Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
15/07/2024, 11:37
General
-
Target
d0d07b2d481fcde273d83aac535426b0N.exe
-
Size
260KB
-
MD5
d0d07b2d481fcde273d83aac535426b0
-
SHA1
883d0e138cbd3672ae195e0340083b5d8a3dda28
-
SHA256
4ac6e26494d84696f8eb156d3b6a2b8bf525efce893f43d80e2505424cbb74e0
-
SHA512
43fcad8ab52e3a8796bf3d2cbe0a05f41653ec22f09b960984e0a7a35db197ef4043e3a2611d97c41294905857e4ba4dd10434a4d9795d1621730d4c0d48f3c3
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/T4i37K3BoKg0q1:n3C9ytvn8whkb4i3e3GF/1
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d0d07b2d481fcde273d83aac535426b0N.exe"C:\Users\Admin\AppData\Local\Temp\d0d07b2d481fcde273d83aac535426b0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjv.exec:\dvpjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflrfxr.exec:\fflrfxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxlffr.exec:\ffxlffr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rflxfx.exec:\7rflxfx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ddvv.exec:\3ddvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxllrl.exec:\rrxllrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbnt.exec:\bbtbnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllxrxr.exec:\fllxrxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhbbt.exec:\hnhbbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhtnt.exec:\hhhtnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjvp.exec:\5vjvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfffffx.exec:\xfffffx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntthhh.exec:\ntthhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppjp.exec:\9ppjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbhh.exec:\nbnbhh.exe17⤵
- Executes dropped EXE
-
\??\c:\tbhbhh.exec:\tbhbhh.exe18⤵
- Executes dropped EXE
-
\??\c:\jjvdv.exec:\jjvdv.exe19⤵
- Executes dropped EXE
-
\??\c:\rxrxxfr.exec:\rxrxxfr.exe20⤵
- Executes dropped EXE
-
\??\c:\9bhbbn.exec:\9bhbbn.exe21⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe22⤵
- Executes dropped EXE
-
\??\c:\9vvvj.exec:\9vvvj.exe23⤵
- Executes dropped EXE
-
\??\c:\bnbhbn.exec:\bnbhbn.exe24⤵
- Executes dropped EXE
-
\??\c:\dpjdv.exec:\dpjdv.exe25⤵
- Executes dropped EXE
-
\??\c:\fllfrxr.exec:\fllfrxr.exe26⤵
- Executes dropped EXE
-
\??\c:\nnthbn.exec:\nnthbn.exe27⤵
- Executes dropped EXE
-
\??\c:\jjdpj.exec:\jjdpj.exe28⤵
- Executes dropped EXE
-
\??\c:\xxxrlxl.exec:\xxxrlxl.exe29⤵
- Executes dropped EXE
-
\??\c:\hnhbbt.exec:\hnhbbt.exe30⤵
- Executes dropped EXE
-
\??\c:\xfrxflx.exec:\xfrxflx.exe31⤵
- Executes dropped EXE
-
\??\c:\nnnthb.exec:\nnnthb.exe32⤵
- Executes dropped EXE
-
\??\c:\dpjjd.exec:\dpjjd.exe33⤵
- Executes dropped EXE
-
\??\c:\xrlfrrl.exec:\xrlfrrl.exe34⤵
- Executes dropped EXE
-
\??\c:\ttnthh.exec:\ttnthh.exe35⤵
- Executes dropped EXE
-
\??\c:\jjjpj.exec:\jjjpj.exe36⤵
- Executes dropped EXE
-
\??\c:\rxlxllx.exec:\rxlxllx.exe37⤵
- Executes dropped EXE
-
\??\c:\9xrrffr.exec:\9xrrffr.exe38⤵
- Executes dropped EXE
-
\??\c:\3dpdd.exec:\3dpdd.exe39⤵
- Executes dropped EXE
-
\??\c:\pvdvj.exec:\pvdvj.exe40⤵
- Executes dropped EXE
-
\??\c:\ffxlflf.exec:\ffxlflf.exe41⤵
- Executes dropped EXE
-
\??\c:\nbbnbt.exec:\nbbnbt.exe42⤵
- Executes dropped EXE
-
\??\c:\tbhbth.exec:\tbhbth.exe43⤵
- Executes dropped EXE
-
\??\c:\jpvdd.exec:\jpvdd.exe44⤵
- Executes dropped EXE
-
\??\c:\fxrlxxx.exec:\fxrlxxx.exe45⤵
- Executes dropped EXE
