Analysis
-
max time kernel
120s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
20-07-2024 21:39
General
-
Target
0dad4f633f78f484a1ea2a594390e0d0N.exe
-
Size
73KB
-
MD5
0dad4f633f78f484a1ea2a594390e0d0
-
SHA1
3383f5d0814c2b145de1776469d587908139138f
-
SHA256
afcb9bfae5f1828dd65598dc4f86e7a74494a2306742ced2e94986aeadc62dc1
-
SHA512
66ef6ee536fac779d1d11a1978de43d5c5d0476b41da32d3f194ceaabe5d81b6f0f47ef765c398934e0445d48c07c2fe8755c37ad0fa9656f95b76bd06c9cb07
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb7tAHEqSCkKWSf:ymb3NkkiQ3mdBjFIynIKnf
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0dad4f633f78f484a1ea2a594390e0d0N.exe"C:\Users\Admin\AppData\Local\Temp\0dad4f633f78f484a1ea2a594390e0d0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfffl.exec:\lllfffl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhhh.exec:\bthhhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhbb.exec:\nbhhbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjp.exec:\jjpjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllrrf.exec:\fxllrrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjj.exec:\vdpjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbbn.exec:\ntbbbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbhbh.exec:\ttbhbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddd.exec:\ddddd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlllxl.exec:\lrlllxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3htthn.exec:\3htthn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjj.exec:\ppjjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpj.exec:\ppvpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrrrr.exec:\fxrrrrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttttt.exec:\nttttt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhtnb.exec:\hhhtnb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpp.exec:\vvvpp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllxxr.exec:\ffllxxr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnhh.exec:\bnnnhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbttb.exec:\tbbttb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jppp.exec:\5jppp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrllff.exec:\llrllff.exe23⤵
- Executes dropped EXE
-
\??\c:\llllllr.exec:\llllllr.exe24⤵
- Executes dropped EXE
-
\??\c:\hhtnbh.exec:\hhtnbh.exe25⤵
- Executes dropped EXE
-
\??\c:\3dpjd.exec:\3dpjd.exe26⤵
- Executes dropped EXE
-
\??\c:\frfxxxr.exec:\frfxxxr.exe27⤵
- Executes dropped EXE
-
\??\c:\bbbbbh.exec:\bbbbbh.exe28⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe30⤵
- Executes dropped EXE
-
\??\c:\rrrlffr.exec:\rrrlffr.exe31⤵
- Executes dropped EXE
-
\??\c:\hnnnnb.exec:\hnnnnb.exe32⤵
- Executes dropped EXE
-
\??\c:\7jvpv.exec:\7jvpv.exe33⤵
- Executes dropped EXE
-
\??\c:\frrrlxr.exec:\frrrlxr.exe34⤵
- Executes dropped EXE
-
\??\c:\fllrlrr.exec:\fllrlrr.exe35⤵
- Executes dropped EXE
-
\??\c:\nnnnhn.exec:\nnnnhn.exe36⤵
- Executes dropped EXE
-
\??\c:\nntnnt.exec:\nntnnt.exe37⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe38⤵
- Executes dropped EXE
-
\??\c:\xffxfll.exec:\xffxfll.exe39⤵
- Executes dropped EXE
-
\??\c:\ttbbbb.exec:\ttbbbb.exe40⤵
- Executes dropped EXE
-
\??\c:\htnhnn.exec:\htnhnn.exe41⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe42⤵
- Executes dropped EXE
-
\??\c:\bttnbh.exec:\bttnbh.exe43⤵
- Executes dropped EXE
-
\??\c:\nttnth.exec:\nttnth.exe44⤵
- Executes dropped EXE
-
\??\c:\lflffff.exec:\lflffff.exe45⤵
