Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
08-07-2024 01:36
General
-
Target
97c8dce5eaa422427078b9297bb052b061e374bed7a4437b0e4782c6464fddd2.exe
-
Size
969KB
-
MD5
f49bb95143e5fb3b58a87db51162f783
-
SHA1
f628662ee3bc57c80f9b3fdc4e208a49359790f7
-
SHA256
97c8dce5eaa422427078b9297bb052b061e374bed7a4437b0e4782c6464fddd2
-
SHA512
34ffe034c7e7f2175361bb1d0b0eac1d64d21c9318332dddb157796a6073da2e5dc5537485c3c62c4dcbad38c72a12e0c0cc683fde87d4906fcf98795440a439
-
SSDEEP
12288:n3C9ytvngQjy3C9I3YEWpYe+GalTLfOX+I3C9S3C9ytvngQj65syLr9fuWp6:SgdnJVwLgdnJq9fu5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\97c8dce5eaa422427078b9297bb052b061e374bed7a4437b0e4782c6464fddd2.exe"C:\Users\Admin\AppData\Local\Temp\97c8dce5eaa422427078b9297bb052b061e374bed7a4437b0e4782c6464fddd2.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrfxxl.exec:\rrrfxxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdv.exec:\dvjdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxfrlf.exec:\5fxfrlf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbthh.exec:\tnbthh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjj.exec:\jvjjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththnh.exec:\ththnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjj.exec:\ddpjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llxxxr.exec:\9llxxxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnbb.exec:\bttnbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrlffx.exec:\xfrlffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnbt.exec:\httnbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddv.exec:\pjddv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxrll.exec:\ffxxrll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrxxx.exec:\xrlrxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxrrr.exec:\lfxxrrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vpjd.exec:\5vpjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffxxx.exec:\lfffxxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnhbt.exec:\ntnhbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjjp.exec:\9pjjp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxrrrr.exec:\5xxrrrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbttn.exec:\nhbttn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxlrl.exec:\rffxlrl.exe23⤵
- Executes dropped EXE
-
\??\c:\hbnnhb.exec:\hbnnhb.exe24⤵
- Executes dropped EXE
-
\??\c:\1rrlxrr.exec:\1rrlxrr.exe25⤵
- Executes dropped EXE
-
\??\c:\9ntnnn.exec:\9ntnnn.exe26⤵
- Executes dropped EXE
-
\??\c:\xrrlffx.exec:\xrrlffx.exe27⤵
- Executes dropped EXE
-
\??\c:\btnnbt.exec:\btnnbt.exe28⤵
- Executes dropped EXE
-
\??\c:\1vdvj.exec:\1vdvj.exe29⤵
- Executes dropped EXE
-
\??\c:\bnnbtn.exec:\bnnbtn.exe30⤵
- Executes dropped EXE
-
\??\c:\pdjjd.exec:\pdjjd.exe31⤵
- Executes dropped EXE
-
\??\c:\rfffrlf.exec:\rfffrlf.exe32⤵
- Executes dropped EXE
-
\??\c:\5jvpd.exec:\5jvpd.exe33⤵
- Executes dropped EXE
-
\??\c:\llxlrrx.exec:\llxlrrx.exe34⤵
- Executes dropped EXE
-
\??\c:\djvpj.exec:\djvpj.exe35⤵
- Executes dropped EXE
-
\??\c:\nnnhtb.exec:\nnnhtb.exe36⤵
- Executes dropped EXE
-
\??\c:\djpjj.exec:\djpjj.exe37⤵
- Executes dropped EXE
-
\??\c:\flxfxxr.exec:\flxfxxr.exe38⤵
- Executes dropped EXE
-
\??\c:\jpvpd.exec:\jpvpd.exe39⤵
- Executes dropped EXE
-
\??\c:\9xxrlfx.exec:\9xxrlfx.exe40⤵
- Executes dropped EXE
-
\??\c:\nbhbtn.exec:\nbhbtn.exe41⤵
- Executes dropped EXE
-
\??\c:\9jvjd.exec:\9jvjd.exe42⤵
- Executes dropped EXE
-
\??\c:\xxxlffx.exec:\xxxlffx.exe43⤵
- Executes dropped EXE
-
\??\c:\nhbnbt.exec:\nhbnbt.exe44⤵
- Executes dropped EXE
-
