Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
28/06/2024, 03:06
General
-
Target
d504078f4a11a08c275ac2a9f3a946f70d64fb675d2e8ac2c689005c1d5d6613.exe
-
Size
79KB
-
MD5
781302e1075e9d00bf290be83c96f919
-
SHA1
a4f44e11d7491439672aad3cc1c6cd3d25ac9563
-
SHA256
d504078f4a11a08c275ac2a9f3a946f70d64fb675d2e8ac2c689005c1d5d6613
-
SHA512
c06f8b4c2307be2b458be682fc221aeeca79cbf8061cf14b64e5dcbf3b008b1f4b3e1ddda2a07a55bcb7698423be52f700b132aa4a7ecb8272e86e1e8e3ee446
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA8v:ymb3NkkiQ3mdBjFIIp9L9QrrA8v
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d504078f4a11a08c275ac2a9f3a946f70d64fb675d2e8ac2c689005c1d5d6613.exe"C:\Users\Admin\AppData\Local\Temp\d504078f4a11a08c275ac2a9f3a946f70d64fb675d2e8ac2c689005c1d5d6613.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrlxr.exec:\xlfrlxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btthh.exec:\9btthh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvp.exec:\jvvvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlfxr.exec:\rfrlfxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xfxflx.exec:\7xfxflx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtttn.exec:\thtttn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbhb.exec:\bhhbhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjv.exec:\dvvjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frffrrf.exec:\frffrrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hhbbb.exec:\7hhbbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpvj.exec:\jvpvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllxrl.exec:\rfllxrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxlfr.exec:\lffxlfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbthb.exec:\bnbthb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpd.exec:\pjvpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxxx.exec:\rllfxxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhtt.exec:\bnnhtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpd.exec:\pjvpd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrllr.exec:\lflrllr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhnh.exec:\tnnhnh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffrfxr.exec:\xffrfxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnttt.exec:\nnnttt.exe23⤵
- Executes dropped EXE
-
\??\c:\pvpjd.exec:\pvpjd.exe24⤵
- Executes dropped EXE
-
\??\c:\rllflfl.exec:\rllflfl.exe25⤵
- Executes dropped EXE
-
\??\c:\3xxrfxx.exec:\3xxrfxx.exe26⤵
- Executes dropped EXE
-
\??\c:\hnttnn.exec:\hnttnn.exe27⤵
- Executes dropped EXE
-
\??\c:\9dpjv.exec:\9dpjv.exe28⤵
- Executes dropped EXE
-
\??\c:\dpjvj.exec:\dpjvj.exe29⤵
- Executes dropped EXE
-
\??\c:\1rlfxrl.exec:\1rlfxrl.exe30⤵
- Executes dropped EXE
-
\??\c:\jpjjv.exec:\jpjjv.exe31⤵
- Executes dropped EXE
-
\??\c:\5llfrlf.exec:\5llfrlf.exe32⤵
- Executes dropped EXE
-
\??\c:\5bbhbb.exec:\5bbhbb.exe33⤵
- Executes dropped EXE
-
\??\c:\1vdvj.exec:\1vdvj.exe34⤵
- Executes dropped EXE
-
\??\c:\lfxlfxf.exec:\lfxlfxf.exe35⤵
- Executes dropped EXE
-
\??\c:\vjpdd.exec:\vjpdd.exe36⤵
- Executes dropped EXE
-
\??\c:\5ffxllf.exec:\5ffxllf.exe37⤵
- Executes dropped EXE
-
\??\c:\3tttnn.exec:\3tttnn.exe38⤵
- Executes dropped EXE
-
\??\c:\vjvjv.exec:\vjvjv.exe39⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe40⤵
- Executes dropped EXE
-
\??\c:\5xxlffr.exec:\5xxlffr.exe41⤵
- Executes dropped EXE
-
\??\c:\lxlrlfx.exec:\lxlrlfx.exe42⤵
- Executes dropped EXE
-
\??\c:\bthtnh.exec:\bthtnh.exe43⤵
- Executes dropped EXE
-
\??\c:\pdjjd.exec:\pdjjd.exe44⤵
- Executes dropped EXE
-
\??\c:\3djdp.exec:\3djdp.exe45⤵
- Executes dropped EXE
