Analysis
-
max time kernel
150s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
24/06/2024, 02:32
General
-
Target
c97bcf040146b11be8fa10433e94db473024d9104581512f0f99753e8a13b11f.exe
-
Size
72KB
-
MD5
d0cd7c87aa7f20693d2c73dcea19c322
-
SHA1
752c665900a2c832e942d572305eeec174722c7c
-
SHA256
c97bcf040146b11be8fa10433e94db473024d9104581512f0f99753e8a13b11f
-
SHA512
b7d2653d0b1cd61833b758cffb0afe5ac9fecc997880eb65048ac05890b4eb13762c40af8d8991b180356158fdb1a7c5883824d2d02250c648cc17cb7fb35550
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73tgyYrasMa:ymb3NkkiQ3mdBjFo73thYus7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
UPX dump on OEP (original entry point) 33 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c97bcf040146b11be8fa10433e94db473024d9104581512f0f99753e8a13b11f.exe"C:\Users\Admin\AppData\Local\Temp\c97bcf040146b11be8fa10433e94db473024d9104581512f0f99753e8a13b11f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvd.exec:\vdjvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrfxrl.exec:\5rrfxrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthtn.exec:\ttthtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvd.exec:\vpjvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfrfxr.exec:\lrfrfxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrfxl.exec:\xlfrfxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppdv.exec:\9ppdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xlxrfr.exec:\5xlxrfr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbhbh.exec:\bhbhbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjp.exec:\dppjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxllfx.exec:\fxxllfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxlxl.exec:\rffxlxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhtnn.exec:\bhhtnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdv.exec:\dppdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvjv.exec:\vjvjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfrlxr.exec:\flfrlxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbbb.exec:\nhhbbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdj.exec:\jpjdj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdj.exec:\jdpdj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrfrlx.exec:\lxrfrlx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbtn.exec:\hnnbtn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpd.exec:\pddpd.exe23⤵
- Executes dropped EXE
-
\??\c:\flfrfxl.exec:\flfrfxl.exe24⤵
- Executes dropped EXE
-
\??\c:\lffxfff.exec:\lffxfff.exe25⤵
- Executes dropped EXE
-
\??\c:\bbhtbh.exec:\bbhtbh.exe26⤵
- Executes dropped EXE
-
\??\c:\pdvpd.exec:\pdvpd.exe27⤵
- Executes dropped EXE
-
\??\c:\vjjjp.exec:\vjjjp.exe28⤵
- Executes dropped EXE
-
\??\c:\frfrfxl.exec:\frfrfxl.exe29⤵
- Executes dropped EXE
-
\??\c:\tnbthb.exec:\tnbthb.exe30⤵
- Executes dropped EXE
-
\??\c:\ttnhth.exec:\ttnhth.exe31⤵
- Executes dropped EXE
-
\??\c:\pvvjp.exec:\pvvjp.exe32⤵
- Executes dropped EXE
-
\??\c:\vvvvj.exec:\vvvvj.exe33⤵
- Executes dropped EXE
-
\??\c:\1lfxrrr.exec:\1lfxrrr.exe34⤵
- Executes dropped EXE
-
\??\c:\nnttbb.exec:\nnttbb.exe35⤵
- Executes dropped EXE
-
\??\c:\nnnbtt.exec:\nnnbtt.exe36⤵
- Executes dropped EXE
-
\??\c:\5vpjp.exec:\5vpjp.exe37⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe38⤵
- Executes dropped EXE
-
\??\c:\1rlfrlf.exec:\1rlfrlf.exe39⤵
- Executes dropped EXE
-
\??\c:\frlxrfr.exec:\frlxrfr.exe40⤵
- Executes dropped EXE
-
\??\c:\3tnhnh.exec:\3tnhnh.exe41⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe42⤵
- Executes dropped EXE
-
\??\c:\7pdpv.exec:\7pdpv.exe43⤵
