Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
20-07-2024 21:39
General
-
Target
0dad4f633f78f484a1ea2a594390e0d0N.exe
-
Size
73KB
-
MD5
0dad4f633f78f484a1ea2a594390e0d0
-
SHA1
3383f5d0814c2b145de1776469d587908139138f
-
SHA256
afcb9bfae5f1828dd65598dc4f86e7a74494a2306742ced2e94986aeadc62dc1
-
SHA512
66ef6ee536fac779d1d11a1978de43d5c5d0476b41da32d3f194ceaabe5d81b6f0f47ef765c398934e0445d48c07c2fe8755c37ad0fa9656f95b76bd06c9cb07
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb7tAHEqSCkKWSf:ymb3NkkiQ3mdBjFIynIKnf
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0dad4f633f78f484a1ea2a594390e0d0N.exe"C:\Users\Admin\AppData\Local\Temp\0dad4f633f78f484a1ea2a594390e0d0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrfxrf.exec:\llrfxrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjpd.exec:\7vjpd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlllrx.exec:\lxlllrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rflrxl.exec:\3rflrxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhhbb.exec:\9hhhbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjp.exec:\vpjjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvd.exec:\dpdvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflrlrf.exec:\fflrlrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrffr.exec:\lfxrffr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnnh.exec:\tttnnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvpv.exec:\jjvpv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlxxrr.exec:\xxlxxrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlflrf.exec:\fxlflrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3btbbh.exec:\3btbbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbhbh.exec:\5bbhbh.exe17⤵
- Executes dropped EXE
-
\??\c:\7pppj.exec:\7pppj.exe18⤵
- Executes dropped EXE
-
\??\c:\lflffrx.exec:\lflffrx.exe19⤵
- Executes dropped EXE
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe20⤵
- Executes dropped EXE
-
\??\c:\nnnbnb.exec:\nnnbnb.exe21⤵
- Executes dropped EXE
-
\??\c:\vjjvp.exec:\vjjvp.exe22⤵
- Executes dropped EXE
-
\??\c:\vdpvp.exec:\vdpvp.exe23⤵
- Executes dropped EXE
-
\??\c:\lfffrrx.exec:\lfffrrx.exe24⤵
- Executes dropped EXE
-
\??\c:\lxfxllx.exec:\lxfxllx.exe25⤵
- Executes dropped EXE
-
\??\c:\nhthnn.exec:\nhthnn.exe26⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe27⤵
- Executes dropped EXE
-
\??\c:\jvvvd.exec:\jvvvd.exe28⤵
- Executes dropped EXE
-
\??\c:\xrflxll.exec:\xrflxll.exe29⤵
- Executes dropped EXE
-
\??\c:\fxrxffl.exec:\fxrxffl.exe30⤵
- Executes dropped EXE
-
\??\c:\3hbnnb.exec:\3hbnnb.exe31⤵
- Executes dropped EXE
-
\??\c:\dppvd.exec:\dppvd.exe32⤵
- Executes dropped EXE
-
\??\c:\jjjjd.exec:\jjjjd.exe33⤵
- Executes dropped EXE
-
\??\c:\xxlfrxr.exec:\xxlfrxr.exe34⤵
- Executes dropped EXE
-
\??\c:\5lfrxrl.exec:\5lfrxrl.exe35⤵
- Executes dropped EXE
-
\??\c:\1bhnnn.exec:\1bhnnn.exe36⤵
- Executes dropped EXE
-
\??\c:\7thnnh.exec:\7thnnh.exe37⤵
- Executes dropped EXE
-
\??\c:\3pvjj.exec:\3pvjj.exe38⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe39⤵
- Executes dropped EXE
-
\??\c:\1lxfllr.exec:\1lxfllr.exe40⤵
- Executes dropped EXE
-
\??\c:\rxxrrlx.exec:\rxxrrlx.exe41⤵
- Executes dropped EXE
-
\??\c:\tnhntt.exec:\tnhntt.exe42⤵
- Executes dropped EXE
-
\??\c:\3nbbhh.exec:\3nbbhh.exe43⤵
- Executes dropped EXE
-
\??\c:\jjdvv.exec:\jjdvv.exe44⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe45⤵
