Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
05-07-2024 08:16
General
-
Target
42339071b3834f5cb04d38dddb282f4f17309ee3be98e38514ff3707f8fca940.exe
-
Size
73KB
-
MD5
0fc08261466da61d4b57a7d9e344ac50
-
SHA1
24a9145bb510b486d544d6442a8cb7ab715fdcc8
-
SHA256
42339071b3834f5cb04d38dddb282f4f17309ee3be98e38514ff3707f8fca940
-
SHA512
16d2ccc42ee2a73159e00fca4aa40490361db34da90e116732aec722a6d9e461a9176daaf9c3001d7cbc97e0870cd9ffbd8ad46ab3cd80790723f1cfb49e6d3c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUwcsbYsGv+:ymb3NkkiQ3mdBjF0yjcsMsA+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\42339071b3834f5cb04d38dddb282f4f17309ee3be98e38514ff3707f8fca940.exe"C:\Users\Admin\AppData\Local\Temp\42339071b3834f5cb04d38dddb282f4f17309ee3be98e38514ff3707f8fca940.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpj.exec:\vjvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllrlr.exec:\lfllrlr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhnt.exec:\nhbhnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dpjp.exec:\5dpjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflflll.exec:\rflflll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbttbt.exec:\nbttbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdd.exec:\jvpdd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrxxrx.exec:\frrxxrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbtn.exec:\thbbtn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppv.exec:\vjppv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrxxf.exec:\xrlrxxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rfxrrl.exec:\7rfxrrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhbn.exec:\bhnhbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jppv.exec:\1jppv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddj.exec:\dpddj.exe17⤵
- Executes dropped EXE
-
\??\c:\lllrxfl.exec:\lllrxfl.exe18⤵
- Executes dropped EXE
-
\??\c:\9tthnn.exec:\9tthnn.exe19⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe20⤵
- Executes dropped EXE
-
\??\c:\frlrffl.exec:\frlrffl.exe21⤵
- Executes dropped EXE
-
\??\c:\nbhhnt.exec:\nbhhnt.exe22⤵
- Executes dropped EXE
-
\??\c:\vdjpp.exec:\vdjpp.exe23⤵
- Executes dropped EXE
-
\??\c:\lrlrrxr.exec:\lrlrrxr.exe24⤵
- Executes dropped EXE
-
\??\c:\bbtbnh.exec:\bbtbnh.exe25⤵
- Executes dropped EXE
-
\??\c:\dvddp.exec:\dvddp.exe26⤵
- Executes dropped EXE
-
\??\c:\rrrxflr.exec:\rrrxflr.exe27⤵
- Executes dropped EXE
-
\??\c:\hnthnh.exec:\hnthnh.exe28⤵
- Executes dropped EXE
-
\??\c:\5ppvp.exec:\5ppvp.exe29⤵
- Executes dropped EXE
-
\??\c:\jvppv.exec:\jvppv.exe30⤵
- Executes dropped EXE
-
\??\c:\3fllrlx.exec:\3fllrlx.exe31⤵
- Executes dropped EXE
-
\??\c:\htttth.exec:\htttth.exe32⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe33⤵
- Executes dropped EXE
-
\??\c:\vdddj.exec:\vdddj.exe34⤵
- Executes dropped EXE
-
\??\c:\fxfxfff.exec:\fxfxfff.exe35⤵
- Executes dropped EXE
-
\??\c:\ffllrrx.exec:\ffllrrx.exe36⤵
- Executes dropped EXE
-
\??\c:\btbntb.exec:\btbntb.exe37⤵
- Executes dropped EXE
-
\??\c:\bbtttb.exec:\bbtttb.exe38⤵
- Executes dropped EXE
-
\??\c:\jdvpp.exec:\jdvpp.exe39⤵
- Executes dropped EXE
-
\??\c:\xrrrlxf.exec:\xrrrlxf.exe40⤵
- Executes dropped EXE
-
\??\c:\rrllrrx.exec:\rrllrrx.exe41⤵
- Executes dropped EXE
-
\??\c:\hhtnbb.exec:\hhtnbb.exe42⤵
- Executes dropped EXE
-
\??\c:\ddppj.exec:\ddppj.exe43⤵
- Executes dropped EXE
-
\??\c:\pvdpp.exec:\pvdpp.exe44⤵
- Executes dropped EXE
-
\??\c:\fxllllr.exec:\fxllllr.exe45⤵
- Executes dropped EXE
-
\??\c:\xfxlrrf.exec:\xfxlrrf.exe46⤵
