Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
21-07-2024 23:54
General
-
Target
2dd57210a04bf4fd2a9f266b8e771310N.exe
-
Size
138KB
-
MD5
2dd57210a04bf4fd2a9f266b8e771310
-
SHA1
477db9374b1f9c1ebc905907a9123a499fb578a1
-
SHA256
6572e2eac63d7b435fe6d53b4def56b15ddb3f0fe5f946b42f6798a122f687ff
-
SHA512
f2b22612e1899c8612f3e417fec17b457db8f7f6a8b23ed3f3659d2a6cdc7e983ba870ab68233d71797b1700b7764f949cb61c14d8ed757b7caf4ff948bcdb47
-
SSDEEP
3072:9hOmTsF93UYfwC6GIoutz5yLpcgDE4JBuItR8pz7sH:9cm4FmowdHoS4Bftapz7u
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 49 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2dd57210a04bf4fd2a9f266b8e771310N.exe"C:\Users\Admin\AppData\Local\Temp\2dd57210a04bf4fd2a9f266b8e771310N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbntbb.exec:\nbntbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddd.exec:\pdddd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbnn.exec:\tntbnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdjj.exec:\djdjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrxrlx.exec:\5rrxrlx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvpd.exec:\jjvpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdj.exec:\dpjdj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbth.exec:\btbbth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhtb.exec:\bthhtb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvd.exec:\vvpvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflrxrf.exec:\rflrxrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhthn.exec:\hhhthn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhhn.exec:\tnhhhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppdp.exec:\jppdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxllrxl.exec:\rxllrxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thnhn.exec:\3thnhn.exe17⤵
- Executes dropped EXE
-
\??\c:\bttnht.exec:\bttnht.exe18⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe19⤵
- Executes dropped EXE
-
\??\c:\thtnbh.exec:\thtnbh.exe20⤵
- Executes dropped EXE
-
\??\c:\bnhtbn.exec:\bnhtbn.exe21⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe22⤵
- Executes dropped EXE
-
\??\c:\llflxlx.exec:\llflxlx.exe23⤵
- Executes dropped EXE
-
\??\c:\bnhnbh.exec:\bnhnbh.exe24⤵
- Executes dropped EXE
-
\??\c:\jvvdv.exec:\jvvdv.exe25⤵
- Executes dropped EXE
-
\??\c:\vjdvv.exec:\vjdvv.exe26⤵
- Executes dropped EXE
-
\??\c:\rllfxrr.exec:\rllfxrr.exe27⤵
- Executes dropped EXE
-
\??\c:\bttbhn.exec:\bttbhn.exe28⤵
- Executes dropped EXE
-
\??\c:\xlffrfx.exec:\xlffrfx.exe29⤵
- Executes dropped EXE
-
\??\c:\xrlflxx.exec:\xrlflxx.exe30⤵
- Executes dropped EXE
-
\??\c:\htnntt.exec:\htnntt.exe31⤵
- Executes dropped EXE
-
\??\c:\frrxllr.exec:\frrxllr.exe32⤵
- Executes dropped EXE
-
\??\c:\httbtn.exec:\httbtn.exe33⤵
- Executes dropped EXE
-
\??\c:\tnttnt.exec:\tnttnt.exe34⤵
- Executes dropped EXE
-
\??\c:\jjvdd.exec:\jjvdd.exe35⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe36⤵
- Executes dropped EXE
-
\??\c:\fxxxlrf.exec:\fxxxlrf.exe37⤵
- Executes dropped EXE
-
\??\c:\bhttnn.exec:\bhttnn.exe38⤵
- Executes dropped EXE
-
\??\c:\pvpdp.exec:\pvpdp.exe39⤵
- Executes dropped EXE
-
\??\c:\djddv.exec:\djddv.exe40⤵
- Executes dropped EXE
-
\??\c:\rlxxlxr.exec:\rlxxlxr.exe41⤵
- Executes dropped EXE
-
\??\c:\fxrxfff.exec:\fxrxfff.exe42⤵
- Executes dropped EXE
-
\??\c:\7tnbnh.exec:\7tnbnh.exe43⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe44⤵
- Executes dropped EXE
-
\??\c:\ppjjp.exec:\ppjjp.exe45⤵
