Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
30-06-2024 00:55
General
-
Target
ac9f6231276a5ab76fc16a4200f3de4f6a49c0d087e62eacffa61aaa010cc069.exe
-
Size
192KB
-
MD5
36ef18928d4b97ce244315c0a6ec4d49
-
SHA1
5fe5371c3002cacaa95fd17e8d339c4f346c277e
-
SHA256
ac9f6231276a5ab76fc16a4200f3de4f6a49c0d087e62eacffa61aaa010cc069
-
SHA512
ecd05ddf6bf9314f7ba6d3cbf24924ceb64d8a9f913b05eaf53c028a11389122b42339ac7eb2a897d03dedb22afbf5f0e976c11f6ad7d746c9c1be582f8237ba
-
SSDEEP
3072:YhOmTsF93UYfwC6GIoutLmxHxae5yLpcgDE4JBuItR8pTsgnKbQFe3+3Q:Ycm4FmowdHoSLEaTBftapTsyFeO3Q
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 34 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac9f6231276a5ab76fc16a4200f3de4f6a49c0d087e62eacffa61aaa010cc069.exe"C:\Users\Admin\AppData\Local\Temp\ac9f6231276a5ab76fc16a4200f3de4f6a49c0d087e62eacffa61aaa010cc069.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhhn.exec:\hbbhhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhtn.exec:\nnbhtn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxrrf.exec:\fxrxrrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxflrlr.exec:\xxflrlr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthntn.exec:\bthntn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tnnbb.exec:\3tnnbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdj.exec:\ppjdj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrrrf.exec:\rlxrrrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrxlr.exec:\lflrxlr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpdv.exec:\jjpdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjv.exec:\jdvjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxrfx.exec:\lllxrfx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnbhn.exec:\tbnbhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttnt.exec:\hbttnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdj.exec:\pjvdj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llrxxl.exec:\7llrxxl.exe17⤵
- Executes dropped EXE
-
\??\c:\nhhtht.exec:\nhhtht.exe18⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe19⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe20⤵
- Executes dropped EXE
-
\??\c:\xrlrrxf.exec:\xrlrrxf.exe21⤵
- Executes dropped EXE
-
\??\c:\hbhntb.exec:\hbhntb.exe22⤵
- Executes dropped EXE
-
\??\c:\hbthtb.exec:\hbthtb.exe23⤵
- Executes dropped EXE
-
\??\c:\7jdvv.exec:\7jdvv.exe24⤵
- Executes dropped EXE
-
\??\c:\fxlrxfr.exec:\fxlrxfr.exe25⤵
- Executes dropped EXE
-
\??\c:\fxxrflf.exec:\fxxrflf.exe26⤵
- Executes dropped EXE
-
\??\c:\thtthh.exec:\thtthh.exe27⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe28⤵
- Executes dropped EXE
-
\??\c:\lrrfrlr.exec:\lrrfrlr.exe29⤵
- Executes dropped EXE
-
\??\c:\7rllxxf.exec:\7rllxxf.exe30⤵
- Executes dropped EXE
-
\??\c:\hhthnt.exec:\hhthnt.exe31⤵
- Executes dropped EXE
-
\??\c:\hbnhtn.exec:\hbnhtn.exe32⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe33⤵
- Executes dropped EXE
-
\??\c:\frllxrx.exec:\frllxrx.exe34⤵
- Executes dropped EXE
-
\??\c:\rlfflxf.exec:\rlfflxf.exe35⤵
- Executes dropped EXE
-
\??\c:\bnbtbh.exec:\bnbtbh.exe36⤵
- Executes dropped EXE
-
\??\c:\ttnnbb.exec:\ttnnbb.exe37⤵
- Executes dropped EXE
-
\??\c:\7dvvv.exec:\7dvvv.exe38⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe39⤵
- Executes dropped EXE
-
\??\c:\3lxxxxf.exec:\3lxxxxf.exe40⤵
- Executes dropped EXE
-
\??\c:\9fxlxlx.exec:\9fxlxlx.exe41⤵
- Executes dropped EXE
-
\??\c:\nntbhb.exec:\nntbhb.exe42⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe43⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe44⤵
