Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
09-07-2024 04:02
General
-
Target
296e5dd8e88e5755ef56d38c72b77a50N.exe
-
Size
75KB
-
MD5
296e5dd8e88e5755ef56d38c72b77a50
-
SHA1
3b6047ef632279b191ef13c9875c195e29271575
-
SHA256
89af54504034535d5de80f28b00522b96ba18fa7b20d2d63626f835f334de5b0
-
SHA512
a638d922c9656485708a1cf371c801cba896c6eb3be0c28547209ef9899fc7b3c3948be1dad1c9bbc906f538dbf4d745eaefa2691fac16b5d8e6f6c52535fce1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfv7+afCD+QsQbKQPEU:ymb3NkkiQ3mdBjFIfvTfCD+HlQcU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\296e5dd8e88e5755ef56d38c72b77a50N.exe"C:\Users\Admin\AppData\Local\Temp\296e5dd8e88e5755ef56d38c72b77a50N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhthh.exec:\nnhthh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvj.exec:\jddvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdjp.exec:\djdjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlffl.exec:\rlxlffl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhtt.exec:\hbbhtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppv.exec:\pjppv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxlrrf.exec:\lrxlrrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lflxlx.exec:\1lflxlx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbnh.exec:\nnhbnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjpv.exec:\jpjpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllxxxr.exec:\xllxxxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhnhn.exec:\bbhnhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdv.exec:\djjdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrflx.exec:\xrfrflx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbbtb.exec:\3hbbtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjv.exec:\dvdjv.exe17⤵
- Executes dropped EXE
-
\??\c:\3pjjp.exec:\3pjjp.exe18⤵
- Executes dropped EXE
-
\??\c:\nhtbnh.exec:\nhtbnh.exe19⤵
- Executes dropped EXE
-
\??\c:\tbttbb.exec:\tbttbb.exe20⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe21⤵
- Executes dropped EXE
-
\??\c:\rxffffr.exec:\rxffffr.exe22⤵
- Executes dropped EXE
-
\??\c:\3rxxrfx.exec:\3rxxrfx.exe23⤵
- Executes dropped EXE
-
\??\c:\bnnbbn.exec:\bnnbbn.exe24⤵
- Executes dropped EXE
-
\??\c:\jvvjd.exec:\jvvjd.exe25⤵
- Executes dropped EXE
-
\??\c:\lrllxlx.exec:\lrllxlx.exe26⤵
- Executes dropped EXE
-
\??\c:\nnbttn.exec:\nnbttn.exe27⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe28⤵
- Executes dropped EXE
-
\??\c:\frllrlx.exec:\frllrlx.exe29⤵
- Executes dropped EXE
-
\??\c:\fxrffrr.exec:\fxrffrr.exe30⤵
- Executes dropped EXE
-
\??\c:\3bhbtb.exec:\3bhbtb.exe31⤵
- Executes dropped EXE
-
\??\c:\ttttnt.exec:\ttttnt.exe32⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe33⤵
- Executes dropped EXE
-
\??\c:\ttntbt.exec:\ttntbt.exe34⤵
- Executes dropped EXE
-
\??\c:\3vpdj.exec:\3vpdj.exe35⤵
- Executes dropped EXE
-
\??\c:\pdjpd.exec:\pdjpd.exe36⤵
- Executes dropped EXE
-
\??\c:\fflffxr.exec:\fflffxr.exe37⤵
- Executes dropped EXE
-
\??\c:\rlfrfrr.exec:\rlfrfrr.exe38⤵
- Executes dropped EXE
-
\??\c:\hhhbhb.exec:\hhhbhb.exe39⤵
- Executes dropped EXE
-
\??\c:\jjpvv.exec:\jjpvv.exe40⤵
- Executes dropped EXE
-
\??\c:\jvdjp.exec:\jvdjp.exe41⤵
- Executes dropped EXE
-
\??\c:\xrllrrf.exec:\xrllrrf.exe42⤵
- Executes dropped EXE
-
\??\c:\llxxfll.exec:\llxxfll.exe43⤵
- Executes dropped EXE
-
\??\c:\hhbhhn.exec:\hhbhhn.exe44⤵
- Executes dropped EXE
-
\??\c:\1pjpp.exec:\1pjpp.exe45⤵
