Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
15-06-2024 03:38
General
-
Target
f08ef9686e48e3bfb22b056007f53af9272e378058a4eb75f7c6b5464a465a65.exe
-
Size
450KB
-
MD5
ff6d2a93864df7183f543e233bd9125d
-
SHA1
a18702deec00e7fc0159a7fcd76d1ab08173eaf3
-
SHA256
f08ef9686e48e3bfb22b056007f53af9272e378058a4eb75f7c6b5464a465a65
-
SHA512
266990c47839d9044f97e7dab5a9e6eda5fe9660a4dd972eaf745b478947cc35c641c2fa96ad3f809692a1b68ac943500b101882614af310fd20f836c841ebab
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbe/:q7Tc2NYHUrAwfMp3CD/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f08ef9686e48e3bfb22b056007f53af9272e378058a4eb75f7c6b5464a465a65.exe"C:\Users\Admin\AppData\Local\Temp\f08ef9686e48e3bfb22b056007f53af9272e378058a4eb75f7c6b5464a465a65.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvdj.exec:\vvvdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbhn.exec:\tntbhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrffr.exec:\xxrrffr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbhnt.exec:\7nbhnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllxfr.exec:\rrllxfr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlrxr.exec:\lfxlrxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnnbt.exec:\5hnnbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxlxf.exec:\lfxxlxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnnt.exec:\hbtnnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xlrflx.exec:\3xlrflx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflrlr.exec:\xrflrlr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ddjp.exec:\3ddjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffxff.exec:\rlffxff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdjj.exec:\7pdjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe17⤵
- Executes dropped EXE
-
\??\c:\tnbntb.exec:\tnbntb.exe18⤵
- Executes dropped EXE
-
\??\c:\7vjpv.exec:\7vjpv.exe19⤵
- Executes dropped EXE
-
\??\c:\ttnhhh.exec:\ttnhhh.exe20⤵
- Executes dropped EXE
-
\??\c:\vpvjv.exec:\vpvjv.exe21⤵
- Executes dropped EXE
-
\??\c:\lflrflx.exec:\lflrflx.exe22⤵
- Executes dropped EXE
-
\??\c:\3nbbnh.exec:\3nbbnh.exe23⤵
- Executes dropped EXE
-
\??\c:\lllxffr.exec:\lllxffr.exe24⤵
- Executes dropped EXE
-
\??\c:\9btttb.exec:\9btttb.exe25⤵
- Executes dropped EXE
-
\??\c:\pdvvd.exec:\pdvvd.exe26⤵
- Executes dropped EXE
-
\??\c:\hbtbnt.exec:\hbtbnt.exe27⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe28⤵
- Executes dropped EXE
-
\??\c:\7rllxxf.exec:\7rllxxf.exe29⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe30⤵
- Executes dropped EXE
-
\??\c:\flxrflx.exec:\flxrflx.exe31⤵
- Executes dropped EXE
-
\??\c:\tttbbh.exec:\tttbbh.exe32⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe33⤵
- Executes dropped EXE
-
\??\c:\fxxfxxl.exec:\fxxfxxl.exe34⤵
- Executes dropped EXE
-
\??\c:\7djvd.exec:\7djvd.exe35⤵
- Executes dropped EXE
-
\??\c:\ffxfrxr.exec:\ffxfrxr.exe36⤵
- Executes dropped EXE
