Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
21/07/2024, 13:40
General
-
Target
cebc1a64a7ed0de32b33fb709138dc30N.exe
-
Size
62KB
-
MD5
cebc1a64a7ed0de32b33fb709138dc30
-
SHA1
bef083eb4efc70816e6e2f659b4ca283e2fd95c6
-
SHA256
519503ec3d33c77a742a083f092a7453ec9e6c3beb683f85b9cbbeb70b95d76d
-
SHA512
5ef6ec6f54595996f54ebed70a2a4c9269cdb56773691973a66cd16c03313e4c271bba01b670b9ac46b118f8196c1f0f0e8b451d02055fc2f91b4274d4f3e9a6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+M:ymb3NkkiQ3mdBjF0y7M
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cebc1a64a7ed0de32b33fb709138dc30N.exe"C:\Users\Admin\AppData\Local\Temp\cebc1a64a7ed0de32b33fb709138dc30N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\q48406.exec:\q48406.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjv.exec:\pjvjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvj.exec:\jjdvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxxfx.exec:\rrrxxfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\820284.exec:\820284.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\88086.exec:\88086.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k86640.exec:\k86640.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lflxfl.exec:\1lflxfl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\204626.exec:\204626.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\208406.exec:\208406.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2006668.exec:\2006668.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvdd.exec:\dpvdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q80240.exec:\q80240.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\86408.exec:\86408.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlxff.exec:\lxrlxff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\44846.exec:\44846.exe17⤵
- Executes dropped EXE
-
\??\c:\080688.exec:\080688.exe18⤵
- Executes dropped EXE
-
\??\c:\m8668.exec:\m8668.exe19⤵
- Executes dropped EXE
-
\??\c:\2628402.exec:\2628402.exe20⤵
- Executes dropped EXE
-
\??\c:\s6440.exec:\s6440.exe21⤵
- Executes dropped EXE
-
\??\c:\i402828.exec:\i402828.exe22⤵
- Executes dropped EXE
-
\??\c:\86406.exec:\86406.exe23⤵
- Executes dropped EXE
-
\??\c:\840660.exec:\840660.exe24⤵
- Executes dropped EXE
-
\??\c:\6440884.exec:\6440884.exe25⤵
- Executes dropped EXE
-
\??\c:\xrxrrxl.exec:\xrxrrxl.exe26⤵
- Executes dropped EXE
-
\??\c:\dpdjv.exec:\dpdjv.exe27⤵
- Executes dropped EXE
-
\??\c:\e26468.exec:\e26468.exe28⤵
- Executes dropped EXE
-
\??\c:\lxrrrrx.exec:\lxrrrrx.exe29⤵
- Executes dropped EXE
-
\??\c:\5pddv.exec:\5pddv.exe30⤵
- Executes dropped EXE
-
\??\c:\82022.exec:\82022.exe31⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe32⤵
- Executes dropped EXE
-
\??\c:\44662.exec:\44662.exe33⤵
- Executes dropped EXE
-
\??\c:\4428262.exec:\4428262.exe34⤵
- Executes dropped EXE
-
\??\c:\04864.exec:\04864.exe35⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe36⤵
- Executes dropped EXE
-
\??\c:\k46626.exec:\k46626.exe37⤵
- Executes dropped EXE
-
\??\c:\80802.exec:\80802.exe38⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe39⤵
- Executes dropped EXE
-
\??\c:\5pvdd.exec:\5pvdd.exe40⤵
- Executes dropped EXE
-
\??\c:\rllllff.exec:\rllllff.exe41⤵
- Executes dropped EXE
-
\??\c:\42448.exec:\42448.exe42⤵
- Executes dropped EXE
-
\??\c:\jdjpj.exec:\jdjpj.exe43⤵
- Executes dropped EXE
-
\??\c:\rlllxrf.exec:\rlllxrf.exe44⤵
- Executes dropped EXE
-
\??\c:\6824088.exec:\6824088.exe45⤵
- Executes dropped EXE
