Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
28/06/2024, 03:06
General
-
Target
d504078f4a11a08c275ac2a9f3a946f70d64fb675d2e8ac2c689005c1d5d6613.exe
-
Size
79KB
-
MD5
781302e1075e9d00bf290be83c96f919
-
SHA1
a4f44e11d7491439672aad3cc1c6cd3d25ac9563
-
SHA256
d504078f4a11a08c275ac2a9f3a946f70d64fb675d2e8ac2c689005c1d5d6613
-
SHA512
c06f8b4c2307be2b458be682fc221aeeca79cbf8061cf14b64e5dcbf3b008b1f4b3e1ddda2a07a55bcb7698423be52f700b132aa4a7ecb8272e86e1e8e3ee446
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA8v:ymb3NkkiQ3mdBjFIIp9L9QrrA8v
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
UPX dump on OEP (original entry point) 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d504078f4a11a08c275ac2a9f3a946f70d64fb675d2e8ac2c689005c1d5d6613.exe"C:\Users\Admin\AppData\Local\Temp\d504078f4a11a08c275ac2a9f3a946f70d64fb675d2e8ac2c689005c1d5d6613.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rvhjdfp.exec:\rvhjdfp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jbjxb.exec:\jbjxb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjtnbp.exec:\jjtnbp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvlrd.exec:\xvlrd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrjdldf.exec:\hrjdldf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prrljb.exec:\prrljb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jbbdr.exec:\jbbdr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjdxl.exec:\fjdxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bfprfx.exec:\bfprfx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fvlvbph.exec:\fvlvbph.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjpr.exec:\pppjpr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\npfbvb.exec:\npfbvb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xtdvj.exec:\xtdvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlpbfr.exec:\rlpbfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tphjvd.exec:\tphjvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrhttrb.exec:\vrhttrb.exe17⤵
- Executes dropped EXE
-
\??\c:\fbjrx.exec:\fbjrx.exe18⤵
- Executes dropped EXE
-
\??\c:\hvdrn.exec:\hvdrn.exe19⤵
- Executes dropped EXE
-
\??\c:\bffhld.exec:\bffhld.exe20⤵
- Executes dropped EXE
-
\??\c:\ppdfdh.exec:\ppdfdh.exe21⤵
- Executes dropped EXE
-
\??\c:\bxlhxp.exec:\bxlhxp.exe22⤵
- Executes dropped EXE
-
\??\c:\lpvnnbn.exec:\lpvnnbn.exe23⤵
- Executes dropped EXE
-
\??\c:\pxhjhrx.exec:\pxhjhrx.exe24⤵
- Executes dropped EXE
-
\??\c:\jprnjt.exec:\jprnjt.exe25⤵
- Executes dropped EXE
-
\??\c:\fjxbdj.exec:\fjxbdj.exe26⤵
- Executes dropped EXE
-
\??\c:\jrnld.exec:\jrnld.exe27⤵
- Executes dropped EXE
-
\??\c:\tvhddvn.exec:\tvhddvn.exe28⤵
- Executes dropped EXE
-
\??\c:\rxnvrn.exec:\rxnvrn.exe29⤵
- Executes dropped EXE
-
\??\c:\lhbpvp.exec:\lhbpvp.exe30⤵
- Executes dropped EXE
-
\??\c:\ljhtl.exec:\ljhtl.exe31⤵
- Executes dropped EXE
-
\??\c:\ljrnxn.exec:\ljrnxn.exe32⤵
- Executes dropped EXE
-
\??\c:\bxfthvf.exec:\bxfthvf.exe33⤵
- Executes dropped EXE
-
\??\c:\dllfb.exec:\dllfb.exe34⤵
- Executes dropped EXE
-
\??\c:\ftnrltj.exec:\ftnrltj.exe35⤵
- Executes dropped EXE
-
\??\c:\vpbbdtp.exec:\vpbbdtp.exe36⤵
- Executes dropped EXE
-
\??\c:\lhnhxjt.exec:\lhnhxjt.exe37⤵
- Executes dropped EXE
-
\??\c:\btvfnh.exec:\btvfnh.exe38⤵
- Executes dropped EXE
-
\??\c:\xbdpnr.exec:\xbdpnr.exe39⤵
- Executes dropped EXE
-
\??\c:\jdhdf.exec:\jdhdf.exe40⤵
- Executes dropped EXE
-
\??\c:\lnfpj.exec:\lnfpj.exe41⤵
- Executes dropped EXE
-
\??\c:\fhtdff.exec:\fhtdff.exe42⤵
