Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
05/07/2024, 08:16
General
-
Target
42339071b3834f5cb04d38dddb282f4f17309ee3be98e38514ff3707f8fca940.exe
-
Size
73KB
-
MD5
0fc08261466da61d4b57a7d9e344ac50
-
SHA1
24a9145bb510b486d544d6442a8cb7ab715fdcc8
-
SHA256
42339071b3834f5cb04d38dddb282f4f17309ee3be98e38514ff3707f8fca940
-
SHA512
16d2ccc42ee2a73159e00fca4aa40490361db34da90e116732aec722a6d9e461a9176daaf9c3001d7cbc97e0870cd9ffbd8ad46ab3cd80790723f1cfb49e6d3c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUwcsbYsGv+:ymb3NkkiQ3mdBjF0yjcsMsA+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\42339071b3834f5cb04d38dddb282f4f17309ee3be98e38514ff3707f8fca940.exe"C:\Users\Admin\AppData\Local\Temp\42339071b3834f5cb04d38dddb282f4f17309ee3be98e38514ff3707f8fca940.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffxxl.exec:\lfffxxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbnn.exec:\tnbbnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frllrll.exec:\frllrll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnth.exec:\bbtnth.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjj.exec:\vdjjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlffflf.exec:\xlffflf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnttn.exec:\nnnttn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrxrl.exec:\lrxrxrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnttt.exec:\7bnttt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnhh.exec:\bntnhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dddd.exec:\5dddd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhnnb.exec:\hhhnnb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvdd.exec:\jjvdd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrxfrx.exec:\flrxfrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddjj.exec:\vddjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrrxll.exec:\lrrrxll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ttthn.exec:\3ttthn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvp.exec:\jpvvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdvv.exec:\7pdvv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrllrx.exec:\rfrllrx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bhnbb.exec:\9bhnbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffflrx.exec:\rffflrx.exe23⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe24⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe25⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe26⤵
- Executes dropped EXE
-
\??\c:\rrxrlrl.exec:\rrxrlrl.exe27⤵
- Executes dropped EXE
-
\??\c:\7thhbt.exec:\7thhbt.exe28⤵
- Executes dropped EXE
-
\??\c:\thtthb.exec:\thtthb.exe29⤵
- Executes dropped EXE
-
\??\c:\vpdpj.exec:\vpdpj.exe30⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe31⤵
- Executes dropped EXE
-
\??\c:\llxfrrx.exec:\llxfrrx.exe32⤵
- Executes dropped EXE
-
\??\c:\bbnhnt.exec:\bbnhnt.exe33⤵
- Executes dropped EXE
-
\??\c:\jpppd.exec:\jpppd.exe34⤵
- Executes dropped EXE
-
\??\c:\rxxxxxf.exec:\rxxxxxf.exe35⤵
- Executes dropped EXE
-
\??\c:\1rrrlrr.exec:\1rrrlrr.exe36⤵
- Executes dropped EXE
-
\??\c:\9tttbh.exec:\9tttbh.exe37⤵
- Executes dropped EXE
-
\??\c:\vddjp.exec:\vddjp.exe38⤵
- Executes dropped EXE
-
\??\c:\llxrxxl.exec:\llxrxxl.exe39⤵
- Executes dropped EXE
-
\??\c:\httbht.exec:\httbht.exe40⤵
- Executes dropped EXE
-
\??\c:\ttthbt.exec:\ttthbt.exe41⤵
- Executes dropped EXE
-
\??\c:\djpdp.exec:\djpdp.exe42⤵
- Executes dropped EXE
-
\??\c:\3xlrxfl.exec:\3xlrxfl.exe43⤵
- Executes dropped EXE
-
\??\c:\5rxxflr.exec:\5rxxflr.exe44⤵
- Executes dropped EXE
-
\??\c:\bttbbt.exec:\bttbbt.exe45⤵
