Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
07-07-2024 00:11
General
-
Target
84cfa44911eca431e2d55019ae3552f48b97fbb24d0c76e8f2287971c6c0a6f2.exe
-
Size
342KB
-
MD5
ff0614b33f2aab02985065c655bb3c3c
-
SHA1
4fd423615abc74e4b6f6cf4e5c50030fc9150dfe
-
SHA256
84cfa44911eca431e2d55019ae3552f48b97fbb24d0c76e8f2287971c6c0a6f2
-
SHA512
7b1c8e298b0c04b8ea17072c0cbeaf03615db0e169be75e12efb6e5982785aa0048d56d6d98af9fbf65068ec8c3b2779e987b260e5132032f7c5cbe8d54d1302
-
SSDEEP
6144:Xcm7ImGddXgYW5fNZWB5hFfci3Add4kGYA7:l7TcbWXZshJX2VGd7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\84cfa44911eca431e2d55019ae3552f48b97fbb24d0c76e8f2287971c6c0a6f2.exe"C:\Users\Admin\AppData\Local\Temp\84cfa44911eca431e2d55019ae3552f48b97fbb24d0c76e8f2287971c6c0a6f2.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddv.exec:\pdddv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrllll.exec:\9xrllll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvp.exec:\ddpvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpv.exec:\jvvpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhhh.exec:\btnhhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhbb.exec:\nnnhbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjpj.exec:\pvjpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfxrlf.exec:\9xfxrlf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbtt.exec:\hbhbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvd.exec:\dddvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhnhb.exec:\hhhnhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpp.exec:\pjvpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrllll.exec:\xrrllll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvppv.exec:\pvppv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffxxl.exec:\llffxxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflffx.exec:\lfflffx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vdpd.exec:\9vdpd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnhb.exec:\ttnnhb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjj.exec:\jjpjj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnnt.exec:\hhtnnt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvp.exec:\jddvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlffr.exec:\lrrlffr.exe23⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe24⤵
- Executes dropped EXE
-
\??\c:\jpppj.exec:\jpppj.exe25⤵
- Executes dropped EXE
-
\??\c:\nnbtnh.exec:\nnbtnh.exe26⤵
- Executes dropped EXE
-
\??\c:\tnhhhh.exec:\tnhhhh.exe27⤵
- Executes dropped EXE
-
\??\c:\llrrxxf.exec:\llrrxxf.exe28⤵
- Executes dropped EXE
-
\??\c:\bttnhb.exec:\bttnhb.exe29⤵
- Executes dropped EXE
-
\??\c:\vdjdj.exec:\vdjdj.exe30⤵
- Executes dropped EXE
-
\??\c:\rllfffx.exec:\rllfffx.exe31⤵
- Executes dropped EXE
-
\??\c:\5pddd.exec:\5pddd.exe32⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe33⤵
- Executes dropped EXE
-
\??\c:\lrxxffl.exec:\lrxxffl.exe34⤵
- Executes dropped EXE
-
\??\c:\nnnhhh.exec:\nnnhhh.exe35⤵
- Executes dropped EXE
-
\??\c:\5dpdd.exec:\5dpdd.exe36⤵
- Executes dropped EXE
-
\??\c:\rrfrfll.exec:\rrfrfll.exe37⤵
- Executes dropped EXE
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe38⤵
- Executes dropped EXE
-
\??\c:\bntnhb.exec:\bntnhb.exe39⤵
- Executes dropped EXE
-
\??\c:\jjjdj.exec:\jjjdj.exe40⤵
- Executes dropped EXE
-
\??\c:\lrxlrll.exec:\lrxlrll.exe41⤵
- Executes dropped EXE
-
\??\c:\3hbtnn.exec:\3hbtnn.exe42⤵
- Executes dropped EXE
-
\??\c:\ttnhbb.exec:\ttnhbb.exe43⤵
-
\??\c:\5vvvp.exec:\5vvvp.exe44⤵
- Executes dropped EXE
-
\??\c:\fxxxrxx.exec:\fxxxrxx.exe45⤵
