Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
09/07/2024, 07:49
General
-
Target
f96809f4e951a76b376f5aedff45f5cbc5344fec653ab0a54facace8a67effa7.exe
-
Size
135KB
-
MD5
fb39ae543ec5a1c3e3055cf557889955
-
SHA1
0996d9ed929f82c5db5ba6aba85325fe42e4dfe6
-
SHA256
f96809f4e951a76b376f5aedff45f5cbc5344fec653ab0a54facace8a67effa7
-
SHA512
b0f7df4e729609ea6672feb735c0a321938462a1583094ad76b6c030fc5c6cb720696839b8548ebdf6a4c4a229708e1006339df5f2ac8f371393d29aa990082d
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73HUoMsAbrF3BTUwFr:n3C9BRo7HCsAbhxYE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f96809f4e951a76b376f5aedff45f5cbc5344fec653ab0a54facace8a67effa7.exe"C:\Users\Admin\AppData\Local\Temp\f96809f4e951a76b376f5aedff45f5cbc5344fec653ab0a54facace8a67effa7.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxllf.exec:\rrrxllf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntnt.exec:\bbntnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbnb.exec:\nntbnb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdp.exec:\jvpdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbhth.exec:\3hbhth.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthnb.exec:\btthnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvp.exec:\jjjvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hbntt.exec:\5hbntt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttbh.exec:\nnttbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvj.exec:\pjjvj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpp.exec:\jpvpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxfxxr.exec:\rrxfxxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbnbn.exec:\hhbnbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nhnbh.exec:\7nhnbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pvvd.exec:\7pvvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlrfl.exec:\xxxlrfl.exe17⤵
- Executes dropped EXE
-
\??\c:\lfxlxlr.exec:\lfxlxlr.exe18⤵
- Executes dropped EXE
-
\??\c:\tttttt.exec:\tttttt.exe19⤵
- Executes dropped EXE
-
\??\c:\vddpj.exec:\vddpj.exe20⤵
- Executes dropped EXE
-
\??\c:\9lxlxfx.exec:\9lxlxfx.exe21⤵
- Executes dropped EXE
-
\??\c:\flflxlr.exec:\flflxlr.exe22⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe23⤵
- Executes dropped EXE
-
\??\c:\dvvjp.exec:\dvvjp.exe24⤵
- Executes dropped EXE
-
\??\c:\ffxllxl.exec:\ffxllxl.exe25⤵
- Executes dropped EXE
-
\??\c:\3thnnn.exec:\3thnnn.exe26⤵
- Executes dropped EXE
-
\??\c:\7htnhh.exec:\7htnhh.exe27⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe28⤵
- Executes dropped EXE
-
\??\c:\tttbbn.exec:\tttbbn.exe29⤵
- Executes dropped EXE
-
\??\c:\btbnhh.exec:\btbnhh.exe30⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe31⤵
- Executes dropped EXE
-
\??\c:\lflrrrr.exec:\lflrrrr.exe32⤵
- Executes dropped EXE
-
\??\c:\rlffrrx.exec:\rlffrrx.exe33⤵
- Executes dropped EXE
-
\??\c:\hhnhbh.exec:\hhnhbh.exe34⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe35⤵
- Executes dropped EXE
-
\??\c:\dvpdv.exec:\dvpdv.exe36⤵
- Executes dropped EXE
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe37⤵
- Executes dropped EXE
-
\??\c:\3rfflrx.exec:\3rfflrx.exe38⤵
- Executes dropped EXE
-
\??\c:\nhtntt.exec:\nhtntt.exe39⤵
- Executes dropped EXE
-
\??\c:\tbhbhh.exec:\tbhbhh.exe40⤵
- Executes dropped EXE
-
\??\c:\1nhnnh.exec:\1nhnnh.exe41⤵
- Executes dropped EXE
-
\??\c:\jpddv.exec:\jpddv.exe42⤵
- Executes dropped EXE
-
\??\c:\rfllrfl.exec:\rfllrfl.exe43⤵
- Executes dropped EXE
-
\??\c:\frrxffr.exec:\frrxffr.exe44⤵
- Executes dropped EXE
-
\??\c:\tnnbtt.exec:\tnnbtt.exe45⤵
