Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
10/07/2024, 20:28
General
-
Target
28dbfe04456cb46c085423a741d11cc87b1bc6bf967431e640b7edce492f9557.exe
-
Size
442KB
-
MD5
cd428cbbb2fcd11a7f5daa5fbbec03c0
-
SHA1
9598c25e448e22afa8e02f858f9d404c7a8df446
-
SHA256
28dbfe04456cb46c085423a741d11cc87b1bc6bf967431e640b7edce492f9557
-
SHA512
63a35385f9c39d2cbf5feb9ad76790af834aa6b57256f58fe87950b5a1ed66926a2dcd3155937ef2695679d5284b22210549ad3cb36d0c1bad9301c12981bee4
-
SSDEEP
12288:M4wFHoSpg4wFHonR/nPF2LnFL4wF04wFK4wFK4wlup:UrR/nPQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\28dbfe04456cb46c085423a741d11cc87b1bc6bf967431e640b7edce492f9557.exe"C:\Users\Admin\AppData\Local\Temp\28dbfe04456cb46c085423a741d11cc87b1bc6bf967431e640b7edce492f9557.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpv.exec:\vjvpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhbb.exec:\btbhbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvdp.exec:\9jvdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxxffl.exec:\7lxxffl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bnhhb.exec:\5bnhhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjp.exec:\jddjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfflx.exec:\xrlfflx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnth.exec:\bttnth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdj.exec:\jjjdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxxlf.exec:\frfxxlf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbtt.exec:\hbnbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjvv.exec:\pdjvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxxxl.exec:\llxxxxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbtn.exec:\ntbbtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfxxrr.exec:\lrfxxrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnthn.exec:\ttnthn.exe17⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe18⤵
- Executes dropped EXE
-
\??\c:\frffllr.exec:\frffllr.exe19⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe20⤵
- Executes dropped EXE
-
\??\c:\ffrlrll.exec:\ffrlrll.exe21⤵
- Executes dropped EXE
-
\??\c:\thbbhh.exec:\thbbhh.exe22⤵
- Executes dropped EXE
-
\??\c:\lxxrrrf.exec:\lxxrrrf.exe23⤵
- Executes dropped EXE
-
\??\c:\hnhhnn.exec:\hnhhnn.exe24⤵
- Executes dropped EXE
-
\??\c:\fffxfrl.exec:\fffxfrl.exe25⤵
- Executes dropped EXE
-
\??\c:\bbbtbn.exec:\bbbtbn.exe26⤵
- Executes dropped EXE
-
\??\c:\fxxfxlf.exec:\fxxfxlf.exe27⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe28⤵
- Executes dropped EXE
-
\??\c:\ffrflff.exec:\ffrflff.exe29⤵
- Executes dropped EXE
-
\??\c:\dpvvd.exec:\dpvvd.exe30⤵
- Executes dropped EXE
-
\??\c:\fflxlfl.exec:\fflxlfl.exe31⤵
- Executes dropped EXE
-
\??\c:\thnntt.exec:\thnntt.exe32⤵
- Executes dropped EXE
-
\??\c:\rrlxlrf.exec:\rrlxlrf.exe33⤵
- Executes dropped EXE
-
\??\c:\bhbtnh.exec:\bhbtnh.exe34⤵
- Executes dropped EXE
-
\??\c:\9jddj.exec:\9jddj.exe35⤵
- Executes dropped EXE
-
\??\c:\lxflxxf.exec:\lxflxxf.exe36⤵
- Executes dropped EXE
-
\??\c:\ppddj.exec:\ppddj.exe37⤵
- Executes dropped EXE
-
\??\c:\lfrrflr.exec:\lfrrflr.exe38⤵
- Executes dropped EXE
-
\??\c:\thttht.exec:\thttht.exe39⤵
- Executes dropped EXE
-
\??\c:\ddpvv.exec:\ddpvv.exe40⤵
- Executes dropped EXE
-
\??\c:\hhntbh.exec:\hhntbh.exe41⤵
- Executes dropped EXE
-
\??\c:\1ddjv.exec:\1ddjv.exe42⤵
- Executes dropped EXE
-
\??\c:\9ffxlff.exec:\9ffxlff.exe43⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe44⤵
- Executes dropped EXE
-
