Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
21-07-2024 13:40
General
-
Target
cebc1a64a7ed0de32b33fb709138dc30N.exe
-
Size
62KB
-
MD5
cebc1a64a7ed0de32b33fb709138dc30
-
SHA1
bef083eb4efc70816e6e2f659b4ca283e2fd95c6
-
SHA256
519503ec3d33c77a742a083f092a7453ec9e6c3beb683f85b9cbbeb70b95d76d
-
SHA512
5ef6ec6f54595996f54ebed70a2a4c9269cdb56773691973a66cd16c03313e4c271bba01b670b9ac46b118f8196c1f0f0e8b451d02055fc2f91b4274d4f3e9a6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+M:ymb3NkkiQ3mdBjF0y7M
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cebc1a64a7ed0de32b33fb709138dc30N.exe"C:\Users\Admin\AppData\Local\Temp\cebc1a64a7ed0de32b33fb709138dc30N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnnt.exec:\bnnnnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpdd.exec:\djpdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxrlrr.exec:\3rxrlrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbhhh.exec:\ntbhhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjj.exec:\jjpjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppp.exec:\ddppp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tntbn.exec:\9tntbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jdvj.exec:\5jdvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7flllrl.exec:\7flllrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnbh.exec:\tthnbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfflllr.exec:\rfflllr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlllfl.exec:\fxlllfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjd.exec:\dpvjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrflx.exec:\ffrrflx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvd.exec:\vdjvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrrff.exec:\xxxrrff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnnn.exec:\tnnnnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtnn.exec:\btbtnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjj.exec:\pjdjj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrxff.exec:\xxrrxff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbbtb.exec:\3tbbtb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvv.exec:\vjdvv.exe23⤵
- Executes dropped EXE
-
\??\c:\nttnbn.exec:\nttnbn.exe24⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe25⤵
- Executes dropped EXE
-
\??\c:\rflrlfr.exec:\rflrlfr.exe26⤵
- Executes dropped EXE
-
\??\c:\nnnnnn.exec:\nnnnnn.exe27⤵
- Executes dropped EXE
-
\??\c:\pvvvv.exec:\pvvvv.exe28⤵
- Executes dropped EXE
-
\??\c:\llllrrx.exec:\llllrrx.exe29⤵
- Executes dropped EXE
-
\??\c:\1nnnnn.exec:\1nnnnn.exe30⤵
- Executes dropped EXE
-
\??\c:\7vjdp.exec:\7vjdp.exe31⤵
- Executes dropped EXE
-
\??\c:\5rrlllx.exec:\5rrlllx.exe32⤵
- Executes dropped EXE
-
\??\c:\ttbthn.exec:\ttbthn.exe33⤵
- Executes dropped EXE
-
\??\c:\pvjjd.exec:\pvjjd.exe34⤵
- Executes dropped EXE
-
\??\c:\frfxlrr.exec:\frfxlrr.exe35⤵
- Executes dropped EXE
-
\??\c:\tnthth.exec:\tnthth.exe36⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe37⤵
- Executes dropped EXE
-
\??\c:\rxrxfff.exec:\rxrxfff.exe38⤵
- Executes dropped EXE
-
\??\c:\nhnnhn.exec:\nhnnhn.exe39⤵
- Executes dropped EXE
-
\??\c:\nnnttt.exec:\nnnttt.exe40⤵
- Executes dropped EXE
-
\??\c:\lrrlrrx.exec:\lrrlrrx.exe41⤵
- Executes dropped EXE
-
\??\c:\lflllrl.exec:\lflllrl.exe42⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe43⤵
- Executes dropped EXE
-
\??\c:\dpjjd.exec:\dpjjd.exe44⤵
- Executes dropped EXE
-
\??\c:\xffrrxx.exec:\xffrrxx.exe45⤵
- Executes dropped EXE
