Analysis
-
max time kernel
150s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
07/07/2024, 01:55
General
-
Target
a8c1789a0887302516639e80ef91a11a12ef44b593cda2fb80f016a3dd7a7a10.exe
-
Size
91KB
-
MD5
f754bd1d8998cb6dbe5f599a3708a901
-
SHA1
8cae69fd888c2af101820a016c458f493fdd1e1e
-
SHA256
a8c1789a0887302516639e80ef91a11a12ef44b593cda2fb80f016a3dd7a7a10
-
SHA512
41afd9dc1ca9dc672baa45492087ac2feb27c2044d189c4196e6b9530fd45d9a0af01539e15fad4cb50bc0433215ee8869f4010227c71a9fd77adf207c24dccc
-
SSDEEP
1536:cvQBeOGtrYS3srx93UBWfwC6Ggnouy8mVeygryFU2li0gx4EBbhnyLFW+YFJAO:chOmTsF93UYfwC6GIoutieyhC2lbgGin
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a8c1789a0887302516639e80ef91a11a12ef44b593cda2fb80f016a3dd7a7a10.exe"C:\Users\Admin\AppData\Local\Temp\a8c1789a0887302516639e80ef91a11a12ef44b593cda2fb80f016a3dd7a7a10.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxrlr.exec:\rxfxrlr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rlrlrr.exec:\9rlrlrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnntt.exec:\btnntt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvp.exec:\jdvvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvjd.exec:\9vvjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlffff.exec:\rxlffff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxffr.exec:\rrfxffr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnbnn.exec:\bnnbnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnth.exec:\nhnnth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvp.exec:\ppjvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppj.exec:\ddppj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lffrxf.exec:\9lffrxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthnt.exec:\bbthnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnnth.exec:\9tnnth.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvjv.exec:\7dvjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fflffr.exec:\9fflffr.exe17⤵
- Executes dropped EXE
-
\??\c:\xxlfxfl.exec:\xxlfxfl.exe18⤵
- Executes dropped EXE
-
\??\c:\bbhnth.exec:\bbhnth.exe19⤵
- Executes dropped EXE
-
\??\c:\tnhtbh.exec:\tnhtbh.exe20⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe21⤵
- Executes dropped EXE
-
\??\c:\9lflxxl.exec:\9lflxxl.exe22⤵
- Executes dropped EXE
-
\??\c:\ffxrxrf.exec:\ffxrxrf.exe23⤵
- Executes dropped EXE
-
\??\c:\9ntbht.exec:\9ntbht.exe24⤵
- Executes dropped EXE
-
\??\c:\bbthth.exec:\bbthth.exe25⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe26⤵
- Executes dropped EXE
-
\??\c:\llxfflf.exec:\llxfflf.exe27⤵
- Executes dropped EXE
-
\??\c:\9tthbh.exec:\9tthbh.exe28⤵
- Executes dropped EXE
-
\??\c:\3htttb.exec:\3htttb.exe29⤵
- Executes dropped EXE
-
\??\c:\vdddv.exec:\vdddv.exe30⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe31⤵
- Executes dropped EXE
-
\??\c:\xrlrlxl.exec:\xrlrlxl.exe32⤵
- Executes dropped EXE
-
\??\c:\lflflrx.exec:\lflflrx.exe33⤵
- Executes dropped EXE
-
\??\c:\1bbhth.exec:\1bbhth.exe34⤵
- Executes dropped EXE
-
\??\c:\vddpj.exec:\vddpj.exe35⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe36⤵
- Executes dropped EXE
-
\??\c:\xrxxffr.exec:\xrxxffr.exe37⤵
- Executes dropped EXE
-
\??\c:\lflrxfl.exec:\lflrxfl.exe38⤵
- Executes dropped EXE
-
\??\c:\5thhhh.exec:\5thhhh.exe39⤵
- Executes dropped EXE
-
\??\c:\bbbbnn.exec:\bbbbnn.exe40⤵
- Executes dropped EXE
-
\??\c:\3jvpj.exec:\3jvpj.exe41⤵
- Executes dropped EXE
-
\??\c:\5jjpv.exec:\5jjpv.exe42⤵
- Executes dropped EXE
-
\??\c:\xffxfxx.exec:\xffxfxx.exe43⤵
- Executes dropped EXE
-
\??\c:\rrrlfxx.exec:\rrrlfxx.exe44⤵
- Executes dropped EXE
