Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
30/06/2024, 02:43
General
-
Target
dc4bad1ed1a84fca94a1d51e0767be48cba058ad13922ab22e16a50afbc4fea0.exe
-
Size
84KB
-
MD5
050d66a107476f0c60cc65afe7735220
-
SHA1
d64aded6691ec2b451bb2495f91808af08af1d64
-
SHA256
dc4bad1ed1a84fca94a1d51e0767be48cba058ad13922ab22e16a50afbc4fea0
-
SHA512
4fa995783ddc5484ffca75a6b1b57d9bfb4be5fe5ada2f1ca0e8116e37ea11ad14db8106e052dceb754961e49a45a0e7d30f6cdb80bd8b97cecfb976f1eb2698
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAXPfgr2hKmdbcPi2vK:ymb3NkkiQ3mdBjFo6Pfgy3dbc/K
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dc4bad1ed1a84fca94a1d51e0767be48cba058ad13922ab22e16a50afbc4fea0.exe"C:\Users\Admin\AppData\Local\Temp\dc4bad1ed1a84fca94a1d51e0767be48cba058ad13922ab22e16a50afbc4fea0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhnnn.exec:\tbhnnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vdpp.exec:\7vdpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjp.exec:\pjdjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rllrfl.exec:\9rllrfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlfrl.exec:\lfrlfrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddj.exec:\dpddj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxrx.exec:\xllfxrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhbb.exec:\nbhhbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbbb.exec:\tbhbbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdd.exec:\jdpdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lxxxrx.exec:\3lxxxrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrffxf.exec:\rlrffxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnnb.exec:\hthnnb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttnh.exec:\nhttnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvd.exec:\pdpvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrflff.exec:\lfrflff.exe17⤵
- Executes dropped EXE
-
\??\c:\xlrrxxf.exec:\xlrrxxf.exe18⤵
- Executes dropped EXE
-
\??\c:\tbhbth.exec:\tbhbth.exe19⤵
- Executes dropped EXE
-
\??\c:\9jvvv.exec:\9jvvv.exe20⤵
- Executes dropped EXE
-
\??\c:\7jpjp.exec:\7jpjp.exe21⤵
- Executes dropped EXE
-
\??\c:\lfllrrr.exec:\lfllrrr.exe22⤵
- Executes dropped EXE
-
\??\c:\lfffrxf.exec:\lfffrxf.exe23⤵
- Executes dropped EXE
-
\??\c:\btnthn.exec:\btnthn.exe24⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe25⤵
- Executes dropped EXE
-
\??\c:\vjjjp.exec:\vjjjp.exe26⤵
- Executes dropped EXE
-
\??\c:\lxfffff.exec:\lxfffff.exe27⤵
- Executes dropped EXE
-
\??\c:\hhbnbn.exec:\hhbnbn.exe28⤵
- Executes dropped EXE
-
\??\c:\1tnthn.exec:\1tnthn.exe29⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe30⤵
- Executes dropped EXE
-
\??\c:\rlflxfr.exec:\rlflxfr.exe31⤵
- Executes dropped EXE
-
\??\c:\fxrxflr.exec:\fxrxflr.exe32⤵
- Executes dropped EXE
-
\??\c:\1bbttn.exec:\1bbttn.exe33⤵
- Executes dropped EXE
-
\??\c:\htbnhn.exec:\htbnhn.exe34⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe35⤵
- Executes dropped EXE
-
\??\c:\jdvjj.exec:\jdvjj.exe36⤵
- Executes dropped EXE
-
\??\c:\lfffffl.exec:\lfffffl.exe37⤵
- Executes dropped EXE
-
\??\c:\fxffrxl.exec:\fxffrxl.exe38⤵
- Executes dropped EXE
-
\??\c:\nhnnbt.exec:\nhnnbt.exe39⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe40⤵
- Executes dropped EXE
-
\??\c:\vjpvd.exec:\vjpvd.exe41⤵
- Executes dropped EXE
-
\??\c:\fxrxllx.exec:\fxrxllx.exe42⤵
- Executes dropped EXE
-
\??\c:\9lrxflf.exec:\9lrxflf.exe43⤵
- Executes dropped EXE
-
\??\c:\xlfflxl.exec:\xlfflxl.exe44⤵
- Executes dropped EXE
-
\??\c:\ttnhtt.exec:\ttnhtt.exe45⤵
- Executes dropped EXE
-
