Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
21-07-2024 11:39
General
-
Target
ba263b5510097e7131341ad4a1aa5770N.exe
-
Size
411KB
-
MD5
ba263b5510097e7131341ad4a1aa5770
-
SHA1
ca5a3f86aaf15f34d052362923faa1416e9d4acc
-
SHA256
66a32ca5e5e746a11ffc4aceac32c26500d08a17ddb728ee864dd50267f72441
-
SHA512
a0916adac105cfc96a2fde7ad2f02ff176b0ff92069f59485e0801a3ef7cfc81468049949c31902fd09d9e56d52953d2cd3b9f39ae031b0814033740c673ccc2
-
SSDEEP
3072:PhOm2sI93UufdC67cihfmCiiiXAsACF486jJSp1BwcZN:Pcm7ImGddXtWrXD486jJq1BwcZN
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 63 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ba263b5510097e7131341ad4a1aa5770N.exe"C:\Users\Admin\AppData\Local\Temp\ba263b5510097e7131341ad4a1aa5770N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\llfflrx.exec:\llfflrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnn.exec:\bntnnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjp.exec:\jjjjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvv.exec:\jdjvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbbb.exec:\bnhbbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvjj.exec:\1dvjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhbb.exec:\hhhhbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlrxr.exec:\flrlrxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbttt.exec:\tnbttt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflflfl.exec:\fflflfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbnh.exec:\tnbbnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rfxrrr.exec:\5rfxrrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxrrl.exec:\xxfxrrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nhbtb.exec:\7nhbtb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjj.exec:\vdpjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxrrl.exec:\rlxxrrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfflfrl.exec:\xfflfrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ttttb.exec:\7ttttb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlxxx.exec:\llrlxxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhhbb.exec:\bhhhbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhhhh.exec:\hnhhhh.exe23⤵
- Executes dropped EXE
-
\??\c:\hthntb.exec:\hthntb.exe24⤵
- Executes dropped EXE
-
\??\c:\3jpjp.exec:\3jpjp.exe25⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe26⤵
- Executes dropped EXE
-
\??\c:\hhhtnn.exec:\hhhtnn.exe27⤵
- Executes dropped EXE
-
\??\c:\pjjvv.exec:\pjjvv.exe28⤵
- Executes dropped EXE
-
\??\c:\vpvjj.exec:\vpvjj.exe29⤵
- Executes dropped EXE
-
\??\c:\fxfffxl.exec:\fxfffxl.exe30⤵
- Executes dropped EXE
-
\??\c:\tbnhhh.exec:\tbnhhh.exe31⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe32⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe33⤵
- Executes dropped EXE
-
\??\c:\9flfxrl.exec:\9flfxrl.exe34⤵
- Executes dropped EXE
-
\??\c:\nnhbbb.exec:\nnhbbb.exe35⤵
- Executes dropped EXE
-
\??\c:\dvdjj.exec:\dvdjj.exe36⤵
- Executes dropped EXE
-
\??\c:\rlrrlxr.exec:\rlrrlxr.exe37⤵
- Executes dropped EXE
-
\??\c:\3nhbtn.exec:\3nhbtn.exe38⤵
- Executes dropped EXE
-
\??\c:\xfxrffx.exec:\xfxrffx.exe39⤵
- Executes dropped EXE
-
\??\c:\lxxlfxr.exec:\lxxlfxr.exe40⤵
- Executes dropped EXE
-
\??\c:\7hbttt.exec:\7hbttt.exe41⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe42⤵
- Executes dropped EXE
-
\??\c:\xrlrlfx.exec:\xrlrlfx.exe43⤵
- Executes dropped EXE
-
\??\c:\9bnhbn.exec:\9bnhbn.exe44⤵
- Executes dropped EXE
-
\??\c:\ddjjp.exec:\ddjjp.exe45⤵
- Executes dropped EXE
-
\??\c:\lrxrllx.exec:\lrxrllx.exe46⤵
