Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
21/07/2024, 05:32
General
-
Target
7226cd6bd93ed5b779ef90c7272332b0N.exe
-
Size
60KB
-
MD5
7226cd6bd93ed5b779ef90c7272332b0
-
SHA1
d16ed9731a81c4a97230b0b12f59c52a598eb57b
-
SHA256
89774814e022c4c2db6b41113321ced0fb8fdb99d614c90198916fb805f4849c
-
SHA512
709f81faff6687a17e93cb54ec02cd2722e9019241bde4e59699eb62b0dbc07c559458a6b53565e53e3f98f126400c1c4a51f4733cd130a62acd023037247fa3
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIug6bPE:ymb3NkkiQ3mdBjFIugQE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7226cd6bd93ed5b779ef90c7272332b0N.exe"C:\Users\Admin\AppData\Local\Temp\7226cd6bd93ed5b779ef90c7272332b0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\thbnbt.exec:\thbnbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\42864.exec:\42864.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxlrlf.exec:\rrxlrlf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhth.exec:\nnbhth.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbhh.exec:\thnbhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\62282.exec:\62282.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w00088.exec:\w00088.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\08482.exec:\08482.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\448682.exec:\448682.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnhnn.exec:\7tnhnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnnn.exec:\tnnnnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvj.exec:\djdvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrfx.exec:\rlfxrfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvp.exec:\jddvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6626008.exec:\6626008.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2282608.exec:\2282608.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnhb.exec:\hhtnhb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjvj.exec:\9pjvj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q88244.exec:\q88244.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k00044.exec:\k00044.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvp.exec:\vddvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpj.exec:\jddpj.exe23⤵
- Executes dropped EXE
-
\??\c:\u620442.exec:\u620442.exe24⤵
- Executes dropped EXE
-
\??\c:\0666004.exec:\0666004.exe25⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe26⤵
- Executes dropped EXE
-
\??\c:\pjpdj.exec:\pjpdj.exe27⤵
- Executes dropped EXE
-
\??\c:\662648.exec:\662648.exe28⤵
- Executes dropped EXE
-
\??\c:\9tnbth.exec:\9tnbth.exe29⤵
- Executes dropped EXE
-
\??\c:\00064.exec:\00064.exe30⤵
- Executes dropped EXE
-
\??\c:\nnnthb.exec:\nnnthb.exe31⤵
- Executes dropped EXE
-
\??\c:\444822.exec:\444822.exe32⤵
- Executes dropped EXE
-
\??\c:\i404820.exec:\i404820.exe33⤵
- Executes dropped EXE
-
\??\c:\02426.exec:\02426.exe34⤵
- Executes dropped EXE
-
\??\c:\nhhtnh.exec:\nhhtnh.exe35⤵
- Executes dropped EXE
-
\??\c:\46886.exec:\46886.exe36⤵
- Executes dropped EXE
-
\??\c:\o622282.exec:\o622282.exe37⤵
- Executes dropped EXE
-
\??\c:\20262.exec:\20262.exe38⤵
- Executes dropped EXE
-
\??\c:\0464040.exec:\0464040.exe39⤵
- Executes dropped EXE
-
\??\c:\htttbb.exec:\htttbb.exe40⤵
- Executes dropped EXE
-
\??\c:\3tnhhh.exec:\3tnhhh.exe41⤵
- Executes dropped EXE
-
\??\c:\flfllfl.exec:\flfllfl.exe42⤵
- Executes dropped EXE
-
\??\c:\0282280.exec:\0282280.exe43⤵
- Executes dropped EXE
-
\??\c:\pvpjd.exec:\pvpjd.exe44⤵
- Executes dropped EXE
