Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
08-07-2024 01:36
General
-
Target
97c8dce5eaa422427078b9297bb052b061e374bed7a4437b0e4782c6464fddd2.exe
-
Size
969KB
-
MD5
f49bb95143e5fb3b58a87db51162f783
-
SHA1
f628662ee3bc57c80f9b3fdc4e208a49359790f7
-
SHA256
97c8dce5eaa422427078b9297bb052b061e374bed7a4437b0e4782c6464fddd2
-
SHA512
34ffe034c7e7f2175361bb1d0b0eac1d64d21c9318332dddb157796a6073da2e5dc5537485c3c62c4dcbad38c72a12e0c0cc683fde87d4906fcf98795440a439
-
SSDEEP
12288:n3C9ytvngQjy3C9I3YEWpYe+GalTLfOX+I3C9S3C9ytvngQj65syLr9fuWp6:SgdnJVwLgdnJq9fu5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\97c8dce5eaa422427078b9297bb052b061e374bed7a4437b0e4782c6464fddd2.exe"C:\Users\Admin\AppData\Local\Temp\97c8dce5eaa422427078b9297bb052b061e374bed7a4437b0e4782c6464fddd2.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\plxtdhf.exec:\plxtdhf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdfxvn.exec:\pdfxvn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnprrf.exec:\nnprrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dhlvh.exec:\dhlvh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tdhrv.exec:\tdhrv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htpxt.exec:\htpxt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dhxrbrn.exec:\dhxrbrn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxrfv.exec:\vxrfv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lbvvxhh.exec:\lbvvxhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjhnhxp.exec:\tjhnhxp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hdhprb.exec:\hdhprb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bfrbp.exec:\bfrbp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhfdxn.exec:\hhhfdxn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnjjf.exec:\nnjjf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ltvxh.exec:\ltvxh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rftpltt.exec:\rftpltt.exe17⤵
- Executes dropped EXE
-
\??\c:\xntpn.exec:\xntpn.exe18⤵
- Executes dropped EXE
-
\??\c:\jbdthjh.exec:\jbdthjh.exe19⤵
- Executes dropped EXE
-
\??\c:\xvvnjd.exec:\xvvnjd.exe20⤵
- Executes dropped EXE
-
\??\c:\frjxpjj.exec:\frjxpjj.exe21⤵
- Executes dropped EXE
-
\??\c:\hbvhdn.exec:\hbvhdn.exe22⤵
- Executes dropped EXE
-
\??\c:\pnxtlxf.exec:\pnxtlxf.exe23⤵