\??\c:\7vvpj.exec:\7vvpj.exe45⤵
- Executes dropped EXE
-
\??\c:\rfffrll.exec:\rfffrll.exe46⤵
- Executes dropped EXE
-
\??\c:\nbbbtn.exec:\nbbbtn.exe47⤵
- Executes dropped EXE
-
\??\c:\5vpjd.exec:\5vpjd.exe48⤵
- Executes dropped EXE
-
\??\c:\rflfxfx.exec:\rflfxfx.exe49⤵
- Executes dropped EXE
-
\??\c:\7nhhhh.exec:\7nhhhh.exe50⤵
- Executes dropped EXE
-
\??\c:\vjvpd.exec:\vjvpd.exe51⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe52⤵
- Executes dropped EXE
-
\??\c:\rlrflfl.exec:\rlrflfl.exe53⤵
- Executes dropped EXE
-
\??\c:\7tnbnh.exec:\7tnbnh.exe54⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe55⤵
- Executes dropped EXE
-
\??\c:\hthbbt.exec:\hthbbt.exe56⤵
- Executes dropped EXE
-
\??\c:\7dvpp.exec:\7dvpp.exe57⤵
- Executes dropped EXE
-
\??\c:\xllfrlx.exec:\xllfrlx.exe58⤵
- Executes dropped EXE
-
\??\c:\tthbbb.exec:\tthbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\5jdpv.exec:\5jdpv.exe60⤵
- Executes dropped EXE
-
\??\c:\rxfxrll.exec:\rxfxrll.exe61⤵
- Executes dropped EXE
-
\??\c:\hbnbhh.exec:\hbnbhh.exe62⤵
- Executes dropped EXE
-
\??\c:\djvpj.exec:\djvpj.exe63⤵
- Executes dropped EXE
-
\??\c:\3xfrlll.exec:\3xfrlll.exe64⤵
- Executes dropped EXE
-
\??\c:\7bhtnn.exec:\7bhtnn.exe65⤵
- Executes dropped EXE
-
\??\c:\vdjvp.exec:\vdjvp.exe66⤵
-
\??\c:\3vppj.exec:\3vppj.exe67⤵
-
\??\c:\hnnbtn.exec:\hnnbtn.exe68⤵
-
\??\c:\1nhbbb.exec:\1nhbbb.exe69⤵
-
\??\c:\9vdpj.exec:\9vdpj.exe70⤵
-
\??\c:\frrfrlf.exec:\frrfrlf.exe71⤵
-
\??\c:\htbthb.exec:\htbthb.exe72⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe73⤵
-
\??\c:\nbhbbt.exec:\nbhbbt.exe74⤵
-
\??\c:\ntbbnh.exec:\ntbbnh.exe75⤵
-
\??\c:\vjppj.exec:\vjppj.exe76⤵
-
\??\c:\ffxrllf.exec:\ffxrllf.exe77⤵
-
\??\c:\nhnnbh.exec:\nhnnbh.exe78⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe79⤵
-
\??\c:\nhhhbt.exec:\nhhhbt.exe80⤵
-
\??\c:\vjpdd.exec:\vjpdd.exe81⤵
-
\??\c:\3lrrrlf.exec:\3lrrrlf.exe82⤵
-
\??\c:\9nhbbb.exec:\9nhbbb.exe83⤵
-
\??\c:\jddpj.exec:\jddpj.exe84⤵
-
\??\c:\xlxrxrx.exec:\xlxrxrx.exe85⤵
-
\??\c:\hbhbtn.exec:\hbhbtn.exe86⤵
-
\??\c:\3dvjd.exec:\3dvjd.exe87⤵
-
\??\c:\lxxrfxr.exec:\lxxrfxr.exe88⤵
-
\??\c:\hbbhbb.exec:\hbbhbb.exe89⤵
-
\??\c:\1jdvp.exec:\1jdvp.exe90⤵
-
\??\c:\frrlffx.exec:\frrlffx.exe91⤵
-
\??\c:\xlxrlfr.exec:\xlxrlfr.exe92⤵
-
\??\c:\htbtnh.exec:\htbtnh.exe93⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe94⤵
-
\??\c:\rxrlxrf.exec:\rxrlxrf.exe95⤵
-
\??\c:\tbbnhb.exec:\tbbnhb.exe96⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe97⤵
-
\??\c:\rlflflf.exec:\rlflflf.exe98⤵
-
\??\c:\ntthhh.exec:\ntthhh.exe99⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe100⤵
-
\??\c:\lfrfffx.exec:\lfrfffx.exe101⤵
-
\??\c:\ttbthh.exec:\ttbthh.exe102⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe103⤵
-
\??\c:\9dpdp.exec:\9dpdp.exe104⤵
-
\??\c:\xlxxrrx.exec:\xlxxrrx.exe105⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe106⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe107⤵
-
\??\c:\frffrxl.exec:\frffrxl.exe108⤵
-
\??\c:\5tbtnh.exec:\5tbtnh.exe109⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe110⤵
-
\??\c:\fxxrffx.exec:\fxxrffx.exe111⤵
-
\??\c:\7hbthh.exec:\7hbthh.exe112⤵
-
\??\c:\3jdvj.exec:\3jdvj.exe113⤵
-
\??\c:\lfflflf.exec:\lfflflf.exe114⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe115⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe116⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe117⤵
-
\??\c:\rrxrllf.exec:\rrxrllf.exe118⤵
-
\??\c:\nbbbbt.exec:\nbbbbt.exe119⤵
-
\??\c:\ddddv.exec:\ddddv.exe120⤵
-
\??\c:\lxrlffr.exec:\lxrlffr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-