-
\??\c:\5rrlxxr.exec:\5rrlxxr.exe46⤵
- Executes dropped EXE
-
\??\c:\9frfrrx.exec:\9frfrrx.exe47⤵
- Executes dropped EXE
-
\??\c:\thbtnn.exec:\thbtnn.exe48⤵
- Executes dropped EXE
-
\??\c:\3hnhbt.exec:\3hnhbt.exe49⤵
- Executes dropped EXE
-
\??\c:\pvpjv.exec:\pvpjv.exe50⤵
- Executes dropped EXE
-
\??\c:\3rrffxr.exec:\3rrffxr.exe51⤵
- Executes dropped EXE
-
\??\c:\3xrxrlf.exec:\3xrxrlf.exe52⤵
- Executes dropped EXE
-
\??\c:\htntnn.exec:\htntnn.exe53⤵
- Executes dropped EXE
-
\??\c:\htbntn.exec:\htbntn.exe54⤵
- Executes dropped EXE
-
\??\c:\5pjjp.exec:\5pjjp.exe55⤵
- Executes dropped EXE
-
\??\c:\lllxlrf.exec:\lllxlrf.exe56⤵
- Executes dropped EXE
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe57⤵
- Executes dropped EXE
-
\??\c:\1nhhbt.exec:\1nhhbt.exe58⤵
- Executes dropped EXE
-
\??\c:\htnbtn.exec:\htnbtn.exe59⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe60⤵
- Executes dropped EXE
-
\??\c:\1ffxlll.exec:\1ffxlll.exe61⤵
- Executes dropped EXE
-
\??\c:\fllfxrl.exec:\fllfxrl.exe62⤵
- Executes dropped EXE
-
\??\c:\nnhhhh.exec:\nnhhhh.exe63⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe64⤵
- Executes dropped EXE
-
\??\c:\rfxrffr.exec:\rfxrffr.exe65⤵
- Executes dropped EXE
-
\??\c:\flrrfrr.exec:\flrrfrr.exe66⤵
-
\??\c:\9bttnn.exec:\9bttnn.exe67⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe68⤵
-
\??\c:\3vvpd.exec:\3vvpd.exe69⤵
-
\??\c:\lfxrxrf.exec:\lfxrxrf.exe70⤵
-
\??\c:\djjvj.exec:\djjvj.exe71⤵
-
\??\c:\5rrffxr.exec:\5rrffxr.exe72⤵
-
\??\c:\lfrxllx.exec:\lfrxllx.exe73⤵
-
\??\c:\tnhttn.exec:\tnhttn.exe74⤵
-
\??\c:\bbtnnt.exec:\bbtnnt.exe75⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe76⤵
-
\??\c:\llllxrl.exec:\llllxrl.exe77⤵
-
\??\c:\1rxrrrr.exec:\1rxrrrr.exe78⤵
-
\??\c:\htttnn.exec:\htttnn.exe79⤵
-
\??\c:\3vvvj.exec:\3vvvj.exe80⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe81⤵
-
\??\c:\rrrrlrf.exec:\rrrrlrf.exe82⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe83⤵
-
\??\c:\htthtn.exec:\htthtn.exe84⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe85⤵
-
\??\c:\rlrrllf.exec:\rlrrllf.exe86⤵
-
\??\c:\1rffffx.exec:\1rffffx.exe87⤵
-
\??\c:\nhhhbh.exec:\nhhhbh.exe88⤵
-
\??\c:\1hbtnn.exec:\1hbtnn.exe89⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe90⤵
-
\??\c:\jpjpj.exec:\jpjpj.exe91⤵
-
\??\c:\rxfxrrl.exec:\rxfxrrl.exe92⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe93⤵
-
\??\c:\3btbbb.exec:\3btbbb.exe94⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe95⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe96⤵
-
\??\c:\5ffxlll.exec:\5ffxlll.exe97⤵
-
\??\c:\bhnhtt.exec:\bhnhtt.exe98⤵
-
\??\c:\bhthtn.exec:\bhthtn.exe99⤵
-
\??\c:\jppdj.exec:\jppdj.exe100⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe101⤵
-
\??\c:\5xrlxrl.exec:\5xrlxrl.exe102⤵
-
\??\c:\hhhhtt.exec:\hhhhtt.exe103⤵
-
\??\c:\httnhb.exec:\httnhb.exe104⤵
-
\??\c:\pddvj.exec:\pddvj.exe105⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe106⤵
-
\??\c:\flflxrr.exec:\flflxrr.exe107⤵
-
\??\c:\1xfxrll.exec:\1xfxrll.exe108⤵
-
\??\c:\1hnttn.exec:\1hnttn.exe109⤵
-
\??\c:\1tbtbb.exec:\1tbtbb.exe110⤵
-
\??\c:\jddvj.exec:\jddvj.exe111⤵
-
\??\c:\rxlxrxx.exec:\rxlxrxx.exe112⤵
-
\??\c:\frxllfl.exec:\frxllfl.exe113⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe114⤵
-
\??\c:\5bbtnt.exec:\5bbtnt.exe115⤵
-
\??\c:\jpvjv.exec:\jpvjv.exe116⤵
-
\??\c:\9bbbbb.exec:\9bbbbb.exe117⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe118⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe119⤵
-
\??\c:\lffxlll.exec:\lffxlll.exe120⤵
-
\??\c:\fxlfflx.exec:\fxlfflx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-