Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
08-07-2024 00:04
General
-
Target
789e2d6afe1d798b80a152301c912c5bac02d826be68d8ac2eee8801b43f5b92.exe
-
Size
122KB
-
MD5
7ce3c13809b0ccbd366c902f1f6717ab
-
SHA1
0048b46b5a725eea3528f1cff109aadbaeafedd2
-
SHA256
789e2d6afe1d798b80a152301c912c5bac02d826be68d8ac2eee8801b43f5b92
-
SHA512
b1210f8f860cf69a2936477935b1f49f1932b50325bce2444c9f87aeb1bf5a7afa624e4114ae34cb309ba0b401c085b9a15435167fd35f969d0eb8772ecc5d63
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDomRGApSuLAR2yPBCQ1nDFu1Q8sp:ymb3NkkiQ3mdBjFomR7UsyJC+n0Gsgc8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\789e2d6afe1d798b80a152301c912c5bac02d826be68d8ac2eee8801b43f5b92.exe"C:\Users\Admin\AppData\Local\Temp\789e2d6afe1d798b80a152301c912c5bac02d826be68d8ac2eee8801b43f5b92.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxffr.exec:\fxrxffr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthbn.exec:\btthbn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjjp.exec:\1pjjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlffx.exec:\rlrlffx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppj.exec:\vdppj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrffrf.exec:\llrffrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhtb.exec:\hnnhtb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpv.exec:\jddpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppd.exec:\jpppd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxrlx.exec:\lllxrlx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbbn.exec:\hhhbbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrxxr.exec:\rllrxxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhbh.exec:\tthhbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvd.exec:\pjvvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbbb.exec:\tbhbbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvd.exec:\jdvvd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhnn.exec:\ttnhnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdv.exec:\jvjdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrrlll.exec:\lrrrlll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbhh.exec:\btnbhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlflrl.exec:\xrlflrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxflrfl.exec:\lxflrfl.exe23⤵
- Executes dropped EXE
-
\??\c:\jvjdp.exec:\jvjdp.exe24⤵
- Executes dropped EXE
-
\??\c:\lrlxrxl.exec:\lrlxrxl.exe25⤵
- Executes dropped EXE
-
\??\c:\htnbtn.exec:\htnbtn.exe26⤵
- Executes dropped EXE
-
\??\c:\rxfrrrr.exec:\rxfrrrr.exe27⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe28⤵
- Executes dropped EXE
-
\??\c:\jpjdj.exec:\jpjdj.exe29⤵
- Executes dropped EXE
-
\??\c:\hnbhtn.exec:\hnbhtn.exe30⤵
- Executes dropped EXE
-
\??\c:\rfxrrxl.exec:\rfxrrxl.exe31⤵
- Executes dropped EXE
-
\??\c:\9thnnt.exec:\9thnnt.exe32⤵
- Executes dropped EXE
-
\??\c:\bhtbhn.exec:\bhtbhn.exe33⤵
- Executes dropped EXE
-
\??\c:\dvdjj.exec:\dvdjj.exe34⤵
- Executes dropped EXE
-
\??\c:\fxflflx.exec:\fxflflx.exe35⤵
- Executes dropped EXE
-
\??\c:\tbnhhh.exec:\tbnhhh.exe36⤵
- Executes dropped EXE
-
\??\c:\ppdjp.exec:\ppdjp.exe37⤵
- Executes dropped EXE
-
\??\c:\flrlrfr.exec:\flrlrfr.exe38⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe39⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe40⤵
- Executes dropped EXE
-
\??\c:\btbntt.exec:\btbntt.exe41⤵
- Executes dropped EXE
-
\??\c:\djjjj.exec:\djjjj.exe42⤵
- Executes dropped EXE
-
\??\c:\5ffrllx.exec:\5ffrllx.exe43⤵
- Executes dropped EXE
-
\??\c:\pvvdv.exec:\pvvdv.exe44⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe45⤵
