Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
08/07/2024, 23:58
General
-
Target
692b171846ce112664a57eef9e7cc7197a5a4bde0f99582c71fb06b78d66421e.exe
-
Size
78KB
-
MD5
c74192a8021f3f0d521a2a278d7664bf
-
SHA1
4049d70da0c4018c377a04879d3464c821bdee59
-
SHA256
692b171846ce112664a57eef9e7cc7197a5a4bde0f99582c71fb06b78d66421e
-
SHA512
9fa776ffc694b6b0afdfd827faef394028a1268b6331cd07e151d79f1f372a1b311e54aa562e491f4c39003ef68f48e6d922d84207a3c1172499a252ec4f42ad
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIjaQkPcy8WTeAwHWkMBLrjD:ymb3NkkiQ3mdBjFIpkPcy8qsHjCLrjD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\692b171846ce112664a57eef9e7cc7197a5a4bde0f99582c71fb06b78d66421e.exe"C:\Users\Admin\AppData\Local\Temp\692b171846ce112664a57eef9e7cc7197a5a4bde0f99582c71fb06b78d66421e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrrrx.exec:\fxxrrrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbhbh.exec:\nbbhbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvv.exec:\jvdvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrlrx.exec:\rllrlrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnntbb.exec:\bnntbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhtnb.exec:\hbhtnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdpj.exec:\1jdpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtbb.exec:\btbtbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntthbt.exec:\ntthbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjj.exec:\pjjjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxrrr.exec:\rxfxrrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnbtt.exec:\1bnbtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnhbb.exec:\9tnhbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxllfff.exec:\rxllfff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfflll.exec:\xlfflll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtnh.exec:\btbtnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjdv.exec:\1jjdv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdp.exec:\pjjdp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrrfff.exec:\xfrrfff.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbbb.exec:\nhhbbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdd.exec:\vvpdd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvd.exec:\vpdvd.exe23⤵
- Executes dropped EXE
-
\??\c:\rlfxxrl.exec:\rlfxxrl.exe24⤵
- Executes dropped EXE
-
\??\c:\tbttnb.exec:\tbttnb.exe25⤵
- Executes dropped EXE
-
\??\c:\ppjjj.exec:\ppjjj.exe26⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe27⤵
- Executes dropped EXE
-
\??\c:\3frlrrx.exec:\3frlrrx.exe28⤵
- Executes dropped EXE
-
\??\c:\9nttnn.exec:\9nttnn.exe29⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe30⤵
- Executes dropped EXE
-
\??\c:\fxfxlxr.exec:\fxfxlxr.exe31⤵
- Executes dropped EXE
-
\??\c:\9thhnn.exec:\9thhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe33⤵
- Executes dropped EXE
-
\??\c:\jddjj.exec:\jddjj.exe34⤵
- Executes dropped EXE
-
\??\c:\rffxxll.exec:\rffxxll.exe35⤵
- Executes dropped EXE
-
\??\c:\flffxff.exec:\flffxff.exe36⤵
- Executes dropped EXE
-
\??\c:\hbnhbn.exec:\hbnhbn.exe37⤵
- Executes dropped EXE
-
\??\c:\btbtnn.exec:\btbtnn.exe38⤵
- Executes dropped EXE
-
\??\c:\7jvdv.exec:\7jvdv.exe39⤵
- Executes dropped EXE
-
\??\c:\dpvvj.exec:\dpvvj.exe40⤵
- Executes dropped EXE
-
\??\c:\fxrrrxl.exec:\fxrrrxl.exe41⤵
- Executes dropped EXE
-
\??\c:\xflxrfx.exec:\xflxrfx.exe42⤵
- Executes dropped EXE
-
\??\c:\bntnnn.exec:\bntnnn.exe43⤵
- Executes dropped EXE
-
\??\c:\hhbtnn.exec:\hhbtnn.exe44⤵
- Executes dropped EXE
-
\??\c:\ddvvd.exec:\ddvvd.exe45⤵
- Executes dropped EXE
-