-
\??\c:\fllfxlx.exec:\fllfxlx.exe46⤵
- Executes dropped EXE
-
\??\c:\hhthbn.exec:\hhthbn.exe47⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe48⤵
- Executes dropped EXE
-
\??\c:\djdjd.exec:\djdjd.exe49⤵
- Executes dropped EXE
-
\??\c:\rxrllll.exec:\rxrllll.exe50⤵
- Executes dropped EXE
-
\??\c:\fflrlxx.exec:\fflrlxx.exe51⤵
- Executes dropped EXE
-
\??\c:\bnbhbn.exec:\bnbhbn.exe52⤵
- Executes dropped EXE
-
\??\c:\7jjdp.exec:\7jjdp.exe53⤵
- Executes dropped EXE
-
\??\c:\1jdjp.exec:\1jdjp.exe54⤵
- Executes dropped EXE
-
\??\c:\lfrxfrf.exec:\lfrxfrf.exe55⤵
- Executes dropped EXE
-
\??\c:\rfxlrlf.exec:\rfxlrlf.exe56⤵
- Executes dropped EXE
-
\??\c:\1hbbbh.exec:\1hbbbh.exe57⤵
- Executes dropped EXE
-
\??\c:\hnnhbt.exec:\hnnhbt.exe58⤵
- Executes dropped EXE
-
\??\c:\vvjdv.exec:\vvjdv.exe59⤵
- Executes dropped EXE
-
\??\c:\1vpvd.exec:\1vpvd.exe60⤵
- Executes dropped EXE
-
\??\c:\ffxlxxr.exec:\ffxlxxr.exe61⤵
- Executes dropped EXE
-
\??\c:\hbhtbn.exec:\hbhtbn.exe62⤵
- Executes dropped EXE
-
\??\c:\ntnnbb.exec:\ntnnbb.exe63⤵
- Executes dropped EXE
-
\??\c:\jvvdv.exec:\jvvdv.exe64⤵
- Executes dropped EXE
-
\??\c:\3xxllxr.exec:\3xxllxr.exe65⤵
- Executes dropped EXE
-
\??\c:\fllxxxr.exec:\fllxxxr.exe66⤵
-
\??\c:\3tbtbt.exec:\3tbtbt.exe67⤵
-
\??\c:\9pdvp.exec:\9pdvp.exe68⤵
-
\??\c:\7vvjj.exec:\7vvjj.exe69⤵
-
\??\c:\7xxllxf.exec:\7xxllxf.exe70⤵
-
\??\c:\frxrlxr.exec:\frxrlxr.exe71⤵
-
\??\c:\5tbnnb.exec:\5tbnnb.exe72⤵
-
\??\c:\9thbtn.exec:\9thbtn.exe73⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe74⤵
-
\??\c:\rxxllxx.exec:\rxxllxx.exe75⤵
-
\??\c:\xlxrxlr.exec:\xlxrxlr.exe76⤵
-
\??\c:\7btnth.exec:\7btnth.exe77⤵
-
\??\c:\bthhtn.exec:\bthhtn.exe78⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe79⤵
-
\??\c:\9tnhnh.exec:\9tnhnh.exe80⤵
-
\??\c:\9tbnnb.exec:\9tbnnb.exe81⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe82⤵
-
\??\c:\vppdv.exec:\vppdv.exe83⤵
-
\??\c:\rrlrfrr.exec:\rrlrfrr.exe84⤵
-
\??\c:\nthnbt.exec:\nthnbt.exe85⤵
-
\??\c:\1htbtn.exec:\1htbtn.exe86⤵
-
\??\c:\ppddp.exec:\ppddp.exe87⤵
-
\??\c:\7xxrrll.exec:\7xxrrll.exe88⤵
-
\??\c:\rlxrxxf.exec:\rlxrxxf.exe89⤵
-
\??\c:\1nnbnn.exec:\1nnbnn.exe90⤵
-
\??\c:\jddjp.exec:\jddjp.exe91⤵
-
\??\c:\pdjvv.exec:\pdjvv.exe92⤵
-
\??\c:\xrlfrfl.exec:\xrlfrfl.exe93⤵
-
\??\c:\bbhhbt.exec:\bbhhbt.exe94⤵
-
\??\c:\nhbntn.exec:\nhbntn.exe95⤵
-
\??\c:\1jvvd.exec:\1jvvd.exe96⤵
-
\??\c:\hhntnb.exec:\hhntnb.exe97⤵
-
\??\c:\bttbnh.exec:\bttbnh.exe98⤵
-
\??\c:\ntbbth.exec:\ntbbth.exe99⤵
-
\??\c:\pvjvv.exec:\pvjvv.exe100⤵
-
\??\c:\hhhtnb.exec:\hhhtnb.exe101⤵
-
\??\c:\vdvjv.exec:\vdvjv.exe102⤵
-
\??\c:\flxlrff.exec:\flxlrff.exe103⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe104⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe105⤵
-
\??\c:\jvvjv.exec:\jvvjv.exe106⤵
-
\??\c:\lxffrll.exec:\lxffrll.exe107⤵
-
\??\c:\thtbtb.exec:\thtbtb.exe108⤵
-
\??\c:\jpdjj.exec:\jpdjj.exe109⤵
-
\??\c:\3rlrxfl.exec:\3rlrxfl.exe110⤵
-
\??\c:\fxrrxfr.exec:\fxrrxfr.exe111⤵
-
\??\c:\hntnnh.exec:\hntnnh.exe112⤵
-
\??\c:\ntbnnb.exec:\ntbnnb.exe113⤵
-
\??\c:\jvppd.exec:\jvppd.exe114⤵
-
\??\c:\3rllrff.exec:\3rllrff.exe115⤵
-
\??\c:\rxrfflx.exec:\rxrfflx.exe116⤵
-
\??\c:\thnnth.exec:\thnnth.exe117⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe118⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe119⤵
-
\??\c:\lfrfxxr.exec:\lfrfxxr.exe120⤵
-
\??\c:\tbnhbt.exec:\tbnhbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-