Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
06-07-2024 04:55
General
-
Target
f78310d1c8cb2b1d77e9e8605a9122f85356ed11b6462231ea3f776c8fe7c40b.exe
-
Size
93KB
-
MD5
caf203fcd15b9b441ff19f332a395fd5
-
SHA1
1541a8bfebd97b62351de9851b9f612f18fbd873
-
SHA256
f78310d1c8cb2b1d77e9e8605a9122f85356ed11b6462231ea3f776c8fe7c40b
-
SHA512
34716433c13d8cba4e56735501d9567f94a6a0a442ca596f9c07311c1c4e5b1cb583a347b80d1d823fca0a1fa0f9d00e8ca8df19a74cefe350d72ef9985e4702
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIQIDyviFxx2hCtgIMLP9rBZaRBE:ymb3NkkiQ3mdBjFIVLd2hWZGreRCYBI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f78310d1c8cb2b1d77e9e8605a9122f85356ed11b6462231ea3f776c8fe7c40b.exe"C:\Users\Admin\AppData\Local\Temp\f78310d1c8cb2b1d77e9e8605a9122f85356ed11b6462231ea3f776c8fe7c40b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvdv.exec:\7vvdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllfxf.exec:\lfllfxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhtb.exec:\btnhtb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdjv.exec:\djdjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllflfx.exec:\xllflfx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjj.exec:\jvpjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvppj.exec:\pvppj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjv.exec:\jvjjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdpp.exec:\jjdpp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthtbh.exec:\nthtbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjpv.exec:\pvjpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfflffx.exec:\rfflffx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnhn.exec:\nnnnhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvv.exec:\pjdvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxffffx.exec:\rxffffx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbtb.exec:\bntbtb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlxfl.exec:\rfrlxfl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxxxl.exec:\lxlxxxl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnbt.exec:\tttnbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpp.exec:\pddpp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflllll.exec:\lflllll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllxlrf.exec:\xllxlrf.exe23⤵
- Executes dropped EXE
-
\??\c:\bbhbbb.exec:\bbhbbb.exe24⤵
- Executes dropped EXE
-
\??\c:\dvjdd.exec:\dvjdd.exe25⤵
- Executes dropped EXE
-
\??\c:\vppdv.exec:\vppdv.exe26⤵
- Executes dropped EXE
-
\??\c:\xxfffrx.exec:\xxfffrx.exe27⤵
- Executes dropped EXE
-
\??\c:\hbthnh.exec:\hbthnh.exe28⤵
- Executes dropped EXE
-
\??\c:\ddppj.exec:\ddppj.exe29⤵
- Executes dropped EXE
-
\??\c:\xrrrllf.exec:\xrrrllf.exe30⤵
- Executes dropped EXE
-
\??\c:\tnnnnb.exec:\tnnnnb.exe31⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe32⤵
- Executes dropped EXE
-
\??\c:\pdjdj.exec:\pdjdj.exe33⤵
- Executes dropped EXE
-
\??\c:\flxrxrx.exec:\flxrxrx.exe34⤵
- Executes dropped EXE
-
\??\c:\hhhhnt.exec:\hhhhnt.exe35⤵
- Executes dropped EXE
-
\??\c:\5ddpj.exec:\5ddpj.exe36⤵
- Executes dropped EXE
-
\??\c:\5frrlxr.exec:\5frrlxr.exe37⤵
- Executes dropped EXE
-
\??\c:\bbhbtt.exec:\bbhbtt.exe38⤵
- Executes dropped EXE
-
\??\c:\bhbtnt.exec:\bhbtnt.exe39⤵
- Executes dropped EXE
-
\??\c:\nbnhhn.exec:\nbnhhn.exe40⤵
- Executes dropped EXE
-
\??\c:\9dpdj.exec:\9dpdj.exe41⤵
- Executes dropped EXE
-
\??\c:\5vvpj.exec:\5vvpj.exe42⤵
- Executes dropped EXE
-
\??\c:\flrlflf.exec:\flrlflf.exe43⤵
- Executes dropped EXE
-
\??\c:\nntbnn.exec:\nntbnn.exe44⤵
- Executes dropped EXE