-
\??\c:\9hhthh.exec:\9hhthh.exe45⤵
- Executes dropped EXE
-
\??\c:\426086.exec:\426086.exe46⤵
- Executes dropped EXE
-
\??\c:\2620224.exec:\2620224.exe47⤵
- Executes dropped EXE
-
\??\c:\i460826.exec:\i460826.exe48⤵
- Executes dropped EXE
-
\??\c:\0460266.exec:\0460266.exe49⤵
- Executes dropped EXE
-
\??\c:\808640.exec:\808640.exe50⤵
- Executes dropped EXE
-
\??\c:\204842.exec:\204842.exe51⤵
- Executes dropped EXE
-
\??\c:\e22266.exec:\e22266.exe52⤵
- Executes dropped EXE
-
\??\c:\440606.exec:\440606.exe53⤵
- Executes dropped EXE
-
\??\c:\bhnhth.exec:\bhnhth.exe54⤵
- Executes dropped EXE
-
\??\c:\k44866.exec:\k44866.exe55⤵
- Executes dropped EXE
-
\??\c:\4804268.exec:\4804268.exe56⤵
- Executes dropped EXE
-
\??\c:\o884822.exec:\o884822.exe57⤵
- Executes dropped EXE
-
\??\c:\8226082.exec:\8226082.exe58⤵
- Executes dropped EXE
-
\??\c:\lffxxrx.exec:\lffxxrx.exe59⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe60⤵
- Executes dropped EXE
-
\??\c:\3fxrfxr.exec:\3fxrfxr.exe61⤵
- Executes dropped EXE
-
\??\c:\824826.exec:\824826.exe62⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe63⤵
- Executes dropped EXE
-
\??\c:\xffxlfx.exec:\xffxlfx.exe64⤵
- Executes dropped EXE
-
\??\c:\fxxrrxr.exec:\fxxrrxr.exe65⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe66⤵
-
\??\c:\00004.exec:\00004.exe67⤵
-
\??\c:\s4264.exec:\s4264.exe68⤵
-
\??\c:\bnbtnn.exec:\bnbtnn.exe69⤵
-
\??\c:\4806404.exec:\4806404.exe70⤵
-
\??\c:\lffrxrx.exec:\lffrxrx.exe71⤵
-
\??\c:\3nnhhb.exec:\3nnhhb.exe72⤵
-
\??\c:\26842.exec:\26842.exe73⤵
-
\??\c:\06848.exec:\06848.exe74⤵
-
\??\c:\06248.exec:\06248.exe75⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe76⤵
-
\??\c:\0866060.exec:\0866060.exe77⤵
-
\??\c:\28808.exec:\28808.exe78⤵
-
\??\c:\flxfxlr.exec:\flxfxlr.exe79⤵
-
\??\c:\0262620.exec:\0262620.exe80⤵
-
\??\c:\fllfxxr.exec:\fllfxxr.exe81⤵
-
\??\c:\i604220.exec:\i604220.exe82⤵
-
\??\c:\866482.exec:\866482.exe83⤵
-
\??\c:\06824.exec:\06824.exe84⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe85⤵
-
\??\c:\g8264.exec:\g8264.exe86⤵
-
\??\c:\64084.exec:\64084.exe87⤵
-
\??\c:\264666.exec:\264666.exe88⤵
-
\??\c:\86206.exec:\86206.exe89⤵
-
\??\c:\64026.exec:\64026.exe90⤵
-
\??\c:\2060848.exec:\2060848.exe91⤵
-
\??\c:\1bbnhb.exec:\1bbnhb.exe92⤵
-
\??\c:\3bhthb.exec:\3bhthb.exe93⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe94⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe95⤵
-
\??\c:\c462660.exec:\c462660.exe96⤵
-
\??\c:\nbbhtn.exec:\nbbhtn.exe97⤵
-
\??\c:\1jppj.exec:\1jppj.exe98⤵
-
\??\c:\06226.exec:\06226.exe99⤵
-
\??\c:\flxrllf.exec:\flxrllf.exe100⤵
-
\??\c:\648484.exec:\648484.exe101⤵
-
\??\c:\88448.exec:\88448.exe102⤵
-
\??\c:\btbttb.exec:\btbttb.exe103⤵
-
\??\c:\1lffrll.exec:\1lffrll.exe104⤵
-
\??\c:\2200662.exec:\2200662.exe105⤵
-
\??\c:\2660400.exec:\2660400.exe106⤵
-
\??\c:\hbtnbn.exec:\hbtnbn.exe107⤵
-
\??\c:\6404006.exec:\6404006.exe108⤵
-
\??\c:\7ttnhb.exec:\7ttnhb.exe109⤵
-
\??\c:\5hhhhh.exec:\5hhhhh.exe110⤵
-
\??\c:\7pdpp.exec:\7pdpp.exe111⤵
-
\??\c:\0800488.exec:\0800488.exe112⤵
-
\??\c:\808880.exec:\808880.exe113⤵
-
\??\c:\rflxfrx.exec:\rflxfrx.exe114⤵
-
\??\c:\dpppd.exec:\dpppd.exe115⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe116⤵
-
\??\c:\vvvdj.exec:\vvvdj.exe117⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe118⤵
-
\??\c:\2844226.exec:\2844226.exe119⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe120⤵
-
\??\c:\0440882.exec:\0440882.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-