- Executes dropped EXE
-
\??\c:\httbhb.exec:\httbhb.exe46⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe47⤵
- Executes dropped EXE
-
\??\c:\thnhnh.exec:\thnhnh.exe48⤵
- Executes dropped EXE
-
\??\c:\bbbbnn.exec:\bbbbnn.exe49⤵
- Executes dropped EXE
-
\??\c:\7jjdv.exec:\7jjdv.exe50⤵
- Executes dropped EXE
-
\??\c:\3lrrxxr.exec:\3lrrxxr.exe51⤵
- Executes dropped EXE
-
\??\c:\bbhnnb.exec:\bbhnnb.exe52⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe53⤵
- Executes dropped EXE
-
\??\c:\3xfxrrr.exec:\3xfxrrr.exe54⤵
- Executes dropped EXE
-
\??\c:\fllfflx.exec:\fllfflx.exe55⤵
- Executes dropped EXE
-
\??\c:\ntbtnh.exec:\ntbtnh.exe56⤵
- Executes dropped EXE
-
\??\c:\jpjjj.exec:\jpjjj.exe57⤵
- Executes dropped EXE
-
\??\c:\pvpvp.exec:\pvpvp.exe58⤵
- Executes dropped EXE
-
\??\c:\lxlfxxx.exec:\lxlfxxx.exe59⤵
- Executes dropped EXE
-
\??\c:\tnbhhh.exec:\tnbhhh.exe60⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe61⤵
- Executes dropped EXE
-
\??\c:\9lllflf.exec:\9lllflf.exe62⤵
- Executes dropped EXE
-
\??\c:\nbhtnn.exec:\nbhtnn.exe63⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe64⤵
- Executes dropped EXE
-
\??\c:\xxllxxr.exec:\xxllxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\nbhbbh.exec:\nbhbbh.exe66⤵
- Executes dropped EXE
-
\??\c:\btbtbt.exec:\btbtbt.exe67⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe68⤵
-
\??\c:\llxllff.exec:\llxllff.exe69⤵
-
\??\c:\ttbtnn.exec:\ttbtnn.exe70⤵
-
\??\c:\ddjpv.exec:\ddjpv.exe71⤵
-
\??\c:\flxlrrl.exec:\flxlrrl.exe72⤵
-
\??\c:\hhbttt.exec:\hhbttt.exe73⤵
-
\??\c:\1dpjj.exec:\1dpjj.exe74⤵
-
\??\c:\xrxrrfr.exec:\xrxrrfr.exe75⤵
-
\??\c:\nnhntb.exec:\nnhntb.exe76⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe77⤵
-
\??\c:\flrlflf.exec:\flrlflf.exe78⤵
-
\??\c:\lflxlfr.exec:\lflxlfr.exe79⤵
-
\??\c:\btbtbt.exec:\btbtbt.exe80⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe81⤵
-
\??\c:\jjjvv.exec:\jjjvv.exe82⤵
-
\??\c:\vppjj.exec:\vppjj.exe83⤵
-
\??\c:\fxffrrf.exec:\fxffrrf.exe84⤵
-
\??\c:\xfxxrlx.exec:\xfxxrlx.exe85⤵
-
\??\c:\bbnhtn.exec:\bbnhtn.exe86⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe87⤵
-
\??\c:\vppjd.exec:\vppjd.exe88⤵
-
\??\c:\lffrfxl.exec:\lffrfxl.exe89⤵
-
\??\c:\tbhbnn.exec:\tbhbnn.exe90⤵
-
\??\c:\1vpdv.exec:\1vpdv.exe91⤵
-
\??\c:\xxfrfxl.exec:\xxfrfxl.exe92⤵
-
\??\c:\rrfxrlf.exec:\rrfxrlf.exe93⤵
-
\??\c:\bnthbt.exec:\bnthbt.exe94⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe95⤵
-
\??\c:\9jvjd.exec:\9jvjd.exe96⤵
-
\??\c:\fllxfxr.exec:\fllxfxr.exe97⤵
-
\??\c:\tnttbh.exec:\tnttbh.exe98⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe99⤵
-
\??\c:\pvdvd.exec:\pvdvd.exe100⤵
-
\??\c:\rlrxxrx.exec:\rlrxxrx.exe101⤵
-
\??\c:\ththbb.exec:\ththbb.exe102⤵
-
\??\c:\pjppj.exec:\pjppj.exe103⤵
-
\??\c:\vppdv.exec:\vppdv.exe104⤵
-
\??\c:\9ffxlrf.exec:\9ffxlrf.exe105⤵
-
\??\c:\lxfrlfx.exec:\lxfrlfx.exe106⤵
-
\??\c:\bbbnbt.exec:\bbbnbt.exe107⤵
-
\??\c:\vjppd.exec:\vjppd.exe108⤵
-
\??\c:\5hhtnh.exec:\5hhtnh.exe109⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe110⤵
-
\??\c:\fffrrll.exec:\fffrrll.exe111⤵
-
\??\c:\7bthbt.exec:\7bthbt.exe112⤵
-
\??\c:\tbhnnt.exec:\tbhnnt.exe113⤵
-
\??\c:\jvdpv.exec:\jvdpv.exe114⤵
-
\??\c:\lflffff.exec:\lflffff.exe115⤵
-
\??\c:\bhhtnh.exec:\bhhtnh.exe116⤵
-
\??\c:\jjddp.exec:\jjddp.exe117⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe118⤵
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe119⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe120⤵
-
\??\c:\vddpv.exec:\vddpv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-