Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
01/07/2024, 04:28
General
-
Target
f02cf73d023306f4d173de9e5b4b9f39f3bd6658a8efbc3969b56151be792971.exe
-
Size
69KB
-
MD5
c04b08b0341548855d780322a7c58c7d
-
SHA1
0743fa6066d3a46c692c8f4c1735091a417018a7
-
SHA256
f02cf73d023306f4d173de9e5b4b9f39f3bd6658a8efbc3969b56151be792971
-
SHA512
b64369f076db6905e3eac23884a9d49376d08e4a81113f53d7f9814820a13a9f72dfa53cfa18dccee9aa59343ef329ac92123536f90944db67bc83deee73ab8c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZ5Rxfo:ymb3NkkiQ3mdBjF0yUmrfo
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f02cf73d023306f4d173de9e5b4b9f39f3bd6658a8efbc3969b56151be792971.exe"C:\Users\Admin\AppData\Local\Temp\f02cf73d023306f4d173de9e5b4b9f39f3bd6658a8efbc3969b56151be792971.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrfxl.exec:\rrlrfxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbnt.exec:\bbnbnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbnnh.exec:\thbnnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jpjv.exec:\3jpjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffrfxf.exec:\xffrfxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfffrr.exec:\fxfffrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nnnhn.exec:\5nnnhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhtht.exec:\hhhtht.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjpv.exec:\1pjpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jpdv.exec:\1jpdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlllx.exec:\lfrlllx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxrlx.exec:\xxrxrlx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnbtn.exec:\bhnbtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthtbh.exec:\tthtbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jppv.exec:\5jppv.exe17⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe18⤵
- Executes dropped EXE
-
\??\c:\rlxfrfr.exec:\rlxfrfr.exe19⤵
- Executes dropped EXE
-
\??\c:\llfxlxf.exec:\llfxlxf.exe20⤵
- Executes dropped EXE
-
\??\c:\rxrfrrl.exec:\rxrfrrl.exe21⤵
- Executes dropped EXE
-
\??\c:\3tnnnh.exec:\3tnnnh.exe22⤵
- Executes dropped EXE
-
\??\c:\hbtnbt.exec:\hbtnbt.exe23⤵
- Executes dropped EXE
-
\??\c:\ddjpj.exec:\ddjpj.exe24⤵
- Executes dropped EXE
-
\??\c:\7dvvj.exec:\7dvvj.exe25⤵
- Executes dropped EXE
-
\??\c:\llffrfr.exec:\llffrfr.exe26⤵
- Executes dropped EXE
-
\??\c:\llfxxrr.exec:\llfxxrr.exe27⤵
- Executes dropped EXE
-
\??\c:\hnthbh.exec:\hnthbh.exe28⤵
- Executes dropped EXE
-
\??\c:\tthbbh.exec:\tthbbh.exe29⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe30⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe31⤵
- Executes dropped EXE
-
\??\c:\xxlxlrx.exec:\xxlxlrx.exe32⤵
- Executes dropped EXE
-
\??\c:\rrrfxfx.exec:\rrrfxfx.exe33⤵
- Executes dropped EXE
-
\??\c:\hhbnbb.exec:\hhbnbb.exe34⤵
- Executes dropped EXE
-
\??\c:\hbhhtt.exec:\hbhhtt.exe35⤵
-
\??\c:\3vpvd.exec:\3vpvd.exe36⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe37⤵
- Executes dropped EXE
-
\??\c:\fxffxxl.exec:\fxffxxl.exe38⤵
- Executes dropped EXE
-
\??\c:\ffxrrxl.exec:\ffxrrxl.exe39⤵
- Executes dropped EXE
-
\??\c:\tnthbh.exec:\tnthbh.exe40⤵
- Executes dropped EXE
-
\??\c:\tthtbb.exec:\tthtbb.exe41⤵
- Executes dropped EXE
-
\??\c:\ppjjp.exec:\ppjjp.exe42⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe43⤵
- Executes dropped EXE
-
\??\c:\5xxrrff.exec:\5xxrrff.exe44⤵
- Executes dropped EXE
-
\??\c:\rflxlxf.exec:\rflxlxf.exe45⤵
- Executes dropped EXE
