Analysis
-
max time kernel
149s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19/06/2024, 18:45
General
-
Target
0a92d6642b9c952ededa9519ee849e2df4ea8c8801ace5787ad1fc038ea641c6.exe
-
Size
90KB
-
MD5
f295f6db9ecbb8dc05adff4e03238fba
-
SHA1
00ee3a12bc4f1f1688e170e91904ef470734b689
-
SHA256
0a92d6642b9c952ededa9519ee849e2df4ea8c8801ace5787ad1fc038ea641c6
-
SHA512
6bf688298eda7e4577fa9fb1cb7139fe411157d893668a5cac027dac7ecfa4c39fd07b83ad7a80d3373aa2c21e3baca55fb5d1f68179d6cf96eac4cbe194debe
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1grORPfr0k890CSJ:ymb3NkkiQ3mdBjFoLk8Pk890C4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0a92d6642b9c952ededa9519ee849e2df4ea8c8801ace5787ad1fc038ea641c6.exe"C:\Users\Admin\AppData\Local\Temp\0a92d6642b9c952ededa9519ee849e2df4ea8c8801ace5787ad1fc038ea641c6.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\djjvv.exec:\djjvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrfxr.exec:\rrfrfxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhht.exec:\tbhhht.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvv.exec:\jdpvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhntbh.exec:\hhntbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdvj.exec:\3jdvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflxxl.exec:\xrflxxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnthb.exec:\bnnthb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdpj.exec:\ppdpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxllxf.exec:\xxxllxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnhb.exec:\hbbnhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvj.exec:\jddvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlrrf.exec:\lfxlrrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhnb.exec:\btnhnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hthth.exec:\9hthth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvdp.exec:\pvvdp.exe17⤵
- Executes dropped EXE
-
\??\c:\xxlxfrf.exec:\xxlxfrf.exe18⤵
- Executes dropped EXE
-
\??\c:\7flfxrr.exec:\7flfxrr.exe19⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe20⤵
- Executes dropped EXE
-
\??\c:\3vppd.exec:\3vppd.exe21⤵
- Executes dropped EXE
-
\??\c:\lffrlxf.exec:\lffrlxf.exe22⤵
- Executes dropped EXE
-
\??\c:\hhhntt.exec:\hhhntt.exe23⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe24⤵
- Executes dropped EXE
-
\??\c:\lfrfrxl.exec:\lfrfrxl.exe25⤵
- Executes dropped EXE
-
\??\c:\7fxlrxx.exec:\7fxlrxx.exe26⤵
- Executes dropped EXE
-
\??\c:\nnhhbh.exec:\nnhhbh.exe27⤵
- Executes dropped EXE
-
\??\c:\vdvdj.exec:\vdvdj.exe28⤵
- Executes dropped EXE
-
\??\c:\xxrrrfr.exec:\xxrrrfr.exe29⤵
- Executes dropped EXE
-
\??\c:\nthtth.exec:\nthtth.exe30⤵
- Executes dropped EXE
-
\??\c:\tthnnb.exec:\tthnnb.exe31⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe32⤵
- Executes dropped EXE
-
\??\c:\3rlffxl.exec:\3rlffxl.exe33⤵
- Executes dropped EXE
-
\??\c:\7bttnt.exec:\7bttnt.exe34⤵
- Executes dropped EXE
-
\??\c:\9vvvv.exec:\9vvvv.exe35⤵
- Executes dropped EXE
-
\??\c:\5jdjp.exec:\5jdjp.exe36⤵
- Executes dropped EXE
-
\??\c:\xllflrx.exec:\xllflrx.exe37⤵
- Executes dropped EXE
-
\??\c:\lflfrrf.exec:\lflfrrf.exe38⤵
- Executes dropped EXE
-
\??\c:\bbtnnt.exec:\bbtnnt.exe39⤵
- Executes dropped EXE
-
\??\c:\vvpvp.exec:\vvpvp.exe40⤵
- Executes dropped EXE
-
\??\c:\9vpvd.exec:\9vpvd.exe41⤵
- Executes dropped EXE
-
\??\c:\9lxlxfx.exec:\9lxlxfx.exe42⤵
- Executes dropped EXE
-
\??\c:\rrxlrfx.exec:\rrxlrfx.exe43⤵
- Executes dropped EXE
-