-
\??\c:\8262484.exec:\8262484.exe46⤵
- Executes dropped EXE
-
\??\c:\08662.exec:\08662.exe47⤵
- Executes dropped EXE
-
\??\c:\m2806.exec:\m2806.exe48⤵
- Executes dropped EXE
-
\??\c:\c840262.exec:\c840262.exe49⤵
- Executes dropped EXE
-
\??\c:\xxfrlxr.exec:\xxfrlxr.exe50⤵
- Executes dropped EXE
-
\??\c:\vpvdp.exec:\vpvdp.exe51⤵
- Executes dropped EXE
-
\??\c:\jpjvv.exec:\jpjvv.exe52⤵
- Executes dropped EXE
-
\??\c:\5vjdp.exec:\5vjdp.exe53⤵
- Executes dropped EXE
-
\??\c:\4204040.exec:\4204040.exe54⤵
- Executes dropped EXE
-
\??\c:\frlrxxx.exec:\frlrxxx.exe55⤵
- Executes dropped EXE
-
\??\c:\bnhntb.exec:\bnhntb.exe56⤵
- Executes dropped EXE
-
\??\c:\5bnthn.exec:\5bnthn.exe57⤵
- Executes dropped EXE
-
\??\c:\6462846.exec:\6462846.exe58⤵
- Executes dropped EXE
-
\??\c:\60406.exec:\60406.exe59⤵
- Executes dropped EXE
-
\??\c:\ppdvv.exec:\ppdvv.exe60⤵
- Executes dropped EXE
-
\??\c:\0800668.exec:\0800668.exe61⤵
- Executes dropped EXE
-
\??\c:\2046600.exec:\2046600.exe62⤵
- Executes dropped EXE
-
\??\c:\xrlxxfl.exec:\xrlxxfl.exe63⤵
- Executes dropped EXE
-
\??\c:\i206280.exec:\i206280.exe64⤵
- Executes dropped EXE
-
\??\c:\82442.exec:\82442.exe65⤵
- Executes dropped EXE
-
\??\c:\bthntb.exec:\bthntb.exe66⤵
-
\??\c:\42246.exec:\42246.exe67⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe68⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe69⤵
-
\??\c:\02026.exec:\02026.exe70⤵
-
\??\c:\dddpv.exec:\dddpv.exe71⤵
-
\??\c:\602806.exec:\602806.exe72⤵
-
\??\c:\2080262.exec:\2080262.exe73⤵
-
\??\c:\btnbnb.exec:\btnbnb.exe74⤵
-
\??\c:\rflrrrf.exec:\rflrrrf.exe75⤵
-
\??\c:\04406.exec:\04406.exe76⤵
-
\??\c:\rrlllxf.exec:\rrlllxf.exe77⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe78⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe79⤵
-
\??\c:\028288.exec:\028288.exe80⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe81⤵
-
\??\c:\08640.exec:\08640.exe82⤵
-
\??\c:\xxfflrf.exec:\xxfflrf.exe83⤵
-
\??\c:\480004.exec:\480004.exe84⤵
-
\??\c:\3fxllrx.exec:\3fxllrx.exe85⤵
-
\??\c:\1jpvv.exec:\1jpvv.exe86⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe87⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe88⤵
-
\??\c:\xfrffxx.exec:\xfrffxx.exe89⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe90⤵
-
\??\c:\hhhtnt.exec:\hhhtnt.exe91⤵
-
\??\c:\48868.exec:\48868.exe92⤵
-
\??\c:\1bbnnb.exec:\1bbnnb.exe93⤵
-
\??\c:\ttntbt.exec:\ttntbt.exe94⤵
-
\??\c:\1flxffl.exec:\1flxffl.exe95⤵
-
\??\c:\tttnhb.exec:\tttnhb.exe96⤵
-
\??\c:\5rxrrll.exec:\5rxrrll.exe97⤵
-
\??\c:\w02442.exec:\w02442.exe98⤵
-
\??\c:\llfrrxx.exec:\llfrrxx.exe99⤵
-
\??\c:\hbbbnb.exec:\hbbbnb.exe100⤵
-
\??\c:\9lfflll.exec:\9lfflll.exe101⤵
-
\??\c:\xrlxrxx.exec:\xrlxrxx.exe102⤵
-
\??\c:\08006.exec:\08006.exe103⤵
-
\??\c:\820240.exec:\820240.exe104⤵
-
\??\c:\c202844.exec:\c202844.exe105⤵
-
\??\c:\826806.exec:\826806.exe106⤵
-
\??\c:\hhnbbn.exec:\hhnbbn.exe107⤵
-
\??\c:\btthtn.exec:\btthtn.exe108⤵
-
\??\c:\q82402.exec:\q82402.exe109⤵
-
\??\c:\0804880.exec:\0804880.exe110⤵
-
\??\c:\004224.exec:\004224.exe111⤵
-
\??\c:\q48288.exec:\q48288.exe112⤵
-
\??\c:\6466844.exec:\6466844.exe113⤵
-
\??\c:\q02848.exec:\q02848.exe114⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe115⤵
-
\??\c:\jjddj.exec:\jjddj.exe116⤵
-
\??\c:\804600.exec:\804600.exe117⤵
-
\??\c:\u480644.exec:\u480644.exe118⤵
-
\??\c:\u082284.exec:\u082284.exe119⤵
-
\??\c:\42066.exec:\42066.exe120⤵
-
\??\c:\7lrffrf.exec:\7lrffrf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-