- Executes dropped EXE
-
\??\c:\nhhhnn.exec:\nhhhnn.exe47⤵
- Executes dropped EXE
-
\??\c:\nhtttb.exec:\nhtttb.exe48⤵
- Executes dropped EXE
-
\??\c:\pvdpp.exec:\pvdpp.exe49⤵
- Executes dropped EXE
-
\??\c:\djpjj.exec:\djpjj.exe50⤵
- Executes dropped EXE
-
\??\c:\flxrlfx.exec:\flxrlfx.exe51⤵
- Executes dropped EXE
-
\??\c:\ttnbbh.exec:\ttnbbh.exe52⤵
- Executes dropped EXE
-
\??\c:\hnnhnt.exec:\hnnhnt.exe53⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe54⤵
- Executes dropped EXE
-
\??\c:\jvvvv.exec:\jvvvv.exe55⤵
- Executes dropped EXE
-
\??\c:\fflrxll.exec:\fflrxll.exe56⤵
- Executes dropped EXE
-
\??\c:\thntnt.exec:\thntnt.exe57⤵
- Executes dropped EXE
-
\??\c:\tbttbt.exec:\tbttbt.exe58⤵
- Executes dropped EXE
-
\??\c:\pvvvp.exec:\pvvvp.exe59⤵
- Executes dropped EXE
-
\??\c:\fxrflrx.exec:\fxrflrx.exe60⤵
- Executes dropped EXE
-
\??\c:\tttnnt.exec:\tttnnt.exe61⤵
- Executes dropped EXE
-
\??\c:\bbtthn.exec:\bbtthn.exe62⤵
- Executes dropped EXE
-
\??\c:\djjvj.exec:\djjvj.exe63⤵
- Executes dropped EXE
-
\??\c:\xfrrlll.exec:\xfrrlll.exe64⤵
- Executes dropped EXE
-
\??\c:\fflxfxf.exec:\fflxfxf.exe65⤵
- Executes dropped EXE
-
\??\c:\nnhthn.exec:\nnhthn.exe66⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe67⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe68⤵
-
\??\c:\xrxxrlf.exec:\xrxxrlf.exe69⤵
-
\??\c:\rrxxffr.exec:\rrxxffr.exe70⤵
-
\??\c:\nbtthh.exec:\nbtthh.exe71⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe72⤵
-
\??\c:\flxxllf.exec:\flxxllf.exe73⤵
-
\??\c:\frfffll.exec:\frfffll.exe74⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe75⤵
-
\??\c:\djvpd.exec:\djvpd.exe76⤵
-
\??\c:\rxxxrrf.exec:\rxxxrrf.exe77⤵
-
\??\c:\frffllr.exec:\frffllr.exe78⤵
-
\??\c:\nnthbn.exec:\nnthbn.exe79⤵
-
\??\c:\pdddp.exec:\pdddp.exe80⤵
-
\??\c:\dvddj.exec:\dvddj.exe81⤵
-
\??\c:\7rfxxrx.exec:\7rfxxrx.exe82⤵
-
\??\c:\tnnhbn.exec:\tnnhbn.exe83⤵
-
\??\c:\5vvvj.exec:\5vvvj.exe84⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe85⤵
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe86⤵
-
\??\c:\btbhhb.exec:\btbhhb.exe87⤵
-
\??\c:\bthhht.exec:\bthhht.exe88⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe89⤵
-
\??\c:\jpdpd.exec:\jpdpd.exe90⤵
-
\??\c:\5llrfff.exec:\5llrfff.exe91⤵
-
\??\c:\nntthb.exec:\nntthb.exe92⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe93⤵
-
\??\c:\pvpdp.exec:\pvpdp.exe94⤵
-
\??\c:\xfrflxf.exec:\xfrflxf.exe95⤵
-
\??\c:\flfxllx.exec:\flfxllx.exe96⤵
-
\??\c:\htnhnh.exec:\htnhnh.exe97⤵
-
\??\c:\hnntnb.exec:\hnntnb.exe98⤵
-
\??\c:\pvvjj.exec:\pvvjj.exe99⤵
-
\??\c:\xrfrrfr.exec:\xrfrrfr.exe100⤵
-
\??\c:\hnbhtt.exec:\hnbhtt.exe101⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe102⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe103⤵
-
\??\c:\frxffrr.exec:\frxffrr.exe104⤵
-
\??\c:\htntth.exec:\htntth.exe105⤵
-
\??\c:\nbbtht.exec:\nbbtht.exe106⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe107⤵
-
\??\c:\lrxrxrx.exec:\lrxrxrx.exe108⤵
-
\??\c:\lxxlfff.exec:\lxxlfff.exe109⤵
-
\??\c:\hbbbhn.exec:\hbbbhn.exe110⤵
-
\??\c:\djpvv.exec:\djpvv.exe111⤵
-
\??\c:\jvddv.exec:\jvddv.exe112⤵
-
\??\c:\lxfxxrf.exec:\lxfxxrf.exe113⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe114⤵
-
\??\c:\nbhttt.exec:\nbhttt.exe115⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe116⤵
-
\??\c:\xfrflll.exec:\xfrflll.exe117⤵
-
\??\c:\hhtbbh.exec:\hhtbbh.exe118⤵
-
\??\c:\hthhtn.exec:\hthhtn.exe119⤵
-
\??\c:\vpddd.exec:\vpddd.exe120⤵
-
\??\c:\dpddd.exec:\dpddd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-