Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
05/07/2024, 23:39
General
-
Target
82af18e0e66e35e29ed364f78b6ca2bf8fbfc590d01426c7b205e7225fdd7c32.exe
-
Size
64KB
-
MD5
efe4ef1cd383c678adf87d2f32ec7abe
-
SHA1
b28dc3f5cb694a1e703f889798357dfd5b14e2d6
-
SHA256
82af18e0e66e35e29ed364f78b6ca2bf8fbfc590d01426c7b205e7225fdd7c32
-
SHA512
18a9d0eaa4da17c95154ab55c5bc91f5b901b9a5f45e634e41dc507c428feed307160d9da3b8e057f1e21948cb3cd24d9c629abfcb885b010a2357807503f968
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvAEaFJL/9X:ymb3NkkiQ3mdBjFIvAvR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\82af18e0e66e35e29ed364f78b6ca2bf8fbfc590d01426c7b205e7225fdd7c32.exe"C:\Users\Admin\AppData\Local\Temp\82af18e0e66e35e29ed364f78b6ca2bf8fbfc590d01426c7b205e7225fdd7c32.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjjv.exec:\3pjjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbnn.exec:\hhtbnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbhh.exec:\bntbhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdp.exec:\dvjdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffrxl.exec:\lfffrxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvd.exec:\vvvvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpdp.exec:\9jpdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ffflrf.exec:\1ffflrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhtbn.exec:\tnhtbn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pdjp.exec:\3pdjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjj.exec:\ppdjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ffxflr.exec:\7ffxflr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlxfx.exec:\fxxlxfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnbb.exec:\nnnnbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvjp.exec:\ppvjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrxxf.exec:\rrlrxxf.exe17⤵
- Executes dropped EXE
-
\??\c:\fxxrllf.exec:\fxxrllf.exe18⤵
- Executes dropped EXE
-
\??\c:\thtbhn.exec:\thtbhn.exe19⤵
- Executes dropped EXE
-
\??\c:\3jdpv.exec:\3jdpv.exe20⤵
- Executes dropped EXE
-
\??\c:\lfrxlrf.exec:\lfrxlrf.exe21⤵
- Executes dropped EXE
-
\??\c:\lxrrxxf.exec:\lxrrxxf.exe22⤵
- Executes dropped EXE
-
\??\c:\9hbtbb.exec:\9hbtbb.exe23⤵
- Executes dropped EXE
-
\??\c:\9ttbht.exec:\9ttbht.exe24⤵
- Executes dropped EXE
-
\??\c:\ddpdj.exec:\ddpdj.exe25⤵
- Executes dropped EXE
-
\??\c:\rlfxffl.exec:\rlfxffl.exe26⤵
- Executes dropped EXE
-
\??\c:\rlffrfr.exec:\rlffrfr.exe27⤵
- Executes dropped EXE
-
\??\c:\nbtttn.exec:\nbtttn.exe28⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe29⤵
- Executes dropped EXE
-
\??\c:\xrffllx.exec:\xrffllx.exe30⤵
- Executes dropped EXE
-
\??\c:\ffrxrfx.exec:\ffrxrfx.exe31⤵
- Executes dropped EXE
-
\??\c:\nnbbhh.exec:\nnbbhh.exe32⤵
- Executes dropped EXE
-
\??\c:\jvvjv.exec:\jvvjv.exe33⤵
- Executes dropped EXE
-
\??\c:\ppppv.exec:\ppppv.exe34⤵
- Executes dropped EXE
-
\??\c:\xxlrxfl.exec:\xxlrxfl.exe35⤵
- Executes dropped EXE
-
\??\c:\rlrfllr.exec:\rlrfllr.exe36⤵
- Executes dropped EXE
-
\??\c:\1nhhnn.exec:\1nhhnn.exe37⤵
- Executes dropped EXE
-
\??\c:\tnhbhn.exec:\tnhbhn.exe38⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe39⤵
- Executes dropped EXE
-
\??\c:\jvpdp.exec:\jvpdp.exe40⤵
- Executes dropped EXE
-
\??\c:\fxrxfrf.exec:\fxrxfrf.exe41⤵
- Executes dropped EXE
-
\??\c:\lfxflll.exec:\lfxflll.exe42⤵
- Executes dropped EXE
-
\??\c:\5bbnnn.exec:\5bbnnn.exe43⤵
- Executes dropped EXE
-
\??\c:\htbbnn.exec:\htbbnn.exe44⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe45⤵
