Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
20/07/2024, 06:53
General
-
Target
5fa981ee690fa68330e726bb41a56ba0N.exe
-
Size
67KB
-
MD5
5fa981ee690fa68330e726bb41a56ba0
-
SHA1
c7b18aa9435f87079a7c86367f7d84c71fb3258c
-
SHA256
27de56099f63d6bb43f05f7ab6ff55c15530ffb7c79f2b37cb503dc5fd3c4bf1
-
SHA512
54ba0e2e53d2c38a732ac89ad01cb323811e16768108ac79a1a1a97d3dc60a9c46a8ad5bf4901e39c28976cb5a31cab5c21962c85006774047ebd29b950dcea4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1g7c3wtA:ymb3NkkiQ3mdBjFoLkVAW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5fa981ee690fa68330e726bb41a56ba0N.exe"C:\Users\Admin\AppData\Local\Temp\5fa981ee690fa68330e726bb41a56ba0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnhnt.exec:\7hnhnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdp.exec:\ddvdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1frxflr.exec:\1frxflr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnhh.exec:\nnhnhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvvd.exec:\5dvvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfffl.exec:\frlfffl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrrrfl.exec:\1xrrrfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnhh.exec:\tnhnhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvj.exec:\ppjvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppd.exec:\jdppd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxfrx.exec:\fxlxfrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbntbb.exec:\hbntbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbbbh.exec:\7hbbbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdjp.exec:\1pdjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrfxxx.exec:\9xrfxxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrfrxx.exec:\xrrfrxx.exe17⤵
- Executes dropped EXE
-
\??\c:\tnntnt.exec:\tnntnt.exe18⤵
- Executes dropped EXE
-
\??\c:\nhbbhh.exec:\nhbbhh.exe19⤵
- Executes dropped EXE
-
\??\c:\9vpjp.exec:\9vpjp.exe20⤵
- Executes dropped EXE
-
\??\c:\rlxlxlx.exec:\rlxlxlx.exe21⤵
- Executes dropped EXE
-
\??\c:\hhbnbn.exec:\hhbnbn.exe22⤵
- Executes dropped EXE
-
\??\c:\bnbhtb.exec:\bnbhtb.exe23⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe24⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe25⤵
- Executes dropped EXE
-
\??\c:\lrflxxl.exec:\lrflxxl.exe26⤵
- Executes dropped EXE
-
\??\c:\hhbhnt.exec:\hhbhnt.exe27⤵
- Executes dropped EXE
-
\??\c:\jjvdv.exec:\jjvdv.exe28⤵
- Executes dropped EXE
-
\??\c:\jjdpv.exec:\jjdpv.exe29⤵
- Executes dropped EXE
-
\??\c:\3rllrrx.exec:\3rllrrx.exe30⤵
- Executes dropped EXE
-
\??\c:\nnhnhh.exec:\nnhnhh.exe31⤵
- Executes dropped EXE
-
\??\c:\7nnbbh.exec:\7nnbbh.exe32⤵
- Executes dropped EXE
-
\??\c:\vjdvv.exec:\vjdvv.exe33⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe34⤵
- Executes dropped EXE
-
\??\c:\xrlrrxf.exec:\xrlrrxf.exe35⤵
- Executes dropped EXE
-
\??\c:\rrlxffx.exec:\rrlxffx.exe36⤵
- Executes dropped EXE
-
\??\c:\nhthtt.exec:\nhthtt.exe37⤵
- Executes dropped EXE
-
\??\c:\vvjvd.exec:\vvjvd.exe38⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe39⤵
- Executes dropped EXE
-
\??\c:\xlrrllr.exec:\xlrrllr.exe40⤵
- Executes dropped EXE
-
\??\c:\xlfrfff.exec:\xlfrfff.exe41⤵
- Executes dropped EXE
-
\??\c:\btbnbb.exec:\btbnbb.exe42⤵
- Executes dropped EXE
-
\??\c:\hhtbbb.exec:\hhtbbb.exe43⤵
- Executes dropped EXE
-
\??\c:\dvjpj.exec:\dvjpj.exe44⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe45⤵
- Executes dropped EXE
-
\??\c:\7rfllll.exec:\7rfllll.exe46⤵