- Executes dropped EXE
-
\??\c:\nnvdtn.exec:\nnvdtn.exe24⤵
- Executes dropped EXE
-
\??\c:\hpljpvx.exec:\hpljpvx.exe25⤵
- Executes dropped EXE
-
\??\c:\htfjhf.exec:\htfjhf.exe26⤵
- Executes dropped EXE
-
\??\c:\rnfpblf.exec:\rnfpblf.exe27⤵
- Executes dropped EXE
-
\??\c:\rbnhxrh.exec:\rbnhxrh.exe28⤵
- Executes dropped EXE
-
\??\c:\fxfxvb.exec:\fxfxvb.exe29⤵
- Executes dropped EXE
-
\??\c:\rvxdl.exec:\rvxdl.exe30⤵
- Executes dropped EXE
-
\??\c:\brxvjvn.exec:\brxvjvn.exe31⤵
- Executes dropped EXE
-
\??\c:\fvrfrxn.exec:\fvrfrxn.exe32⤵
- Executes dropped EXE
-
\??\c:\tjlhrff.exec:\tjlhrff.exe33⤵
- Executes dropped EXE
-
\??\c:\hvttrl.exec:\hvttrl.exe34⤵
- Executes dropped EXE
-
\??\c:\lrrxfb.exec:\lrrxfb.exe35⤵
- Executes dropped EXE
-
\??\c:\rvblvbl.exec:\rvblvbl.exe36⤵
- Executes dropped EXE
-
\??\c:\dbxldhr.exec:\dbxldhr.exe37⤵
- Executes dropped EXE
-
\??\c:\nhfjv.exec:\nhfjv.exe38⤵
- Executes dropped EXE
-
\??\c:\hpjnnrj.exec:\hpjnnrj.exe39⤵
- Executes dropped EXE
-
\??\c:\hrjtlbv.exec:\hrjtlbv.exe40⤵
- Executes dropped EXE
-
\??\c:\htvprb.exec:\htvprb.exe41⤵
- Executes dropped EXE
-
\??\c:\hrrdvnn.exec:\hrrdvnn.exe42⤵
- Executes dropped EXE
-
\??\c:\xlnrbxx.exec:\xlnrbxx.exe43⤵
- Executes dropped EXE
-
\??\c:\vrpvt.exec:\vrpvt.exe44⤵
- Executes dropped EXE
-
\??\c:\vjfff.exec:\vjfff.exe45⤵
- Executes dropped EXE
-
\??\c:\pbphpnp.exec:\pbphpnp.exe46⤵
- Executes dropped EXE
-
\??\c:\ljjdp.exec:\ljjdp.exe47⤵
- Executes dropped EXE
-
\??\c:\jhlppj.exec:\jhlppj.exe48⤵
- Executes dropped EXE
-
\??\c:\lvbtjbr.exec:\lvbtjbr.exe49⤵
- Executes dropped EXE
-
\??\c:\vxprpp.exec:\vxprpp.exe50⤵
- Executes dropped EXE
-
\??\c:\drrrlhv.exec:\drrrlhv.exe51⤵
- Executes dropped EXE
-
\??\c:\htrrxdj.exec:\htrrxdj.exe52⤵
- Executes dropped EXE
-
\??\c:\bltbbhl.exec:\bltbbhl.exe53⤵
- Executes dropped EXE
-
\??\c:\lrvrbrr.exec:\lrvrbrr.exe54⤵
- Executes dropped EXE
-
\??\c:\hrlvpb.exec:\hrlvpb.exe55⤵
- Executes dropped EXE
-
\??\c:\bbdvp.exec:\bbdvp.exe56⤵
- Executes dropped EXE
-
\??\c:\jjjrppx.exec:\jjjrppx.exe57⤵
- Executes dropped EXE
-
\??\c:\nvljjj.exec:\nvljjj.exe58⤵
- Executes dropped EXE
-
\??\c:\xrjfvrh.exec:\xrjfvrh.exe59⤵
- Executes dropped EXE
-
\??\c:\jjrbxtp.exec:\jjrbxtp.exe60⤵
- Executes dropped EXE
-
\??\c:\ljptt.exec:\ljptt.exe61⤵
- Executes dropped EXE
-
\??\c:\rljpvr.exec:\rljpvr.exe62⤵
