Analysis
-
max time kernel
150s -
max time network
56s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
01-07-2024 04:28
General
-
Target
f02cf73d023306f4d173de9e5b4b9f39f3bd6658a8efbc3969b56151be792971.exe
-
Size
69KB
-
MD5
c04b08b0341548855d780322a7c58c7d
-
SHA1
0743fa6066d3a46c692c8f4c1735091a417018a7
-
SHA256
f02cf73d023306f4d173de9e5b4b9f39f3bd6658a8efbc3969b56151be792971
-
SHA512
b64369f076db6905e3eac23884a9d49376d08e4a81113f53d7f9814820a13a9f72dfa53cfa18dccee9aa59343ef329ac92123536f90944db67bc83deee73ab8c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZ5Rxfo:ymb3NkkiQ3mdBjF0yUmrfo
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 38 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f02cf73d023306f4d173de9e5b4b9f39f3bd6658a8efbc3969b56151be792971.exe"C:\Users\Admin\AppData\Local\Temp\f02cf73d023306f4d173de9e5b4b9f39f3bd6658a8efbc3969b56151be792971.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frrffff.exec:\frrffff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflrll.exec:\xrflrll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhthbn.exec:\nhthbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnbhb.exec:\1bnbhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvv.exec:\jdvvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrxrf.exec:\fxxrxrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxfrx.exec:\lfrxfrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbnt.exec:\tbbbnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvjv.exec:\1pvjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvv.exec:\jjvvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrffx.exec:\rlrrffx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbbn.exec:\thtbbn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjd.exec:\pjpjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfllrr.exec:\xrfllrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffxrr.exec:\lfffxrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbbb.exec:\hbbbbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btttt.exec:\9btttt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdv.exec:\dvvdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjjj.exec:\5vjjj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fllllr.exec:\1fllllr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlflf.exec:\xlrlflf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nnhhh.exec:\1nnhhh.exe23⤵
- Executes dropped EXE
-
\??\c:\jvdjd.exec:\jvdjd.exe24⤵
- Executes dropped EXE
-
\??\c:\lflxflr.exec:\lflxflr.exe25⤵
- Executes dropped EXE
-
\??\c:\rfxxflx.exec:\rfxxflx.exe26⤵
- Executes dropped EXE
-
\??\c:\thtbtt.exec:\thtbtt.exe27⤵
- Executes dropped EXE
-
\??\c:\nhhhhh.exec:\nhhhhh.exe28⤵
- Executes dropped EXE
-
\??\c:\vdvjv.exec:\vdvjv.exe29⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe30⤵
- Executes dropped EXE
-
\??\c:\llfrffx.exec:\llfrffx.exe31⤵
- Executes dropped EXE
-
\??\c:\rrrxflx.exec:\rrrxflx.exe32⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe33⤵
- Executes dropped EXE
-
\??\c:\nbttth.exec:\nbttth.exe34⤵
- Executes dropped EXE
-
\??\c:\9dpjp.exec:\9dpjp.exe35⤵
- Executes dropped EXE
-
\??\c:\djvdv.exec:\djvdv.exe36⤵
- Executes dropped EXE
-
\??\c:\fllrxfl.exec:\fllrxfl.exe37⤵
- Executes dropped EXE
-
\??\c:\rllffxr.exec:\rllffxr.exe38⤵
- Executes dropped EXE
-
\??\c:\nnnbhb.exec:\nnnbhb.exe39⤵
- Executes dropped EXE
-
\??\c:\hnnnth.exec:\hnnnth.exe40⤵
- Executes dropped EXE
-
\??\c:\1bhhtt.exec:\1bhhtt.exe41⤵
- Executes dropped EXE
-
\??\c:\vddpj.exec:\vddpj.exe42⤵
- Executes dropped EXE
-
\??\c:\ddjvv.exec:\ddjvv.exe43⤵
- Executes dropped EXE
-
\??\c:\xxlfllr.exec:\xxlfllr.exe44⤵