- Executes dropped EXE
-
\??\c:\xlrxlxr.exec:\xlrxlxr.exe44⤵
- Executes dropped EXE
-
\??\c:\rfxrfrr.exec:\rfxrfrr.exe45⤵
- Executes dropped EXE
-
\??\c:\bnbttn.exec:\bnbttn.exe46⤵
- Executes dropped EXE
-
\??\c:\5nnbbb.exec:\5nnbbb.exe47⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe48⤵
- Executes dropped EXE
-
\??\c:\3dvjp.exec:\3dvjp.exe49⤵
- Executes dropped EXE
-
\??\c:\frrxfxl.exec:\frrxfxl.exe50⤵
- Executes dropped EXE
-
\??\c:\ffflffl.exec:\ffflffl.exe51⤵
- Executes dropped EXE
-
\??\c:\hthhbt.exec:\hthhbt.exe52⤵
- Executes dropped EXE
-
\??\c:\thbthb.exec:\thbthb.exe53⤵
- Executes dropped EXE
-
\??\c:\ththtt.exec:\ththtt.exe54⤵
- Executes dropped EXE
-
\??\c:\vjpdj.exec:\vjpdj.exe55⤵
- Executes dropped EXE
-
\??\c:\flrxlxl.exec:\flrxlxl.exe56⤵
- Executes dropped EXE
-
\??\c:\3rrfrrl.exec:\3rrfrrl.exe57⤵
- Executes dropped EXE
-
\??\c:\nhbhtb.exec:\nhbhtb.exe58⤵
- Executes dropped EXE
-
\??\c:\nbttht.exec:\nbttht.exe59⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe60⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe61⤵
- Executes dropped EXE
-
\??\c:\fxxxxxf.exec:\fxxxxxf.exe62⤵
- Executes dropped EXE
-
\??\c:\nhnhhb.exec:\nhnhhb.exe63⤵
- Executes dropped EXE
-
\??\c:\nbbhhh.exec:\nbbhhh.exe64⤵
- Executes dropped EXE
-
\??\c:\3ddvv.exec:\3ddvv.exe65⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe66⤵
-
\??\c:\jvdpv.exec:\jvdpv.exe67⤵
-
\??\c:\rrllfxf.exec:\rrllfxf.exe68⤵
-
\??\c:\rlfxxrl.exec:\rlfxxrl.exe69⤵
-
\??\c:\htttnn.exec:\htttnn.exe70⤵
-
\??\c:\nhbtnt.exec:\nhbtnt.exe71⤵
-
\??\c:\jddpv.exec:\jddpv.exe72⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe73⤵
-
\??\c:\lxxrllf.exec:\lxxrllf.exe74⤵
-
\??\c:\btttbb.exec:\btttbb.exe75⤵
-
\??\c:\bbbthh.exec:\bbbthh.exe76⤵
-
\??\c:\dvddd.exec:\dvddd.exe77⤵
-
\??\c:\jppjd.exec:\jppjd.exe78⤵
-
\??\c:\ttnhnn.exec:\ttnhnn.exe79⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe80⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe81⤵
-
\??\c:\lffxlrl.exec:\lffxlrl.exe82⤵
-
\??\c:\jvddp.exec:\jvddp.exe83⤵
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe84⤵
-
\??\c:\lfxxxff.exec:\lfxxxff.exe85⤵
-
\??\c:\djjvj.exec:\djjvj.exe86⤵
-
\??\c:\3lfrfxl.exec:\3lfrfxl.exe87⤵
-
\??\c:\lxrlfff.exec:\lxrlfff.exe88⤵
-
\??\c:\nnhbnh.exec:\nnhbnh.exe89⤵
-
\??\c:\vddpv.exec:\vddpv.exe90⤵
-
\??\c:\9rlxlxr.exec:\9rlxlxr.exe91⤵
-
\??\c:\rlfxlrl.exec:\rlfxlrl.exe92⤵
-
\??\c:\hnbthb.exec:\hnbthb.exe93⤵
-
\??\c:\thbntn.exec:\thbntn.exe94⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe95⤵
-
\??\c:\3ffrlxl.exec:\3ffrlxl.exe96⤵
-
\??\c:\tnnnbt.exec:\tnnnbt.exe97⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe98⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe99⤵
-
\??\c:\lrrxlxf.exec:\lrrxlxf.exe100⤵
-
\??\c:\xrrffrr.exec:\xrrffrr.exe101⤵
-
\??\c:\9bttnh.exec:\9bttnh.exe102⤵
-
\??\c:\thbthh.exec:\thbthh.exe103⤵
-
\??\c:\pppdp.exec:\pppdp.exe104⤵
-
\??\c:\vddpd.exec:\vddpd.exe105⤵
-
\??\c:\flrlfxx.exec:\flrlfxx.exe106⤵
-
\??\c:\nbhthb.exec:\nbhthb.exe107⤵
-
\??\c:\9thttn.exec:\9thttn.exe108⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe109⤵
-
\??\c:\jpddv.exec:\jpddv.exe110⤵
-
\??\c:\lrxlffx.exec:\lrxlffx.exe111⤵
-
\??\c:\lxlxlfr.exec:\lxlxlfr.exe112⤵
-
\??\c:\tntnnh.exec:\tntnnh.exe113⤵
-
\??\c:\5vdpd.exec:\5vdpd.exe114⤵
-
\??\c:\pdddp.exec:\pdddp.exe115⤵
-
\??\c:\fllfrff.exec:\fllfrff.exe116⤵
-
\??\c:\nttnbn.exec:\nttnbn.exe117⤵
-
\??\c:\jpjdp.exec:\jpjdp.exe118⤵
-
\??\c:\jpjvj.exec:\jpjvj.exe119⤵
-
\??\c:\9xrfrrl.exec:\9xrfrrl.exe120⤵
-
\??\c:\llxrlfl.exec:\llxrlfl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-