Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
05/07/2024, 23:39
General
-
Target
82af18e0e66e35e29ed364f78b6ca2bf8fbfc590d01426c7b205e7225fdd7c32.exe
-
Size
64KB
-
MD5
efe4ef1cd383c678adf87d2f32ec7abe
-
SHA1
b28dc3f5cb694a1e703f889798357dfd5b14e2d6
-
SHA256
82af18e0e66e35e29ed364f78b6ca2bf8fbfc590d01426c7b205e7225fdd7c32
-
SHA512
18a9d0eaa4da17c95154ab55c5bc91f5b901b9a5f45e634e41dc507c428feed307160d9da3b8e057f1e21948cb3cd24d9c629abfcb885b010a2357807503f968
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvAEaFJL/9X:ymb3NkkiQ3mdBjFIvAvR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\82af18e0e66e35e29ed364f78b6ca2bf8fbfc590d01426c7b205e7225fdd7c32.exe"C:\Users\Admin\AppData\Local\Temp\82af18e0e66e35e29ed364f78b6ca2bf8fbfc590d01426c7b205e7225fdd7c32.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbnt.exec:\nbbbnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdpp.exec:\vvdpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffxrl.exec:\fxffxrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrrll.exec:\xrrrrll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnnn.exec:\hbnnnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnnh.exec:\tnhnnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppv.exec:\ddppv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppv.exec:\vpppv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhtnb.exec:\nhhtnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hnnhh.exec:\3hnnhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpp.exec:\vpvpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddd.exec:\vpddd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllfxx.exec:\fxllfxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnttt.exec:\nnnttt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjjj.exec:\dpjjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxxrr.exec:\xlfxxrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nttnn.exec:\7nttnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnnnn.exec:\9tnnnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pddd.exec:\5pddd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlfxxx.exec:\lxlfxxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxxxr.exec:\xrxxxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbbtb.exec:\hnbbtb.exe23⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe24⤵
- Executes dropped EXE
-
\??\c:\pdddd.exec:\pdddd.exe25⤵
- Executes dropped EXE
-
\??\c:\5fxrllf.exec:\5fxrllf.exe26⤵
- Executes dropped EXE
-
\??\c:\bntbhh.exec:\bntbhh.exe27⤵
- Executes dropped EXE
-
\??\c:\tthbnn.exec:\tthbnn.exe28⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe29⤵
- Executes dropped EXE
-
\??\c:\fflrlff.exec:\fflrlff.exe30⤵
- Executes dropped EXE
-
\??\c:\ttnhnb.exec:\ttnhnb.exe31⤵
- Executes dropped EXE
-
\??\c:\ntbbtb.exec:\ntbbtb.exe32⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe33⤵
- Executes dropped EXE
-
\??\c:\nbbtth.exec:\nbbtth.exe34⤵
- Executes dropped EXE
-
\??\c:\1djjp.exec:\1djjp.exe35⤵
- Executes dropped EXE
-
\??\c:\3ppjv.exec:\3ppjv.exe36⤵
- Executes dropped EXE
-
\??\c:\frxxxxx.exec:\frxxxxx.exe37⤵
- Executes dropped EXE
-
\??\c:\lxxxxxf.exec:\lxxxxxf.exe38⤵
- Executes dropped EXE
-
\??\c:\bnbhhh.exec:\bnbhhh.exe39⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe40⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe41⤵
- Executes dropped EXE
-
\??\c:\xrfrlfr.exec:\xrfrlfr.exe42⤵
- Executes dropped EXE
-
\??\c:\tbtttn.exec:\tbtttn.exe43⤵
- Executes dropped EXE
-
\??\c:\5pdvp.exec:\5pdvp.exe44⤵
- Executes dropped EXE
-
\??\c:\3jjjv.exec:\3jjjv.exe45⤵
- Executes dropped EXE
