnnh.exe88⤵
-
\??\c:\jpdvj.exec:\jpdvj.exe89⤵
-
\??\c:\pjpdd.exec:\pjpdd.exe90⤵
-
\??\c:\9rrlxrl.exec:\9rrlxrl.exe91⤵
-
\??\c:\htnhtt.exec:\htnhtt.exe92⤵
-
\??\c:\5vjdj.exec:\5vjdj.exe93⤵
-
\??\c:\5vvpd.exec:\5vvpd.exe94⤵
-
\??\c:\xxfrfxr.exec:\xxfrfxr.exe95⤵
-
\??\c:\3fxlfrr.exec:\3fxlfrr.exe96⤵
-
\??\c:\nbtbnt.exec:\nbtbnt.exe97⤵
-
\??\c:\7hhbnn.exec:\7hhbnn.exe98⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe99⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe100⤵
-
\??\c:\llxlffx.exec:\llxlffx.exe101⤵
-
\??\c:\7nhbtt.exec:\7nhbtt.exe102⤵
-
\??\c:\bbtnbt.exec:\bbtnbt.exe103⤵
-
\??\c:\dppjv.exec:\dppjv.exe104⤵
-
\??\c:\pvdpp.exec:\pvdpp.exe105⤵
-
\??\c:\lrlfrlf.exec:\lrlfrlf.exe106⤵
-
\??\c:\xfxrfrl.exec:\xfxrfrl.exe107⤵
-
\??\c:\3btnbt.exec:\3btnbt.exe108⤵
-
\??\c:\nbbtbb.exec:\nbbtbb.exe109⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe110⤵
-
\??\c:\jvddp.exec:\jvddp.exe111⤵
-
\??\c:\lffrflf.exec:\lffrflf.exe112⤵
-
\??\c:\rrrrxxr.exec:\rrrrxxr.exe113⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe114⤵
-
\??\c:\9htbtn.exec:\9htbtn.exe115⤵
-
\??\c:\djpdd.exec:\djpdd.exe116⤵
-
\??\c:\xrlxlfx.exec:\xrlxlfx.exe117⤵
-
\??\c:\xlfxlfr.exec:\xlfxlfr.exe118⤵
-
\??\c:\5lxxfxl.exec:\5lxxfxl.exe119⤵
-
\??\c:\hnhbnn.exec:\hnhbnn.exe120⤵
-
\??\c:\1vjdp.exec:\1vjdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-