- Executes dropped EXE
-
\??\c:\rrlxlfr.exec:\rrlxlfr.exe46⤵
- Executes dropped EXE
-
\??\c:\5bthnn.exec:\5bthnn.exe47⤵
- Executes dropped EXE
-
\??\c:\btbbtb.exec:\btbbtb.exe48⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe49⤵
- Executes dropped EXE
-
\??\c:\pvdpv.exec:\pvdpv.exe50⤵
- Executes dropped EXE
-
\??\c:\lfxrfxr.exec:\lfxrfxr.exe51⤵
- Executes dropped EXE
-
\??\c:\xfrlxlx.exec:\xfrlxlx.exe52⤵
- Executes dropped EXE
-
\??\c:\bhhtbt.exec:\bhhtbt.exe53⤵
- Executes dropped EXE
-
\??\c:\dvpdj.exec:\dvpdj.exe54⤵
- Executes dropped EXE
-
\??\c:\pvdjv.exec:\pvdjv.exe55⤵
- Executes dropped EXE
-
\??\c:\ffxxlll.exec:\ffxxlll.exe56⤵
- Executes dropped EXE
-
\??\c:\1bhbnn.exec:\1bhbnn.exe57⤵
- Executes dropped EXE
-
\??\c:\bbbtnh.exec:\bbbtnh.exe58⤵
- Executes dropped EXE
-
\??\c:\jdddd.exec:\jdddd.exe59⤵
- Executes dropped EXE
-
\??\c:\1lllxlf.exec:\1lllxlf.exe60⤵
- Executes dropped EXE
-
\??\c:\llxlflx.exec:\llxlflx.exe61⤵
- Executes dropped EXE
-
\??\c:\ttnbnb.exec:\ttnbnb.exe62⤵
- Executes dropped EXE
-
\??\c:\1vdpd.exec:\1vdpd.exe63⤵
- Executes dropped EXE
-
\??\c:\vdvjj.exec:\vdvjj.exe64⤵
- Executes dropped EXE
-
\??\c:\lxxfrxr.exec:\lxxfrxr.exe65⤵
- Executes dropped EXE
-
\??\c:\1btnnn.exec:\1btnnn.exe66⤵
-
\??\c:\vvjpj.exec:\vvjpj.exe67⤵
-
\??\c:\xxrlxlf.exec:\xxrlxlf.exe68⤵
-
\??\c:\httnbh.exec:\httnbh.exe69⤵
-
\??\c:\dpdpv.exec:\dpdpv.exe70⤵
-
\??\c:\lxffffx.exec:\lxffffx.exe71⤵
-
\??\c:\5fflrrr.exec:\5fflrrr.exe72⤵
-
\??\c:\bbnbht.exec:\bbnbht.exe73⤵
-
\??\c:\dddvj.exec:\dddvj.exe74⤵
-
\??\c:\9rllrxf.exec:\9rllrxf.exe75⤵
-
\??\c:\5bbnnb.exec:\5bbnnb.exe76⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe77⤵
-
\??\c:\flxxlfr.exec:\flxxlfr.exe78⤵
-
\??\c:\1nhnhh.exec:\1nhnhh.exe79⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe80⤵
-
\??\c:\lrxxlfl.exec:\lrxxlfl.exe81⤵
-
\??\c:\nnnbnb.exec:\nnnbnb.exe82⤵
-
\??\c:\9vddp.exec:\9vddp.exe83⤵
-
\??\c:\ffrxllx.exec:\ffrxllx.exe84⤵
-
\??\c:\nhnbnb.exec:\nhnbnb.exe85⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe86⤵
-
\??\c:\djvdd.exec:\djvdd.exe87⤵
-
\??\c:\flrllll.exec:\flrllll.exe88⤵
-
\??\c:\tbhnhb.exec:\tbhnhb.exe89⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe90⤵
-
\??\c:\fxrfrlx.exec:\fxrfrlx.exe91⤵
-
\??\c:\nnhbth.exec:\nnhbth.exe92⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe93⤵
-
\??\c:\rlflxrx.exec:\rlflxrx.exe94⤵
-
\??\c:\7tbnnh.exec:\7tbnnh.exe95⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe96⤵
-
\??\c:\frlrfll.exec:\frlrfll.exe97⤵
-
\??\c:\9tbntt.exec:\9tbntt.exe98⤵
-
\??\c:\7ddjd.exec:\7ddjd.exe99⤵
-
\??\c:\pjddv.exec:\pjddv.exe100⤵
-
\??\c:\ffrlrrx.exec:\ffrlrrx.exe101⤵
-
\??\c:\htnnnt.exec:\htnnnt.exe102⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe103⤵
-
\??\c:\hhbbnt.exec:\hhbbnt.exe104⤵
-
\??\c:\xrxrxll.exec:\xrxrxll.exe105⤵
-
\??\c:\9nbhnh.exec:\9nbhnh.exe106⤵
-
\??\c:\lffrlrf.exec:\lffrlrf.exe107⤵
-
\??\c:\7nhnhb.exec:\7nhnhb.exe108⤵
-
\??\c:\dpjpv.exec:\dpjpv.exe109⤵
-
\??\c:\lfxxlrf.exec:\lfxxlrf.exe110⤵
-
\??\c:\btnnbn.exec:\btnnbn.exe111⤵
-
\??\c:\1jjpd.exec:\1jjpd.exe112⤵
-
\??\c:\lfrxflr.exec:\lfrxflr.exe113⤵
-
\??\c:\7tnbtb.exec:\7tnbtb.exe114⤵
-
\??\c:\3bnntb.exec:\3bnntb.exe115⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe116⤵
-
\??\c:\lfrrflf.exec:\lfrrflf.exe117⤵
-
\??\c:\htbhhh.exec:\htbhhh.exe118⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe119⤵
-
\??\c:\9jdvp.exec:\9jdvp.exe120⤵
-
\??\c:\lrfflff.exec:\lrfflff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-