Analysis
-
max time kernel
150s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
09-07-2024 12:11
General
-
Target
37c29458daff98978480a1b7d9bd1e50N.exe
-
Size
94KB
-
MD5
37c29458daff98978480a1b7d9bd1e50
-
SHA1
28098756c1028aa58efc9edb987e45f78d66e177
-
SHA256
691723493e45bfea37d5f0370f46c4117808b84d2a1af1f4a494e51a273d66d8
-
SHA512
e7ecdccaff6b1c6e5370a3548aef4b979af2f9f7049d5dd8666fb17ee6b16c65bcaeeb797997ff92e35d04c5cf958dc22cfc84789ea639c54c13c5028413e76f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLuePjDYlR3hnjKXIQSe9oEYL:ymb3NkkiQ3mdBjFoLucjDilOZho5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\37c29458daff98978480a1b7d9bd1e50N.exe"C:\Users\Admin\AppData\Local\Temp\37c29458daff98978480a1b7d9bd1e50N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrfllx.exec:\lfrfllx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\268084.exec:\268084.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\26486.exec:\26486.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\086682.exec:\086682.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhtb.exec:\tnbhtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04246.exec:\04246.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrrrx.exec:\lflrrrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\046446.exec:\046446.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\080664.exec:\080664.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxflrf.exec:\7lxflrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxxxf.exec:\xrlxxxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0868828.exec:\0868828.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjj.exec:\vjpjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48406.exec:\48406.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4484066.exec:\4484066.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhnn.exec:\nbhhnn.exe17⤵
- Executes dropped EXE
-
\??\c:\m6406.exec:\m6406.exe18⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe19⤵
- Executes dropped EXE
-
\??\c:\m8662.exec:\m8662.exe20⤵
- Executes dropped EXE
-
\??\c:\462022.exec:\462022.exe21⤵
- Executes dropped EXE
-
\??\c:\2400000.exec:\2400000.exe22⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe23⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe24⤵
- Executes dropped EXE
-
\??\c:\80448.exec:\80448.exe25⤵
- Executes dropped EXE
-
\??\c:\1vjpv.exec:\1vjpv.exe26⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe27⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe28⤵
- Executes dropped EXE
-
\??\c:\w68800.exec:\w68800.exe29⤵
- Executes dropped EXE
-
\??\c:\lxlrrrx.exec:\lxlrrrx.exe30⤵
- Executes dropped EXE
-
\??\c:\3jddj.exec:\3jddj.exe31⤵
- Executes dropped EXE
-
\??\c:\6462840.exec:\6462840.exe32⤵
- Executes dropped EXE
-
\??\c:\2824008.exec:\2824008.exe33⤵
- Executes dropped EXE
-
\??\c:\frxxfxf.exec:\frxxfxf.exe34⤵
- Executes dropped EXE
-
\??\c:\4428860.exec:\4428860.exe35⤵
- Executes dropped EXE
-
\??\c:\640644.exec:\640644.exe36⤵
- Executes dropped EXE
-
\??\c:\hhtbtt.exec:\hhtbtt.exe37⤵
- Executes dropped EXE
-
\??\c:\i862444.exec:\i862444.exe38⤵
- Executes dropped EXE
-
\??\c:\3nbnbb.exec:\3nbnbb.exe39⤵
- Executes dropped EXE
-
\??\c:\a2002.exec:\a2002.exe40⤵
- Executes dropped EXE
-
\??\c:\nhnntb.exec:\nhnntb.exe41⤵
- Executes dropped EXE
-
\??\c:\bttnht.exec:\bttnht.exe42⤵
- Executes dropped EXE
-
\??\c:\a4280.exec:\a4280.exe43⤵
- Executes dropped EXE
-
