Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
22/07/2024, 23:57
General
-
Target
8acf3652893078346407037d5f726b1d66bbc8d3e214b0400948c13e8ebfb57c.exe
-
Size
57KB
-
MD5
0f59e461eeaa9d0122338045698677cc
-
SHA1
5577a6b527423bde55add3bbafc1ae41f0a87908
-
SHA256
8acf3652893078346407037d5f726b1d66bbc8d3e214b0400948c13e8ebfb57c
-
SHA512
5884162ad70c6057788baf580a4d83c5d0d7188f7e420f63d4be8c0a0cc09c45f50b69afc81f03d202e735cfc483b24215013f56c53ef7e02b492fdb97438195
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsI0Vl:ymb3NkkiQ3mdBjFIsI0/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8acf3652893078346407037d5f726b1d66bbc8d3e214b0400948c13e8ebfb57c.exe"C:\Users\Admin\AppData\Local\Temp\8acf3652893078346407037d5f726b1d66bbc8d3e214b0400948c13e8ebfb57c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppj.exec:\ppppj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllxxf.exec:\ffllxxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtt.exec:\btbbtt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnnbh.exec:\7tnnbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpv.exec:\pjvpv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlxxr.exec:\lxrlxxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhhh.exec:\hhnhhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dddd.exec:\7dddd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxrxr.exec:\xlxxrxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnbbn.exec:\5hnbbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhht.exec:\tnnhht.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvvv.exec:\5pvvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxrlr.exec:\lxlxrlr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntbbb.exec:\hntbbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhhn.exec:\btnhhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvpj.exec:\9dvpj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrrrl.exec:\lfxrrrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhnn.exec:\hbnhnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvj.exec:\jddvj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxxxfl.exec:\flxxxfl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhtnh.exec:\hhhtnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvp.exec:\dvdvp.exe23⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe24⤵
- Executes dropped EXE
-
\??\c:\fflxfrr.exec:\fflxfrr.exe25⤵
- Executes dropped EXE
-
\??\c:\xffxxfr.exec:\xffxxfr.exe26⤵
- Executes dropped EXE
-
\??\c:\9nnhhb.exec:\9nnhhb.exe27⤵
- Executes dropped EXE
-
\??\c:\1jpjp.exec:\1jpjp.exe28⤵
- Executes dropped EXE
-
\??\c:\9fxrxff.exec:\9fxrxff.exe29⤵
- Executes dropped EXE
-
\??\c:\lrrrfxr.exec:\lrrrfxr.exe30⤵
- Executes dropped EXE
-
\??\c:\hhthnh.exec:\hhthnh.exe31⤵
- Executes dropped EXE
-
\??\c:\1dpjd.exec:\1dpjd.exe32⤵
- Executes dropped EXE
-
\??\c:\fxxrllf.exec:\fxxrllf.exe33⤵
- Executes dropped EXE
-
\??\c:\hhtnnh.exec:\hhtnnh.exe34⤵
- Executes dropped EXE
-
\??\c:\5ddvp.exec:\5ddvp.exe35⤵
- Executes dropped EXE
-
\??\c:\dvvpv.exec:\dvvpv.exe36⤵
- Executes dropped EXE
-
\??\c:\1xxrlrx.exec:\1xxrlrx.exe37⤵
- Executes dropped EXE
-
\??\c:\hhbbhh.exec:\hhbbhh.exe38⤵
- Executes dropped EXE
-
\??\c:\7ppjd.exec:\7ppjd.exe39⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe40⤵
- Executes dropped EXE
-
\??\c:\9ffxrlf.exec:\9ffxrlf.exe41⤵
- Executes dropped EXE
-
\??\c:\ntbtnh.exec:\ntbtnh.exe42⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe43⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe44⤵
- Executes dropped EXE
-
\??\c:\rfxrlfx.exec:\rfxrlfx.exe45⤵
- Executes dropped EXE
