Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
21/07/2024, 09:36
General
-
Target
a52573607a047e98b728abc42ac4c450N.exe
-
Size
79KB
-
MD5
a52573607a047e98b728abc42ac4c450
-
SHA1
402352ea047753774d63b31fc33bbed09c94b9c2
-
SHA256
59641783372fbd38ef109901e152728d2c4e5bebf56e44a3c4a149f8c015ad2f
-
SHA512
8c80b2ba4fb0b92e56d0002ef002d43bd8fe098f3fd9bbde998251661c56cd757eaf2ef6655e862c4d10ab03b7100f3c948a04782430cf8e10042ba28a0fc3fc
-
SSDEEP
1536:9vQBeOGtrYS3srx93UBWfwC6Ggnouy8PbhnyLFWoFLAxZhMDzE8mpcNozI:9hOmTsF93UYfwC6GIoutz5yLpOSDpozI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a52573607a047e98b728abc42ac4c450N.exe"C:\Users\Admin\AppData\Local\Temp\a52573607a047e98b728abc42ac4c450N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrrrf.exec:\rrxrrrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\466228.exec:\466228.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdjp.exec:\vvdjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnnt.exec:\nnnnnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\88642.exec:\88642.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbtnn.exec:\hhbtnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48646.exec:\48646.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\24828.exec:\24828.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbttnt.exec:\tbttnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvv.exec:\pvvvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\808828.exec:\808828.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlflr.exec:\frxlflr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\820000.exec:\820000.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppj.exec:\pdppj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\862222.exec:\862222.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbnnt.exec:\nbbnnt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6444400.exec:\6444400.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\228222.exec:\228222.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntthn.exec:\bntthn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i604284.exec:\i604284.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllllll.exec:\lllllll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\668406.exec:\668406.exe23⤵
- Executes dropped EXE
-
\??\c:\fffrlfx.exec:\fffrlfx.exe24⤵
- Executes dropped EXE
-
\??\c:\06642.exec:\06642.exe25⤵
- Executes dropped EXE
-
\??\c:\24860.exec:\24860.exe26⤵
- Executes dropped EXE
-
\??\c:\flrxxxr.exec:\flrxxxr.exe27⤵
- Executes dropped EXE
-
\??\c:\680286.exec:\680286.exe28⤵
- Executes dropped EXE
-
\??\c:\bnnhtt.exec:\bnnhtt.exe29⤵
- Executes dropped EXE
-
\??\c:\hnnnth.exec:\hnnnth.exe30⤵
- Executes dropped EXE
-
\??\c:\lxxrflx.exec:\lxxrflx.exe31⤵
- Executes dropped EXE
-
\??\c:\08600.exec:\08600.exe32⤵
- Executes dropped EXE
-
\??\c:\666868.exec:\666868.exe33⤵
- Executes dropped EXE
-
\??\c:\6428668.exec:\6428668.exe34⤵
- Executes dropped EXE
-
\??\c:\020682.exec:\020682.exe35⤵
- Executes dropped EXE
-
\??\c:\6624240.exec:\6624240.exe36⤵
- Executes dropped EXE
-
\??\c:\m0600.exec:\m0600.exe37⤵
- Executes dropped EXE
-
\??\c:\5ffxxrl.exec:\5ffxxrl.exe38⤵
- Executes dropped EXE
-
\??\c:\ppvvv.exec:\ppvvv.exe39⤵
- Executes dropped EXE
-
\??\c:\lxrxrrx.exec:\lxrxrrx.exe40⤵
- Executes dropped EXE
-
\??\c:\228888.exec:\228888.exe41⤵
- Executes dropped EXE
-
\??\c:\262222.exec:\262222.exe42⤵
- Executes dropped EXE
-
\??\c:\nnhhbb.exec:\nnhhbb.exe43⤵
- Executes dropped EXE
