Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
22/07/2024, 02:36
General
-
Target
4a04b995c76bea63aa5506ef207b14c0N.exe
-
Size
84KB
-
MD5
4a04b995c76bea63aa5506ef207b14c0
-
SHA1
6a3d17bf13b1c9bf56c77a402601180794a88fa7
-
SHA256
d4ebf26331f099007e4a8a76193ec05e22e059d56c1b15640e03103afe361e31
-
SHA512
025415cb187ef3c4dfa67b7db3e6b73bbf144b37f996efd0eeec7e3b5a2bfe9c2f0fb70c2d08f1fc23a889726606ac5afddc7edec38644854c2b30d9551b2d26
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JkZPsv8t5:ymb3NkkiQ3mdBjFIWeFGyA9Pzt5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a04b995c76bea63aa5506ef207b14c0N.exe"C:\Users\Admin\AppData\Local\Temp\4a04b995c76bea63aa5506ef207b14c0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfrlf.exec:\xrxfrlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnbhh.exec:\htnbhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdv.exec:\vppdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrfflr.exec:\rrrfflr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbnn.exec:\nhbbnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjvd.exec:\ddjvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrlxr.exec:\rrfrlxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbhtb.exec:\5bbhtb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnbh.exec:\tnbnbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppj.exec:\ppppj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrflf.exec:\rlxrflf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxrrf.exec:\xrlxrrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlrfl.exec:\xxrlrfl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjp.exec:\vvjjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfflx.exec:\fxxfflx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlrrl.exec:\fxrlrrl.exe17⤵
- Executes dropped EXE
-
\??\c:\bnnhtn.exec:\bnnhtn.exe18⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe19⤵
- Executes dropped EXE
-
\??\c:\5rlllxl.exec:\5rlllxl.exe20⤵
- Executes dropped EXE
-
\??\c:\nbnntb.exec:\nbnntb.exe21⤵
- Executes dropped EXE
-
\??\c:\hbnbhh.exec:\hbnbhh.exe22⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe23⤵
- Executes dropped EXE
-
\??\c:\jjvvj.exec:\jjvvj.exe24⤵
- Executes dropped EXE
-
\??\c:\9ffrfrx.exec:\9ffrfrx.exe25⤵
- Executes dropped EXE
-
\??\c:\tnbhtb.exec:\tnbhtb.exe26⤵
- Executes dropped EXE
-
\??\c:\btnnbh.exec:\btnnbh.exe27⤵
- Executes dropped EXE
-
\??\c:\1vjpj.exec:\1vjpj.exe28⤵
- Executes dropped EXE
-
\??\c:\xxrxlxf.exec:\xxrxlxf.exe29⤵
- Executes dropped EXE
-
\??\c:\5ttttb.exec:\5ttttb.exe30⤵
- Executes dropped EXE
-
\??\c:\hbhhhb.exec:\hbhhhb.exe31⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe32⤵
- Executes dropped EXE
-
\??\c:\lxrlrlx.exec:\lxrlrlx.exe33⤵
- Executes dropped EXE
-
\??\c:\5rfxxfx.exec:\5rfxxfx.exe34⤵
- Executes dropped EXE
-
\??\c:\9tttnt.exec:\9tttnt.exe35⤵
- Executes dropped EXE
-
\??\c:\tntthh.exec:\tntthh.exe36⤵
- Executes dropped EXE
-
\??\c:\3vjjp.exec:\3vjjp.exe37⤵
- Executes dropped EXE
-
\??\c:\rlffxxf.exec:\rlffxxf.exe38⤵
- Executes dropped EXE
-
\??\c:\5rrlflf.exec:\5rrlflf.exe39⤵
- Executes dropped EXE
-
\??\c:\9nbhtt.exec:\9nbhtt.exe40⤵
- Executes dropped EXE
-
\??\c:\tnbnbn.exec:\tnbnbn.exe41⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe42⤵
- Executes dropped EXE
-
\??\c:\jdjpj.exec:\jdjpj.exe43⤵
- Executes dropped EXE
-
\??\c:\xlllrrx.exec:\xlllrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\5xxflrl.exec:\5xxflrl.exe45⤵
- Executes dropped EXE
-