- Executes dropped EXE
-
\??\c:\7rxxlfx.exec:\7rxxlfx.exe47⤵
- Executes dropped EXE
-
\??\c:\tnhntn.exec:\tnhntn.exe48⤵
- Executes dropped EXE
-
\??\c:\htttht.exec:\htttht.exe49⤵
- Executes dropped EXE
-
\??\c:\dpdjv.exec:\dpdjv.exe50⤵
- Executes dropped EXE
-
\??\c:\xxrfflx.exec:\xxrfflx.exe51⤵
- Executes dropped EXE
-
\??\c:\5rflxlr.exec:\5rflxlr.exe52⤵
- Executes dropped EXE
-
\??\c:\hbthtt.exec:\hbthtt.exe53⤵
- Executes dropped EXE
-
\??\c:\htbtbh.exec:\htbtbh.exe54⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe55⤵
- Executes dropped EXE
-
\??\c:\7vddd.exec:\7vddd.exe56⤵
- Executes dropped EXE
-
\??\c:\9jvpv.exec:\9jvpv.exe57⤵
- Executes dropped EXE
-
\??\c:\xlxxffl.exec:\xlxxffl.exe58⤵
- Executes dropped EXE
-
\??\c:\lfxxffl.exec:\lfxxffl.exe59⤵
- Executes dropped EXE
-
\??\c:\thttbh.exec:\thttbh.exe60⤵
- Executes dropped EXE
-
\??\c:\pddvv.exec:\pddvv.exe61⤵
- Executes dropped EXE
-
\??\c:\7ddjv.exec:\7ddjv.exe62⤵
- Executes dropped EXE
-
\??\c:\lxllxxr.exec:\lxllxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\9ffllxx.exec:\9ffllxx.exe64⤵
- Executes dropped EXE
-
\??\c:\frflrxl.exec:\frflrxl.exe65⤵
- Executes dropped EXE
-
\??\c:\btbhtb.exec:\btbhtb.exe66⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe67⤵
-
\??\c:\vjddd.exec:\vjddd.exe68⤵
-
\??\c:\3fxxflr.exec:\3fxxflr.exe69⤵
-
\??\c:\xfxxfll.exec:\xfxxfll.exe70⤵
-
\??\c:\9bbhth.exec:\9bbhth.exe71⤵
-
\??\c:\tnhbhn.exec:\tnhbhn.exe72⤵
-
\??\c:\dvddj.exec:\dvddj.exe73⤵
-
\??\c:\1dvdj.exec:\1dvdj.exe74⤵
-
\??\c:\lfrxlll.exec:\lfrxlll.exe75⤵
-
\??\c:\9llxflx.exec:\9llxflx.exe76⤵
-
\??\c:\5bbnth.exec:\5bbnth.exe77⤵
-
\??\c:\1nhnbn.exec:\1nhnbn.exe78⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe79⤵
-
\??\c:\5ddjv.exec:\5ddjv.exe80⤵
-
\??\c:\flrlrxf.exec:\flrlrxf.exe81⤵
-
\??\c:\xrxlxff.exec:\xrxlxff.exe82⤵
-
\??\c:\nhhthh.exec:\nhhthh.exe83⤵
-
\??\c:\thnthn.exec:\thnthn.exe84⤵
-
\??\c:\jjdpv.exec:\jjdpv.exe85⤵
-
\??\c:\pppvj.exec:\pppvj.exe86⤵
-
\??\c:\9rllxxr.exec:\9rllxxr.exe87⤵
-
\??\c:\5frxflf.exec:\5frxflf.exe88⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe89⤵
-
\??\c:\1hbntt.exec:\1hbntt.exe90⤵
-
\??\c:\3dvvj.exec:\3dvvj.exe91⤵
-
\??\c:\vppjj.exec:\vppjj.exe92⤵
-
\??\c:\1xlrlrx.exec:\1xlrlrx.exe93⤵
-
\??\c:\rlxxxrx.exec:\rlxxxrx.exe94⤵
-
\??\c:\rfxxrxr.exec:\rfxxrxr.exe95⤵
-
\??\c:\btntht.exec:\btntht.exe96⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe97⤵
-
\??\c:\7dppp.exec:\7dppp.exe98⤵
-
\??\c:\1rlrrxl.exec:\1rlrrxl.exe99⤵
-
\??\c:\fxrxflr.exec:\fxrxflr.exe100⤵
-
\??\c:\9hhbht.exec:\9hhbht.exe101⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe102⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe103⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe104⤵
-
\??\c:\fxllrxl.exec:\fxllrxl.exe105⤵
-
\??\c:\rrrlrfr.exec:\rrrlrfr.exe106⤵
-
\??\c:\nntthn.exec:\nntthn.exe107⤵
-
\??\c:\btttth.exec:\btttth.exe108⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe109⤵
-
\??\c:\9xrrxfr.exec:\9xrrxfr.exe110⤵
-
\??\c:\1frffrx.exec:\1frffrx.exe111⤵
-
\??\c:\tththt.exec:\tththt.exe112⤵
-
\??\c:\hhtthh.exec:\hhtthh.exe113⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe114⤵
-
\??\c:\xrxfrrx.exec:\xrxfrrx.exe115⤵
-
\??\c:\fxlflll.exec:\fxlflll.exe116⤵
-
\??\c:\nnntbb.exec:\nnntbb.exe117⤵
-
\??\c:\ttnthn.exec:\ttnthn.exe118⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe119⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe120⤵
-
\??\c:\rfrfxrr.exec:\rfrfxrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-