-
\??\c:\1nhbnn.exec:\1nhbnn.exe45⤵
- Executes dropped EXE
-
\??\c:\bbthtb.exec:\bbthtb.exe46⤵
- Executes dropped EXE
-
\??\c:\3pppd.exec:\3pppd.exe47⤵
- Executes dropped EXE
-
\??\c:\9vdpd.exec:\9vdpd.exe48⤵
- Executes dropped EXE
-
\??\c:\rrlrxxl.exec:\rrlrxxl.exe49⤵
- Executes dropped EXE
-
\??\c:\lfxfffr.exec:\lfxfffr.exe50⤵
- Executes dropped EXE
-
\??\c:\7bnhnn.exec:\7bnhnn.exe51⤵
- Executes dropped EXE
-
\??\c:\hhbnnn.exec:\hhbnnn.exe52⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe53⤵
- Executes dropped EXE
-
\??\c:\1ppjd.exec:\1ppjd.exe54⤵
- Executes dropped EXE
-
\??\c:\1fxfrrf.exec:\1fxfrrf.exe55⤵
- Executes dropped EXE
-
\??\c:\rlllrrl.exec:\rlllrrl.exe56⤵
- Executes dropped EXE
-
\??\c:\tnttbh.exec:\tnttbh.exe57⤵
- Executes dropped EXE
-
\??\c:\9hbhht.exec:\9hbhht.exe58⤵
- Executes dropped EXE
-
\??\c:\pvjpj.exec:\pvjpj.exe59⤵
- Executes dropped EXE
-
\??\c:\dvvvj.exec:\dvvvj.exe60⤵
- Executes dropped EXE
-
\??\c:\9flfrfl.exec:\9flfrfl.exe61⤵
- Executes dropped EXE
-
\??\c:\rrllxfx.exec:\rrllxfx.exe62⤵
- Executes dropped EXE
-
\??\c:\hhbntt.exec:\hhbntt.exe63⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe64⤵
- Executes dropped EXE
-
\??\c:\1ttbhn.exec:\1ttbhn.exe65⤵
- Executes dropped EXE
-
\??\c:\hhttbt.exec:\hhttbt.exe66⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe67⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe68⤵
-
\??\c:\lrlrlxl.exec:\lrlrlxl.exe69⤵
-
\??\c:\hbthnn.exec:\hbthnn.exe70⤵
-
\??\c:\htttbb.exec:\htttbb.exe71⤵
-
\??\c:\jdppp.exec:\jdppp.exe72⤵
-
\??\c:\ppddj.exec:\ppddj.exe73⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe74⤵
-
\??\c:\rxffxlf.exec:\rxffxlf.exe75⤵
-
\??\c:\5bhtht.exec:\5bhtht.exe76⤵
-
\??\c:\1bbthn.exec:\1bbthn.exe77⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe78⤵
-
\??\c:\pvdjj.exec:\pvdjj.exe79⤵
-
\??\c:\3lflllr.exec:\3lflllr.exe80⤵
-
\??\c:\7rxxxlr.exec:\7rxxxlr.exe81⤵
-
\??\c:\rlrrflr.exec:\rlrrflr.exe82⤵
-
\??\c:\nbhttt.exec:\nbhttt.exe83⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe84⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe85⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe86⤵
-
\??\c:\3rxfxxl.exec:\3rxfxxl.exe87⤵
-
\??\c:\ffxfrlx.exec:\ffxfrlx.exe88⤵
-
\??\c:\3rlfflx.exec:\3rlfflx.exe89⤵
-
\??\c:\bbtbnb.exec:\bbtbnb.exe90⤵
-
\??\c:\tbnttb.exec:\tbnttb.exe91⤵
-
\??\c:\7vdvd.exec:\7vdvd.exe92⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe93⤵
-
\??\c:\3frflxl.exec:\3frflxl.exe94⤵
-
\??\c:\ffrxffl.exec:\ffrxffl.exe95⤵
-
\??\c:\nbnbhb.exec:\nbnbhb.exe96⤵
-
\??\c:\ttbnhb.exec:\ttbnhb.exe97⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe98⤵
-
\??\c:\5pdjj.exec:\5pdjj.exe99⤵
-
\??\c:\9dpdd.exec:\9dpdd.exe100⤵
-
\??\c:\lxfrrlx.exec:\lxfrrlx.exe101⤵
-
\??\c:\5rxffxf.exec:\5rxffxf.exe102⤵
-
\??\c:\5nnthn.exec:\5nnthn.exe103⤵
-
\??\c:\nntbnb.exec:\nntbnb.exe104⤵
-
\??\c:\jjddj.exec:\jjddj.exe105⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe106⤵
-
\??\c:\djdjv.exec:\djdjv.exe107⤵
-
\??\c:\frrrlll.exec:\frrrlll.exe108⤵
-
\??\c:\fxrlxlx.exec:\fxrlxlx.exe109⤵
-
\??\c:\nttntt.exec:\nttntt.exe110⤵
-
\??\c:\hhtbth.exec:\hhtbth.exe111⤵
-
\??\c:\dddjd.exec:\dddjd.exe112⤵
-
\??\c:\djjvj.exec:\djjvj.exe113⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe114⤵
-
\??\c:\7lflxrx.exec:\7lflxrx.exe115⤵
-
\??\c:\xxxlrxr.exec:\xxxlrxr.exe116⤵
-
\??\c:\nnhhnt.exec:\nnhhnt.exe117⤵
-
\??\c:\bbhthb.exec:\bbhthb.exe118⤵
-
\??\c:\vvjpj.exec:\vvjpj.exe119⤵
-
\??\c:\9djjv.exec:\9djjv.exe120⤵
-
\??\c:\rllfxlf.exec:\rllfxlf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-