- Executes dropped EXE
-
\??\c:\5dvvd.exec:\5dvvd.exe46⤵
- Executes dropped EXE
-
\??\c:\rrfxrrr.exec:\rrfxrrr.exe47⤵
- Executes dropped EXE
-
\??\c:\rffxxfl.exec:\rffxxfl.exe48⤵
- Executes dropped EXE
-
\??\c:\htnnhh.exec:\htnnhh.exe49⤵
- Executes dropped EXE
-
\??\c:\hnhnhn.exec:\hnhnhn.exe50⤵
- Executes dropped EXE
-
\??\c:\dpvdd.exec:\dpvdd.exe51⤵
- Executes dropped EXE
-
\??\c:\rrxrfxr.exec:\rrxrfxr.exe52⤵
- Executes dropped EXE
-
\??\c:\rlrxxxf.exec:\rlrxxxf.exe53⤵
- Executes dropped EXE
-
\??\c:\hhnhbb.exec:\hhnhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\dpjjv.exec:\dpjjv.exe55⤵
- Executes dropped EXE
-
\??\c:\jjppj.exec:\jjppj.exe56⤵
- Executes dropped EXE
-
\??\c:\frxxrlr.exec:\frxxrlr.exe57⤵
- Executes dropped EXE
-
\??\c:\htbhbb.exec:\htbhbb.exe58⤵
- Executes dropped EXE
-
\??\c:\pvpjd.exec:\pvpjd.exe59⤵
- Executes dropped EXE
-
\??\c:\frrflxr.exec:\frrflxr.exe60⤵
- Executes dropped EXE
-
\??\c:\5rlllrl.exec:\5rlllrl.exe61⤵
- Executes dropped EXE
-
\??\c:\nnbhbt.exec:\nnbhbt.exe62⤵
- Executes dropped EXE
-
\??\c:\pppdv.exec:\pppdv.exe63⤵
- Executes dropped EXE
-
\??\c:\djpdd.exec:\djpdd.exe64⤵
- Executes dropped EXE
-
\??\c:\xlfxrrl.exec:\xlfxrrl.exe65⤵
- Executes dropped EXE
-
\??\c:\llrxllf.exec:\llrxllf.exe66⤵
-
\??\c:\httbnn.exec:\httbnn.exe67⤵
-
\??\c:\jppdd.exec:\jppdd.exe68⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe69⤵
-
\??\c:\frrrlrl.exec:\frrrlrl.exe70⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe71⤵
-
\??\c:\vvddd.exec:\vvddd.exe72⤵
-
\??\c:\xfxfllr.exec:\xfxfllr.exe73⤵
-
\??\c:\frlxrxf.exec:\frlxrxf.exe74⤵
-
\??\c:\1nhbbb.exec:\1nhbbb.exe75⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe76⤵
-
\??\c:\fxrllfx.exec:\fxrllfx.exe77⤵
-
\??\c:\htnbhh.exec:\htnbhh.exe78⤵
-
\??\c:\hbntnt.exec:\hbntnt.exe79⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe80⤵
-
\??\c:\lrrrlff.exec:\lrrrlff.exe81⤵
-
\??\c:\bttbbb.exec:\bttbbb.exe82⤵
-
\??\c:\tbnhhn.exec:\tbnhhn.exe83⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe84⤵
-
\??\c:\xlllxrl.exec:\xlllxrl.exe85⤵
-
\??\c:\xllflfx.exec:\xllflfx.exe86⤵
-
\??\c:\9nbnnn.exec:\9nbnnn.exe87⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe88⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe89⤵
-
\??\c:\7lrlfff.exec:\7lrlfff.exe90⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe91⤵
-
\??\c:\bbbhhn.exec:\bbbhhn.exe92⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe93⤵
-
\??\c:\xrllllf.exec:\xrllllf.exe94⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe95⤵
-
\??\c:\ttbnhn.exec:\ttbnhn.exe96⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe97⤵
-
\??\c:\fxlxxxx.exec:\fxlxxxx.exe98⤵
-
\??\c:\lxllfxr.exec:\lxllfxr.exe99⤵
-
\??\c:\thnhnn.exec:\thnhnn.exe100⤵
-
\??\c:\htttnh.exec:\htttnh.exe101⤵
-
\??\c:\pdvpd.exec:\pdvpd.exe102⤵
-
\??\c:\3xrrlrr.exec:\3xrrlrr.exe103⤵
-
\??\c:\jpjjp.exec:\jpjjp.exe104⤵
-
\??\c:\pdvdd.exec:\pdvdd.exe105⤵
-
\??\c:\fxrfxxr.exec:\fxrfxxr.exe106⤵
-
\??\c:\1hbbtt.exec:\1hbbtt.exe107⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe108⤵
-
\??\c:\xfxffrf.exec:\xfxffrf.exe109⤵
-
\??\c:\rlrlffx.exec:\rlrlffx.exe110⤵
-
\??\c:\nbhhnn.exec:\nbhhnn.exe111⤵
-
\??\c:\1nttbh.exec:\1nttbh.exe112⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe113⤵
-
\??\c:\lffxrfl.exec:\lffxrfl.exe114⤵
-
\??\c:\bnnhbn.exec:\bnnhbn.exe115⤵
-
\??\c:\vpppv.exec:\vpppv.exe116⤵
-
\??\c:\3rxlxxx.exec:\3rxlxxx.exe117⤵
-
\??\c:\fxrfffx.exec:\fxrfffx.exe118⤵
-
\??\c:\9nhtnh.exec:\9nhtnh.exe119⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe120⤵
-
\??\c:\flrlfff.exec:\flrlfff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-