Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
29/06/2024, 18:40
General
-
Target
1026e6ec2979d410eb6f08d46bd1123ea36b303e29ec14a3de57eb771315bef7.exe
-
Size
129KB
-
MD5
2715b614e2e7b006e0e77781e1929cc4
-
SHA1
b7b40ea88f83b7ffbf2215944587358fcb946610
-
SHA256
1026e6ec2979d410eb6f08d46bd1123ea36b303e29ec14a3de57eb771315bef7
-
SHA512
9d7d572b7fe3b4af68e64a202fbd6268a9fdd6adc2d6788f56ccdd44a81871100b8334102e7d68d872a9325f109ff3b3f4c6187b2def68330dbae4e7ed0fb59f
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHvmQ+EZMYX/x6gto:n3C9BRW0j/uVEZFJvu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1026e6ec2979d410eb6f08d46bd1123ea36b303e29ec14a3de57eb771315bef7.exe"C:\Users\Admin\AppData\Local\Temp\1026e6ec2979d410eb6f08d46bd1123ea36b303e29ec14a3de57eb771315bef7.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\226800.exec:\226800.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppd.exec:\jpppd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8288480.exec:\8288480.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvd.exec:\ddpvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrxxf.exec:\llxrxxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8202846.exec:\8202846.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\40466.exec:\40466.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxflxr.exec:\1rxflxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w06060.exec:\w06060.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q06222.exec:\q06222.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpp.exec:\dpvpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxrrx.exec:\rxfxrrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8646262.exec:\8646262.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0862060.exec:\0862060.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w82800.exec:\w82800.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2022440.exec:\2022440.exe17⤵
- Executes dropped EXE
-
\??\c:\frflxrx.exec:\frflxrx.exe18⤵
- Executes dropped EXE
-
\??\c:\3vjdj.exec:\3vjdj.exe19⤵
- Executes dropped EXE
-
\??\c:\26402.exec:\26402.exe20⤵
- Executes dropped EXE
-
\??\c:\u088062.exec:\u088062.exe21⤵
- Executes dropped EXE
-
\??\c:\6084668.exec:\6084668.exe22⤵
- Executes dropped EXE
-
\??\c:\9ppvj.exec:\9ppvj.exe23⤵
- Executes dropped EXE
-
\??\c:\bbhtbh.exec:\bbhtbh.exe24⤵
- Executes dropped EXE
-
\??\c:\4284228.exec:\4284228.exe25⤵
- Executes dropped EXE
-
\??\c:\nbtthn.exec:\nbtthn.exe26⤵
- Executes dropped EXE
-
\??\c:\046244.exec:\046244.exe27⤵
- Executes dropped EXE
-
\??\c:\nhtbhh.exec:\nhtbhh.exe28⤵
- Executes dropped EXE
-
\??\c:\268028.exec:\268028.exe29⤵
- Executes dropped EXE
-
\??\c:\i084002.exec:\i084002.exe30⤵
- Executes dropped EXE
-
\??\c:\9vpdp.exec:\9vpdp.exe31⤵
- Executes dropped EXE
-
\??\c:\04624.exec:\04624.exe32⤵
- Executes dropped EXE
-
\??\c:\0428062.exec:\0428062.exe33⤵
- Executes dropped EXE
-
\??\c:\8026842.exec:\8026842.exe34⤵
- Executes dropped EXE
-
\??\c:\rrlxllx.exec:\rrlxllx.exe35⤵
- Executes dropped EXE
-
\??\c:\ppvdv.exec:\ppvdv.exe36⤵
- Executes dropped EXE
-
\??\c:\5dpdj.exec:\5dpdj.exe37⤵
- Executes dropped EXE
-
\??\c:\3xrlxxl.exec:\3xrlxxl.exe38⤵
- Executes dropped EXE
-
\??\c:\7rlrrrf.exec:\7rlrrrf.exe39⤵
- Executes dropped EXE
-
\??\c:\040028.exec:\040028.exe40⤵
- Executes dropped EXE
-
\??\c:\btnnbt.exec:\btnnbt.exe41⤵
- Executes dropped EXE
-
\??\c:\3jjvd.exec:\3jjvd.exe42⤵
- Executes dropped EXE
-
\??\c:\vjpvv.exec:\vjpvv.exe43⤵
- Executes dropped EXE
-
\??\c:\0800888.exec:\0800888.exe44⤵