-
\??\c:\3hntnn.exec:\3hntnn.exe46⤵
- Executes dropped EXE
-
\??\c:\bbbnbh.exec:\bbbnbh.exe47⤵
- Executes dropped EXE
-
\??\c:\hhtbnt.exec:\hhtbnt.exe48⤵
- Executes dropped EXE
-
\??\c:\jdpdv.exec:\jdpdv.exe49⤵
- Executes dropped EXE
-
\??\c:\3ppjd.exec:\3ppjd.exe50⤵
- Executes dropped EXE
-
\??\c:\xrxflxl.exec:\xrxflxl.exe51⤵
- Executes dropped EXE
-
\??\c:\1rxlfrl.exec:\1rxlfrl.exe52⤵
- Executes dropped EXE
-
\??\c:\5xrfrlr.exec:\5xrfrlr.exe53⤵
- Executes dropped EXE
-
\??\c:\nhnbhn.exec:\nhnbhn.exe54⤵
- Executes dropped EXE
-
\??\c:\nhnnnn.exec:\nhnnnn.exe55⤵
- Executes dropped EXE
-
\??\c:\hhbhnt.exec:\hhbhnt.exe56⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe57⤵
- Executes dropped EXE
-
\??\c:\ppdjd.exec:\ppdjd.exe58⤵
- Executes dropped EXE
-
\??\c:\rrflflf.exec:\rrflflf.exe59⤵
- Executes dropped EXE
-
\??\c:\flflxfr.exec:\flflxfr.exe60⤵
- Executes dropped EXE
-
\??\c:\rlfrrxf.exec:\rlfrrxf.exe61⤵
- Executes dropped EXE
-
\??\c:\3tnbbn.exec:\3tnbbn.exe62⤵
- Executes dropped EXE
-
\??\c:\1bhhth.exec:\1bhhth.exe63⤵
- Executes dropped EXE
-
\??\c:\9pdpv.exec:\9pdpv.exe64⤵
- Executes dropped EXE
-
\??\c:\djpjj.exec:\djpjj.exe65⤵
- Executes dropped EXE
-
\??\c:\pvdvd.exec:\pvdvd.exe66⤵
- Executes dropped EXE
-
\??\c:\xrllrrf.exec:\xrllrrf.exe67⤵
-
\??\c:\rfxflll.exec:\rfxflll.exe68⤵
-
\??\c:\tththn.exec:\tththn.exe69⤵
-
\??\c:\hhbhhn.exec:\hhbhhn.exe70⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe71⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe72⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe73⤵
-
\??\c:\7lfxllr.exec:\7lfxllr.exe74⤵
-
\??\c:\fxfxxrf.exec:\fxfxxrf.exe75⤵
-
\??\c:\htnbnt.exec:\htnbnt.exe76⤵
-
\??\c:\pddvd.exec:\pddvd.exe77⤵
-
\??\c:\rxlfxrr.exec:\rxlfxrr.exe78⤵
-
\??\c:\lllxlll.exec:\lllxlll.exe79⤵
-
\??\c:\5hthhn.exec:\5hthhn.exe80⤵
-
\??\c:\nbthbb.exec:\nbthbb.exe81⤵
-
\??\c:\vpddd.exec:\vpddd.exe82⤵
-
\??\c:\pvjpv.exec:\pvjpv.exe83⤵
-
\??\c:\xxrxrrl.exec:\xxrxrrl.exe84⤵
-
\??\c:\xrxrfrf.exec:\xrxrfrf.exe85⤵
-
\??\c:\frlxlrf.exec:\frlxlrf.exe86⤵
-
\??\c:\bthnth.exec:\bthnth.exe87⤵
-
\??\c:\1bbhtt.exec:\1bbhtt.exe88⤵
-
\??\c:\hhbtnh.exec:\hhbtnh.exe89⤵
-
\??\c:\flffllr.exec:\flffllr.exe90⤵
-
\??\c:\bbnnbh.exec:\bbnnbh.exe91⤵
-
\??\c:\1hnntt.exec:\1hnntt.exe92⤵
-
\??\c:\hhhbbn.exec:\hhhbbn.exe93⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe94⤵
-
\??\c:\djpjj.exec:\djpjj.exe95⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe96⤵
-
\??\c:\xfxlrlr.exec:\xfxlrlr.exe97⤵
-
\??\c:\lrrrrfx.exec:\lrrrrfx.exe98⤵
-
\??\c:\nbhtbn.exec:\nbhtbn.exe99⤵
-
\??\c:\hbnbhh.exec:\hbnbhh.exe100⤵
-
\??\c:\9hnhnb.exec:\9hnhnb.exe101⤵
-
\??\c:\9ddjv.exec:\9ddjv.exe102⤵
-
\??\c:\5jddj.exec:\5jddj.exe103⤵
-
\??\c:\ddppd.exec:\ddppd.exe104⤵
-
\??\c:\rlrlxxl.exec:\rlrlxxl.exe105⤵
-
\??\c:\fxrfxlx.exec:\fxrfxlx.exe106⤵
-
\??\c:\lfrxfrf.exec:\lfrxfrf.exe107⤵
-
\??\c:\9hhhnt.exec:\9hhhnt.exe108⤵
-
\??\c:\hhhtth.exec:\hhhtth.exe109⤵
-
\??\c:\nnnthh.exec:\nnnthh.exe110⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe111⤵
-
\??\c:\9vpdv.exec:\9vpdv.exe112⤵
-
\??\c:\7vvvv.exec:\7vvvv.exe113⤵
-
\??\c:\rrffxxx.exec:\rrffxxx.exe114⤵
-
\??\c:\lfrxlrr.exec:\lfrxlrr.exe115⤵
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe116⤵
-
\??\c:\3tthhb.exec:\3tthhb.exe117⤵
-
\??\c:\9bbnbb.exec:\9bbnbb.exe118⤵
-
\??\c:\nnbbbn.exec:\nnbbbn.exe119⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe120⤵
-
\??\c:\3vjdp.exec:\3vjdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-