-
\??\c:\nnhtnn.exec:\nnhtnn.exe46⤵
- Executes dropped EXE
-
\??\c:\bnhbbn.exec:\bnhbbn.exe47⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe48⤵
- Executes dropped EXE
-
\??\c:\rlxlflx.exec:\rlxlflx.exe49⤵
- Executes dropped EXE
-
\??\c:\9nnhbh.exec:\9nnhbh.exe50⤵
- Executes dropped EXE
-
\??\c:\1dpjp.exec:\1dpjp.exe51⤵
- Executes dropped EXE
-
\??\c:\fffflrx.exec:\fffflrx.exe52⤵
- Executes dropped EXE
-
\??\c:\nnhhbh.exec:\nnhhbh.exe53⤵
- Executes dropped EXE
-
\??\c:\pvppv.exec:\pvppv.exe54⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe55⤵
- Executes dropped EXE
-
\??\c:\rrxffrr.exec:\rrxffrr.exe56⤵
- Executes dropped EXE
-
\??\c:\nnnnnt.exec:\nnnnnt.exe57⤵
- Executes dropped EXE
-
\??\c:\djjpp.exec:\djjpp.exe58⤵
- Executes dropped EXE
-
\??\c:\rrxxxff.exec:\rrxxxff.exe59⤵
- Executes dropped EXE
-
\??\c:\ttnnbh.exec:\ttnnbh.exe60⤵
- Executes dropped EXE
-
\??\c:\dvjdd.exec:\dvjdd.exe61⤵
- Executes dropped EXE
-
\??\c:\rrxxlrr.exec:\rrxxlrr.exe62⤵
- Executes dropped EXE
-
\??\c:\rxfffrr.exec:\rxfffrr.exe63⤵
- Executes dropped EXE
-
\??\c:\ppjvv.exec:\ppjvv.exe64⤵
- Executes dropped EXE
-
\??\c:\jjppv.exec:\jjppv.exe65⤵
- Executes dropped EXE
-
\??\c:\rxflrxr.exec:\rxflrxr.exe66⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe67⤵
-
\??\c:\rlrrrxx.exec:\rlrrrxx.exe68⤵
-
\??\c:\tbhhtb.exec:\tbhhtb.exe69⤵
-
\??\c:\hhbhhn.exec:\hhbhhn.exe70⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe71⤵
-
\??\c:\1xxfffl.exec:\1xxfffl.exe72⤵
-
\??\c:\hbtttb.exec:\hbtttb.exe73⤵
-
\??\c:\5pvvp.exec:\5pvvp.exe74⤵
-
\??\c:\ffxlxlx.exec:\ffxlxlx.exe75⤵
-
\??\c:\hhnhbn.exec:\hhnhbn.exe76⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe77⤵
-
\??\c:\rfrrfll.exec:\rfrrfll.exe78⤵
-
\??\c:\jpjpj.exec:\jpjpj.exe79⤵
-
\??\c:\rlrrrrr.exec:\rlrrrrr.exe80⤵
-
\??\c:\flrxrff.exec:\flrxrff.exe81⤵
-
\??\c:\vddpj.exec:\vddpj.exe82⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe83⤵
-
\??\c:\hthhnh.exec:\hthhnh.exe84⤵
-
\??\c:\pvpjp.exec:\pvpjp.exe85⤵
-
\??\c:\ffflrxr.exec:\ffflrxr.exe86⤵
-
\??\c:\5nbbhn.exec:\5nbbhn.exe87⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe88⤵
-
\??\c:\lrffrrf.exec:\lrffrrf.exe89⤵
-
\??\c:\hbntnn.exec:\hbntnn.exe90⤵
-
\??\c:\pvjjv.exec:\pvjjv.exe91⤵
-
\??\c:\frllllf.exec:\frllllf.exe92⤵
-
\??\c:\nbnhbh.exec:\nbnhbh.exe93⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe94⤵
-
\??\c:\xlxxrrr.exec:\xlxxrrr.exe95⤵
-
\??\c:\tnbbbh.exec:\tnbbbh.exe96⤵
-
\??\c:\bbhtbt.exec:\bbhtbt.exe97⤵
-
\??\c:\jjddv.exec:\jjddv.exe98⤵
-
\??\c:\rxxxxxf.exec:\rxxxxxf.exe99⤵
-
\??\c:\tbtbth.exec:\tbtbth.exe100⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe101⤵
-
\??\c:\1fxrrll.exec:\1fxrrll.exe102⤵
-
\??\c:\xfrfffr.exec:\xfrfffr.exe103⤵
-
\??\c:\9bnntb.exec:\9bnntb.exe104⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe105⤵
-
\??\c:\lfllrxx.exec:\lfllrxx.exe106⤵
-
\??\c:\rrffrxl.exec:\rrffrxl.exe107⤵
-
\??\c:\hhbttt.exec:\hhbttt.exe108⤵
-
\??\c:\dddjd.exec:\dddjd.exe109⤵
-
\??\c:\rrxrrxr.exec:\rrxrrxr.exe110⤵
-
\??\c:\nhthhb.exec:\nhthhb.exe111⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe112⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe113⤵
-
\??\c:\xffrlff.exec:\xffrlff.exe114⤵
-
\??\c:\rxllrrx.exec:\rxllrrx.exe115⤵
-
\??\c:\nnnnhn.exec:\nnnnhn.exe116⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe117⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe118⤵
-
\??\c:\rrrrrfr.exec:\rrrrrfr.exe119⤵
-
\??\c:\llxxxxx.exec:\llxxxxx.exe120⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-