- Executes dropped EXE
-
\??\c:\3pjjv.exec:\3pjjv.exe46⤵
- Executes dropped EXE
-
\??\c:\xlllflx.exec:\xlllflx.exe47⤵
- Executes dropped EXE
-
\??\c:\rlrxrrf.exec:\rlrxrrf.exe48⤵
- Executes dropped EXE
-
\??\c:\hhthnt.exec:\hhthnt.exe49⤵
- Executes dropped EXE
-
\??\c:\5htnth.exec:\5htnth.exe50⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe51⤵
- Executes dropped EXE
-
\??\c:\3rxfllr.exec:\3rxfllr.exe52⤵
- Executes dropped EXE
-
\??\c:\1lflxfr.exec:\1lflxfr.exe53⤵
- Executes dropped EXE
-
\??\c:\hbnntb.exec:\hbnntb.exe54⤵
- Executes dropped EXE
-
\??\c:\nbtbnt.exec:\nbtbnt.exe55⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe56⤵
- Executes dropped EXE
-
\??\c:\vpvjj.exec:\vpvjj.exe57⤵
- Executes dropped EXE
-
\??\c:\1rlrflx.exec:\1rlrflx.exe58⤵
- Executes dropped EXE
-
\??\c:\fxlxrrf.exec:\fxlxrrf.exe59⤵
- Executes dropped EXE
-
\??\c:\btntht.exec:\btntht.exe60⤵
- Executes dropped EXE
-
\??\c:\nttnhn.exec:\nttnhn.exe61⤵
- Executes dropped EXE
-
\??\c:\dvpdj.exec:\dvpdj.exe62⤵
- Executes dropped EXE
-
\??\c:\1vdjj.exec:\1vdjj.exe63⤵
- Executes dropped EXE
-
\??\c:\rfxxffl.exec:\rfxxffl.exe64⤵
- Executes dropped EXE
-
\??\c:\rrrxxfx.exec:\rrrxxfx.exe65⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe66⤵
-
\??\c:\fxxlxfr.exec:\fxxlxfr.exe67⤵
-
\??\c:\fxlxffr.exec:\fxlxffr.exe68⤵
-
\??\c:\bttbht.exec:\bttbht.exe69⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe70⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe71⤵
-
\??\c:\jvppv.exec:\jvppv.exe72⤵
-
\??\c:\5rrxxfl.exec:\5rrxxfl.exe73⤵
-
\??\c:\rlflxrx.exec:\rlflxrx.exe74⤵
-
\??\c:\nhhthn.exec:\nhhthn.exe75⤵
-
\??\c:\nhhhnt.exec:\nhhhnt.exe76⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe77⤵
-
\??\c:\dvppd.exec:\dvppd.exe78⤵
-
\??\c:\fxxxxrx.exec:\fxxxxrx.exe79⤵
-
\??\c:\9lfrffr.exec:\9lfrffr.exe80⤵
-
\??\c:\rlflxxx.exec:\rlflxxx.exe81⤵
-
\??\c:\tnnhnt.exec:\tnnhnt.exe82⤵
-
\??\c:\nbnnbb.exec:\nbnnbb.exe83⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe84⤵
-
\??\c:\dvppd.exec:\dvppd.exe85⤵
-
\??\c:\1lxflrf.exec:\1lxflrf.exe86⤵
-
\??\c:\lxlrrxl.exec:\lxlrrxl.exe87⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe88⤵
-
\??\c:\thbbtt.exec:\thbbtt.exe89⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe90⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe91⤵
-
\??\c:\9fxlffl.exec:\9fxlffl.exe92⤵
-
\??\c:\5xlrrxf.exec:\5xlrrxf.exe93⤵
-
\??\c:\thtnbh.exec:\thtnbh.exe94⤵
-
\??\c:\bnhnth.exec:\bnhnth.exe95⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe96⤵
-
\??\c:\vdvjv.exec:\vdvjv.exe97⤵
-
\??\c:\fffrrfr.exec:\fffrrfr.exe98⤵
-
\??\c:\9lflxxf.exec:\9lflxxf.exe99⤵
-
\??\c:\tnbhnb.exec:\tnbhnb.exe100⤵
-
\??\c:\7thhnn.exec:\7thhnn.exe101⤵
-
\??\c:\tnbhtn.exec:\tnbhtn.exe102⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe103⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe104⤵
-
\??\c:\7xrrlrx.exec:\7xrrlrx.exe105⤵
-
\??\c:\rrrlflx.exec:\rrrlflx.exe106⤵
-
\??\c:\nbbbnb.exec:\nbbbnb.exe107⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe108⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe109⤵
-
\??\c:\1jpvd.exec:\1jpvd.exe110⤵
-
\??\c:\rllfffr.exec:\rllfffr.exe111⤵
-
\??\c:\5xffrxx.exec:\5xffrxx.exe112⤵
-
\??\c:\3hbttt.exec:\3hbttt.exe113⤵
-
\??\c:\nnnbth.exec:\nnnbth.exe114⤵
-
\??\c:\5dpjp.exec:\5dpjp.exe115⤵
-
\??\c:\3pvvj.exec:\3pvvj.exe116⤵
-
\??\c:\rfrrxfr.exec:\rfrrxfr.exe117⤵
-
\??\c:\fxxxrrf.exec:\fxxxrrf.exe118⤵
-
\??\c:\7ntbnb.exec:\7ntbnb.exe119⤵
-
\??\c:\hbthnn.exec:\hbthnn.exe120⤵
-
\??\c:\jvdjp.exec:\jvdjp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-