Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
14/07/2024, 21:23
General
-
Target
22066d3ad501b7744f5bec1792a8f7b0N.exe
-
Size
68KB
-
MD5
22066d3ad501b7744f5bec1792a8f7b0
-
SHA1
84c7453517ed66e4c703a685dbceed6166688dc7
-
SHA256
2425d10ccddee6b8cba576981be3641743a27bd056118982ddc868a67c204891
-
SHA512
517de97c4a65f8bd5423f7e8ed449fd8fafd18039764729dc27b3e52483e8ef01506b6a858f2c05b19276217fb48e68788488d86c0446622756011079210b1e0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+LuvdP:ymb3NkkiQ3mdBjF0yMliP
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\22066d3ad501b7744f5bec1792a8f7b0N.exe"C:\Users\Admin\AppData\Local\Temp\22066d3ad501b7744f5bec1792a8f7b0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlffx.exec:\frrlffx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrrlxr.exec:\rxrrlxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e00488.exec:\e00488.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dd686.exec:\dd686.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\84468.exec:\84468.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e08288.exec:\e08288.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httbnn.exec:\httbnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0840662.exec:\0840662.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjd.exec:\vvjjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\046604.exec:\046604.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxlxxx.exec:\7rxlxxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvjv.exec:\vpvjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\246666.exec:\246666.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbthth.exec:\tbthth.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\26004.exec:\26004.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpvj.exec:\pvpvj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k24288.exec:\k24288.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u664848.exec:\u664848.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddjp.exec:\vddjp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s4002.exec:\s4002.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjv.exec:\vvjjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\006240.exec:\006240.exe23⤵
- Executes dropped EXE
-
\??\c:\642228.exec:\642228.exe24⤵
- Executes dropped EXE
-
\??\c:\864422.exec:\864422.exe25⤵
- Executes dropped EXE
-
\??\c:\028822.exec:\028822.exe26⤵
- Executes dropped EXE
-
\??\c:\242266.exec:\242266.exe27⤵
- Executes dropped EXE
-
\??\c:\00280.exec:\00280.exe28⤵
- Executes dropped EXE
-
\??\c:\w68822.exec:\w68822.exe29⤵
- Executes dropped EXE
-
\??\c:\020482.exec:\020482.exe30⤵
- Executes dropped EXE
-
\??\c:\62888.exec:\62888.exe31⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe32⤵
- Executes dropped EXE
-
\??\c:\42848.exec:\42848.exe33⤵
- Executes dropped EXE
-
\??\c:\djpjj.exec:\djpjj.exe34⤵
- Executes dropped EXE
-
\??\c:\46260.exec:\46260.exe35⤵
- Executes dropped EXE
-
\??\c:\lxllllr.exec:\lxllllr.exe36⤵
- Executes dropped EXE
-
\??\c:\btnhhh.exec:\btnhhh.exe37⤵
- Executes dropped EXE
-
\??\c:\9fllfff.exec:\9fllfff.exe38⤵
- Executes dropped EXE
-
\??\c:\4444882.exec:\4444882.exe39⤵
- Executes dropped EXE
-
\??\c:\lffxrll.exec:\lffxrll.exe40⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe41⤵
- Executes dropped EXE
-
\??\c:\484604.exec:\484604.exe42⤵
- Executes dropped EXE
-
\??\c:\0440688.exec:\0440688.exe43⤵
- Executes dropped EXE
-
\??\c:\a6600.exec:\a6600.exe44⤵
- Executes dropped EXE
-