- Executes dropped EXE
-
\??\c:\fxxxlff.exec:\fxxxlff.exe46⤵
- Executes dropped EXE
-
\??\c:\tntttt.exec:\tntttt.exe47⤵
- Executes dropped EXE
-
\??\c:\3nnhnn.exec:\3nnhnn.exe48⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe49⤵
- Executes dropped EXE
-
\??\c:\lfxrlll.exec:\lfxrlll.exe50⤵
- Executes dropped EXE
-
\??\c:\bhnnnt.exec:\bhnnnt.exe51⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe52⤵
- Executes dropped EXE
-
\??\c:\rlllxrr.exec:\rlllxrr.exe53⤵
- Executes dropped EXE
-
\??\c:\bbbbbh.exec:\bbbbbh.exe54⤵
- Executes dropped EXE
-
\??\c:\flxxrlr.exec:\flxxrlr.exe55⤵
- Executes dropped EXE
-
\??\c:\btnhbb.exec:\btnhbb.exe56⤵
- Executes dropped EXE
-
\??\c:\bbtnnn.exec:\bbtnnn.exe57⤵
- Executes dropped EXE
-
\??\c:\vvdjd.exec:\vvdjd.exe58⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe59⤵
- Executes dropped EXE
-
\??\c:\xrlllrl.exec:\xrlllrl.exe60⤵
- Executes dropped EXE
-
\??\c:\1rffllr.exec:\1rffllr.exe61⤵
- Executes dropped EXE
-
\??\c:\hhbtth.exec:\hhbtth.exe62⤵
- Executes dropped EXE
-
\??\c:\hhhhnn.exec:\hhhhnn.exe63⤵
- Executes dropped EXE
-
\??\c:\jdjjp.exec:\jdjjp.exe64⤵
- Executes dropped EXE
-
\??\c:\xlrllxx.exec:\xlrllxx.exe65⤵
- Executes dropped EXE
-
\??\c:\hhbhbh.exec:\hhbhbh.exe66⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe67⤵
-
\??\c:\5lffxff.exec:\5lffxff.exe68⤵
-
\??\c:\nnbbtt.exec:\nnbbtt.exe69⤵
-
\??\c:\vjppj.exec:\vjppj.exe70⤵
-
\??\c:\dddvp.exec:\dddvp.exe71⤵
-
\??\c:\3lrrrrl.exec:\3lrrrrl.exe72⤵
-
\??\c:\9nnnnn.exec:\9nnnnn.exe73⤵
-
\??\c:\tnntnn.exec:\tnntnn.exe74⤵
-
\??\c:\jddpd.exec:\jddpd.exe75⤵
-
\??\c:\rlfxxxx.exec:\rlfxxxx.exe76⤵
-
\??\c:\1lxxrxx.exec:\1lxxrxx.exe77⤵
-
\??\c:\tttttt.exec:\tttttt.exe78⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe79⤵
-
\??\c:\jjpdp.exec:\jjpdp.exe80⤵
-
\??\c:\frxxllx.exec:\frxxllx.exe81⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe82⤵
-
\??\c:\9jjjd.exec:\9jjjd.exe83⤵
-
\??\c:\7dpjd.exec:\7dpjd.exe84⤵
-
\??\c:\lfffxlr.exec:\lfffxlr.exe85⤵
-
\??\c:\nhhhhn.exec:\nhhhhn.exe86⤵
-
\??\c:\ttbbtb.exec:\ttbbtb.exe87⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe88⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe89⤵
-
\??\c:\rrxrllf.exec:\rrxrllf.exe90⤵
-
\??\c:\lflffff.exec:\lflffff.exe91⤵
-
\??\c:\hhbbbh.exec:\hhbbbh.exe92⤵
-
\??\c:\htbbbt.exec:\htbbbt.exe93⤵
-
\??\c:\dvddd.exec:\dvddd.exe94⤵
-
\??\c:\ffxrxxl.exec:\ffxrxxl.exe95⤵
-
\??\c:\fxflfll.exec:\fxflfll.exe96⤵
-
\??\c:\nnnttb.exec:\nnnttb.exe97⤵
-
\??\c:\1vddv.exec:\1vddv.exe98⤵
-
\??\c:\rlllxxr.exec:\rlllxxr.exe99⤵
-
\??\c:\nnnhht.exec:\nnnhht.exe100⤵
-
\??\c:\5nbbtb.exec:\5nbbtb.exe101⤵
-
\??\c:\ddppd.exec:\ddppd.exe102⤵
-
\??\c:\jdppj.exec:\jdppj.exe103⤵
-
\??\c:\frxxrxx.exec:\frxxrxx.exe104⤵
-
\??\c:\xlrxrrr.exec:\xlrxrrr.exe105⤵
-
\??\c:\tnnnhn.exec:\tnnnhn.exe106⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe107⤵
-
\??\c:\rrfffll.exec:\rrfffll.exe108⤵
-
\??\c:\lxlxrrf.exec:\lxlxrrf.exe109⤵
-
\??\c:\pjddd.exec:\pjddd.exe110⤵
-
\??\c:\lrxxrrr.exec:\lrxxrrr.exe111⤵
-
\??\c:\llrrrrr.exec:\llrrrrr.exe112⤵
-
\??\c:\nhbnbt.exec:\nhbnbt.exe113⤵
-
\??\c:\bbbbbh.exec:\bbbbbh.exe114⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe115⤵
-
\??\c:\1vdvp.exec:\1vdvp.exe116⤵
-
\??\c:\frrrlxf.exec:\frrrlxf.exe117⤵
-
\??\c:\rrrllrr.exec:\rrrllrr.exe118⤵
-
\??\c:\lxxrllf.exec:\lxxrllf.exe119⤵
-
\??\c:\nntttt.exec:\nntttt.exe120⤵
-
\??\c:\vjddv.exec:\vjddv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-