Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
22-07-2024 23:28
General
-
Target
7f2c51eba5ae61116938ba2fe364a15ccb5d44a1c9b8e41d01a447ad492718cd.exe
-
Size
77KB
-
MD5
3485efd7a42275af204a25f917fa035a
-
SHA1
74d46bb397dd0ea0c66f761ad4f66ff647e6c819
-
SHA256
7f2c51eba5ae61116938ba2fe364a15ccb5d44a1c9b8e41d01a447ad492718cd
-
SHA512
18fe7d02d02d0fa66154c2d011569d247543e7131fc8e05db7436619375c519ef79057f248879785d2dd42fab1c23f96257d0213ce5b5d0eb370c585eafb069b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2iJvRirE0DmvK:ymb3NkkiQ3mdBjF+3TU2iBRioS9
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f2c51eba5ae61116938ba2fe364a15ccb5d44a1c9b8e41d01a447ad492718cd.exe"C:\Users\Admin\AppData\Local\Temp\7f2c51eba5ae61116938ba2fe364a15ccb5d44a1c9b8e41d01a447ad492718cd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlrff.exec:\lxrlrff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhbt.exec:\nhbhbt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjv.exec:\dvpjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xxlfxl.exec:\9xxlfxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbnhb.exec:\hhbnhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbttn.exec:\5tbttn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrfrlx.exec:\rfrfrlx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnth.exec:\nbtnth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhtn.exec:\thnhtn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvjd.exec:\vjvjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfrlx.exec:\rllfrlx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttnh.exec:\hhttnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtn.exec:\nbhbtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjddp.exec:\vjddp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfxlll.exec:\flfxlll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhht.exec:\bnnhht.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvjj.exec:\5vvjj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrrxr.exec:\rrxrrxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxrllx.exec:\5lxrllx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtnn.exec:\tnbtnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhnh.exec:\hbnhnh.exe23⤵
- Executes dropped EXE
-
\??\c:\ddvvv.exec:\ddvvv.exe24⤵
- Executes dropped EXE
-
\??\c:\bhtttt.exec:\bhtttt.exe25⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe26⤵
- Executes dropped EXE
-
\??\c:\flfxlll.exec:\flfxlll.exe27⤵
- Executes dropped EXE
-
\??\c:\bthbth.exec:\bthbth.exe28⤵
- Executes dropped EXE
-
\??\c:\bttbbb.exec:\bttbbb.exe29⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe30⤵
- Executes dropped EXE
-
\??\c:\9xrfrlf.exec:\9xrfrlf.exe31⤵
- Executes dropped EXE
-
\??\c:\ntthnb.exec:\ntthnb.exe32⤵
- Executes dropped EXE
-
\??\c:\1vvdp.exec:\1vvdp.exe33⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe34⤵
- Executes dropped EXE
-
\??\c:\frxlrff.exec:\frxlrff.exe35⤵
- Executes dropped EXE
-
\??\c:\xrxffrr.exec:\xrxffrr.exe36⤵
- Executes dropped EXE
-
\??\c:\hhnhbh.exec:\hhnhbh.exe37⤵
- Executes dropped EXE
-
\??\c:\pvdjj.exec:\pvdjj.exe38⤵
- Executes dropped EXE
-
\??\c:\dvjvd.exec:\dvjvd.exe39⤵
- Executes dropped EXE
-
\??\c:\xxxlflf.exec:\xxxlflf.exe40⤵
- Executes dropped EXE
-
\??\c:\5thbtb.exec:\5thbtb.exe41⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe42⤵
- Executes dropped EXE
-
\??\c:\pvddv.exec:\pvddv.exe43⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe44⤵
- Executes dropped EXE
-
\??\c:\xrxffxf.exec:\xrxffxf.exe45⤵
- Executes dropped EXE
-
