Analysis
-
max time kernel
120s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
20-07-2024 16:51
General
-
Target
ec627347f7a610fa3eec577e4bd03b70N.exe
-
Size
280KB
-
MD5
ec627347f7a610fa3eec577e4bd03b70
-
SHA1
4f680ef451d2f7db0f030d2e4592fd85f50202d7
-
SHA256
f8ffd5f07b52673cc52712b502cf3629597f8d382bd78965d74f3a57b6fd8e79
-
SHA512
9843e2999476b4bb63ec8cb0e98d20cd8161425424d5ed621200a001cc22d4652583625a925d5ab1dcc42c08db27f159a3c6183c85c1729e6e30554bedf61bb7
-
SSDEEP
6144:n3C9BRIG0asYFm71m8+GdkB9yMu7VvemWL:n3C9uYA71kSMue
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ec627347f7a610fa3eec577e4bd03b70N.exe"C:\Users\Admin\AppData\Local\Temp\ec627347f7a610fa3eec577e4bd03b70N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtbb.exec:\btbtbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddv.exec:\dpddv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1llffff.exec:\1llffff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpj.exec:\pddpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthbb.exec:\hhthbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlffrlx.exec:\xlffrlx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtbb.exec:\btbtbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddv.exec:\pjddv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlxxx.exec:\xrrlxxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vjdv.exec:\9vjdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrffx.exec:\rffrffx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbnt.exec:\btbbnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvj.exec:\pddvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddv.exec:\dpddv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhbt.exec:\nbnhbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtnh.exec:\tnbtnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjd.exec:\jppjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfllxl.exec:\rlfllxl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thtnn.exec:\3thtnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllrfl.exec:\xxllrfl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhbnn.exec:\3hhbnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdp.exec:\vjpdp.exe23⤵
- Executes dropped EXE
-
\??\c:\3btnbb.exec:\3btnbb.exe24⤵
- Executes dropped EXE
-
\??\c:\5rllffx.exec:\5rllffx.exe25⤵
- Executes dropped EXE
-
\??\c:\lxrlfxr.exec:\lxrlfxr.exe26⤵
- Executes dropped EXE
-
\??\c:\tnthbt.exec:\tnthbt.exe27⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe28⤵
- Executes dropped EXE
-
\??\c:\3ffxrfx.exec:\3ffxrfx.exe29⤵
- Executes dropped EXE
-
\??\c:\htthbt.exec:\htthbt.exe30⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe31⤵
- Executes dropped EXE
-
\??\c:\bbhtth.exec:\bbhtth.exe32⤵
- Executes dropped EXE
-
\??\c:\jdjvp.exec:\jdjvp.exe33⤵
- Executes dropped EXE
-
\??\c:\djpdv.exec:\djpdv.exe34⤵
- Executes dropped EXE
-
\??\c:\lfrlxff.exec:\lfrlxff.exe35⤵
- Executes dropped EXE
-
\??\c:\nnbntn.exec:\nnbntn.exe36⤵
- Executes dropped EXE
-
\??\c:\nbtnbt.exec:\nbtnbt.exe37⤵
- Executes dropped EXE
-
\??\c:\jvpjp.exec:\jvpjp.exe38⤵
- Executes dropped EXE
-
\??\c:\jjjvv.exec:\jjjvv.exe39⤵
- Executes dropped EXE
-
\??\c:\rrlxlxf.exec:\rrlxlxf.exe40⤵
- Executes dropped EXE
-
\??\c:\3ntnnn.exec:\3ntnnn.exe41⤵
- Executes dropped EXE
-
\??\c:\5bhhbb.exec:\5bhhbb.exe42⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe43⤵
- Executes dropped EXE
-
\??\c:\7xfrrlr.exec:\7xfrrlr.exe44⤵
- Executes dropped EXE
-
\??\c:\xfrllll.exec:\xfrllll.exe45⤵