- Executes dropped EXE
-
\??\c:\rlxrxrf.exec:\rlxrxrf.exe46⤵
- Executes dropped EXE
-
\??\c:\ttttbt.exec:\ttttbt.exe47⤵
- Executes dropped EXE
-
\??\c:\thtnht.exec:\thtnht.exe48⤵
- Executes dropped EXE
-
\??\c:\djvpv.exec:\djvpv.exe49⤵
- Executes dropped EXE
-
\??\c:\rrrxllf.exec:\rrrxllf.exe50⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe51⤵
- Executes dropped EXE
-
\??\c:\ppjvv.exec:\ppjvv.exe52⤵
- Executes dropped EXE
-
\??\c:\lfxfrlx.exec:\lfxfrlx.exe53⤵
- Executes dropped EXE
-
\??\c:\lllxxll.exec:\lllxxll.exe54⤵
- Executes dropped EXE
-
\??\c:\htnnhb.exec:\htnnhb.exe55⤵
- Executes dropped EXE
-
\??\c:\9pvdv.exec:\9pvdv.exe56⤵
- Executes dropped EXE
-
\??\c:\xxllffx.exec:\xxllffx.exe57⤵
- Executes dropped EXE
-
\??\c:\9ntnhh.exec:\9ntnhh.exe58⤵
- Executes dropped EXE
-
\??\c:\nhbhht.exec:\nhbhht.exe59⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe60⤵
- Executes dropped EXE
-
\??\c:\lxxrllx.exec:\lxxrllx.exe61⤵
- Executes dropped EXE
-
\??\c:\xxrlxlf.exec:\xxrlxlf.exe62⤵
- Executes dropped EXE
-
\??\c:\9hhttb.exec:\9hhttb.exe63⤵
- Executes dropped EXE
-
\??\c:\pdjpd.exec:\pdjpd.exe64⤵
- Executes dropped EXE
-
\??\c:\flllfrl.exec:\flllfrl.exe65⤵
- Executes dropped EXE
-
\??\c:\vvvpv.exec:\vvvpv.exe66⤵
-
\??\c:\vdppv.exec:\vdppv.exe67⤵
-
\??\c:\lrxrxxf.exec:\lrxrxxf.exe68⤵
-
\??\c:\bbbtbt.exec:\bbbtbt.exe69⤵
-
\??\c:\djjjj.exec:\djjjj.exe70⤵
-
\??\c:\fxffxll.exec:\fxffxll.exe71⤵
-
\??\c:\hhhbnh.exec:\hhhbnh.exe72⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe73⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe74⤵
-
\??\c:\rfxlflx.exec:\rfxlflx.exe75⤵
-
\??\c:\7nhhtb.exec:\7nhhtb.exe76⤵
-
\??\c:\hthbbt.exec:\hthbbt.exe77⤵
-
\??\c:\djpjj.exec:\djpjj.exe78⤵
-
\??\c:\rlrxrxr.exec:\rlrxrxr.exe79⤵
-
\??\c:\9bbhhn.exec:\9bbhhn.exe80⤵
-
\??\c:\pjddv.exec:\pjddv.exe81⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe82⤵
-
\??\c:\lxrflll.exec:\lxrflll.exe83⤵
-
\??\c:\hbnbnn.exec:\hbnbnn.exe84⤵
-
\??\c:\9nhnnb.exec:\9nhnnb.exe85⤵
-
\??\c:\vdddp.exec:\vdddp.exe86⤵
-
\??\c:\lxlffrr.exec:\lxlffrr.exe87⤵
-
\??\c:\tthbbb.exec:\tthbbb.exe88⤵
-
\??\c:\bnbntb.exec:\bnbntb.exe89⤵
-
\??\c:\pvvpv.exec:\pvvpv.exe90⤵
-
\??\c:\ffllffr.exec:\ffllffr.exe91⤵
-
\??\c:\nbhnbb.exec:\nbhnbb.exe92⤵
-
\??\c:\hnthhb.exec:\hnthhb.exe93⤵
-
\??\c:\7djdj.exec:\7djdj.exe94⤵
-
\??\c:\ffxxxrf.exec:\ffxxxrf.exe95⤵
-
\??\c:\nnthnb.exec:\nnthnb.exe96⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe97⤵
-
\??\c:\7vvdv.exec:\7vvdv.exe98⤵
-
\??\c:\llrrflr.exec:\llrrflr.exe99⤵
-
\??\c:\3rxffll.exec:\3rxffll.exe100⤵
-
\??\c:\bntnbn.exec:\bntnbn.exe101⤵
-
\??\c:\vjjvd.exec:\vjjvd.exe102⤵
-
\??\c:\rxlfxrr.exec:\rxlfxrr.exe103⤵
-
\??\c:\tttthh.exec:\tttthh.exe104⤵
-
\??\c:\3bhnht.exec:\3bhnht.exe105⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe106⤵
-
\??\c:\rrrffff.exec:\rrrffff.exe107⤵
-
\??\c:\1nttht.exec:\1nttht.exe108⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe109⤵
-
\??\c:\jvvvd.exec:\jvvvd.exe110⤵
-
\??\c:\5xffflf.exec:\5xffflf.exe111⤵
-
\??\c:\flxxrlr.exec:\flxxrlr.exe112⤵
-
\??\c:\nntttn.exec:\nntttn.exe113⤵
-
\??\c:\9tnbtt.exec:\9tnbtt.exe114⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe115⤵
-
\??\c:\fllrrrl.exec:\fllrrrl.exe116⤵
-
\??\c:\tbttnb.exec:\tbttnb.exe117⤵
-
\??\c:\bbhntt.exec:\bbhntt.exe118⤵
-
\??\c:\vjpvj.exec:\vjpvj.exe119⤵
-
\??\c:\fxllrrl.exec:\fxllrrl.exe120⤵
-
\??\c:\hnbhbn.exec:\hnbhbn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-