-
\??\c:\lxrfflx.exec:\lxrfflx.exe37⤵
- Executes dropped EXE
-
\??\c:\hbttbn.exec:\hbttbn.exe38⤵
- Executes dropped EXE
-
\??\c:\dddpj.exec:\dddpj.exe39⤵
- Executes dropped EXE
-
\??\c:\5rrrflr.exec:\5rrrflr.exe40⤵
- Executes dropped EXE
-
\??\c:\lxllxfl.exec:\lxllxfl.exe41⤵
- Executes dropped EXE
-
\??\c:\nbtbnb.exec:\nbtbnb.exe42⤵
- Executes dropped EXE
-
\??\c:\7pjjv.exec:\7pjjv.exe43⤵
- Executes dropped EXE
-
\??\c:\fflxfrf.exec:\fflxfrf.exe44⤵
- Executes dropped EXE
-
\??\c:\hnnthn.exec:\hnnthn.exe45⤵
- Executes dropped EXE
-
\??\c:\jdpdv.exec:\jdpdv.exe46⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe47⤵
- Executes dropped EXE
-
\??\c:\rlfrffx.exec:\rlfrffx.exe48⤵
- Executes dropped EXE
-
\??\c:\thntnb.exec:\thntnb.exe49⤵
- Executes dropped EXE
-
\??\c:\7jddd.exec:\7jddd.exe50⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe51⤵
- Executes dropped EXE
-
\??\c:\rlfxffl.exec:\rlfxffl.exe52⤵
- Executes dropped EXE
-
\??\c:\btnthh.exec:\btnthh.exe53⤵
- Executes dropped EXE
-
\??\c:\tnhtbn.exec:\tnhtbn.exe54⤵
- Executes dropped EXE
-
\??\c:\5dppv.exec:\5dppv.exe55⤵
- Executes dropped EXE
-
\??\c:\5frfrfl.exec:\5frfrfl.exe56⤵
- Executes dropped EXE
-
\??\c:\llfrfrf.exec:\llfrfrf.exe57⤵
- Executes dropped EXE
-
\??\c:\9nbttt.exec:\9nbttt.exe58⤵
- Executes dropped EXE
-
\??\c:\3jpvv.exec:\3jpvv.exe59⤵
- Executes dropped EXE
-
\??\c:\lffrfrl.exec:\lffrfrl.exe60⤵
- Executes dropped EXE
-
\??\c:\bbtnbh.exec:\bbtnbh.exe61⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe62⤵
- Executes dropped EXE
-
\??\c:\9rllllr.exec:\9rllllr.exe63⤵
- Executes dropped EXE
-
\??\c:\1lrxflx.exec:\1lrxflx.exe64⤵
- Executes dropped EXE
-
\??\c:\hbtbbh.exec:\hbtbbh.exe65⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe66⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe67⤵
-
\??\c:\fxlrlrr.exec:\fxlrlrr.exe68⤵
-
\??\c:\hbnttt.exec:\hbnttt.exe69⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe70⤵
-
\??\c:\7pjjp.exec:\7pjjp.exe71⤵
-
\??\c:\xrrrxxf.exec:\xrrrxxf.exe72⤵
-
\??\c:\bttbhn.exec:\bttbhn.exe73⤵
-
\??\c:\tththh.exec:\tththh.exe74⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe75⤵
-
\??\c:\lrrflxr.exec:\lrrflxr.exe76⤵
-
\??\c:\hnhthh.exec:\hnhthh.exe77⤵
-
\??\c:\7jvdd.exec:\7jvdd.exe78⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe79⤵
-
\??\c:\rxrlrxl.exec:\rxrlrxl.exe80⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe81⤵
-
\??\c:\bbthhn.exec:\bbthhn.exe82⤵
-
\??\c:\9vppv.exec:\9vppv.exe83⤵
-
\??\c:\flllrxl.exec:\flllrxl.exe84⤵
-
\??\c:\hbbhbh.exec:\hbbhbh.exe85⤵
-
\??\c:\5dvdp.exec:\5dvdp.exe86⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe87⤵
-
\??\c:\rrrfrxr.exec:\rrrfrxr.exe88⤵
-
\??\c:\ntnhbh.exec:\ntnhbh.exe89⤵
-
\??\c:\7hbbtt.exec:\7hbbtt.exe90⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe91⤵
-
\??\c:\lfxfrrl.exec:\lfxfrrl.exe92⤵
-
\??\c:\7xxxllx.exec:\7xxxllx.exe93⤵
-
\??\c:\hbnbnt.exec:\hbnbnt.exe94⤵
-
\??\c:\jdddj.exec:\jdddj.exe95⤵