- Executes dropped EXE
-
\??\c:\nhthbb.exec:\nhthbb.exe46⤵
- Executes dropped EXE
-
\??\c:\pdpdd.exec:\pdpdd.exe47⤵
- Executes dropped EXE
-
\??\c:\9ppdv.exec:\9ppdv.exe48⤵
- Executes dropped EXE
-
\??\c:\lfxfrll.exec:\lfxfrll.exe49⤵
- Executes dropped EXE
-
\??\c:\1lrrlrr.exec:\1lrrlrr.exe50⤵
- Executes dropped EXE
-
\??\c:\1tbtbt.exec:\1tbtbt.exe51⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe52⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe53⤵
- Executes dropped EXE
-
\??\c:\3xrfrrf.exec:\3xrfrrf.exe54⤵
- Executes dropped EXE
-
\??\c:\lfxrfxx.exec:\lfxrfxx.exe55⤵
- Executes dropped EXE
-
\??\c:\nbthtn.exec:\nbthtn.exe56⤵
- Executes dropped EXE
-
\??\c:\9pdvj.exec:\9pdvj.exe57⤵
- Executes dropped EXE
-
\??\c:\9djdv.exec:\9djdv.exe58⤵
- Executes dropped EXE
-
\??\c:\1lrffxx.exec:\1lrffxx.exe59⤵
- Executes dropped EXE
-
\??\c:\rlrrllf.exec:\rlrrllf.exe60⤵
- Executes dropped EXE
-
\??\c:\5ttnhb.exec:\5ttnhb.exe61⤵
- Executes dropped EXE
-
\??\c:\vvdvj.exec:\vvdvj.exe62⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe63⤵
- Executes dropped EXE
-
\??\c:\lffxllx.exec:\lffxllx.exe64⤵
- Executes dropped EXE
-
\??\c:\hbnhbn.exec:\hbnhbn.exe65⤵
- Executes dropped EXE
-
\??\c:\7vjvj.exec:\7vjvj.exe66⤵
-
\??\c:\vjpdd.exec:\vjpdd.exe67⤵
-
\??\c:\llrflrl.exec:\llrflrl.exe68⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe69⤵
-
\??\c:\5bbttt.exec:\5bbttt.exe70⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe71⤵
-
\??\c:\rrxrlfx.exec:\rrxrlfx.exe72⤵
-
\??\c:\rxfrllx.exec:\rxfrllx.exe73⤵
-
\??\c:\bbhhnt.exec:\bbhhnt.exe74⤵
-
\??\c:\tbhthb.exec:\tbhthb.exe75⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe76⤵
-
\??\c:\llrlxrl.exec:\llrlxrl.exe77⤵
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe78⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe79⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe80⤵
-
\??\c:\1pjvp.exec:\1pjvp.exe81⤵
-
\??\c:\rffrlfl.exec:\rffrlfl.exe82⤵
-
\??\c:\1nttbn.exec:\1nttbn.exe83⤵
-
\??\c:\vpvjp.exec:\vpvjp.exe84⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe85⤵
-
\??\c:\rxfrfxl.exec:\rxfrfxl.exe86⤵
-
\??\c:\xllfrlf.exec:\xllfrlf.exe87⤵
-
\??\c:\ntnnhn.exec:\ntnnhn.exe88⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe89⤵
-
\??\c:\rllxrlf.exec:\rllxrlf.exe90⤵
-
\??\c:\1fflxrf.exec:\1fflxrf.exe91⤵
-
\??\c:\bbbhhb.exec:\bbbhhb.exe92⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe93⤵
-
\??\c:\dddvj.exec:\dddvj.exe94⤵
-
\??\c:\llxxrrr.exec:\llxxrrr.exe95⤵
-
\??\c:\ttntbn.exec:\ttntbn.exe96⤵
-
\??\c:\hthtnb.exec:\hthtnb.exe97⤵
-
\??\c:\djpjd.exec:\djpjd.exe98⤵
-
\??\c:\lfxrxrx.exec:\lfxrxrx.exe99⤵
-
\??\c:\lffxxrf.exec:\lffxxrf.exe100⤵
-
\??\c:\tnnnhb.exec:\tnnnhb.exe101⤵
-
\??\c:\dvppj.exec:\dvppj.exe102⤵
-
\??\c:\lxxlxxr.exec:\lxxlxxr.exe103⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe104⤵
-
\??\c:\7hnhbt.exec:\7hnhbt.exe105⤵
-
\??\c:\djpjp.exec:\djpjp.exe106⤵
-
\??\c:\5lllffx.exec:\5lllffx.exe107⤵
-
\??\c:\9ttnhh.exec:\9ttnhh.exe108⤵
-
\??\c:\hhnhbt.exec:\hhnhbt.exe109⤵
-
\??\c:\7pvpj.exec:\7pvpj.exe110⤵
-
\??\c:\rllfrrl.exec:\rllfrrl.exe111⤵
-
\??\c:\fxrlllf.exec:\fxrlllf.exe112⤵
-
\??\c:\tntnnh.exec:\tntnnh.exe113⤵
-
\??\c:\bhbnhb.exec:\bhbnhb.exe114⤵
-
\??\c:\dddvj.exec:\dddvj.exe115⤵
-
\??\c:\fxlfxxl.exec:\fxlfxxl.exe116⤵
-
\??\c:\hnnbnh.exec:\hnnbnh.exe117⤵
-
\??\c:\hbnbtb.exec:\hbnbtb.exe118⤵
-
\??\c:\jppjj.exec:\jppjj.exe119⤵
-
\??\c:\rxfrlxr.exec:\rxfrlxr.exe120⤵
-
\??\c:\5lfxrfx.exec:\5lfxrfx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-