\??\c:\1lxxrrr.exec:\1lxxrrr.exe45⤵
- Executes dropped EXE
-
\??\c:\a2442.exec:\a2442.exe46⤵
- Executes dropped EXE
-
\??\c:\2866044.exec:\2866044.exe47⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe48⤵
- Executes dropped EXE
-
\??\c:\fxrlllx.exec:\fxrlllx.exe49⤵
- Executes dropped EXE
-
\??\c:\7xxxxxr.exec:\7xxxxxr.exe50⤵
- Executes dropped EXE
-
\??\c:\5bbtbt.exec:\5bbtbt.exe51⤵
- Executes dropped EXE
-
\??\c:\xrrlfrl.exec:\xrrlfrl.exe52⤵
- Executes dropped EXE
-
\??\c:\8000004.exec:\8000004.exe53⤵
- Executes dropped EXE
-
\??\c:\1ttbbh.exec:\1ttbbh.exe54⤵
- Executes dropped EXE
-
\??\c:\ttntbh.exec:\ttntbh.exe55⤵
- Executes dropped EXE
-
\??\c:\664664.exec:\664664.exe56⤵
- Executes dropped EXE
-
\??\c:\xrxxrrl.exec:\xrxxrrl.exe57⤵
- Executes dropped EXE
-
\??\c:\btbtbt.exec:\btbtbt.exe58⤵
- Executes dropped EXE
-
\??\c:\8482860.exec:\8482860.exe59⤵
- Executes dropped EXE
-
\??\c:\66600.exec:\66600.exe60⤵
- Executes dropped EXE
-
\??\c:\a4000.exec:\a4000.exe61⤵
- Executes dropped EXE
-
\??\c:\lxxxrrr.exec:\lxxxrrr.exe62⤵
- Executes dropped EXE
-
\??\c:\8624866.exec:\8624866.exe63⤵
- Executes dropped EXE
-
\??\c:\k26044.exec:\k26044.exe64⤵
- Executes dropped EXE
-
\??\c:\dpvdp.exec:\dpvdp.exe65⤵
- Executes dropped EXE
-
\??\c:\xfllffx.exec:\xfllffx.exe66⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe67⤵
-
\??\c:\068266.exec:\068266.exe68⤵
-
\??\c:\268668.exec:\268668.exe69⤵
-
\??\c:\k08266.exec:\k08266.exe70⤵
-
\??\c:\fxrrfll.exec:\fxrrfll.exe71⤵
-
\??\c:\640666.exec:\640666.exe72⤵
-
\??\c:\ttntht.exec:\ttntht.exe73⤵
-
\??\c:\6806000.exec:\6806000.exe74⤵
-
\??\c:\2424680.exec:\2424680.exe75⤵
-
\??\c:\4244006.exec:\4244006.exe76⤵
-
\??\c:\xrfxrxr.exec:\xrfxrxr.exe77⤵
-
\??\c:\64222.exec:\64222.exe78⤵
-
\??\c:\046066.exec:\046066.exe79⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe80⤵
-
\??\c:\lrrrlll.exec:\lrrrlll.exe81⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe82⤵
-
\??\c:\9hhbbt.exec:\9hhbbt.exe83⤵
-
\??\c:\q28884.exec:\q28884.exe84⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe85⤵
-
\??\c:\thtnhn.exec:\thtnhn.exe86⤵
-
\??\c:\600488.exec:\600488.exe87⤵
-
\??\c:\pdddp.exec:\pdddp.exe88⤵
-
\??\c:\tntttt.exec:\tntttt.exe89⤵
-
\??\c:\828288.exec:\828288.exe90⤵
-
\??\c:\46840.exec:\46840.exe91⤵
-
\??\c:\rxxlxxr.exec:\rxxlxxr.exe92⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe93⤵
-
\??\c:\6282222.exec:\6282222.exe94⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe95⤵
-
\??\c:\rrrlxfx.exec:\rrrlxfx.exe96⤵
-
\??\c:\88264.exec:\88264.exe97⤵
-
\??\c:\llrrffx.exec:\llrrffx.exe98⤵
-
\??\c:\hhtthh.exec:\hhtthh.exe99⤵
-
\??\c:\4444488.exec:\4444488.exe100⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe101⤵
-
\??\c:\i066044.exec:\i066044.exe102⤵
-
\??\c:\1dvvv.exec:\1dvvv.exe103⤵
-
\??\c:\xllfxxr.exec:\xllfxxr.exe104⤵
-
\??\c:\fxxrxxf.exec:\fxxrxxf.exe105⤵
-
\??\c:\482844.exec:\482844.exe106⤵
-
\??\c:\2402660.exec:\2402660.exe107⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe108⤵
-
\??\c:\5lfxrxx.exec:\5lfxrxx.exe109⤵
-
\??\c:\5vddd.exec:\5vddd.exe110⤵
-
\??\c:\46820.exec:\46820.exe111⤵
-
\??\c:\xrrlxfx.exec:\xrrlxfx.exe112⤵
-
\??\c:\hhnthh.exec:\hhnthh.exe113⤵
-
\??\c:\5vjvj.exec:\5vjvj.exe114⤵
-
\??\c:\8800400.exec:\8800400.exe115⤵
-
\??\c:\c000666.exec:\c000666.exe116⤵
-
\??\c:\u684006.exec:\u684006.exe117⤵
-
\??\c:\06406.exec:\06406.exe118⤵
-
\??\c:\4060448.exec:\4060448.exe119⤵
-
\??\c:\xrxrxxf.exec:\xrxrxxf.exe120⤵
-
\??\c:\frrrrrr.exec:\frrrrrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-