Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
04-07-2024 21:13
General
-
Target
460fd22e825972536bee86f8354477dd34e7e51ebac18b633a2d0f3b94b7d62e.exe
-
Size
69KB
-
MD5
831976b91c46b871ea7dc408ee8de1b8
-
SHA1
7821e3e01b720c4cf0b4d847abdb30cc75b709e8
-
SHA256
460fd22e825972536bee86f8354477dd34e7e51ebac18b633a2d0f3b94b7d62e
-
SHA512
fbe28a1a0549aef1119660d681c3dcc9e31ccf5d07a49163e4bb919ebb66f22b3a262b1454454ef2c4596ecbf5a541c27b2bcd7398522b7d4e62a34194166d03
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZVTr7:ymb3NkkiQ3mdBjF0yUm7T
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\460fd22e825972536bee86f8354477dd34e7e51ebac18b633a2d0f3b94b7d62e.exe"C:\Users\Admin\AppData\Local\Temp\460fd22e825972536bee86f8354477dd34e7e51ebac18b633a2d0f3b94b7d62e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjdv.exec:\5jjdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7flxrrl.exec:\7flxrrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhbt.exec:\hbnhbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbthh.exec:\ntbthh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvpv.exec:\9vvpv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjd.exec:\vpjjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxxr.exec:\lflfxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lfrlfr.exec:\1lfrlfr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbbbb.exec:\hnbbbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbnh.exec:\nbhbnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdv.exec:\ddjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpd.exec:\vjvpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrxxf.exec:\rlxrxxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttttt.exec:\bttttt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbbt.exec:\nhhbbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdpp.exec:\djdpp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvd.exec:\djvvd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrrrr.exec:\fxfrrrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxrrl.exec:\frfxrrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhbt.exec:\hbnhbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhbn.exec:\hnnhbn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdv.exec:\ddjdv.exe23⤵
- Executes dropped EXE
-
\??\c:\ppjjj.exec:\ppjjj.exe24⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe25⤵
- Executes dropped EXE
-
\??\c:\7rlrlxr.exec:\7rlrlxr.exe26⤵
- Executes dropped EXE
-
\??\c:\7nnnnn.exec:\7nnnnn.exe27⤵
- Executes dropped EXE
-
\??\c:\nbnhnh.exec:\nbnhnh.exe28⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe29⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe30⤵
- Executes dropped EXE
-
\??\c:\frrlffx.exec:\frrlffx.exe31⤵
- Executes dropped EXE
-
\??\c:\bhbttt.exec:\bhbttt.exe32⤵
- Executes dropped EXE
-
\??\c:\bntnhb.exec:\bntnhb.exe33⤵
- Executes dropped EXE
-
\??\c:\htbbnh.exec:\htbbnh.exe34⤵
- Executes dropped EXE
-
\??\c:\ppvpp.exec:\ppvpp.exe35⤵
- Executes dropped EXE
-
\??\c:\rrffxll.exec:\rrffxll.exe36⤵
- Executes dropped EXE
-
\??\c:\lxfffll.exec:\lxfffll.exe37⤵
- Executes dropped EXE
-
\??\c:\tntbbh.exec:\tntbbh.exe38⤵
- Executes dropped EXE
-
\??\c:\bbthnt.exec:\bbthnt.exe39⤵
- Executes dropped EXE
-
\??\c:\vjppd.exec:\vjppd.exe40⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe41⤵
- Executes dropped EXE
-
\??\c:\jjvvj.exec:\jjvvj.exe42⤵
- Executes dropped EXE
-
\??\c:\5xxrlll.exec:\5xxrlll.exe43⤵
- Executes dropped EXE
-
\??\c:\rlrlllf.exec:\rlrlllf.exe44⤵
- Executes dropped EXE
-
\??\c:\7ntnhb.exec:\7ntnhb.exe45⤵
- Executes dropped EXE