- Executes dropped EXE
-
\??\c:\xrphtn.exec:\xrphtn.exe43⤵
- Executes dropped EXE
-
\??\c:\dhdbdv.exec:\dhdbdv.exe44⤵
- Executes dropped EXE
-
\??\c:\jxtrbt.exec:\jxtrbt.exe45⤵
- Executes dropped EXE
-
\??\c:\fddpfvt.exec:\fddpfvt.exe46⤵
- Executes dropped EXE
-
\??\c:\nfbxvfb.exec:\nfbxvfb.exe47⤵
- Executes dropped EXE
-
\??\c:\lvxvvl.exec:\lvxvvl.exe48⤵
- Executes dropped EXE
-
\??\c:\pnppjh.exec:\pnppjh.exe49⤵
- Executes dropped EXE
-
\??\c:\dnjldr.exec:\dnjldr.exe50⤵
- Executes dropped EXE
-
\??\c:\jfhrbld.exec:\jfhrbld.exe51⤵
- Executes dropped EXE
-
\??\c:\jnhbf.exec:\jnhbf.exe52⤵
- Executes dropped EXE
-
\??\c:\vxlbx.exec:\vxlbx.exe53⤵
- Executes dropped EXE
-
\??\c:\dxlxrvt.exec:\dxlxrvt.exe54⤵
- Executes dropped EXE
-
\??\c:\vtdtxrf.exec:\vtdtxrf.exe55⤵
- Executes dropped EXE
-
\??\c:\dpprphp.exec:\dpprphp.exe56⤵
- Executes dropped EXE
-
\??\c:\pfbrfnr.exec:\pfbrfnr.exe57⤵
- Executes dropped EXE
-
\??\c:\ftxtdj.exec:\ftxtdj.exe58⤵
- Executes dropped EXE
-
\??\c:\tnjjj.exec:\tnjjj.exe59⤵
- Executes dropped EXE
-
\??\c:\vhjxnbp.exec:\vhjxnbp.exe60⤵
- Executes dropped EXE
-
\??\c:\ldfdjb.exec:\ldfdjb.exe61⤵
- Executes dropped EXE
-
\??\c:\dtbdrv.exec:\dtbdrv.exe62⤵
- Executes dropped EXE
-
\??\c:\xxlbvhf.exec:\xxlbvhf.exe63⤵
- Executes dropped EXE
-
\??\c:\rvldtd.exec:\rvldtd.exe64⤵
- Executes dropped EXE
-
\??\c:\rttnhh.exec:\rttnhh.exe65⤵
- Executes dropped EXE
-
\??\c:\fdlvjt.exec:\fdlvjt.exe66⤵
-
\??\c:\hbvhf.exec:\hbvhf.exe67⤵
-
\??\c:\vvpvvtn.exec:\vvpvvtn.exe68⤵
-
\??\c:\hppjlv.exec:\hppjlv.exe69⤵
-
\??\c:\tdjllx.exec:\tdjllx.exe70⤵
-
\??\c:\rxptl.exec:\rxptl.exe71⤵
-
\??\c:\tnxtvl.exec:\tnxtvl.exe72⤵
-
\??\c:\xvbxhh.exec:\xvbxhh.exe73⤵
-
\??\c:\ltfvdbl.exec:\ltfvdbl.exe74⤵
-
\??\c:\vbrdjbp.exec:\vbrdjbp.exe75⤵
-
\??\c:\phpfhp.exec:\phpfhp.exe76⤵
-
\??\c:\ttbpl.exec:\ttbpl.exe77⤵
-
\??\c:\httpn.exec:\httpn.exe78⤵
-
\??\c:\plvfr.exec:\plvfr.exe79⤵
-
\??\c:\tvfjh.exec:\tvfjh.exe80⤵
-
\??\c:\ndblntd.exec:\ndblntd.exe81⤵
-
\??\c:\nvdxfjh.exec:\nvdxfjh.exe82⤵
-
\??\c:\lxntld.exec:\lxntld.exe83⤵
-
\??\c:\vxxhr.exec:\vxxhr.exe84⤵
-
\??\c:\njlbtph.exec:\njlbtph.exe85⤵
-
\??\c:\pvlvjp.exec:\pvlvjp.exe86⤵
-
\??\c:\hnvbv.exec:\hnvbv.exe87⤵
-
\??\c:\nbpjpd.exec:\nbpjpd.exe88⤵
-
\??\c:\ppttnl.exec:\ppttnl.exe89⤵
-
\??\c:\fbrppn.exec:\fbrppn.exe90⤵
-
\??\c:\xpxfdd.exec:\xpxfdd.exe91⤵
-
\??\c:\hjhff.exec:\hjhff.exe92⤵
-
\??\c:\dntvphn.exec:\dntvphn.exe93⤵
-
\??\c:\vllvp.exec:\vllvp.exe94⤵
-
\??\c:\ljnxdvr.exec:\ljnxdvr.exe95⤵
-
\??\c:\pxbthjn.exec:\pxbthjn.exe96⤵
-
\??\c:\nbrnjpj.exec:\nbrnjpj.exe97⤵
-
\??\c:\xrhlt.exec:\xrhlt.exe98⤵
-
\??\c:\jrbltxd.exec:\jrbltxd.exe99⤵
-
\??\c:\bjjndp.exec:\bjjndp.exe100⤵
-
\??\c:\dxbbnr.exec:\dxbbnr.exe101⤵
-
\??\c:\phxtd.exec:\phxtd.exe102⤵
-
\??\c:\hdvftd.exec:\hdvftd.exe103⤵
-
\??\c:\tjddv.exec:\tjddv.exe104⤵
-
\??\c:\pprnhn.exec:\pprnhn.exe105⤵
-
\??\c:\pxtrx.exec:\pxtrx.exe106⤵
-
\??\c:\bdrxfl.exec:\bdrxfl.exe107⤵
-
\??\c:\rrjvj.exec:\rrjvj.exe108⤵
-
\??\c:\ntltpnv.exec:\ntltpnv.exe109⤵
-
\??\c:\vbbtv.exec:\vbbtv.exe110⤵
-
\??\c:\jpdrn.exec:\jpdrn.exe111⤵
-
\??\c:\dbxhbvp.exec:\dbxhbvp.exe112⤵
-
\??\c:\prlxfdt.exec:\prlxfdt.exe113⤵
-
\??\c:\vpdbpv.exec:\vpdbpv.exe114⤵
-
\??\c:\bndnnfh.exec:\bndnnfh.exe115⤵
-
\??\c:\npdhtb.exec:\npdhtb.exe116⤵
-
\??\c:\nrflnft.exec:\nrflnft.exe117⤵
-
\??\c:\jpllh.exec:\jpllh.exe118⤵
-
\??\c:\xpxltf.exec:\xpxltf.exe119⤵
-
\??\c:\pbttj.exec:\pbttj.exe120⤵
-
\??\c:\jffjjbp.exec:\jffjjbp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-