-
\??\c:\vddpv.exec:\vddpv.exe96⤵
-
\??\c:\ffxlrfr.exec:\ffxlrfr.exe97⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe98⤵
-
\??\c:\hbnttt.exec:\hbnttt.exe99⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe100⤵
-
\??\c:\7xrxlrf.exec:\7xrxlrf.exe101⤵
-
\??\c:\bthhbh.exec:\bthhbh.exe102⤵
-
\??\c:\bhtntt.exec:\bhtntt.exe103⤵
-
\??\c:\5vvdj.exec:\5vvdj.exe104⤵
-
\??\c:\3lfrfxf.exec:\3lfrfxf.exe105⤵
-
\??\c:\fxlfllr.exec:\fxlfllr.exe106⤵
-
\??\c:\bbtbnb.exec:\bbtbnb.exe107⤵
-
\??\c:\pjddp.exec:\pjddp.exe108⤵
-
\??\c:\ddddv.exec:\ddddv.exe109⤵
-
\??\c:\7lfrxrx.exec:\7lfrxrx.exe110⤵
-
\??\c:\hnhnbh.exec:\hnhnbh.exe111⤵
-
\??\c:\ddjpv.exec:\ddjpv.exe112⤵
-
\??\c:\pppdp.exec:\pppdp.exe113⤵
-
\??\c:\llxlxxl.exec:\llxlxxl.exe114⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe115⤵
-
\??\c:\hhbbhn.exec:\hhbbhn.exe116⤵
-
\??\c:\pvjvv.exec:\pvjvv.exe117⤵
-
\??\c:\1rlrxfr.exec:\1rlrxfr.exe118⤵
-
\??\c:\bhtthh.exec:\bhtthh.exe119⤵
-
\??\c:\nnbhnt.exec:\nnbhnt.exe120⤵
-
\??\c:\lfrrrrf.exec:\lfrrrrf.exe121⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe122⤵
-
\??\c:\vdvdv.exec:\vdvdv.exe123⤵
-
\??\c:\xrrflrl.exec:\xrrflrl.exe124⤵
-
\??\c:\lffrrrr.exec:\lffrrrr.exe125⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe126⤵
-
\??\c:\flffxxl.exec:\flffxxl.exe127⤵
-
\??\c:\btbnhb.exec:\btbnhb.exe128⤵
-
\??\c:\9btbnn.exec:\9btbnn.exe129⤵
-
\??\c:\9vppv.exec:\9vppv.exe130⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe131⤵
-
\??\c:\xrxfrrx.exec:\xrxfrrx.exe132⤵
-
\??\c:\1nbbbh.exec:\1nbbbh.exe133⤵
-
\??\c:\vdpdj.exec:\vdpdj.exe134⤵
-
\??\c:\7frrrrf.exec:\7frrrrf.exe135⤵
-
\??\c:\nthhnn.exec:\nthhnn.exe136⤵
-
\??\c:\nhtthn.exec:\nhtthn.exe137⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe138⤵
-
\??\c:\3frrrxx.exec:\3frrrxx.exe139⤵
-
\??\c:\rxrxlrf.exec:\rxrxlrf.exe140⤵
-
\??\c:\ttnttb.exec:\ttnttb.exe141⤵
-
\??\c:\3tnntb.exec:\3tnntb.exe142⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe143⤵
-
\??\c:\lrrrflr.exec:\lrrrflr.exe144⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe145⤵
-
\??\c:\hhthnb.exec:\hhthnb.exe146⤵
-
\??\c:\ddjvd.exec:\ddjvd.exe147⤵
-
\??\c:\3vjvd.exec:\3vjvd.exe148⤵
-
\??\c:\3lflfll.exec:\3lflfll.exe149⤵
-
\??\c:\1hbbbb.exec:\1hbbbb.exe150⤵
-
\??\c:\7btbbh.exec:\7btbbh.exe151⤵
-
\??\c:\pdddj.exec:\pdddj.exe152⤵
-
\??\c:\rlflrrf.exec:\rlflrrf.exe153⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe154⤵
-
\??\c:\btntbn.exec:\btntbn.exe155⤵
-
\??\c:\dddjv.exec:\dddjv.exe156⤵
-
\??\c:\fffxffr.exec:\fffxffr.exe157⤵
-
\??\c:\flxflrx.exec:\flxflrx.exe158⤵
-
\??\c:\btttnh.exec:\btttnh.exe159⤵
-
\??\c:\3jjjd.exec:\3jjjd.exe160⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe161⤵
-
\??\c:\xrflllx.exec:\xrflllx.exe162⤵
-
\??\c:\nhthnt.exec:\nhthnt.exe163⤵
-
\??\c:\bbntbn.exec:\bbntbn.exe164⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe165⤵
-
\??\c:\5xrrrlx.exec:\5xrrrlx.exe166⤵
-
\??\c:\fxllrrx.exec:\fxllrrx.exe167⤵