-
\??\c:\7bbnbt.exec:\7bbnbt.exe46⤵
- Executes dropped EXE
-
\??\c:\3hbthh.exec:\3hbthh.exe47⤵
- Executes dropped EXE
-
\??\c:\3vdvd.exec:\3vdvd.exe48⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe49⤵
- Executes dropped EXE
-
\??\c:\7xxrfxr.exec:\7xxrfxr.exe50⤵
- Executes dropped EXE
-
\??\c:\lrfxxrr.exec:\lrfxxrr.exe51⤵
- Executes dropped EXE
-
\??\c:\7xfxxrr.exec:\7xfxxrr.exe52⤵
- Executes dropped EXE
-
\??\c:\nhhbnn.exec:\nhhbnn.exe53⤵
- Executes dropped EXE
-
\??\c:\hbnhbb.exec:\hbnhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\3jpdv.exec:\3jpdv.exe55⤵
- Executes dropped EXE
-
\??\c:\pvddv.exec:\pvddv.exe56⤵
- Executes dropped EXE
-
\??\c:\lxfxrxx.exec:\lxfxrxx.exe57⤵
- Executes dropped EXE
-
\??\c:\llxxflr.exec:\llxxflr.exe58⤵
- Executes dropped EXE
-
\??\c:\frxrrrl.exec:\frxrrrl.exe59⤵
- Executes dropped EXE
-
\??\c:\tbhhhh.exec:\tbhhhh.exe60⤵
- Executes dropped EXE
-
\??\c:\9hhhbb.exec:\9hhhbb.exe61⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe62⤵
- Executes dropped EXE
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\llfffff.exec:\llfffff.exe64⤵
- Executes dropped EXE
-
\??\c:\nntttn.exec:\nntttn.exe65⤵
- Executes dropped EXE
-
\??\c:\9jvpv.exec:\9jvpv.exe66⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe67⤵
-
\??\c:\xxrxffx.exec:\xxrxffx.exe68⤵
-
\??\c:\lfrllll.exec:\lfrllll.exe69⤵
-
\??\c:\hnnnhn.exec:\hnnnhn.exe70⤵
-
\??\c:\9nnnhn.exec:\9nnnhn.exe71⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe72⤵
-
\??\c:\rxflrxf.exec:\rxflrxf.exe73⤵
-
\??\c:\xxxxxff.exec:\xxxxxff.exe74⤵
-
\??\c:\tbhbbh.exec:\tbhbbh.exe75⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe76⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe77⤵
-
\??\c:\5xxlxff.exec:\5xxlxff.exe78⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe79⤵
-
\??\c:\xxfflff.exec:\xxfflff.exe80⤵
-
\??\c:\9rllfrr.exec:\9rllfrr.exe81⤵
-
\??\c:\hnhntb.exec:\hnhntb.exe82⤵
-
\??\c:\3bbnnn.exec:\3bbnnn.exe83⤵
-
\??\c:\rrlllrr.exec:\rrlllrr.exe84⤵
-
\??\c:\tbbbbh.exec:\tbbbbh.exe85⤵
-
\??\c:\nthhht.exec:\nthhht.exe86⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe87⤵
-
\??\c:\pdvjd.exec:\pdvjd.exe88⤵
-
\??\c:\rlxxlrr.exec:\rlxxlrr.exe89⤵
-
\??\c:\nhnnnt.exec:\nhnnnt.exe90⤵
-
\??\c:\jddvv.exec:\jddvv.exe91⤵
-
\??\c:\ffxrfrl.exec:\ffxrfrl.exe92⤵
-
\??\c:\hhntbh.exec:\hhntbh.exe93⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe94⤵
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe95⤵
-
\??\c:\3fllfff.exec:\3fllfff.exe96⤵
-
\??\c:\nnntnn.exec:\nnntnn.exe97⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe98⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe99⤵
-
\??\c:\7dvpj.exec:\7dvpj.exe100⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe101⤵
-
\??\c:\7rrlxrf.exec:\7rrlxrf.exe102⤵
-
\??\c:\bntthh.exec:\bntthh.exe103⤵
-
\??\c:\xlxfrrx.exec:\xlxfrrx.exe104⤵
-
\??\c:\9rlfxrl.exec:\9rlfxrl.exe105⤵
-
\??\c:\thnhtt.exec:\thnhtt.exe106⤵
-
\??\c:\nhhthh.exec:\nhhthh.exe107⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe108⤵
-
\??\c:\7rrxxxr.exec:\7rrxxxr.exe109⤵
-
\??\c:\rlflxrl.exec:\rlflxrl.exe110⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe111⤵
-
\??\c:\nttnhb.exec:\nttnhb.exe112⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe113⤵
-
\??\c:\lxrrfrl.exec:\lxrrfrl.exe114⤵
-
\??\c:\lfflffr.exec:\lfflffr.exe115⤵
-
\??\c:\bnnbtt.exec:\bnnbtt.exe116⤵
-
\??\c:\hbttbn.exec:\hbttbn.exe117⤵
-
\??\c:\vppjd.exec:\vppjd.exe118⤵
-
\??\c:\frxrrrr.exec:\frxrrrr.exe119⤵
-
\??\c:\xfxxrrl.exec:\xfxxrrl.exe120⤵
-
\??\c:\tnbttb.exec:\tnbttb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-