- Executes dropped EXE
-
\??\c:\xxllrfl.exec:\xxllrfl.exe45⤵
- Executes dropped EXE
-
\??\c:\tnnhnn.exec:\tnnhnn.exe46⤵
- Executes dropped EXE
-
\??\c:\tbhbtn.exec:\tbhbtn.exe47⤵
- Executes dropped EXE
-
\??\c:\1vpjd.exec:\1vpjd.exe48⤵
- Executes dropped EXE
-
\??\c:\jjjjv.exec:\jjjjv.exe49⤵
- Executes dropped EXE
-
\??\c:\lflrrxf.exec:\lflrrxf.exe50⤵
- Executes dropped EXE
-
\??\c:\rrllfff.exec:\rrllfff.exe51⤵
- Executes dropped EXE
-
\??\c:\fllxlxl.exec:\fllxlxl.exe52⤵
- Executes dropped EXE
-
\??\c:\tnnhhh.exec:\tnnhhh.exe53⤵
- Executes dropped EXE
-
\??\c:\tnhbtt.exec:\tnhbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\pjpvv.exec:\pjpvv.exe55⤵
- Executes dropped EXE
-
\??\c:\5llfrrl.exec:\5llfrrl.exe56⤵
- Executes dropped EXE
-
\??\c:\ffxrrrl.exec:\ffxrrrl.exe57⤵
- Executes dropped EXE
-
\??\c:\tthhtb.exec:\tthhtb.exe58⤵
- Executes dropped EXE
-
\??\c:\nhhhhh.exec:\nhhhhh.exe59⤵
- Executes dropped EXE
-
\??\c:\thnbtn.exec:\thnbtn.exe60⤵
- Executes dropped EXE
-
\??\c:\lfffxxx.exec:\lfffxxx.exe61⤵
- Executes dropped EXE
-
\??\c:\rxrflfr.exec:\rxrflfr.exe62⤵
- Executes dropped EXE
-
\??\c:\5nbhnt.exec:\5nbhnt.exe63⤵
- Executes dropped EXE
-
\??\c:\bntbtt.exec:\bntbtt.exe64⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe65⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe66⤵
-
\??\c:\lxfrxrr.exec:\lxfrxrr.exe67⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe68⤵
-
\??\c:\7nnhbb.exec:\7nnhbb.exe69⤵
-
\??\c:\9hhhtb.exec:\9hhhtb.exe70⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe71⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe72⤵
-
\??\c:\llxfxff.exec:\llxfxff.exe73⤵
-
\??\c:\frrrlll.exec:\frrrlll.exe74⤵
-
\??\c:\bnnnnn.exec:\bnnnnn.exe75⤵
-
\??\c:\7nthbb.exec:\7nthbb.exe76⤵
-
\??\c:\btbtnb.exec:\btbtnb.exe77⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe78⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe79⤵
-
\??\c:\5xrxxxr.exec:\5xrxxxr.exe80⤵
-
\??\c:\1llllll.exec:\1llllll.exe81⤵
-
\??\c:\btnhbh.exec:\btnhbh.exe82⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe83⤵
-
\??\c:\vdvdd.exec:\vdvdd.exe84⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe85⤵
-
\??\c:\lrllxxx.exec:\lrllxxx.exe86⤵
-
\??\c:\fxxxrll.exec:\fxxxrll.exe87⤵
-
\??\c:\lffffff.exec:\lffffff.exe88⤵
-
\??\c:\hbbhbb.exec:\hbbhbb.exe89⤵
-
\??\c:\nthhtn.exec:\nthhtn.exe90⤵
-
\??\c:\1jdvp.exec:\1jdvp.exe91⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe92⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe93⤵
-
\??\c:\lrfxrrr.exec:\lrfxrrr.exe94⤵
-
\??\c:\frfxxrl.exec:\frfxxrl.exe95⤵
-
\??\c:\nhhnbb.exec:\nhhnbb.exe96⤵
-
\??\c:\nhhnnt.exec:\nhhnnt.exe97⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe98⤵
-
\??\c:\jpjvp.exec:\jpjvp.exe99⤵
-
\??\c:\5vddp.exec:\5vddp.exe100⤵
-
\??\c:\lrxrrxr.exec:\lrxrrxr.exe101⤵
-
\??\c:\frxrlrl.exec:\frxrlrl.exe102⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe103⤵
-
\??\c:\nthttt.exec:\nthttt.exe104⤵
-
\??\c:\pjddv.exec:\pjddv.exe105⤵
-
\??\c:\jddpj.exec:\jddpj.exe106⤵
-
\??\c:\rllrlll.exec:\rllrlll.exe107⤵
-
\??\c:\frlxlxr.exec:\frlxlxr.exe108⤵
-
\??\c:\bnbhtb.exec:\bnbhtb.exe109⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe110⤵
-
\??\c:\3lrllrr.exec:\3lrllrr.exe111⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe112⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe113⤵
-
\??\c:\lrxrlxx.exec:\lrxrlxx.exe114⤵
-
\??\c:\fxfllrr.exec:\fxfllrr.exe115⤵
-
\??\c:\nhnhbn.exec:\nhnhbn.exe116⤵
-
\??\c:\jvddd.exec:\jvddd.exe117⤵
-
\??\c:\9llfxfx.exec:\9llfxfx.exe118⤵
-
\??\c:\bbbttt.exec:\bbbttt.exe119⤵
-
\??\c:\bhthhn.exec:\bhthhn.exe120⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-