- Executes dropped EXE
-
\??\c:\htntbh.exec:\htntbh.exe45⤵
- Executes dropped EXE
-
\??\c:\hbttbb.exec:\hbttbb.exe46⤵
- Executes dropped EXE
-
\??\c:\i602880.exec:\i602880.exe47⤵
- Executes dropped EXE
-
\??\c:\20220.exec:\20220.exe48⤵
- Executes dropped EXE
-
\??\c:\88224.exec:\88224.exe49⤵
- Executes dropped EXE
-
\??\c:\60442.exec:\60442.exe50⤵
- Executes dropped EXE
-
\??\c:\c428440.exec:\c428440.exe51⤵
- Executes dropped EXE
-
\??\c:\82406.exec:\82406.exe52⤵
- Executes dropped EXE
-
\??\c:\68606.exec:\68606.exe53⤵
- Executes dropped EXE
-
\??\c:\w20622.exec:\w20622.exe54⤵
- Executes dropped EXE
-
\??\c:\26280.exec:\26280.exe55⤵
- Executes dropped EXE
-
\??\c:\2088444.exec:\2088444.exe56⤵
- Executes dropped EXE
-
\??\c:\1tbttt.exec:\1tbttt.exe57⤵
- Executes dropped EXE
-
\??\c:\266422.exec:\266422.exe58⤵
- Executes dropped EXE
-
\??\c:\thtnnn.exec:\thtnnn.exe59⤵
- Executes dropped EXE
-
\??\c:\5pppj.exec:\5pppj.exe60⤵
- Executes dropped EXE
-
\??\c:\264066.exec:\264066.exe61⤵
- Executes dropped EXE
-
\??\c:\60008.exec:\60008.exe62⤵
- Executes dropped EXE
-
\??\c:\lfrllrx.exec:\lfrllrx.exe63⤵
- Executes dropped EXE
-
\??\c:\0084662.exec:\0084662.exe64⤵
- Executes dropped EXE
-
\??\c:\fxllrxf.exec:\fxllrxf.exe65⤵
- Executes dropped EXE
-
\??\c:\82068.exec:\82068.exe66⤵
-
\??\c:\460486.exec:\460486.exe67⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe68⤵
-
\??\c:\862840.exec:\862840.exe69⤵
-
\??\c:\1ntttt.exec:\1ntttt.exe70⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe71⤵
-
\??\c:\44284.exec:\44284.exe72⤵
-
\??\c:\c462062.exec:\c462062.exe73⤵
-
\??\c:\vppvd.exec:\vppvd.exe74⤵
-
\??\c:\vpddd.exec:\vpddd.exe75⤵
-
\??\c:\8082880.exec:\8082880.exe76⤵
-
\??\c:\q24628.exec:\q24628.exe77⤵
-
\??\c:\i486844.exec:\i486844.exe78⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe79⤵
-
\??\c:\080000.exec:\080000.exe80⤵
-
\??\c:\tthntb.exec:\tthntb.exe81⤵
-
\??\c:\264084.exec:\264084.exe82⤵
-
\??\c:\1fffrrl.exec:\1fffrrl.exe83⤵
-
\??\c:\8268068.exec:\8268068.exe84⤵
-
\??\c:\846644.exec:\846644.exe85⤵
-
\??\c:\lflrxlf.exec:\lflrxlf.exe86⤵
-
\??\c:\20666.exec:\20666.exe87⤵
-
\??\c:\884646.exec:\884646.exe88⤵
-
\??\c:\rxlxrxf.exec:\rxlxrxf.exe89⤵
-
\??\c:\208840.exec:\208840.exe90⤵
-
\??\c:\4806440.exec:\4806440.exe91⤵
-
\??\c:\2642628.exec:\2642628.exe92⤵
-
\??\c:\824400.exec:\824400.exe93⤵
-
\??\c:\9lfffxf.exec:\9lfffxf.exe94⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe95⤵
-
\??\c:\httnbb.exec:\httnbb.exe96⤵
-
\??\c:\a4406.exec:\a4406.exe97⤵
-
\??\c:\824266.exec:\824266.exe98⤵
-
\??\c:\3xffxxf.exec:\3xffxxf.exe99⤵
-
\??\c:\486462.exec:\486462.exe100⤵
-
\??\c:\24668.exec:\24668.exe101⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe102⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe103⤵
-
\??\c:\82268.exec:\82268.exe104⤵
-
\??\c:\a8624.exec:\a8624.exe105⤵
-
\??\c:\e64440.exec:\e64440.exe106⤵
-
\??\c:\5nbbnt.exec:\5nbbnt.exe107⤵
-
\??\c:\hbthtb.exec:\hbthtb.exe108⤵
-
\??\c:\i484844.exec:\i484844.exe109⤵
-
\??\c:\228884.exec:\228884.exe110⤵
-
\??\c:\48268.exec:\48268.exe111⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe112⤵
-
\??\c:\042462.exec:\042462.exe113⤵
-
\??\c:\ttbhhn.exec:\ttbhhn.exe114⤵
-
\??\c:\5bhntt.exec:\5bhntt.exe115⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe116⤵
-
\??\c:\1lrlllx.exec:\1lrlllx.exe117⤵
-
\??\c:\g4024.exec:\g4024.exe118⤵
-
\??\c:\e68804.exec:\e68804.exe119⤵
-
\??\c:\3ttbbt.exec:\3ttbbt.exe120⤵
-
\??\c:\hbhhtb.exec:\hbhhtb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-