- Executes dropped EXE
-
\??\c:\bthbtt.exec:\bthbtt.exe46⤵
- Executes dropped EXE
-
\??\c:\pvvvv.exec:\pvvvv.exe47⤵
- Executes dropped EXE
-
\??\c:\lxrxxfl.exec:\lxrxxfl.exe48⤵
- Executes dropped EXE
-
\??\c:\xxlrrfl.exec:\xxlrrfl.exe49⤵
- Executes dropped EXE
-
\??\c:\hthnht.exec:\hthnht.exe50⤵
- Executes dropped EXE
-
\??\c:\bnbbbb.exec:\bnbbbb.exe51⤵
- Executes dropped EXE
-
\??\c:\pdpvj.exec:\pdpvj.exe52⤵
- Executes dropped EXE
-
\??\c:\rrlxrfx.exec:\rrlxrfx.exe53⤵
- Executes dropped EXE
-
\??\c:\llflxfr.exec:\llflxfr.exe54⤵
- Executes dropped EXE
-
\??\c:\ththtn.exec:\ththtn.exe55⤵
- Executes dropped EXE
-
\??\c:\jjddj.exec:\jjddj.exe56⤵
- Executes dropped EXE
-
\??\c:\1ppvv.exec:\1ppvv.exe57⤵
- Executes dropped EXE
-
\??\c:\1fxflfx.exec:\1fxflfx.exe58⤵
- Executes dropped EXE
-
\??\c:\llxlrrx.exec:\llxlrrx.exe59⤵
- Executes dropped EXE
-
\??\c:\9bbbbt.exec:\9bbbbt.exe60⤵
- Executes dropped EXE
-
\??\c:\7nbhnn.exec:\7nbhnn.exe61⤵
- Executes dropped EXE
-
\??\c:\ppdpd.exec:\ppdpd.exe62⤵
- Executes dropped EXE
-
\??\c:\7jvpd.exec:\7jvpd.exe63⤵
- Executes dropped EXE
-
\??\c:\xlrflrr.exec:\xlrflrr.exe64⤵
- Executes dropped EXE
-
\??\c:\fxxrlfr.exec:\fxxrlfr.exe65⤵
- Executes dropped EXE
-
\??\c:\ntthht.exec:\ntthht.exe66⤵
-
\??\c:\vpppv.exec:\vpppv.exe67⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe68⤵
-
\??\c:\xlfxllr.exec:\xlfxllr.exe69⤵
-
\??\c:\3frxflr.exec:\3frxflr.exe70⤵
-
\??\c:\1nhntt.exec:\1nhntt.exe71⤵
-
\??\c:\9vjvv.exec:\9vjvv.exe72⤵
-
\??\c:\jdppv.exec:\jdppv.exe73⤵
-
\??\c:\rllrxxf.exec:\rllrxxf.exe74⤵
-
\??\c:\rfllrrf.exec:\rfllrrf.exe75⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe76⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe77⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe78⤵
-
\??\c:\rlxxllx.exec:\rlxxllx.exe79⤵
-
\??\c:\hbnbtb.exec:\hbnbtb.exe80⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe81⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe82⤵
-
\??\c:\llflfrf.exec:\llflfrf.exe83⤵
-
\??\c:\xxxxlrf.exec:\xxxxlrf.exe84⤵
-
\??\c:\5tnntn.exec:\5tnntn.exe85⤵
-
\??\c:\bhtnnn.exec:\bhtnnn.exe86⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe87⤵
-
\??\c:\ppvjj.exec:\ppvjj.exe88⤵
-
\??\c:\flxrrlx.exec:\flxrrlx.exe89⤵
-
\??\c:\lrfrxxf.exec:\lrfrxxf.exe90⤵
-
\??\c:\7bnhnn.exec:\7bnhnn.exe91⤵
-
\??\c:\dvppd.exec:\dvppd.exe92⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe93⤵
-
\??\c:\fxxrlrx.exec:\fxxrlrx.exe94⤵
-
\??\c:\frflxfx.exec:\frflxfx.exe95⤵
-
\??\c:\3bhhtb.exec:\3bhhtb.exe96⤵
-
\??\c:\hnnbnb.exec:\hnnbnb.exe97⤵
-
\??\c:\3vdjd.exec:\3vdjd.exe98⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe99⤵
-
\??\c:\xxrxrfx.exec:\xxrxrfx.exe100⤵
-
\??\c:\flfrllf.exec:\flfrllf.exe101⤵
-
\??\c:\tnhnhh.exec:\tnhnhh.exe102⤵
-
\??\c:\bthtbn.exec:\bthtbn.exe103⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe104⤵
-
\??\c:\7dpdj.exec:\7dpdj.exe105⤵
-
\??\c:\1lxlfxr.exec:\1lxlfxr.exe106⤵
-
\??\c:\flfrflf.exec:\flfrflf.exe107⤵
-
\??\c:\hbbthn.exec:\hbbthn.exe108⤵
-
\??\c:\pppdd.exec:\pppdd.exe109⤵
-
\??\c:\7djjp.exec:\7djjp.exe110⤵
-
\??\c:\rrrxrlf.exec:\rrrxrlf.exe111⤵
-
\??\c:\fxrllfr.exec:\fxrllfr.exe112⤵
-
\??\c:\5btbnb.exec:\5btbnb.exe113⤵
-
\??\c:\bntttn.exec:\bntttn.exe114⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe115⤵
-
\??\c:\9djpd.exec:\9djpd.exe116⤵
-
\??\c:\xlrxflf.exec:\xlrxflf.exe117⤵
-
\??\c:\fxrfxfx.exec:\fxrfxfx.exe118⤵
-
\??\c:\5hhtnt.exec:\5hhtnt.exe119⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe120⤵
-
\??\c:\jvddp.exec:\jvddp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-