-
\??\c:\tntnhh.exec:\tntnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\bntnnh.exec:\bntnnh.exe47⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe48⤵
- Executes dropped EXE
-
\??\c:\lxfxfff.exec:\lxfxfff.exe49⤵
- Executes dropped EXE
-
\??\c:\9llllll.exec:\9llllll.exe50⤵
- Executes dropped EXE
-
\??\c:\xxffxff.exec:\xxffxff.exe51⤵
- Executes dropped EXE
-
\??\c:\bbbtbh.exec:\bbbtbh.exe52⤵
- Executes dropped EXE
-
\??\c:\hhnhbb.exec:\hhnhbb.exe53⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe54⤵
- Executes dropped EXE
-
\??\c:\xrrfxxr.exec:\xrrfxxr.exe55⤵
- Executes dropped EXE
-
\??\c:\rrllflf.exec:\rrllflf.exe56⤵
- Executes dropped EXE
-
\??\c:\bntnhn.exec:\bntnhn.exe57⤵
- Executes dropped EXE
-
\??\c:\djdjp.exec:\djdjp.exe58⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe59⤵
- Executes dropped EXE
-
\??\c:\rrxxrrl.exec:\rrxxrrl.exe60⤵
- Executes dropped EXE
-
\??\c:\xxlrxxr.exec:\xxlrxxr.exe61⤵
- Executes dropped EXE
-
\??\c:\thtnnt.exec:\thtnnt.exe62⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe63⤵
- Executes dropped EXE
-
\??\c:\vpjjj.exec:\vpjjj.exe64⤵
- Executes dropped EXE
-
\??\c:\xfllflf.exec:\xfllflf.exe65⤵
- Executes dropped EXE
-
\??\c:\btbbtb.exec:\btbbtb.exe66⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe67⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe68⤵
-
\??\c:\lfffflf.exec:\lfffflf.exe69⤵
-
\??\c:\flxfrrf.exec:\flxfrrf.exe70⤵
-
\??\c:\nthntb.exec:\nthntb.exe71⤵
-
\??\c:\jjppp.exec:\jjppp.exe72⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe73⤵
-
\??\c:\rlfxffl.exec:\rlfxffl.exe74⤵
-
\??\c:\rrfllrr.exec:\rrfllrr.exe75⤵
-
\??\c:\nhhhbh.exec:\nhhhbh.exe76⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe77⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe78⤵
-
\??\c:\rllfrrl.exec:\rllfrrl.exe79⤵
-
\??\c:\nbhhhn.exec:\nbhhhn.exe80⤵
-
\??\c:\pvddv.exec:\pvddv.exe81⤵
-
\??\c:\frxrfxl.exec:\frxrfxl.exe82⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe83⤵
-
\??\c:\tnbbbh.exec:\tnbbbh.exe84⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe85⤵
-
\??\c:\7xlfxxl.exec:\7xlfxxl.exe86⤵
-
\??\c:\1bthhh.exec:\1bthhh.exe87⤵
-
\??\c:\7jpdp.exec:\7jpdp.exe88⤵
-
\??\c:\jjjjp.exec:\jjjjp.exe89⤵
-
\??\c:\xxrlrrf.exec:\xxrlrrf.exe90⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe91⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe92⤵
-
\??\c:\3rxxxxx.exec:\3rxxxxx.exe93⤵
-
\??\c:\thhbbb.exec:\thhbbb.exe94⤵
-
\??\c:\jjjpp.exec:\jjjpp.exe95⤵
-
\??\c:\lxxrffr.exec:\lxxrffr.exe96⤵
-
\??\c:\5nnhbt.exec:\5nnhbt.exe97⤵
-
\??\c:\7tbtbb.exec:\7tbtbb.exe98⤵
-
\??\c:\dpjvp.exec:\dpjvp.exe99⤵
-
\??\c:\bbhbbt.exec:\bbhbbt.exe100⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe101⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe102⤵
-
\??\c:\5rxxlll.exec:\5rxxlll.exe103⤵
-
\??\c:\7bhhhh.exec:\7bhhhh.exe104⤵
-
\??\c:\hthbtt.exec:\hthbtt.exe105⤵
-
\??\c:\5ddvp.exec:\5ddvp.exe106⤵
-
\??\c:\7pjdv.exec:\7pjdv.exe107⤵
-
\??\c:\lflrlfl.exec:\lflrlfl.exe108⤵
-
\??\c:\thttnb.exec:\thttnb.exe109⤵
-
\??\c:\9dpdv.exec:\9dpdv.exe110⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe111⤵
-
\??\c:\flrrllx.exec:\flrrllx.exe112⤵
-
\??\c:\btttnn.exec:\btttnn.exe113⤵
-
\??\c:\bbhhtt.exec:\bbhhtt.exe114⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe115⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe116⤵
-
\??\c:\3xxrlff.exec:\3xxrlff.exe117⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe118⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe119⤵
-
\??\c:\llfxrrl.exec:\llfxrrl.exe120⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-