-
\??\c:\bbntth.exec:\bbntth.exe46⤵
- Executes dropped EXE
-
\??\c:\9tttnn.exec:\9tttnn.exe47⤵
- Executes dropped EXE
-
\??\c:\dvppp.exec:\dvppp.exe48⤵
- Executes dropped EXE
-
\??\c:\vdddd.exec:\vdddd.exe49⤵
- Executes dropped EXE
-
\??\c:\rllfrlf.exec:\rllfrlf.exe50⤵
- Executes dropped EXE
-
\??\c:\hnnbtt.exec:\hnnbtt.exe51⤵
- Executes dropped EXE
-
\??\c:\nhbnhh.exec:\nhbnhh.exe52⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe53⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe54⤵
- Executes dropped EXE
-
\??\c:\xlrlfff.exec:\xlrlfff.exe55⤵
- Executes dropped EXE
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe56⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe57⤵
- Executes dropped EXE
-
\??\c:\pvddj.exec:\pvddj.exe58⤵
- Executes dropped EXE
-
\??\c:\bhnhbh.exec:\bhnhbh.exe59⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe60⤵
- Executes dropped EXE
-
\??\c:\3vdvv.exec:\3vdvv.exe61⤵
- Executes dropped EXE
-
\??\c:\5jvdj.exec:\5jvdj.exe62⤵
- Executes dropped EXE
-
\??\c:\lrrlfff.exec:\lrrlfff.exe63⤵
- Executes dropped EXE
-
\??\c:\hbhnbt.exec:\hbhnbt.exe64⤵
- Executes dropped EXE
-
\??\c:\httnhh.exec:\httnhh.exe65⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe66⤵
-
\??\c:\5ntbbh.exec:\5ntbbh.exe67⤵
-
\??\c:\httbbh.exec:\httbbh.exe68⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe69⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe70⤵
-
\??\c:\hbtbtn.exec:\hbtbtn.exe71⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe72⤵
-
\??\c:\lflfllr.exec:\lflfllr.exe73⤵
-
\??\c:\3rlfrrf.exec:\3rlfrrf.exe74⤵
-
\??\c:\bhnntt.exec:\bhnntt.exe75⤵
-
\??\c:\bthttn.exec:\bthttn.exe76⤵
-
\??\c:\pddvj.exec:\pddvj.exe77⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe78⤵
-
\??\c:\5frxxll.exec:\5frxxll.exe79⤵
-
\??\c:\3nnhbn.exec:\3nnhbn.exe80⤵
-
\??\c:\hbhnht.exec:\hbhnht.exe81⤵
-
\??\c:\dppjd.exec:\dppjd.exe82⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe83⤵
-
\??\c:\rrfxxxx.exec:\rrfxxxx.exe84⤵
-
\??\c:\nnbbbn.exec:\nnbbbn.exe85⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe86⤵
-
\??\c:\rrffxxl.exec:\rrffxxl.exe87⤵
-
\??\c:\rfllfll.exec:\rfllfll.exe88⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe89⤵
-
\??\c:\vdjpj.exec:\vdjpj.exe90⤵
-
\??\c:\vdddd.exec:\vdddd.exe91⤵
-
\??\c:\5fllxxr.exec:\5fllxxr.exe92⤵
-
\??\c:\1nttnn.exec:\1nttnn.exe93⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe94⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe95⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe96⤵
-
\??\c:\xxrrffx.exec:\xxrrffx.exe97⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe98⤵
-
\??\c:\nttthh.exec:\nttthh.exe99⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe100⤵
-
\??\c:\1llfrrr.exec:\1llfrrr.exe101⤵
-
\??\c:\flxxxxx.exec:\flxxxxx.exe102⤵
-
\??\c:\hbhnht.exec:\hbhnht.exe103⤵
-
\??\c:\7dvvv.exec:\7dvvv.exe104⤵
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe105⤵
-
\??\c:\5flllll.exec:\5flllll.exe106⤵
-
\??\c:\flllfff.exec:\flllfff.exe107⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe108⤵
-
\??\c:\bhtttb.exec:\bhtttb.exe109⤵
-
\??\c:\1djdv.exec:\1djdv.exe110⤵
-
\??\c:\lffxrrr.exec:\lffxrrr.exe111⤵
-
\??\c:\hhhhnn.exec:\hhhhnn.exe112⤵
-
\??\c:\pppjd.exec:\pppjd.exe113⤵
-
\??\c:\1rrlffr.exec:\1rrlffr.exe114⤵
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe115⤵
-
\??\c:\tnnntt.exec:\tnnntt.exe116⤵
-
\??\c:\9nttnt.exec:\9nttnt.exe117⤵
-
\??\c:\3jjdv.exec:\3jjdv.exe118⤵
-
\??\c:\jdddd.exec:\jdddd.exe119⤵
-
\??\c:\xxflflf.exec:\xxflflf.exe120⤵
-
\??\c:\7nntnh.exec:\7nntnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-