-
\??\c:\tnnhbh.exec:\tnnhbh.exe168⤵
-
\??\c:\nnttbh.exec:\nnttbh.exe169⤵
-
\??\c:\dddpp.exec:\dddpp.exe170⤵
-
\??\c:\lxlrxfl.exec:\lxlrxfl.exe171⤵
-
\??\c:\bbbnbb.exec:\bbbnbb.exe172⤵
-
\??\c:\thbhnb.exec:\thbhnb.exe173⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe174⤵
-
\??\c:\fxrrfxf.exec:\fxrrfxf.exe175⤵
-
\??\c:\9rlrxlx.exec:\9rlrxlx.exe176⤵
-
\??\c:\tnhnhn.exec:\tnhnhn.exe177⤵
-
\??\c:\nhhtbh.exec:\nhhtbh.exe178⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe179⤵
-
\??\c:\7rxxrxx.exec:\7rxxrxx.exe180⤵
-
\??\c:\fxffxxr.exec:\fxffxxr.exe181⤵
-
\??\c:\bthntb.exec:\bthntb.exe182⤵
-
\??\c:\jddvd.exec:\jddvd.exe183⤵
-
\??\c:\vppvd.exec:\vppvd.exe184⤵
-
\??\c:\3fxfllx.exec:\3fxfllx.exe185⤵
-
\??\c:\hnhbtt.exec:\hnhbtt.exe186⤵
-
\??\c:\ttbhnn.exec:\ttbhnn.exe187⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe188⤵
-
\??\c:\9xllrrf.exec:\9xllrrf.exe189⤵
-
\??\c:\xrllflr.exec:\xrllflr.exe190⤵
-
\??\c:\tntttt.exec:\tntttt.exe191⤵
-
\??\c:\9jdjv.exec:\9jdjv.exe192⤵
-
\??\c:\vjjpv.exec:\vjjpv.exe193⤵
-
\??\c:\xrlrflr.exec:\xrlrflr.exe194⤵
-
\??\c:\5bbbhn.exec:\5bbbhn.exe195⤵
-
\??\c:\nhttnb.exec:\nhttnb.exe196⤵
-
\??\c:\3ddjp.exec:\3ddjp.exe197⤵
-
\??\c:\xlxffxl.exec:\xlxffxl.exe198⤵
-
\??\c:\ffxflrx.exec:\ffxflrx.exe199⤵
-
\??\c:\7thtbb.exec:\7thtbb.exe200⤵
-
\??\c:\1vppj.exec:\1vppj.exe201⤵
-
\??\c:\dppdd.exec:\dppdd.exe202⤵
-
\??\c:\9xlrrxf.exec:\9xlrrxf.exe203⤵
-
\??\c:\hnhthh.exec:\hnhthh.exe204⤵
-
\??\c:\5thnnt.exec:\5thnnt.exe205⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe206⤵
-
\??\c:\lrflrxl.exec:\lrflrxl.exe207⤵
-
\??\c:\ffxfrfx.exec:\ffxfrfx.exe208⤵
-
\??\c:\7nhthn.exec:\7nhthn.exe209⤵
-
\??\c:\bbtbtb.exec:\bbtbtb.exe210⤵
-
\??\c:\1jvdd.exec:\1jvdd.exe211⤵
-
\??\c:\3rlxflx.exec:\3rlxflx.exe212⤵
-
\??\c:\rfrfllf.exec:\rfrfllf.exe213⤵
-
\??\c:\bbtbnt.exec:\bbtbnt.exe214⤵
-
\??\c:\jppdv.exec:\jppdv.exe215⤵
-
\??\c:\5pjpp.exec:\5pjpp.exe216⤵
-
\??\c:\xxrfrrl.exec:\xxrfrrl.exe217⤵
-
\??\c:\frxfllr.exec:\frxfllr.exe218⤵
-
\??\c:\tnbnbh.exec:\tnbnbh.exe219⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe220⤵
-
\??\c:\9frxlrf.exec:\9frxlrf.exe221⤵
-
\??\c:\xxrxllx.exec:\xxrxllx.exe222⤵
-
\??\c:\hbhnnt.exec:\hbhnnt.exe223⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe224⤵
-
\??\c:\jjddj.exec:\jjddj.exe225⤵
-
\??\c:\7flrlrx.exec:\7flrlrx.exe226⤵
-
\??\c:\3frrlrf.exec:\3frrlrf.exe227⤵
-
\??\c:\tthnhh.exec:\tthnhh.exe228⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe229⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe230⤵
-
\??\c:\lfrrxxl.exec:\lfrrxxl.exe231⤵
-
\??\c:\bnhtnh.exec:\bnhtnh.exe232⤵
-
\??\c:\tthhtb.exec:\tthhtb.exe233⤵
-
\??\c:\7vpdj.exec:\7vpdj.exe234⤵
-
\??\c:\xrffffl.exec:\xrffffl.exe235⤵
-
\??\c:\1rrxrfx.exec:\1rrxrfx.exe236⤵
-
\??\c:\3hbhbb.exec:\3hbhbb.exe237⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe238⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe239⤵
-
\??\c:\rfrrffr.exec:\rfrrffr.exe240⤵