Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
21-07-2024 06:21
General
-
Target
7afe244e4d9e3fe4f2877bb8e6006b60N.exe
-
Size
374KB
-
MD5
7afe244e4d9e3fe4f2877bb8e6006b60
-
SHA1
bbb06d8c9f030cbdcb3ecb0494148aeb6609757f
-
SHA256
3cc19b7342f5f1f7baef77cddc1ba266dc36910407d4578c20a9608fc626200b
-
SHA512
baa354a94853c24fc4eb4e902850b4054ad44d44f7abb7ba58c247a8a0d751749b89b0935802fd875663017c534805e0214b8b51bf8d9727f51781bd583e1845
-
SSDEEP
6144:n3C9BRIG0asYFm71mJl3/X8mak5gNv9rC8IwLaYNUvtTxTKMMd:n3C9uYA7i3/stR9HGYyvtTxTKMW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7afe244e4d9e3fe4f2877bb8e6006b60N.exe"C:\Users\Admin\AppData\Local\Temp\7afe244e4d9e3fe4f2877bb8e6006b60N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxrr.exec:\xllfxrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpd.exec:\dvdpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxrlf.exec:\lxfxrlf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjvj.exec:\5jjvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlxlf.exec:\fxxlxlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhtnb.exec:\thhtnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxrlf.exec:\xrrxrlf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtht.exec:\hbbtht.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxlrlf.exec:\3fxlrlf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbnh.exec:\hnnbnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjdj.exec:\3vjdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrlrr.exec:\fxrrlrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllxrfx.exec:\fllxrfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddv.exec:\pvddv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnbtn.exec:\9nnbtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpdv.exec:\9jpdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpdp.exec:\djpdp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlxxl.exec:\flrlxxl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpjv.exec:\pvpjv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrffr.exec:\rxfrffr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvp.exec:\pjjvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfrfxl.exec:\xxfrfxl.exe23⤵
- Executes dropped EXE
-
\??\c:\3nhbnh.exec:\3nhbnh.exe24⤵
- Executes dropped EXE
-
\??\c:\7dpvd.exec:\7dpvd.exe25⤵
- Executes dropped EXE
-
\??\c:\xlrfxlx.exec:\xlrfxlx.exe26⤵
- Executes dropped EXE
-
\??\c:\hbtbnt.exec:\hbtbnt.exe27⤵
- Executes dropped EXE
-
\??\c:\btntht.exec:\btntht.exe28⤵
- Executes dropped EXE
-
\??\c:\djpvj.exec:\djpvj.exe29⤵
- Executes dropped EXE
-
\??\c:\xxxlxrl.exec:\xxxlxrl.exe30⤵
- Executes dropped EXE
-
\??\c:\httnhb.exec:\httnhb.exe31⤵
- Executes dropped EXE
-
\??\c:\vdpvd.exec:\vdpvd.exe32⤵
- Executes dropped EXE
-
\??\c:\lxrlfxr.exec:\lxrlfxr.exe33⤵
- Executes dropped EXE
-
\??\c:\xllrflx.exec:\xllrflx.exe34⤵
- Executes dropped EXE
-
\??\c:\5bbttt.exec:\5bbttt.exe35⤵
- Executes dropped EXE
-
\??\c:\xfflxrf.exec:\xfflxrf.exe36⤵
- Executes dropped EXE
-
\??\c:\xlfxlfr.exec:\xlfxlfr.exe37⤵
- Executes dropped EXE
-
\??\c:\ttnnhb.exec:\ttnnhb.exe38⤵
- Executes dropped EXE
-
\??\c:\xllxlfx.exec:\xllxlfx.exe39⤵
- Executes dropped EXE
-
\??\c:\hbbntn.exec:\hbbntn.exe40⤵
- Executes dropped EXE
-
\??\c:\9vvpd.exec:\9vvpd.exe41⤵
- Executes dropped EXE
-
\??\c:\rxxlxrf.exec:\rxxlxrf.exe42⤵
- Executes dropped EXE
-
\??\c:\rrrflxr.exec:\rrrflxr.exe43⤵
- Executes dropped EXE
-
\??\c:\htbnnh.exec:\htbnnh.exe44⤵
- Executes dropped EXE
-