\??\c:\fxrrrrx.exec:\fxrrrrx.exe46⤵
- Executes dropped EXE
-
\??\c:\lxfffff.exec:\lxfffff.exe47⤵
- Executes dropped EXE
-
\??\c:\3hnhtt.exec:\3hnhtt.exe48⤵
- Executes dropped EXE
-
\??\c:\9tttnt.exec:\9tttnt.exe49⤵
- Executes dropped EXE
-
\??\c:\9ddvp.exec:\9ddvp.exe50⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe51⤵
- Executes dropped EXE
-
\??\c:\rxffxxx.exec:\rxffxxx.exe52⤵
- Executes dropped EXE
-
\??\c:\fxffxxx.exec:\fxffxxx.exe53⤵
- Executes dropped EXE
-
\??\c:\hhtttt.exec:\hhtttt.exe54⤵
- Executes dropped EXE
-
\??\c:\nbbbtb.exec:\nbbbtb.exe55⤵
- Executes dropped EXE
-
\??\c:\9jjpj.exec:\9jjpj.exe56⤵
- Executes dropped EXE
-
\??\c:\pvpjv.exec:\pvpjv.exe57⤵
- Executes dropped EXE
-
\??\c:\xrlffxx.exec:\xrlffxx.exe58⤵
- Executes dropped EXE
-
\??\c:\hbnhbb.exec:\hbnhbb.exe59⤵
- Executes dropped EXE
-
\??\c:\hbhhtn.exec:\hbhhtn.exe60⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe61⤵
- Executes dropped EXE
-
\??\c:\9xfflxl.exec:\9xfflxl.exe62⤵
- Executes dropped EXE
-
\??\c:\7lrlrrx.exec:\7lrlrrx.exe63⤵
- Executes dropped EXE
-
\??\c:\nnttnn.exec:\nnttnn.exe64⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe65⤵
- Executes dropped EXE
-
\??\c:\pdddj.exec:\pdddj.exe66⤵
-
\??\c:\llrrrlf.exec:\llrrrlf.exe67⤵
-
\??\c:\bthbhb.exec:\bthbhb.exe68⤵
-
\??\c:\hbbbhn.exec:\hbbbhn.exe69⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe70⤵
-
\??\c:\lfxrxxf.exec:\lfxrxxf.exe71⤵
-
\??\c:\tntttt.exec:\tntttt.exe72⤵
-
\??\c:\tnnhhb.exec:\tnnhhb.exe73⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe74⤵
-
\??\c:\fxrfxlf.exec:\fxrfxlf.exe75⤵
-
\??\c:\nnnhhb.exec:\nnnhhb.exe76⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe77⤵
-
\??\c:\9dpdj.exec:\9dpdj.exe78⤵
-
\??\c:\bhnnnh.exec:\bhnnnh.exe79⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe80⤵
-
\??\c:\rrfllrl.exec:\rrfllrl.exe81⤵
-
\??\c:\rflxrff.exec:\rflxrff.exe82⤵
-
\??\c:\hhhbbt.exec:\hhhbbt.exe83⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe84⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe85⤵
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe86⤵
-
\??\c:\5nnnhn.exec:\5nnnhn.exe87⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe88⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe89⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe90⤵
-
\??\c:\xxllffx.exec:\xxllffx.exe91⤵
-
\??\c:\nhhhbh.exec:\nhhhbh.exe92⤵
-
\??\c:\5tttnn.exec:\5tttnn.exe93⤵
-
\??\c:\jpppp.exec:\jpppp.exe94⤵
-
\??\c:\9thbtt.exec:\9thbtt.exe95⤵
-
\??\c:\thbbth.exec:\thbbth.exe96⤵
-
\??\c:\djjjd.exec:\djjjd.exe97⤵
-
\??\c:\1jjdd.exec:\1jjdd.exe98⤵
-
\??\c:\llxrrrx.exec:\llxrrrx.exe99⤵
-
\??\c:\xlxrlfx.exec:\xlxrlfx.exe100⤵
-
\??\c:\bhnnnn.exec:\bhnnnn.exe101⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe102⤵
-
\??\c:\pvvvd.exec:\pvvvd.exe103⤵
-
\??\c:\ffllrxx.exec:\ffllrxx.exe104⤵
-
\??\c:\fxffxff.exec:\fxffxff.exe105⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe106⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe107⤵
-
\??\c:\jdddp.exec:\jdddp.exe108⤵
-
\??\c:\rlllfff.exec:\rlllfff.exe109⤵
-
\??\c:\thhhht.exec:\thhhht.exe110⤵
-
\??\c:\jjppv.exec:\jjppv.exe111⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe112⤵
-
\??\c:\lxffxxx.exec:\lxffxxx.exe113⤵
-
\??\c:\rlllfff.exec:\rlllfff.exe114⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe115⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe116⤵
-
\??\c:\xlfxrrl.exec:\xlfxrrl.exe117⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe118⤵
-
\??\c:\tthhtt.exec:\tthhtt.exe119⤵
-
\??\c:\7fffffl.exec:\7fffffl.exe120⤵
-
\??\c:\nhtnnt.exec:\nhtnnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-