\??\c:\tthhtb.exec:\tthhtb.exe46⤵
- Executes dropped EXE
-
\??\c:\3hbhnh.exec:\3hbhnh.exe47⤵
- Executes dropped EXE
-
\??\c:\vppdj.exec:\vppdj.exe48⤵
- Executes dropped EXE
-
\??\c:\3fxlllr.exec:\3fxlllr.exe49⤵
- Executes dropped EXE
-
\??\c:\5lrflrf.exec:\5lrflrf.exe50⤵
- Executes dropped EXE
-
\??\c:\hthhhh.exec:\hthhhh.exe51⤵
- Executes dropped EXE
-
\??\c:\7hbbnh.exec:\7hbbnh.exe52⤵
- Executes dropped EXE
-
\??\c:\5jjpd.exec:\5jjpd.exe53⤵
- Executes dropped EXE
-
\??\c:\1dpvd.exec:\1dpvd.exe54⤵
- Executes dropped EXE
-
\??\c:\rlfllrf.exec:\rlfllrf.exe55⤵
- Executes dropped EXE
-
\??\c:\lxxxlff.exec:\lxxxlff.exe56⤵
- Executes dropped EXE
-
\??\c:\btbhtt.exec:\btbhtt.exe57⤵
- Executes dropped EXE
-
\??\c:\5vppv.exec:\5vppv.exe58⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe59⤵
- Executes dropped EXE
-
\??\c:\xlffllr.exec:\xlffllr.exe60⤵
- Executes dropped EXE
-
\??\c:\rfxrlff.exec:\rfxrlff.exe61⤵
- Executes dropped EXE
-
\??\c:\hnhhht.exec:\hnhhht.exe62⤵
- Executes dropped EXE
-
\??\c:\thtbbb.exec:\thtbbb.exe63⤵
- Executes dropped EXE
-
\??\c:\vdppp.exec:\vdppp.exe64⤵
- Executes dropped EXE
-
\??\c:\pdvpv.exec:\pdvpv.exe65⤵
- Executes dropped EXE
-
\??\c:\rfrlxxf.exec:\rfrlxxf.exe66⤵
-
\??\c:\xlxlrxf.exec:\xlxlrxf.exe67⤵
-
\??\c:\bhbtbb.exec:\bhbtbb.exe68⤵
-
\??\c:\thhntb.exec:\thhntb.exe69⤵
-
\??\c:\vdvdd.exec:\vdvdd.exe70⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe71⤵
-
\??\c:\rfrllll.exec:\rfrllll.exe72⤵
-
\??\c:\xrxllxf.exec:\xrxllxf.exe73⤵
-
\??\c:\3hnbhb.exec:\3hnbhb.exe74⤵
-
\??\c:\3jjvj.exec:\3jjvj.exe75⤵
-
\??\c:\ddppv.exec:\ddppv.exe76⤵
-
\??\c:\xffxxlx.exec:\xffxxlx.exe77⤵
-
\??\c:\llrfxxf.exec:\llrfxxf.exe78⤵
-
\??\c:\bbnttb.exec:\bbnttb.exe79⤵
-
\??\c:\3htthh.exec:\3htthh.exe80⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe81⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe82⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe83⤵
-
\??\c:\3rfflrx.exec:\3rfflrx.exe84⤵
-
\??\c:\xrrrfxf.exec:\xrrrfxf.exe85⤵
-
\??\c:\btnntt.exec:\btnntt.exe86⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe87⤵
-
\??\c:\9djjv.exec:\9djjv.exe88⤵
-
\??\c:\7rlfrrr.exec:\7rlfrrr.exe89⤵
-
\??\c:\rlxlxlr.exec:\rlxlxlr.exe90⤵
-
\??\c:\nhtthn.exec:\nhtthn.exe91⤵
-
\??\c:\bnhbnh.exec:\bnhbnh.exe92⤵
-
\??\c:\1dvvd.exec:\1dvvd.exe93⤵
-
\??\c:\5jjjp.exec:\5jjjp.exe94⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe95⤵
-
\??\c:\lxfxlfr.exec:\lxfxlfr.exe96⤵
-
\??\c:\nbhhnh.exec:\nbhhnh.exe97⤵
-
\??\c:\hthntn.exec:\hthntn.exe98⤵
-
\??\c:\1djpp.exec:\1djpp.exe99⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe100⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe101⤵
-
\??\c:\rlxxlrf.exec:\rlxxlrf.exe102⤵
-
\??\c:\3fxrlfx.exec:\3fxrlfx.exe103⤵
-
\??\c:\5bntbh.exec:\5bntbh.exe104⤵
-
\??\c:\3hntnh.exec:\3hntnh.exe105⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe106⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe107⤵
-
\??\c:\frrrrrx.exec:\frrrrrx.exe108⤵
-
\??\c:\1rlxfll.exec:\1rlxfll.exe109⤵
-
\??\c:\nbnhhn.exec:\nbnhhn.exe110⤵
-
\??\c:\5bhtth.exec:\5bhtth.exe111⤵
-
\??\c:\5jvdd.exec:\5jvdd.exe112⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe113⤵
-
\??\c:\frflrxf.exec:\frflrxf.exe114⤵
-
\??\c:\9xllrrx.exec:\9xllrrx.exe115⤵
-
\??\c:\htbtbb.exec:\htbtbb.exe116⤵
-
\??\c:\3tthtt.exec:\3tthtt.exe117⤵
-
\??\c:\5tnhhn.exec:\5tnhhn.exe118⤵
-
\??\c:\1dpvd.exec:\1dpvd.exe119⤵
-
\??\c:\5dpjp.exec:\5dpjp.exe120⤵
-
\??\c:\xlllrlx.exec:\xlllrlx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-