Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
06-07-2024 20:32
General
-
Target
3672f3185ad30da7798a6e883acd9c3aee354873d5590b2fa34b9d440e792c5b.exe
-
Size
308KB
-
MD5
2608d8efd6e184807ab856a47bc1dba7
-
SHA1
313a38d083127581f6d06f60857a25404fc76584
-
SHA256
3672f3185ad30da7798a6e883acd9c3aee354873d5590b2fa34b9d440e792c5b
-
SHA512
79628149c622641f87f27e94f8137131e7f8cacb53bbb510fecbd6a37d6b37cdff42bae3864763a679f91a8f0f87015221c06cddb80514e6349cf3a77386dff5
-
SSDEEP
6144:n3C9BRo/CH26ZAmaOXicLrnRukAPXt1UP+3OgEbXeTiDSd2vJ:n3C9uUnAvtd3Ogld2vJ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3672f3185ad30da7798a6e883acd9c3aee354873d5590b2fa34b9d440e792c5b.exe"C:\Users\Admin\AppData\Local\Temp\3672f3185ad30da7798a6e883acd9c3aee354873d5590b2fa34b9d440e792c5b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpv.exec:\pjvpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfllf.exec:\frlfllf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvdp.exec:\ppvdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrxrx.exec:\rfrrxrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtbhb.exec:\nbtbhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttbb.exec:\hbttbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjdp.exec:\7vjdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ntntb.exec:\3ntntb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhnn.exec:\nhbhnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffxfx.exec:\llffxfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhnt.exec:\hhbhnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrxrr.exec:\xrrrxrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthnt.exec:\hbthnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jppj.exec:\5jppj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntnnt.exec:\nntnnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpj.exec:\dpvpj.exe17⤵
- Executes dropped EXE
-
\??\c:\fxlxfrf.exec:\fxlxfrf.exe18⤵
- Executes dropped EXE
-
\??\c:\nbttbh.exec:\nbttbh.exe19⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe20⤵
- Executes dropped EXE
-
\??\c:\1nnnnt.exec:\1nnnnt.exe21⤵
- Executes dropped EXE
-
\??\c:\ddjpv.exec:\ddjpv.exe22⤵
- Executes dropped EXE
-
\??\c:\7fxllrr.exec:\7fxllrr.exe23⤵
- Executes dropped EXE
-
\??\c:\bnttbh.exec:\bnttbh.exe24⤵
- Executes dropped EXE
-
\??\c:\5ffflrx.exec:\5ffflrx.exe25⤵
- Executes dropped EXE
-
\??\c:\frflxxf.exec:\frflxxf.exe26⤵
- Executes dropped EXE
-
\??\c:\bthnht.exec:\bthnht.exe27⤵
- Executes dropped EXE
-
\??\c:\1jpjj.exec:\1jpjj.exe28⤵
- Executes dropped EXE
-
\??\c:\3bnhnh.exec:\3bnhnh.exe29⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe30⤵
- Executes dropped EXE
-
\??\c:\9tbbhh.exec:\9tbbhh.exe31⤵
- Executes dropped EXE
-
\??\c:\9jppv.exec:\9jppv.exe32⤵
- Executes dropped EXE
-
\??\c:\rfxrrxf.exec:\rfxrrxf.exe33⤵
- Executes dropped EXE
-
\??\c:\hhbnbh.exec:\hhbnbh.exe34⤵
- Executes dropped EXE
-
\??\c:\vdjpv.exec:\vdjpv.exe35⤵
- Executes dropped EXE
-
\??\c:\jdjvd.exec:\jdjvd.exe36⤵
- Executes dropped EXE
-
\??\c:\xxrxllx.exec:\xxrxllx.exe37⤵
- Executes dropped EXE
-
\??\c:\bnhnbb.exec:\bnhnbb.exe38⤵
- Executes dropped EXE
-
\??\c:\tntntt.exec:\tntntt.exe39⤵
- Executes dropped EXE
-
\??\c:\7pdpp.exec:\7pdpp.exe40⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe41⤵
- Executes dropped EXE
-
\??\c:\frxxllx.exec:\frxxllx.exe42⤵
- Executes dropped EXE
-
\??\c:\tntntn.exec:\tntntn.exe43⤵
- Executes dropped EXE
-
\??\c:\3ntttb.exec:\3ntttb.exe44⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe45⤵
- Executes dropped EXE