- Executes dropped EXE
-
\??\c:\9nbttt.exec:\9nbttt.exe47⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe48⤵
- Executes dropped EXE
-
\??\c:\xfrrlxl.exec:\xfrrlxl.exe49⤵
- Executes dropped EXE
-
\??\c:\lflxrlf.exec:\lflxrlf.exe50⤵
- Executes dropped EXE
-
\??\c:\hhnnnn.exec:\hhnnnn.exe51⤵
- Executes dropped EXE
-
\??\c:\jvdpj.exec:\jvdpj.exe52⤵
- Executes dropped EXE
-
\??\c:\xxxxrxx.exec:\xxxxrxx.exe53⤵
- Executes dropped EXE
-
\??\c:\nbnhbb.exec:\nbnhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\xxxllff.exec:\xxxllff.exe55⤵
- Executes dropped EXE
-
\??\c:\7ttnnn.exec:\7ttnnn.exe56⤵
- Executes dropped EXE
-
\??\c:\9ddvp.exec:\9ddvp.exe57⤵
- Executes dropped EXE
-
\??\c:\lfrlrrf.exec:\lfrlrrf.exe58⤵
- Executes dropped EXE
-
\??\c:\htbttt.exec:\htbttt.exe59⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe60⤵
- Executes dropped EXE
-
\??\c:\lxlfrxr.exec:\lxlfrxr.exe61⤵
- Executes dropped EXE
-
\??\c:\1htthn.exec:\1htthn.exe62⤵
- Executes dropped EXE
-
\??\c:\hbnnht.exec:\hbnnht.exe63⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe64⤵
- Executes dropped EXE
-
\??\c:\rrlfrrl.exec:\rrlfrrl.exe65⤵
- Executes dropped EXE
-
\??\c:\hthbtt.exec:\hthbtt.exe66⤵
-
\??\c:\hnntnn.exec:\hnntnn.exe67⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe68⤵
-
\??\c:\fxflfff.exec:\fxflfff.exe69⤵
-
\??\c:\bhbbtn.exec:\bhbbtn.exe70⤵
-
\??\c:\nttnbb.exec:\nttnbb.exe71⤵
-
\??\c:\pjppj.exec:\pjppj.exe72⤵
-
\??\c:\xllffll.exec:\xllffll.exe73⤵
-
\??\c:\hbbtbh.exec:\hbbtbh.exe74⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe75⤵
-
\??\c:\1ddpj.exec:\1ddpj.exe76⤵
-
\??\c:\fxxlxrl.exec:\fxxlxrl.exe77⤵
-
\??\c:\rxlfxrl.exec:\rxlfxrl.exe78⤵
-
\??\c:\3hbtnn.exec:\3hbtnn.exe79⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe80⤵
-
\??\c:\fffrlfr.exec:\fffrlfr.exe81⤵
-
\??\c:\tntttn.exec:\tntttn.exe82⤵
-
\??\c:\nhhthb.exec:\nhhthb.exe83⤵
-
\??\c:\pvjpv.exec:\pvjpv.exe84⤵
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe85⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe86⤵
-
\??\c:\pvdjj.exec:\pvdjj.exe87⤵
-
\??\c:\9pjjv.exec:\9pjjv.exe88⤵
-
\??\c:\9ffxllr.exec:\9ffxllr.exe89⤵
-
\??\c:\7hhhbt.exec:\7hhhbt.exe90⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe91⤵
-
\??\c:\xrrfxfr.exec:\xrrfxfr.exe92⤵
-
\??\c:\tnbbtt.exec:\tnbbtt.exe93⤵
-
\??\c:\tnhttb.exec:\tnhttb.exe94⤵
-
\??\c:\jpjpd.exec:\jpjpd.exe95⤵
-
\??\c:\fxlflll.exec:\fxlflll.exe96⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe97⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe98⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe99⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe100⤵
-
\??\c:\ttnnnt.exec:\ttnnnt.exe101⤵
-
\??\c:\nhhnbh.exec:\nhhnbh.exe102⤵
-
\??\c:\9djdp.exec:\9djdp.exe103⤵
-
\??\c:\7pvjd.exec:\7pvjd.exe104⤵
-
\??\c:\lrxrlll.exec:\lrxrlll.exe105⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe106⤵
-
\??\c:\bbtntt.exec:\bbtntt.exe107⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe108⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe109⤵
-
\??\c:\ffxrllf.exec:\ffxrllf.exe110⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe111⤵
-
\??\c:\9rlllll.exec:\9rlllll.exe112⤵
-
\??\c:\nbhbtn.exec:\nbhbtn.exe113⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe114⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe115⤵
-
\??\c:\hhhbhn.exec:\hhhbhn.exe116⤵
-
\??\c:\jdddd.exec:\jdddd.exe117⤵
-
\??\c:\7jddd.exec:\7jddd.exe118⤵
-
\??\c:\xfffxxf.exec:\xfffxxf.exe119⤵
-
\??\c:\tbtnnn.exec:\tbtnnn.exe120⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-