\??\c:\hhhhbh.exec:\hhhhbh.exe46⤵
- Executes dropped EXE
-
\??\c:\9jppj.exec:\9jppj.exe47⤵
- Executes dropped EXE
-
\??\c:\jjvvv.exec:\jjvvv.exe48⤵
- Executes dropped EXE
-
\??\c:\xlrrlrl.exec:\xlrrlrl.exe49⤵
- Executes dropped EXE
-
\??\c:\thhnhh.exec:\thhnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\3vdvp.exec:\3vdvp.exe51⤵
- Executes dropped EXE
-
\??\c:\rfxrlrr.exec:\rfxrlrr.exe52⤵
- Executes dropped EXE
-
\??\c:\rxfflxr.exec:\rxfflxr.exe53⤵
- Executes dropped EXE
-
\??\c:\vvjpp.exec:\vvjpp.exe54⤵
- Executes dropped EXE
-
\??\c:\lfxlfff.exec:\lfxlfff.exe55⤵
- Executes dropped EXE
-
\??\c:\rflllll.exec:\rflllll.exe56⤵
- Executes dropped EXE
-
\??\c:\hntttb.exec:\hntttb.exe57⤵
- Executes dropped EXE
-
\??\c:\5vpvv.exec:\5vpvv.exe58⤵
- Executes dropped EXE
-
\??\c:\7pppj.exec:\7pppj.exe59⤵
- Executes dropped EXE
-
\??\c:\lfffxxr.exec:\lfffxxr.exe60⤵
- Executes dropped EXE
-
\??\c:\xflrxxf.exec:\xflrxxf.exe61⤵
- Executes dropped EXE
-
\??\c:\nnthnh.exec:\nnthnh.exe62⤵
- Executes dropped EXE
-
\??\c:\1pvpp.exec:\1pvpp.exe63⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe64⤵
- Executes dropped EXE
-
\??\c:\fxfxfxx.exec:\fxfxfxx.exe65⤵
- Executes dropped EXE
-
\??\c:\ttbbhh.exec:\ttbbhh.exe66⤵
-
\??\c:\9bbbtn.exec:\9bbbtn.exe67⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe68⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe69⤵
-
\??\c:\ffllxff.exec:\ffllxff.exe70⤵
-
\??\c:\rrxffff.exec:\rrxffff.exe71⤵
-
\??\c:\hhhnnn.exec:\hhhnnn.exe72⤵
-
\??\c:\pvddd.exec:\pvddd.exe73⤵
-
\??\c:\tnnbhh.exec:\tnnbhh.exe74⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe75⤵
-
\??\c:\jpppp.exec:\jpppp.exe76⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe77⤵
-
\??\c:\fxffrrf.exec:\fxffrrf.exe78⤵
-
\??\c:\bhbttn.exec:\bhbttn.exe79⤵
-
\??\c:\nthbtb.exec:\nthbtb.exe80⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe81⤵
-
\??\c:\vvddv.exec:\vvddv.exe82⤵
-
\??\c:\rrfxrxl.exec:\rrfxrxl.exe83⤵
-
\??\c:\rrxxlll.exec:\rrxxlll.exe84⤵
-
\??\c:\ttbttt.exec:\ttbttt.exe85⤵
-
\??\c:\bbntbb.exec:\bbntbb.exe86⤵
-
\??\c:\7jvvd.exec:\7jvvd.exe87⤵
-
\??\c:\1pvpj.exec:\1pvpj.exe88⤵
-
\??\c:\xlffxlx.exec:\xlffxlx.exe89⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe90⤵
-
\??\c:\bnbhhh.exec:\bnbhhh.exe91⤵
-
\??\c:\vdddp.exec:\vdddp.exe92⤵
-
\??\c:\djppj.exec:\djppj.exe93⤵
-
\??\c:\xxllfll.exec:\xxllfll.exe94⤵
-
\??\c:\rlllffx.exec:\rlllffx.exe95⤵
-
\??\c:\tnnnnt.exec:\tnnnnt.exe96⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe97⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe98⤵
-
\??\c:\fflrrfl.exec:\fflrrfl.exe99⤵
-
\??\c:\rfrxrlf.exec:\rfrxrlf.exe100⤵
-
\??\c:\hnnhth.exec:\hnnhth.exe101⤵
-
\??\c:\nnnhhh.exec:\nnnhhh.exe102⤵
-
\??\c:\jpddd.exec:\jpddd.exe103⤵
-
\??\c:\dpppj.exec:\dpppj.exe104⤵
-
\??\c:\3lrlfff.exec:\3lrlfff.exe105⤵
-
\??\c:\xrrxxxx.exec:\xrrxxxx.exe106⤵
-
\??\c:\nnhnnh.exec:\nnhnnh.exe107⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe108⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe109⤵
-
\??\c:\5lrlfff.exec:\5lrlfff.exe110⤵
-
\??\c:\xfxrffx.exec:\xfxrffx.exe111⤵
-
\??\c:\htbtnh.exec:\htbtnh.exe112⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe113⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe114⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe115⤵
-
\??\c:\lxfrlfx.exec:\lxfrlfx.exe116⤵
-
\??\c:\nnnhtn.exec:\nnnhtn.exe117⤵
-
\??\c:\9hbnhh.exec:\9hbnhh.exe118⤵
-
\??\c:\vdvdv.exec:\vdvdv.exe119⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe120⤵
-
\??\c:\lfllllf.exec:\lfllllf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-