- Executes dropped EXE
-
\??\c:\rrxxfxl.exec:\rrxxfxl.exe45⤵
- Executes dropped EXE
-
\??\c:\fxrxxfl.exec:\fxrxxfl.exe46⤵
- Executes dropped EXE
-
\??\c:\3bnnnn.exec:\3bnnnn.exe47⤵
- Executes dropped EXE
-
\??\c:\1nhtbh.exec:\1nhtbh.exe48⤵
- Executes dropped EXE
-
\??\c:\3dvjv.exec:\3dvjv.exe49⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe50⤵
- Executes dropped EXE
-
\??\c:\3lxrllr.exec:\3lxrllr.exe51⤵
- Executes dropped EXE
-
\??\c:\lflxrlx.exec:\lflxrlx.exe52⤵
- Executes dropped EXE
-
\??\c:\tttthb.exec:\tttthb.exe53⤵
- Executes dropped EXE
-
\??\c:\hbnnbn.exec:\hbnnbn.exe54⤵
- Executes dropped EXE
-
\??\c:\jvpjp.exec:\jvpjp.exe55⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe56⤵
- Executes dropped EXE
-
\??\c:\lflflxl.exec:\lflflxl.exe57⤵
- Executes dropped EXE
-
\??\c:\1xflxfr.exec:\1xflxfr.exe58⤵
- Executes dropped EXE
-
\??\c:\fxllrlr.exec:\fxllrlr.exe59⤵
- Executes dropped EXE
-
\??\c:\htnntb.exec:\htnntb.exe60⤵
- Executes dropped EXE
-
\??\c:\bnbthn.exec:\bnbthn.exe61⤵
- Executes dropped EXE
-
\??\c:\ppdpj.exec:\ppdpj.exe62⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe63⤵
- Executes dropped EXE
-
\??\c:\9lxxllr.exec:\9lxxllr.exe64⤵
- Executes dropped EXE
-
\??\c:\xxrxlxl.exec:\xxrxlxl.exe65⤵
- Executes dropped EXE
-
\??\c:\rlllffx.exec:\rlllffx.exe66⤵
-
\??\c:\bbtbhh.exec:\bbtbhh.exe67⤵
-
\??\c:\nbtttt.exec:\nbtttt.exe68⤵
-
\??\c:\jpvvd.exec:\jpvvd.exe69⤵
-
\??\c:\pppjp.exec:\pppjp.exe70⤵
-
\??\c:\1pjjv.exec:\1pjjv.exe71⤵
-
\??\c:\xrrlxlx.exec:\xrrlxlx.exe72⤵
-
\??\c:\lxlrffr.exec:\lxlrffr.exe73⤵
-
\??\c:\bnttbh.exec:\bnttbh.exe74⤵
-
\??\c:\bhbbbt.exec:\bhbbbt.exe75⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe76⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe77⤵
-
\??\c:\3lfxlfl.exec:\3lfxlfl.exe78⤵
-
\??\c:\rxxxffl.exec:\rxxxffl.exe79⤵
-
\??\c:\tttbbb.exec:\tttbbb.exe80⤵
-
\??\c:\btbntb.exec:\btbntb.exe81⤵
-
\??\c:\1hnbtt.exec:\1hnbtt.exe82⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe83⤵
-
\??\c:\lfrxllr.exec:\lfrxllr.exe84⤵
-
\??\c:\rrllxxr.exec:\rrllxxr.exe85⤵
-
\??\c:\hbnthn.exec:\hbnthn.exe86⤵
-
\??\c:\hhthbh.exec:\hhthbh.exe87⤵
-
\??\c:\tnbnbb.exec:\tnbnbb.exe88⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe89⤵
-
\??\c:\jjjjp.exec:\jjjjp.exe90⤵
-
\??\c:\rlxlrfx.exec:\rlxlrfx.exe91⤵
-
\??\c:\fffllrf.exec:\fffllrf.exe92⤵
-
\??\c:\fxfxffl.exec:\fxfxffl.exe93⤵
-
\??\c:\5bntbh.exec:\5bntbh.exe94⤵
-
\??\c:\nhthtb.exec:\nhthtb.exe95⤵
-
\??\c:\5vddv.exec:\5vddv.exe96⤵
-
\??\c:\vpddp.exec:\vpddp.exe97⤵
-
\??\c:\xxrrxxl.exec:\xxrrxxl.exe98⤵
-
\??\c:\xxlxflr.exec:\xxlxflr.exe99⤵
-
\??\c:\bbtthn.exec:\bbtthn.exe100⤵
-
\??\c:\hbthtt.exec:\hbthtt.exe101⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe102⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe103⤵
-
\??\c:\pppjp.exec:\pppjp.exe104⤵
-
\??\c:\llfrflx.exec:\llfrflx.exe105⤵
-
\??\c:\lxlllxf.exec:\lxlllxf.exe106⤵
-
\??\c:\5bthtb.exec:\5bthtb.exe107⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe108⤵
-
\??\c:\vppdv.exec:\vppdv.exe109⤵
-
\??\c:\djjdd.exec:\djjdd.exe110⤵
-
\??\c:\xlrllff.exec:\xlrllff.exe111⤵
-
\??\c:\fxrfrrf.exec:\fxrfrrf.exe112⤵
-
\??\c:\xxxxlxl.exec:\xxxxlxl.exe113⤵
-
\??\c:\bhnhnh.exec:\bhnhnh.exe114⤵
-
\??\c:\hnbtbt.exec:\hnbtbt.exe115⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe116⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe117⤵
-
\??\c:\ffxfxrx.exec:\ffxfxrx.exe118⤵
-
\??\c:\lrrrrlr.exec:\lrrrrlr.exe119⤵
-
\??\c:\fxlxfrx.exec:\fxlxfrx.exe120⤵
-
\??\c:\nnbbhn.exec:\nnbbhn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-