-
\??\c:\xlrrfxf.exec:\xlrrfxf.exe46⤵
- Executes dropped EXE
-
\??\c:\lfrrxxx.exec:\lfrrxxx.exe47⤵
- Executes dropped EXE
-
\??\c:\hbnntn.exec:\hbnntn.exe48⤵
- Executes dropped EXE
-
\??\c:\5jpjj.exec:\5jpjj.exe49⤵
- Executes dropped EXE
-
\??\c:\jdvpp.exec:\jdvpp.exe50⤵
- Executes dropped EXE
-
\??\c:\frffrrl.exec:\frffrrl.exe51⤵
- Executes dropped EXE
-
\??\c:\9ntthb.exec:\9ntthb.exe52⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe53⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe54⤵
- Executes dropped EXE
-
\??\c:\1rllrxx.exec:\1rllrxx.exe55⤵
- Executes dropped EXE
-
\??\c:\7frrffl.exec:\7frrffl.exe56⤵
- Executes dropped EXE
-
\??\c:\9thhhn.exec:\9thhhn.exe57⤵
- Executes dropped EXE
-
\??\c:\vvddj.exec:\vvddj.exe58⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe59⤵
- Executes dropped EXE
-
\??\c:\xlxlrrf.exec:\xlxlrrf.exe60⤵
- Executes dropped EXE
-
\??\c:\bntntt.exec:\bntntt.exe61⤵
- Executes dropped EXE
-
\??\c:\5hnhtn.exec:\5hnhtn.exe62⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe63⤵
- Executes dropped EXE
-
\??\c:\9vdjv.exec:\9vdjv.exe64⤵
- Executes dropped EXE
-
\??\c:\3flfflr.exec:\3flfflr.exe65⤵
- Executes dropped EXE
-
\??\c:\lfxxlrl.exec:\lfxxlrl.exe66⤵
-
\??\c:\bnnttt.exec:\bnnttt.exe67⤵
-
\??\c:\9nhhnn.exec:\9nhhnn.exe68⤵
-
\??\c:\vpddd.exec:\vpddd.exe69⤵
-
\??\c:\frxxfff.exec:\frxxfff.exe70⤵
-
\??\c:\lxlrrxf.exec:\lxlrrxf.exe71⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe72⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe73⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe74⤵
-
\??\c:\rflflfl.exec:\rflflfl.exe75⤵
-
\??\c:\lfrxlll.exec:\lfrxlll.exe76⤵
-
\??\c:\1nnnbb.exec:\1nnnbb.exe77⤵
-
\??\c:\bbbntb.exec:\bbbntb.exe78⤵
-
\??\c:\jddvd.exec:\jddvd.exe79⤵
-
\??\c:\5xrllfl.exec:\5xrllfl.exe80⤵
-
\??\c:\xrllfll.exec:\xrllfll.exe81⤵
-
\??\c:\hthntt.exec:\hthntt.exe82⤵
-
\??\c:\3bhhhh.exec:\3bhhhh.exe83⤵
-
\??\c:\1dvvj.exec:\1dvvj.exe84⤵
-
\??\c:\xrlflfr.exec:\xrlflfr.exe85⤵
-
\??\c:\5fxflxf.exec:\5fxflxf.exe86⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe87⤵
-
\??\c:\ppjdj.exec:\ppjdj.exe88⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe89⤵
-
\??\c:\frfflfl.exec:\frfflfl.exe90⤵
-
\??\c:\rlxfllf.exec:\rlxfllf.exe91⤵
-
\??\c:\htbbnh.exec:\htbbnh.exe92⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe93⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe94⤵
-
\??\c:\rlxrfxf.exec:\rlxrfxf.exe95⤵
-
\??\c:\9xrrxxf.exec:\9xrrxxf.exe96⤵
-
\??\c:\1bnbhh.exec:\1bnbhh.exe97⤵
-
\??\c:\5nhhtt.exec:\5nhhtt.exe98⤵
-
\??\c:\9ddjj.exec:\9ddjj.exe99⤵
-
\??\c:\lxrlrrx.exec:\lxrlrrx.exe100⤵
-
\??\c:\rrllrxl.exec:\rrllrxl.exe101⤵
-
\??\c:\tbtttt.exec:\tbtttt.exe102⤵
-
\??\c:\htbbbh.exec:\htbbbh.exe103⤵
-
\??\c:\3dvjp.exec:\3dvjp.exe104⤵
-
\??\c:\rrrflrf.exec:\rrrflrf.exe105⤵
-
\??\c:\5frrffr.exec:\5frrffr.exe106⤵
-
\??\c:\htbbhh.exec:\htbbhh.exe107⤵
-
\??\c:\tnbhtt.exec:\tnbhtt.exe108⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe109⤵
-
\??\c:\lxfflfl.exec:\lxfflfl.exe110⤵
-
\??\c:\lllfrxr.exec:\lllfrxr.exe111⤵
-
\??\c:\thntbt.exec:\thntbt.exe112⤵
-
\??\c:\jpjpv.exec:\jpjpv.exe113⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe114⤵
-
\??\c:\rrflrrx.exec:\rrflrrx.exe115⤵
-
\??\c:\rlxxllx.exec:\rlxxllx.exe116⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe117⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe118⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe119⤵
-
\??\c:\jdppp.exec:\jdppp.exe120⤵
-
\??\c:\5xffrrx.exec:\5xffrrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-