- Executes dropped EXE
-
\??\c:\pvdrrn.exec:\pvdrrn.exe63⤵
- Executes dropped EXE
-
\??\c:\xfxdnft.exec:\xfxdnft.exe64⤵
- Executes dropped EXE
-
\??\c:\bbjjdfv.exec:\bbjjdfv.exe65⤵
- Executes dropped EXE
-
\??\c:\hpjddf.exec:\hpjddf.exe66⤵
-
\??\c:\bflvfj.exec:\bflvfj.exe67⤵
-
\??\c:\phflbd.exec:\phflbd.exe68⤵
-
\??\c:\tpbrb.exec:\tpbrb.exe69⤵
-
\??\c:\vbnnd.exec:\vbnnd.exe70⤵
-
\??\c:\htrprj.exec:\htrprj.exe71⤵
-
\??\c:\vtpbrfn.exec:\vtpbrfn.exe72⤵
-
\??\c:\pnvrnn.exec:\pnvrnn.exe73⤵
-
\??\c:\rxfhrfv.exec:\rxfhrfv.exe74⤵
-
\??\c:\jtdhdhv.exec:\jtdhdhv.exe75⤵
-
\??\c:\lbdnvt.exec:\lbdnvt.exe76⤵
-
\??\c:\xnjtx.exec:\xnjtx.exe77⤵
-
\??\c:\lxbdnpr.exec:\lxbdnpr.exe78⤵
-
\??\c:\pftjnv.exec:\pftjnv.exe79⤵
-
\??\c:\dfnrtd.exec:\dfnrtd.exe80⤵
-
\??\c:\jnxrlrp.exec:\jnxrlrp.exe81⤵
-
\??\c:\rfpjvvn.exec:\rfpjvvn.exe82⤵
-
\??\c:\jfvbp.exec:\jfvbp.exe83⤵
-
\??\c:\rvdlfrf.exec:\rvdlfrf.exe84⤵
-
\??\c:\jdptj.exec:\jdptj.exe85⤵
-
\??\c:\rvtrjxn.exec:\rvtrjxn.exe86⤵
-
\??\c:\tvlpf.exec:\tvlpf.exe87⤵
-
\??\c:\jbxtd.exec:\jbxtd.exe88⤵
-
\??\c:\lhxdhtj.exec:\lhxdhtj.exe89⤵
-
\??\c:\vtjfnn.exec:\vtjfnn.exe90⤵
-
\??\c:\tjtlrp.exec:\tjtlrp.exe91⤵
-
\??\c:\pjptxn.exec:\pjptxn.exe92⤵
-
\??\c:\dbjtpj.exec:\dbjtpj.exe93⤵
-
\??\c:\pvffl.exec:\pvffl.exe94⤵
-
\??\c:\prdrj.exec:\prdrj.exe95⤵
-
\??\c:\prvpd.exec:\prvpd.exe96⤵
-
\??\c:\blhnj.exec:\blhnj.exe97⤵
-
\??\c:\bvxlbx.exec:\bvxlbx.exe98⤵
-
\??\c:\vvhdlxv.exec:\vvhdlxv.exe99⤵
-
\??\c:\lvhxjrl.exec:\lvhxjrl.exe100⤵
-
\??\c:\phlbpnf.exec:\phlbpnf.exe101⤵
-
\??\c:\jbpnt.exec:\jbpnt.exe102⤵
-
\??\c:\hrxpr.exec:\hrxpr.exe103⤵
-
\??\c:\txrhllf.exec:\txrhllf.exe104⤵
-
\??\c:\hrdxhdv.exec:\hrdxhdv.exe105⤵
-
\??\c:\xjnhxxp.exec:\xjnhxxp.exe106⤵
-
\??\c:\bnrbpvj.exec:\bnrbpvj.exe107⤵
-
\??\c:\hjbplv.exec:\hjbplv.exe108⤵
-
\??\c:\vxdjr.exec:\vxdjr.exe109⤵
-
\??\c:\hprhjnx.exec:\hprhjnx.exe110⤵
-
\??\c:\rjndn.exec:\rjndn.exe111⤵
-
\??\c:\xlfnh.exec:\xlfnh.exe112⤵
-
\??\c:\fhxxr.exec:\fhxxr.exe113⤵
-
\??\c:\fhxpdxl.exec:\fhxpdxl.exe114⤵
-
\??\c:\jxpjnv.exec:\jxpjnv.exe115⤵
-
\??\c:\nbhdjjx.exec:\nbhdjjx.exe116⤵
-
\??\c:\pbfbjf.exec:\pbfbjf.exe117⤵
-
\??\c:\xvprnvl.exec:\xvprnvl.exe118⤵
-
\??\c:\jdrjf.exec:\jdrjf.exe119⤵
-
\??\c:\nxvllj.exec:\nxvllj.exe120⤵
-
\??\c:\xthrx.exec:\xthrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-