-
\??\c:\djjdj.exec:\djjdj.exe45⤵
- Executes dropped EXE
-
\??\c:\jvppj.exec:\jvppj.exe46⤵
- Executes dropped EXE
-
\??\c:\xlfflll.exec:\xlfflll.exe47⤵
- Executes dropped EXE
-
\??\c:\hhnhtn.exec:\hhnhtn.exe48⤵
- Executes dropped EXE
-
\??\c:\nnttnb.exec:\nnttnb.exe49⤵
- Executes dropped EXE
-
\??\c:\pvdvd.exec:\pvdvd.exe50⤵
- Executes dropped EXE
-
\??\c:\lxxxlrf.exec:\lxxxlrf.exe51⤵
- Executes dropped EXE
-
\??\c:\lllrrfx.exec:\lllrrfx.exe52⤵
- Executes dropped EXE
-
\??\c:\nbbttt.exec:\nbbttt.exe53⤵
- Executes dropped EXE
-
\??\c:\ddvpd.exec:\ddvpd.exe54⤵
- Executes dropped EXE
-
\??\c:\flrflxl.exec:\flrflxl.exe55⤵
- Executes dropped EXE
-
\??\c:\rrfllrr.exec:\rrfllrr.exe56⤵
- Executes dropped EXE
-
\??\c:\thtbbn.exec:\thtbbn.exe57⤵
- Executes dropped EXE
-
\??\c:\dpjdv.exec:\dpjdv.exe58⤵
- Executes dropped EXE
-
\??\c:\lrllxll.exec:\lrllxll.exe59⤵
- Executes dropped EXE
-
\??\c:\hhntnh.exec:\hhntnh.exe60⤵
- Executes dropped EXE
-
\??\c:\bthbhh.exec:\bthbhh.exe61⤵
- Executes dropped EXE
-
\??\c:\dpddd.exec:\dpddd.exe62⤵
- Executes dropped EXE
-
\??\c:\vddpd.exec:\vddpd.exe63⤵
- Executes dropped EXE
-
\??\c:\xlfrrrr.exec:\xlfrrrr.exe64⤵
- Executes dropped EXE
-
\??\c:\hbnbtn.exec:\hbnbtn.exe65⤵
- Executes dropped EXE
-
\??\c:\nnhhnt.exec:\nnhhnt.exe66⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe67⤵
-
\??\c:\9llfffx.exec:\9llfffx.exe68⤵
-
\??\c:\thtntn.exec:\thtntn.exe69⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe70⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe71⤵
-
\??\c:\lxxxrrx.exec:\lxxxrrx.exe72⤵
-
\??\c:\flxxfrr.exec:\flxxfrr.exe73⤵
-
\??\c:\ntnnhn.exec:\ntnnhn.exe74⤵
-
\??\c:\vpppj.exec:\vpppj.exe75⤵
-
\??\c:\7rxxrrr.exec:\7rxxrrr.exe76⤵
-
\??\c:\xxrxffx.exec:\xxrxffx.exe77⤵
-
\??\c:\nbbttb.exec:\nbbttb.exe78⤵
-
\??\c:\htbntn.exec:\htbntn.exe79⤵
-
\??\c:\vvpdd.exec:\vvpdd.exe80⤵
-
\??\c:\xfxxxlf.exec:\xfxxxlf.exe81⤵
-
\??\c:\bbtbnh.exec:\bbtbnh.exe82⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe83⤵
-
\??\c:\rllflfr.exec:\rllflfr.exe84⤵
-
\??\c:\hnbbnh.exec:\hnbbnh.exe85⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe86⤵
-
\??\c:\vdpdv.exec:\vdpdv.exe87⤵
-
\??\c:\nntntt.exec:\nntntt.exe88⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe89⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe90⤵
-
\??\c:\lfrxfff.exec:\lfrxfff.exe91⤵
-
\??\c:\bnnbtn.exec:\bnnbtn.exe92⤵
-
\??\c:\dddpj.exec:\dddpj.exe93⤵
-
\??\c:\xlxfrxf.exec:\xlxfrxf.exe94⤵
-
\??\c:\tbnhtn.exec:\tbnhtn.exe95⤵
-
\??\c:\hthnbn.exec:\hthnbn.exe96⤵
-
\??\c:\xfrffxx.exec:\xfrffxx.exe97⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe98⤵
-
\??\c:\lxrlxlx.exec:\lxrlxlx.exe99⤵
-
\??\c:\flfllfr.exec:\flfllfr.exe100⤵
-
\??\c:\hnbbnt.exec:\hnbbnt.exe101⤵
-
\??\c:\dpppj.exec:\dpppj.exe102⤵
-
\??\c:\pvpvd.exec:\pvpvd.exe103⤵
-
\??\c:\lxxflrr.exec:\lxxflrr.exe104⤵
-
\??\c:\tththt.exec:\tththt.exe105⤵
-
\??\c:\vvddp.exec:\vvddp.exe106⤵
-
\??\c:\rlrflfr.exec:\rlrflfr.exe107⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe108⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe109⤵
-
\??\c:\fxrfxxr.exec:\fxrfxxr.exe110⤵
-
\??\c:\hhbnth.exec:\hhbnth.exe111⤵
-
\??\c:\hnnbtn.exec:\hnnbtn.exe112⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe113⤵
-
\??\c:\lxrrxfx.exec:\lxrrxfx.exe114⤵
-
\??\c:\xxllllr.exec:\xxllllr.exe115⤵
-
\??\c:\bbthhn.exec:\bbthhn.exe116⤵
-
\??\c:\dppvp.exec:\dppvp.exe117⤵
-
\??\c:\rxflrxr.exec:\rxflrxr.exe118⤵
-
\??\c:\tbhhbt.exec:\tbhhbt.exe119⤵
-
\??\c:\jvddj.exec:\jvddj.exe120⤵
-
\??\c:\lfflxrx.exec:\lfflxrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-