- Executes dropped EXE
-
\??\c:\rfffrrl.exec:\rfffrrl.exe46⤵
- Executes dropped EXE
-
\??\c:\ppdpd.exec:\ppdpd.exe47⤵
- Executes dropped EXE
-
\??\c:\flflfrx.exec:\flflfrx.exe48⤵
- Executes dropped EXE
-
\??\c:\btbntn.exec:\btbntn.exe49⤵
- Executes dropped EXE
-
\??\c:\ppdpv.exec:\ppdpv.exe50⤵
- Executes dropped EXE
-
\??\c:\lxfffll.exec:\lxfffll.exe51⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe52⤵
- Executes dropped EXE
-
\??\c:\nhhtht.exec:\nhhtht.exe53⤵
- Executes dropped EXE
-
\??\c:\djdvp.exec:\djdvp.exe54⤵
- Executes dropped EXE
-
\??\c:\lxfxxxr.exec:\lxfxxxr.exe55⤵
- Executes dropped EXE
-
\??\c:\nbbnhn.exec:\nbbnhn.exe56⤵
- Executes dropped EXE
-
\??\c:\jjpjp.exec:\jjpjp.exe57⤵
- Executes dropped EXE
-
\??\c:\frlfflr.exec:\frlfflr.exe58⤵
- Executes dropped EXE
-
\??\c:\hhtthn.exec:\hhtthn.exe59⤵
- Executes dropped EXE
-
\??\c:\jppjj.exec:\jppjj.exe60⤵
- Executes dropped EXE
-
\??\c:\rfflfxx.exec:\rfflfxx.exe61⤵
- Executes dropped EXE
-
\??\c:\tnbbtt.exec:\tnbbtt.exe62⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe63⤵
- Executes dropped EXE
-
\??\c:\frfrlfx.exec:\frfrlfx.exe64⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe65⤵
- Executes dropped EXE
-
\??\c:\lflflll.exec:\lflflll.exe66⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe67⤵
-
\??\c:\frxlfxl.exec:\frxlfxl.exe68⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe69⤵
-
\??\c:\lrffrlf.exec:\lrffrlf.exe70⤵
-
\??\c:\vdjpj.exec:\vdjpj.exe71⤵
-
\??\c:\lrxxfxr.exec:\lrxxfxr.exe72⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe73⤵
-
\??\c:\rrrllll.exec:\rrrllll.exe74⤵
-
\??\c:\htnbhn.exec:\htnbhn.exe75⤵
-
\??\c:\7vvpd.exec:\7vvpd.exe76⤵
-
\??\c:\bntnnt.exec:\bntnnt.exe77⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe78⤵
-
\??\c:\fxllrrx.exec:\fxllrrx.exe79⤵
-
\??\c:\lfrxffr.exec:\lfrxffr.exe80⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe81⤵
-
\??\c:\rflxlrr.exec:\rflxlrr.exe82⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe83⤵
-
\??\c:\bhnttt.exec:\bhnttt.exe84⤵
-
\??\c:\llllrfl.exec:\llllrfl.exe85⤵
-
\??\c:\vjjvd.exec:\vjjvd.exe86⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe87⤵
-
\??\c:\lrrrrxl.exec:\lrrrrxl.exe88⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe89⤵
-
\??\c:\xfxrllr.exec:\xfxrllr.exe90⤵
-
\??\c:\nnnhtt.exec:\nnnhtt.exe91⤵
-
\??\c:\xrlrrrl.exec:\xrlrrrl.exe92⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe93⤵
-
\??\c:\ffxfrfx.exec:\ffxfrfx.exe94⤵
-
\??\c:\bhhtnt.exec:\bhhtnt.exe95⤵
-
\??\c:\pvddj.exec:\pvddj.exe96⤵
-
\??\c:\rrfflxl.exec:\rrfflxl.exe97⤵
-
\??\c:\nbttnb.exec:\nbttnb.exe98⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe99⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe100⤵
-
\??\c:\xffxrxl.exec:\xffxrxl.exe101⤵
-
\??\c:\thtbtn.exec:\thtbtn.exe102⤵
-
\??\c:\pvpjp.exec:\pvpjp.exe103⤵
-
\??\c:\llxfrfl.exec:\llxfrfl.exe104⤵
-
\??\c:\hnhbtt.exec:\hnhbtt.exe105⤵
-
\??\c:\djvdv.exec:\djvdv.exe106⤵
-
\??\c:\rrflrfx.exec:\rrflrfx.exe107⤵
-
\??\c:\thnnnb.exec:\thnnnb.exe108⤵
-
\??\c:\ffrxrlf.exec:\ffrxrlf.exe109⤵
-
\??\c:\vdppd.exec:\vdppd.exe110⤵
-
\??\c:\rxfrfrf.exec:\rxfrfrf.exe111⤵
-
\??\c:\nnttbh.exec:\nnttbh.exe112⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe113⤵
-
\??\c:\ntbbnh.exec:\ntbbnh.exe114⤵
-
\??\c:\3jjdv.exec:\3jjdv.exe115⤵
-
\??\c:\fxxxfff.exec:\fxxxfff.exe116⤵
-
\??\c:\hhhnnn.exec:\hhhnnn.exe117⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe118⤵
-
\??\c:\lfxrflr.exec:\lfxrflr.exe119⤵
-
\??\c:\bbhbbh.exec:\bbhbbh.exe120⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-