-
\??\c:\4426842.exec:\4426842.exe44⤵
- Executes dropped EXE
-
\??\c:\ddvdd.exec:\ddvdd.exe45⤵
- Executes dropped EXE
-
\??\c:\6640666.exec:\6640666.exe46⤵
- Executes dropped EXE
-
\??\c:\86400.exec:\86400.exe47⤵
- Executes dropped EXE
-
\??\c:\64464.exec:\64464.exe48⤵
- Executes dropped EXE
-
\??\c:\428408.exec:\428408.exe49⤵
- Executes dropped EXE
-
\??\c:\5dddv.exec:\5dddv.exe50⤵
- Executes dropped EXE
-
\??\c:\006040.exec:\006040.exe51⤵
- Executes dropped EXE
-
\??\c:\btnbhh.exec:\btnbhh.exe52⤵
- Executes dropped EXE
-
\??\c:\02464.exec:\02464.exe53⤵
- Executes dropped EXE
-
\??\c:\thhnhn.exec:\thhnhn.exe54⤵
- Executes dropped EXE
-
\??\c:\bbhhhh.exec:\bbhhhh.exe55⤵
- Executes dropped EXE
-
\??\c:\04044.exec:\04044.exe56⤵
- Executes dropped EXE
-
\??\c:\jjvpv.exec:\jjvpv.exe57⤵
- Executes dropped EXE
-
\??\c:\nbnbbt.exec:\nbnbbt.exe58⤵
- Executes dropped EXE
-
\??\c:\nnnnhn.exec:\nnnnhn.exe59⤵
- Executes dropped EXE
-
\??\c:\fffxlll.exec:\fffxlll.exe60⤵
- Executes dropped EXE
-
\??\c:\rrxxrxr.exec:\rrxxrxr.exe61⤵
- Executes dropped EXE
-
\??\c:\pvvdp.exec:\pvvdp.exe62⤵
- Executes dropped EXE
-
\??\c:\80222.exec:\80222.exe63⤵
- Executes dropped EXE
-
\??\c:\ppddp.exec:\ppddp.exe64⤵
- Executes dropped EXE
-
\??\c:\6028288.exec:\6028288.exe65⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe66⤵
-
\??\c:\pvpdv.exec:\pvpdv.exe67⤵
-
\??\c:\djjpp.exec:\djjpp.exe68⤵
-
\??\c:\tthbbh.exec:\tthbbh.exe69⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe70⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe71⤵
-
\??\c:\rlrxfxl.exec:\rlrxfxl.exe72⤵
-
\??\c:\vppjd.exec:\vppjd.exe73⤵
-
\??\c:\jjppd.exec:\jjppd.exe74⤵
-
\??\c:\84222.exec:\84222.exe75⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe76⤵
-
\??\c:\pjjvv.exec:\pjjvv.exe77⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe78⤵
-
\??\c:\jpdpv.exec:\jpdpv.exe79⤵
-
\??\c:\tbnnnt.exec:\tbnnnt.exe80⤵
-
\??\c:\624428.exec:\624428.exe81⤵
-
\??\c:\666228.exec:\666228.exe82⤵
-
\??\c:\00224.exec:\00224.exe83⤵
-
\??\c:\4646422.exec:\4646422.exe84⤵
-
\??\c:\446662.exec:\446662.exe85⤵
-
\??\c:\866826.exec:\866826.exe86⤵
-
\??\c:\46002.exec:\46002.exe87⤵
-
\??\c:\268888.exec:\268888.exe88⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe89⤵
-
\??\c:\0040408.exec:\0040408.exe90⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe91⤵
-
\??\c:\ntbbbb.exec:\ntbbbb.exe92⤵
-
\??\c:\646244.exec:\646244.exe93⤵
-
\??\c:\020022.exec:\020022.exe94⤵
-
\??\c:\40846.exec:\40846.exe95⤵
-
\??\c:\btttnt.exec:\btttnt.exe96⤵
-
\??\c:\8260482.exec:\8260482.exe97⤵
-
\??\c:\hhhnnn.exec:\hhhnnn.exe98⤵
-
\??\c:\6862666.exec:\6862666.exe99⤵
-
\??\c:\822228.exec:\822228.exe100⤵
-
\??\c:\4222042.exec:\4222042.exe101⤵
-
\??\c:\lrxxxxx.exec:\lrxxxxx.exe102⤵
-
\??\c:\68222.exec:\68222.exe103⤵
-
\??\c:\00886.exec:\00886.exe104⤵
-
\??\c:\2242284.exec:\2242284.exe105⤵
-
\??\c:\860204.exec:\860204.exe106⤵
-
\??\c:\xlffrxr.exec:\xlffrxr.exe107⤵
-
\??\c:\ttbbtb.exec:\ttbbtb.exe108⤵
-
\??\c:\lllffxl.exec:\lllffxl.exe109⤵
-
\??\c:\rlxllll.exec:\rlxllll.exe110⤵
-
\??\c:\6042042.exec:\6042042.exe111⤵
-
\??\c:\hnntbh.exec:\hnntbh.exe112⤵
-
\??\c:\8066062.exec:\8066062.exe113⤵
-
\??\c:\44004.exec:\44004.exe114⤵
-
\??\c:\02600.exec:\02600.exe115⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe116⤵
-
\??\c:\xxfrrlr.exec:\xxfrrlr.exe117⤵
-
\??\c:\tttnbb.exec:\tttnbb.exe118⤵
-
\??\c:\lrrlfxr.exec:\lrrlfxr.exe119⤵
-
\??\c:\vjjpj.exec:\vjjpj.exe120⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-