\??\c:\pdjvj.exec:\pdjvj.exe45⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe46⤵
- Executes dropped EXE
-
\??\c:\3lfrfxr.exec:\3lfrfxr.exe47⤵
- Executes dropped EXE
-
\??\c:\rllfllf.exec:\rllfllf.exe48⤵
- Executes dropped EXE
-
\??\c:\bttnhb.exec:\bttnhb.exe49⤵
- Executes dropped EXE
-
\??\c:\vjjvj.exec:\vjjvj.exe50⤵
- Executes dropped EXE
-
\??\c:\pddpj.exec:\pddpj.exe51⤵
- Executes dropped EXE
-
\??\c:\xflrlll.exec:\xflrlll.exe52⤵
- Executes dropped EXE
-
\??\c:\1tnnhh.exec:\1tnnhh.exe53⤵
- Executes dropped EXE
-
\??\c:\1jvvj.exec:\1jvvj.exe54⤵
- Executes dropped EXE
-
\??\c:\5vvdp.exec:\5vvdp.exe55⤵
- Executes dropped EXE
-
\??\c:\xllflfx.exec:\xllflfx.exe56⤵
- Executes dropped EXE
-
\??\c:\nnnhbb.exec:\nnnhbb.exe57⤵
- Executes dropped EXE
-
\??\c:\bbbbht.exec:\bbbbht.exe58⤵
- Executes dropped EXE
-
\??\c:\pdvjd.exec:\pdvjd.exe59⤵
- Executes dropped EXE
-
\??\c:\rxxxlfx.exec:\rxxxlfx.exe60⤵
- Executes dropped EXE
-
\??\c:\nbhbbh.exec:\nbhbbh.exe61⤵
- Executes dropped EXE
-
\??\c:\bbhbbt.exec:\bbhbbt.exe62⤵
- Executes dropped EXE
-
\??\c:\vddpd.exec:\vddpd.exe63⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe64⤵
- Executes dropped EXE
-
\??\c:\lrrflfx.exec:\lrrflfx.exe65⤵
- Executes dropped EXE
-
\??\c:\lrlxlfr.exec:\lrlxlfr.exe66⤵
-
\??\c:\htbbbt.exec:\htbbbt.exe67⤵
-
\??\c:\jddjv.exec:\jddjv.exe68⤵
-
\??\c:\vppjd.exec:\vppjd.exe69⤵
-
\??\c:\rrlxlfx.exec:\rrlxlfx.exe70⤵
-
\??\c:\tnnbbt.exec:\tnnbbt.exe71⤵
-
\??\c:\ntthbt.exec:\ntthbt.exe72⤵
-
\??\c:\jjddv.exec:\jjddv.exe73⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe74⤵
-
\??\c:\xllxfxr.exec:\xllxfxr.exe75⤵
-
\??\c:\hhnbnh.exec:\hhnbnh.exe76⤵
-
\??\c:\nhnbnh.exec:\nhnbnh.exe77⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe78⤵
-
\??\c:\fxrrfll.exec:\fxrrfll.exe79⤵
-
\??\c:\1ffrllf.exec:\1ffrllf.exe80⤵
-
\??\c:\bthhnh.exec:\bthhnh.exe81⤵
-
\??\c:\jvjvp.exec:\jvjvp.exe82⤵
-
\??\c:\rllfxrr.exec:\rllfxrr.exe83⤵
-
\??\c:\lfxxrxx.exec:\lfxxrxx.exe84⤵
-
\??\c:\nbhbnh.exec:\nbhbnh.exe85⤵
-
\??\c:\dddpv.exec:\dddpv.exe86⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe87⤵
-
\??\c:\lxrfrlf.exec:\lxrfrlf.exe88⤵
-
\??\c:\hnnbnn.exec:\hnnbnn.exe89⤵
-
\??\c:\bntnnt.exec:\bntnnt.exe90⤵
-
\??\c:\dpppj.exec:\dpppj.exe91⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe92⤵
-
\??\c:\lrrxfll.exec:\lrrxfll.exe93⤵
-
\??\c:\9hnbbb.exec:\9hnbbb.exe94⤵
-
\??\c:\tntthn.exec:\tntthn.exe95⤵
-
\??\c:\pddvj.exec:\pddvj.exe96⤵
-
\??\c:\frlxrlf.exec:\frlxrlf.exe97⤵
-
\??\c:\nhhttn.exec:\nhhttn.exe98⤵
-
\??\c:\hbbnbt.exec:\hbbnbt.exe99⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe100⤵
-
\??\c:\1rfrfrr.exec:\1rfrfrr.exe101⤵
-
\??\c:\lxfxxxf.exec:\lxfxxxf.exe102⤵
-
\??\c:\bnnhhh.exec:\bnnhhh.exe103⤵
-
\??\c:\pvdpv.exec:\pvdpv.exe104⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe105⤵
-
\??\c:\xlrlffx.exec:\xlrlffx.exe106⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe107⤵
-
\??\c:\hhtnnn.exec:\hhtnnn.exe108⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe109⤵
-
\??\c:\rxrlflx.exec:\rxrlflx.exe110⤵
-
\??\c:\nbtnnh.exec:\nbtnnh.exe111⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe112⤵
-
\??\c:\lllxrlx.exec:\lllxrlx.exe113⤵
-
\??\c:\7fxxxlf.exec:\7fxxxlf.exe114⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe115⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe116⤵
-
\??\c:\xlrlffx.exec:\xlrlffx.exe117⤵
-
\??\c:\lrfxxlx.exec:\lrfxxlx.exe118⤵
-
\??\c:\nbhbbt.exec:\nbhbbt.exe119⤵
-
\??\c:\7ddvd.exec:\7ddvd.exe120⤵
-
\??\c:\pppvp.exec:\pppvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-