\??\c:\llflrll.exec:\llflrll.exe45⤵
- Executes dropped EXE
-
\??\c:\tnnntb.exec:\tnnntb.exe46⤵
- Executes dropped EXE
-
\??\c:\dpdpv.exec:\dpdpv.exe47⤵
- Executes dropped EXE
-
\??\c:\9hbnbh.exec:\9hbnbh.exe48⤵
- Executes dropped EXE
-
\??\c:\tttbnh.exec:\tttbnh.exe49⤵
- Executes dropped EXE
-
\??\c:\9bbntb.exec:\9bbntb.exe50⤵
- Executes dropped EXE
-
\??\c:\bbnhnh.exec:\bbnhnh.exe51⤵
- Executes dropped EXE
-
\??\c:\3dpjp.exec:\3dpjp.exe52⤵
- Executes dropped EXE
-
\??\c:\3ntthh.exec:\3ntthh.exe53⤵
- Executes dropped EXE
-
\??\c:\htbhhn.exec:\htbhhn.exe54⤵
- Executes dropped EXE
-
\??\c:\pjdpd.exec:\pjdpd.exe55⤵
- Executes dropped EXE
-
\??\c:\tnnbnb.exec:\tnnbnb.exe56⤵
- Executes dropped EXE
-
\??\c:\hnntnt.exec:\hnntnt.exe57⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe58⤵
- Executes dropped EXE
-
\??\c:\lxxxrrr.exec:\lxxxrrr.exe59⤵
- Executes dropped EXE
-
\??\c:\bthhhb.exec:\bthhhb.exe60⤵
- Executes dropped EXE
-
\??\c:\vvpdp.exec:\vvpdp.exe61⤵
- Executes dropped EXE
-
\??\c:\ttnnhb.exec:\ttnnhb.exe62⤵
- Executes dropped EXE
-
\??\c:\ddjpj.exec:\ddjpj.exe63⤵
- Executes dropped EXE
-
\??\c:\lrlxrxx.exec:\lrlxrxx.exe64⤵
- Executes dropped EXE
-
\??\c:\9tntbh.exec:\9tntbh.exe65⤵
- Executes dropped EXE
-
\??\c:\nnnthb.exec:\nnnthb.exe66⤵
-
\??\c:\xrrxlrr.exec:\xrrxlrr.exe67⤵
-
\??\c:\bbtthh.exec:\bbtthh.exe68⤵
-
\??\c:\lfrxxlr.exec:\lfrxxlr.exe69⤵
-
\??\c:\xlfxfxf.exec:\xlfxfxf.exe70⤵
-
\??\c:\3dpdv.exec:\3dpdv.exe71⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe72⤵
-
\??\c:\xlxrrff.exec:\xlxrrff.exe73⤵
-
\??\c:\5tntnb.exec:\5tntnb.exe74⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe75⤵
-
\??\c:\7ffrfff.exec:\7ffrfff.exe76⤵
-
\??\c:\hbtnbh.exec:\hbtnbh.exe77⤵
-
\??\c:\9vjpv.exec:\9vjpv.exe78⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe79⤵
-
\??\c:\rrlxlxl.exec:\rrlxlxl.exe80⤵
-
\??\c:\bbtnht.exec:\bbtnht.exe81⤵
-
\??\c:\bhnhtn.exec:\bhnhtn.exe82⤵
-
\??\c:\jvpvd.exec:\jvpvd.exe83⤵
-
\??\c:\frfxlxf.exec:\frfxlxf.exe84⤵
-
\??\c:\bnhbtn.exec:\bnhbtn.exe85⤵
-
\??\c:\hhhnhn.exec:\hhhnhn.exe86⤵
-
\??\c:\9ddjj.exec:\9ddjj.exe87⤵
-
\??\c:\frxlflf.exec:\frxlflf.exe88⤵
-
\??\c:\lrlfrlf.exec:\lrlfrlf.exe89⤵
-
\??\c:\5hnnbh.exec:\5hnnbh.exe90⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe91⤵
-
\??\c:\jjppj.exec:\jjppj.exe92⤵
-
\??\c:\xrlxfxx.exec:\xrlxfxx.exe93⤵
-
\??\c:\btbthb.exec:\btbthb.exe94⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe95⤵
-
\??\c:\lrrrrrf.exec:\lrrrrrf.exe96⤵
-
\??\c:\tnhnhb.exec:\tnhnhb.exe97⤵
-
\??\c:\9vvdv.exec:\9vvdv.exe98⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe99⤵
-
\??\c:\xrrfxff.exec:\xrrfxff.exe100⤵
-
\??\c:\bnbtbb.exec:\bnbtbb.exe101⤵
-
\??\c:\5tbbnt.exec:\5tbbnt.exe102⤵
-
\??\c:\5pjpd.exec:\5pjpd.exe103⤵
-
\??\c:\xrfflrl.exec:\xrfflrl.exe104⤵
-
\??\c:\rlfxlrr.exec:\rlfxlrr.exe105⤵
-
\??\c:\nhntth.exec:\nhntth.exe106⤵
-
\??\c:\5jvpv.exec:\5jvpv.exe107⤵
-
\??\c:\rrllxxf.exec:\rrllxxf.exe108⤵
-
\??\c:\xflfrfx.exec:\xflfrfx.exe109⤵
-
\??\c:\nnnnth.exec:\nnnnth.exe110⤵
-
\??\c:\vvppp.exec:\vvppp.exe111⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe112⤵
-
\??\c:\rxfxrxr.exec:\rxfxrxr.exe113⤵
-
\??\c:\btthtb.exec:\btthtb.exe114⤵
-
\??\c:\btnbtn.exec:\btnbtn.exe115⤵
-
\??\c:\pddvj.exec:\pddvj.exe116⤵
-
\??\c:\rllxlxr.exec:\rllxlxr.exe117⤵
-
\??\c:\3fflfrf.exec:\3fflfrf.exe118⤵
-
\??\c:\bhbhnt.exec:\bhbhnt.exe119⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe120⤵
-
\??\c:\pvvdv.exec:\pvvdv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-