\??\c:\20228.exec:\20228.exe44⤵
- Executes dropped EXE
-
\??\c:\7xrrxff.exec:\7xrrxff.exe45⤵
- Executes dropped EXE
-
\??\c:\c288848.exec:\c288848.exe46⤵
- Executes dropped EXE
-
\??\c:\vppdv.exec:\vppdv.exe47⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe48⤵
- Executes dropped EXE
-
\??\c:\xrxxffr.exec:\xrxxffr.exe49⤵
- Executes dropped EXE
-
\??\c:\3pvvj.exec:\3pvvj.exe50⤵
- Executes dropped EXE
-
\??\c:\nnbhhn.exec:\nnbhhn.exe51⤵
- Executes dropped EXE
-
\??\c:\82824.exec:\82824.exe52⤵
- Executes dropped EXE
-
\??\c:\ttntnh.exec:\ttntnh.exe53⤵
- Executes dropped EXE
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe54⤵
- Executes dropped EXE
-
\??\c:\q86240.exec:\q86240.exe55⤵
- Executes dropped EXE
-
\??\c:\k64640.exec:\k64640.exe56⤵
- Executes dropped EXE
-
\??\c:\80228.exec:\80228.exe57⤵
- Executes dropped EXE
-
\??\c:\hbhntb.exec:\hbhntb.exe58⤵
- Executes dropped EXE
-
\??\c:\w28804.exec:\w28804.exe59⤵
- Executes dropped EXE
-
\??\c:\nhnhnt.exec:\nhnhnt.exe60⤵
- Executes dropped EXE
-
\??\c:\5jdpv.exec:\5jdpv.exe61⤵
- Executes dropped EXE
-
\??\c:\w86240.exec:\w86240.exe62⤵
- Executes dropped EXE
-
\??\c:\826844.exec:\826844.exe63⤵
- Executes dropped EXE
-
\??\c:\3hbntt.exec:\3hbntt.exe64⤵
- Executes dropped EXE
-
\??\c:\rfrxxll.exec:\rfrxxll.exe65⤵
- Executes dropped EXE
-
\??\c:\s4060.exec:\s4060.exe66⤵
-
\??\c:\a2468.exec:\a2468.exe67⤵
-
\??\c:\fxllrxl.exec:\fxllrxl.exe68⤵
-
\??\c:\9dpvd.exec:\9dpvd.exe69⤵
-
\??\c:\82064.exec:\82064.exe70⤵
-
\??\c:\tntthn.exec:\tntthn.exe71⤵
-
\??\c:\bhtbnt.exec:\bhtbnt.exe72⤵
-
\??\c:\e80000.exec:\e80000.exe73⤵
-
\??\c:\22644.exec:\22644.exe74⤵
-
\??\c:\k08466.exec:\k08466.exe75⤵
-
\??\c:\0426444.exec:\0426444.exe76⤵
-
\??\c:\4240602.exec:\4240602.exe77⤵
-
\??\c:\42406.exec:\42406.exe78⤵
-
\??\c:\1htbnt.exec:\1htbnt.exe79⤵
-
\??\c:\1jpjj.exec:\1jpjj.exe80⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe81⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe82⤵
-
\??\c:\btbhhb.exec:\btbhhb.exe83⤵
-
\??\c:\s2828.exec:\s2828.exe84⤵
-
\??\c:\nnthbn.exec:\nnthbn.exe85⤵
-
\??\c:\9lrrflx.exec:\9lrrflx.exe86⤵
-
\??\c:\lfrxlrx.exec:\lfrxlrx.exe87⤵
-
\??\c:\1dvvd.exec:\1dvvd.exe88⤵
-
\??\c:\9bttbb.exec:\9bttbb.exe89⤵
-
\??\c:\llrrllf.exec:\llrrllf.exe90⤵
-
\??\c:\u862282.exec:\u862282.exe91⤵
-
\??\c:\e02848.exec:\e02848.exe92⤵
-
\??\c:\nbhnbh.exec:\nbhnbh.exe93⤵
-
\??\c:\frrlrlr.exec:\frrlrlr.exe94⤵
-
\??\c:\1rffffl.exec:\1rffffl.exe95⤵
-
\??\c:\dppdp.exec:\dppdp.exe96⤵
-
\??\c:\5llxfxx.exec:\5llxfxx.exe97⤵
-
\??\c:\3jvjp.exec:\3jvjp.exe98⤵
-
\??\c:\xfffrxx.exec:\xfffrxx.exe99⤵
-
\??\c:\xllflll.exec:\xllflll.exe100⤵
-
\??\c:\24068.exec:\24068.exe101⤵
-
\??\c:\tnbhtn.exec:\tnbhtn.exe102⤵
-
\??\c:\8246280.exec:\8246280.exe103⤵
-
\??\c:\xlfrrxx.exec:\xlfrrxx.exe104⤵
-
\??\c:\hbhhnt.exec:\hbhhnt.exe105⤵
-
\??\c:\606468.exec:\606468.exe106⤵
-
\??\c:\4284628.exec:\4284628.exe107⤵
-
\??\c:\ppddj.exec:\ppddj.exe108⤵
-
\??\c:\646022.exec:\646022.exe109⤵
-
\??\c:\5lrffxf.exec:\5lrffxf.exe110⤵
-
\??\c:\6080008.exec:\6080008.exe111⤵
-
\??\c:\7nnnnt.exec:\7nnnnt.exe112⤵
-
\??\c:\2666606.exec:\2666606.exe113⤵
-
\??\c:\422682.exec:\422682.exe114⤵
-
\??\c:\i040880.exec:\i040880.exe115⤵
-
\??\c:\5flrxxf.exec:\5flrxxf.exe116⤵
-
\??\c:\rflrrrx.exec:\rflrrrx.exe117⤵
-
\??\c:\3xllllr.exec:\3xllllr.exe118⤵
-
\??\c:\w80626.exec:\w80626.exe119⤵
-
\??\c:\w06860.exec:\w06860.exe120⤵
-
\??\c:\rflxfxx.exec:\rflxfxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-