\??\c:\7nhbhh.exec:\7nhbhh.exe46⤵
- Executes dropped EXE
-
\??\c:\htttnh.exec:\htttnh.exe47⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe48⤵
- Executes dropped EXE
-
\??\c:\vppvj.exec:\vppvj.exe49⤵
- Executes dropped EXE
-
\??\c:\ffxxfff.exec:\ffxxfff.exe50⤵
- Executes dropped EXE
-
\??\c:\lxllxxf.exec:\lxllxxf.exe51⤵
- Executes dropped EXE
-
\??\c:\nthbnh.exec:\nthbnh.exe52⤵
- Executes dropped EXE
-
\??\c:\5bnnth.exec:\5bnnth.exe53⤵
- Executes dropped EXE
-
\??\c:\1pddv.exec:\1pddv.exe54⤵
- Executes dropped EXE
-
\??\c:\5vdjp.exec:\5vdjp.exe55⤵
- Executes dropped EXE
-
\??\c:\7lrxllr.exec:\7lrxllr.exe56⤵
- Executes dropped EXE
-
\??\c:\rfrrxxx.exec:\rfrrxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\htnhnt.exec:\htnhnt.exe58⤵
- Executes dropped EXE
-
\??\c:\9nnhtt.exec:\9nnhtt.exe59⤵
- Executes dropped EXE
-
\??\c:\dddjd.exec:\dddjd.exe60⤵
- Executes dropped EXE
-
\??\c:\pvjvv.exec:\pvjvv.exe61⤵
- Executes dropped EXE
-
\??\c:\9fxrxxf.exec:\9fxrxxf.exe62⤵
- Executes dropped EXE
-
\??\c:\3frfrfr.exec:\3frfrfr.exe63⤵
- Executes dropped EXE
-
\??\c:\tnhnbh.exec:\tnhnbh.exe64⤵
- Executes dropped EXE
-
\??\c:\9thbbt.exec:\9thbbt.exe65⤵
- Executes dropped EXE
-
\??\c:\bbnthn.exec:\bbnthn.exe66⤵
-
\??\c:\3ppdj.exec:\3ppdj.exe67⤵
-
\??\c:\3jpdj.exec:\3jpdj.exe68⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe69⤵
-
\??\c:\hbthtn.exec:\hbthtn.exe70⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe71⤵
-
\??\c:\vpddv.exec:\vpddv.exe72⤵
-
\??\c:\ffxxlrx.exec:\ffxxlrx.exe73⤵
-
\??\c:\9ffrrrf.exec:\9ffrrrf.exe74⤵
-
\??\c:\tntthn.exec:\tntthn.exe75⤵
-
\??\c:\1bnnnn.exec:\1bnnnn.exe76⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe77⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe78⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe79⤵
-
\??\c:\1llrffl.exec:\1llrffl.exe80⤵
-
\??\c:\lfxrlrx.exec:\lfxrlrx.exe81⤵
-
\??\c:\hthhnb.exec:\hthhnb.exe82⤵
-
\??\c:\9tnbbh.exec:\9tnbbh.exe83⤵
-
\??\c:\hhttbh.exec:\hhttbh.exe84⤵
-
\??\c:\jdppd.exec:\jdppd.exe85⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe86⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe87⤵
-
\??\c:\3lffxfl.exec:\3lffxfl.exe88⤵
-
\??\c:\1fxlrxf.exec:\1fxlrxf.exe89⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe90⤵
-
\??\c:\5bnhhn.exec:\5bnhhn.exe91⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe92⤵
-
\??\c:\9dppv.exec:\9dppv.exe93⤵
-
\??\c:\frffrxl.exec:\frffrxl.exe94⤵
-
\??\c:\ffxllrf.exec:\ffxllrf.exe95⤵
-
\??\c:\lffrxfr.exec:\lffrxfr.exe96⤵
-
\??\c:\btbnth.exec:\btbnth.exe97⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe98⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe99⤵
-
\??\c:\jdddj.exec:\jdddj.exe100⤵
-
\??\c:\ffflxxl.exec:\ffflxxl.exe101⤵
-
\??\c:\rrfrlxl.exec:\rrfrlxl.exe102⤵
-
\??\c:\tnbbtt.exec:\tnbbtt.exe103⤵
-
\??\c:\ttbhnn.exec:\ttbhnn.exe104⤵
-
\??\c:\9hhtnt.exec:\9hhtnt.exe105⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe106⤵
-
\??\c:\1vpjp.exec:\1vpjp.exe107⤵
-
\??\c:\ffflxxr.exec:\ffflxxr.exe108⤵
-
\??\c:\rrflrrf.exec:\rrflrrf.exe109⤵
-
\??\c:\nnbhtt.exec:\nnbhtt.exe110⤵
-
\??\c:\nnhnhh.exec:\nnhnhh.exe111⤵
-
\??\c:\tthnth.exec:\tthnth.exe112⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe113⤵
-
\??\c:\9pjvd.exec:\9pjvd.exe114⤵
-
\??\c:\lxxflxf.exec:\lxxflxf.exe115⤵
-
\??\c:\5ffxffr.exec:\5ffxffr.exe116⤵
-
\??\c:\5tbhtb.exec:\5tbhtb.exe117⤵
-
\??\c:\tnhhhn.exec:\tnhhhn.exe118⤵
-
\??\c:\pjddj.exec:\pjddj.exe119⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe120⤵
-
\??\c:\frxxflx.exec:\frxxflx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-