- Executes dropped EXE
-
\??\c:\fxxxflr.exec:\fxxxflr.exe46⤵
- Executes dropped EXE
-
\??\c:\rxxrlxl.exec:\rxxrlxl.exe47⤵
- Executes dropped EXE
-
\??\c:\nbbhbh.exec:\nbbhbh.exe48⤵
- Executes dropped EXE
-
\??\c:\nnhhtt.exec:\nnhhtt.exe49⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe50⤵
- Executes dropped EXE
-
\??\c:\vdpvd.exec:\vdpvd.exe51⤵
- Executes dropped EXE
-
\??\c:\vddvj.exec:\vddvj.exe52⤵
- Executes dropped EXE
-
\??\c:\lxlffxf.exec:\lxlffxf.exe53⤵
- Executes dropped EXE
-
\??\c:\xrflfff.exec:\xrflfff.exe54⤵
- Executes dropped EXE
-
\??\c:\1htbhh.exec:\1htbhh.exe55⤵
- Executes dropped EXE
-
\??\c:\nhbnnn.exec:\nhbnnn.exe56⤵
- Executes dropped EXE
-
\??\c:\3jdvd.exec:\3jdvd.exe57⤵
- Executes dropped EXE
-
\??\c:\7jvdp.exec:\7jvdp.exe58⤵
- Executes dropped EXE
-
\??\c:\vjjjp.exec:\vjjjp.exe59⤵
- Executes dropped EXE
-
\??\c:\xlfxlfl.exec:\xlfxlfl.exe60⤵
- Executes dropped EXE
-
\??\c:\rlxrlrf.exec:\rlxrlrf.exe61⤵
- Executes dropped EXE
-
\??\c:\5hhbhn.exec:\5hhbhn.exe62⤵
- Executes dropped EXE
-
\??\c:\nhttbh.exec:\nhttbh.exe63⤵
- Executes dropped EXE
-
\??\c:\ppjpp.exec:\ppjpp.exe64⤵
- Executes dropped EXE
-
\??\c:\jvjdd.exec:\jvjdd.exe65⤵
- Executes dropped EXE
-
\??\c:\dpdvj.exec:\dpdvj.exe66⤵
-
\??\c:\5rlfrfl.exec:\5rlfrfl.exe67⤵
-
\??\c:\1flrffx.exec:\1flrffx.exe68⤵
-
\??\c:\btbtbn.exec:\btbtbn.exe69⤵
-
\??\c:\9nbnbn.exec:\9nbnbn.exe70⤵
-
\??\c:\frrxrxr.exec:\frrxrxr.exe71⤵
-
\??\c:\llrlrfx.exec:\llrlrfx.exe72⤵
-
\??\c:\hhhnht.exec:\hhhnht.exe73⤵
-
\??\c:\7hhtnb.exec:\7hhtnb.exe74⤵
-
\??\c:\pvdjv.exec:\pvdjv.exe75⤵
-
\??\c:\7ppvd.exec:\7ppvd.exe76⤵
-
\??\c:\rfrlllr.exec:\rfrlllr.exe77⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe78⤵
-
\??\c:\1btthn.exec:\1btthn.exe79⤵
-
\??\c:\3hhhtt.exec:\3hhhtt.exe80⤵
-
\??\c:\3ppvd.exec:\3ppvd.exe81⤵
-
\??\c:\rlrxlrl.exec:\rlrxlrl.exe82⤵
-
\??\c:\1lfxlrl.exec:\1lfxlrl.exe83⤵
-
\??\c:\thbhbh.exec:\thbhbh.exe84⤵
-
\??\c:\1thhht.exec:\1thhht.exe85⤵
-
\??\c:\hhbnbb.exec:\hhbnbb.exe86⤵
-
\??\c:\dpjvd.exec:\dpjvd.exe87⤵
-
\??\c:\5frrxfl.exec:\5frrxfl.exe88⤵
-
\??\c:\rlrxlrx.exec:\rlrxlrx.exe89⤵
-
\??\c:\hbnbbh.exec:\hbnbbh.exe90⤵
-
\??\c:\bnbhbh.exec:\bnbhbh.exe91⤵
-
\??\c:\7vjjp.exec:\7vjjp.exe92⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe93⤵
-
\??\c:\rllrlxx.exec:\rllrlxx.exe94⤵
-
\??\c:\rlxrrrx.exec:\rlxrrrx.exe95⤵
-
\??\c:\bbbhhb.exec:\bbbhhb.exe96⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe97⤵
-
\??\c:\5dvdj.exec:\5dvdj.exe98⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe99⤵
-
\??\c:\xfxlrff.exec:\xfxlrff.exe100⤵
-
\??\c:\nntbnt.exec:\nntbnt.exe101⤵
-
\??\c:\hthtbh.exec:\hthtbh.exe102⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe103⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe104⤵
-
\??\c:\vjpvj.exec:\vjpvj.exe105⤵
-
\??\c:\rrrlfff.exec:\rrrlfff.exe106⤵
-
\??\c:\5bnbnt.exec:\5bnbnt.exe107⤵
-
\??\c:\bhhhnb.exec:\bhhhnb.exe108⤵
-
\??\c:\jddjv.exec:\jddjv.exe109⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe110⤵
-
\??\c:\rxllxxf.exec:\rxllxxf.exe111⤵
-
\??\c:\lrrllff.exec:\lrrllff.exe112⤵
-
\??\c:\thtnbb.exec:\thtnbb.exe113⤵
-
\??\c:\nnhtbh.exec:\nnhtbh.exe114⤵
-
\??\c:\9dpjp.exec:\9dpjp.exe115⤵
-
\??\c:\lllxxrx.exec:\lllxxrx.exe116⤵
-
\??\c:\lrffxxl.exec:\lrffxxl.exe117⤵
-
\??\c:\nhhnbh.exec:\nhhnbh.exe118⤵
-
\??\c:\hhnttt.exec:\hhnttt.exe119⤵
-
\??\c:\pjpdp.exec:\pjpdp.exe120⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-