\??\c:\httbbb.exec:\httbbb.exe44⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe45⤵
- Executes dropped EXE
-
\??\c:\jjpdp.exec:\jjpdp.exe46⤵
- Executes dropped EXE
-
\??\c:\9lrfrlx.exec:\9lrfrlx.exe47⤵
- Executes dropped EXE
-
\??\c:\nnhnhn.exec:\nnhnhn.exe48⤵
- Executes dropped EXE
-
\??\c:\hhtbnn.exec:\hhtbnn.exe49⤵
- Executes dropped EXE
-
\??\c:\dvdpd.exec:\dvdpd.exe50⤵
- Executes dropped EXE
-
\??\c:\ddppd.exec:\ddppd.exe51⤵
- Executes dropped EXE
-
\??\c:\rrfxllr.exec:\rrfxllr.exe52⤵
- Executes dropped EXE
-
\??\c:\bbttbh.exec:\bbttbh.exe53⤵
- Executes dropped EXE
-
\??\c:\hhhbbt.exec:\hhhbbt.exe54⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe55⤵
- Executes dropped EXE
-
\??\c:\5xxlrxl.exec:\5xxlrxl.exe56⤵
- Executes dropped EXE
-
\??\c:\xxffrlf.exec:\xxffrlf.exe57⤵
- Executes dropped EXE
-
\??\c:\nnbbhn.exec:\nnbbhn.exe58⤵
- Executes dropped EXE
-
\??\c:\3pdpd.exec:\3pdpd.exe59⤵
- Executes dropped EXE
-
\??\c:\ddpdv.exec:\ddpdv.exe60⤵
- Executes dropped EXE
-
\??\c:\frlxfrf.exec:\frlxfrf.exe61⤵
- Executes dropped EXE
-
\??\c:\lfllxxf.exec:\lfllxxf.exe62⤵
- Executes dropped EXE
-
\??\c:\nhhthh.exec:\nhhthh.exe63⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe64⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe65⤵
- Executes dropped EXE
-
\??\c:\1rrflfr.exec:\1rrflfr.exe66⤵
-
\??\c:\btnntt.exec:\btnntt.exe67⤵
-
\??\c:\hbthnn.exec:\hbthnn.exe68⤵
-
\??\c:\jvjvv.exec:\jvjvv.exe69⤵
-
\??\c:\rllxllx.exec:\rllxllx.exe70⤵
-
\??\c:\fxxlrxr.exec:\fxxlrxr.exe71⤵
-
\??\c:\hhbnhn.exec:\hhbnhn.exe72⤵
-
\??\c:\5bntbn.exec:\5bntbn.exe73⤵
-
\??\c:\jddvd.exec:\jddvd.exe74⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe75⤵
-
\??\c:\rfxrlxx.exec:\rfxrlxx.exe76⤵
-
\??\c:\bbntbh.exec:\bbntbh.exe77⤵
-
\??\c:\tttnnb.exec:\tttnnb.exe78⤵
-
\??\c:\1vjdv.exec:\1vjdv.exe79⤵
-
\??\c:\7pjpv.exec:\7pjpv.exe80⤵
-
\??\c:\rlxrrrf.exec:\rlxrrrf.exe81⤵
-
\??\c:\3xxlrrx.exec:\3xxlrrx.exe82⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe83⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe84⤵
-
\??\c:\jppdd.exec:\jppdd.exe85⤵
-
\??\c:\7rffrxf.exec:\7rffrxf.exe86⤵
-
\??\c:\nhnbtb.exec:\nhnbtb.exe87⤵
-
\??\c:\bttbnn.exec:\bttbnn.exe88⤵
-
\??\c:\tnbntb.exec:\tnbntb.exe89⤵
-
\??\c:\5dvpd.exec:\5dvpd.exe90⤵
-
\??\c:\xxxlxfx.exec:\xxxlxfx.exe91⤵
-
\??\c:\9lrlrxf.exec:\9lrlrxf.exe92⤵
-
\??\c:\hbbnnb.exec:\hbbnnb.exe93⤵
-
\??\c:\vddvv.exec:\vddvv.exe94⤵
-
\??\c:\vjdjd.exec:\vjdjd.exe95⤵
-
\??\c:\7rffllr.exec:\7rffllr.exe96⤵
-
\??\c:\xlflxlf.exec:\xlflxlf.exe97⤵
-
\??\c:\btthtt.exec:\btthtt.exe98⤵
-
\??\c:\nnhtbn.exec:\nnhtbn.exe99⤵
-
\??\c:\9dpvp.exec:\9dpvp.exe100⤵
-
\??\c:\dddvp.exec:\dddvp.exe101⤵
-
\??\c:\lllrffr.exec:\lllrffr.exe102⤵
-
\??\c:\btnhbh.exec:\btnhbh.exe103⤵
-
\??\c:\9bnhnn.exec:\9bnhnn.exe104⤵
-
\??\c:\jdddp.exec:\jdddp.exe105⤵
-
\??\c:\vpddp.exec:\vpddp.exe106⤵
-
\??\c:\5lllxfl.exec:\5lllxfl.exe107⤵
-
\??\c:\5lxfxfl.exec:\5lxfxfl.exe108⤵
-
\??\c:\9ttnth.exec:\9ttnth.exe109⤵
-
\??\c:\nbtbbh.exec:\nbtbbh.exe110⤵
-
\??\c:\jjpvd.exec:\jjpvd.exe111⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe112⤵
-
\??\c:\rxfxrll.exec:\rxfxrll.exe113⤵
-
\??\c:\3btttt.exec:\3btttt.exe114⤵
-
\??\c:\hhtbbh.exec:\hhtbbh.exe115⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe116⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe117⤵
-
\??\c:\fxllllr.exec:\fxllllr.exe118⤵
-
\??\c:\3rlrrrf.exec:\3rlrrrf.exe119⤵
-
\??\c:\7ththh.exec:\7ththh.exe120⤵
-
\??\c:\ttbnbh.exec:\ttbnbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-