Analysis
-
max time kernel
120s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
22-07-2024 06:50
General
-
Target
7584e2450d5414057b2ad48b9b14e980N.exe
-
Size
114KB
-
MD5
7584e2450d5414057b2ad48b9b14e980
-
SHA1
0b1278070e47ae86deff69f80d1bfee4ef84eef4
-
SHA256
b9935f2c54a0276c5a90523506890286172fb92b2d8ef2f09d1df9f31ed0b30b
-
SHA512
0d49e7865233c72d690fbd73c3b9849aee52cb9b5e57e60df60ace448128ddf465e69235d951da1f5dedd4549459f40e70cc47e0b1cf5f4a3c47ed0b75416d37
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73oYUCD7R2F2UVbyy0N5:ymb3NkkiQ3mdBjFo73HUoMsAbrs
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7584e2450d5414057b2ad48b9b14e980N.exe"C:\Users\Admin\AppData\Local\Temp\7584e2450d5414057b2ad48b9b14e980N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtbt.exec:\bthtbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffffxxr.exec:\ffffxxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6022228.exec:\6022228.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\620264.exec:\620264.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4206468.exec:\4206468.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4842086.exec:\4842086.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22222.exec:\22222.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhtt.exec:\hhhhtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\44408.exec:\44408.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvv.exec:\pjjvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbbb.exec:\hbnbbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w24040.exec:\w24040.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppv.exec:\vpppv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddj.exec:\vvddj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxlflf.exec:\1fxlflf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\828446.exec:\828446.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\44400.exec:\44400.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\044826.exec:\044826.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c248266.exec:\c248266.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c462884.exec:\c462884.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbb.exec:\nhttbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\46666.exec:\46666.exe23⤵
- Executes dropped EXE
-
\??\c:\464444.exec:\464444.exe24⤵
- Executes dropped EXE
-
\??\c:\nbbbbh.exec:\nbbbbh.exe25⤵
- Executes dropped EXE
-
\??\c:\djvdp.exec:\djvdp.exe26⤵
- Executes dropped EXE
-
\??\c:\jvjdp.exec:\jvjdp.exe27⤵
- Executes dropped EXE
-
\??\c:\464884.exec:\464884.exe28⤵
- Executes dropped EXE
-
\??\c:\flxrrxr.exec:\flxrrxr.exe29⤵
- Executes dropped EXE
-
\??\c:\440000.exec:\440000.exe30⤵
- Executes dropped EXE
-
\??\c:\htnbtt.exec:\htnbtt.exe31⤵
- Executes dropped EXE
-
\??\c:\djvvp.exec:\djvvp.exe32⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe33⤵
- Executes dropped EXE
-
\??\c:\002884.exec:\002884.exe34⤵
- Executes dropped EXE
-
\??\c:\hhnnhn.exec:\hhnnhn.exe35⤵
- Executes dropped EXE
-
\??\c:\2484060.exec:\2484060.exe36⤵
- Executes dropped EXE
-
\??\c:\bhnttt.exec:\bhnttt.exe37⤵
- Executes dropped EXE
-
\??\c:\nbbtbb.exec:\nbbtbb.exe38⤵
- Executes dropped EXE
-
\??\c:\88000.exec:\88000.exe39⤵
- Executes dropped EXE
-
\??\c:\7bhhtt.exec:\7bhhtt.exe40⤵
- Executes dropped EXE
-
\??\c:\402644.exec:\402644.exe41⤵
- Executes dropped EXE
-
\??\c:\nntbnb.exec:\nntbnb.exe42⤵
- Executes dropped EXE
-
\??\c:\686004.exec:\686004.exe43⤵
- Executes dropped EXE
-
\??\c:\8602864.exec:\8602864.exe44⤵
- Executes dropped EXE
-
\??\c:\86222.exec:\86222.exe45⤵
- Executes dropped EXE
-
\??\c:\6204866.exec:\6204866.exe46⤵
- Executes dropped EXE
-
\??\c:\848002.exec:\848002.exe47⤵
- Executes dropped EXE
-
\??\c:\a0006.exec:\a0006.exe48⤵
- Executes dropped EXE
-
\??\c:\2608444.exec:\2608444.exe49⤵
- Executes dropped EXE
-
\??\c:\thnhtt.exec:\thnhtt.exe50⤵
- Executes dropped EXE
-
\??\c:\tnhbtn.exec:\tnhbtn.exe51⤵
- Executes dropped EXE
-
\??\c:\8460602.exec:\8460602.exe52⤵
- Executes dropped EXE
-
\??\c:\nbhbtt.exec:\nbhbtt.exe53⤵
- Executes dropped EXE
-
\??\c:\44448.exec:\44448.exe54⤵
- Executes dropped EXE
-
\??\c:\4648226.exec:\4648226.exe55⤵
- Executes dropped EXE
-
\??\c:\8244668.exec:\8244668.exe56⤵
- Executes dropped EXE
-
\??\c:\frrrlxr.exec:\frrrlxr.exe57⤵
- Executes dropped EXE
-
\??\c:\086660.exec:\086660.exe58⤵
- Executes dropped EXE
-
\??\c:\62264.exec:\62264.exe59⤵
- Executes dropped EXE
-
\??\c:\8284886.exec:\8284886.exe60⤵
- Executes dropped EXE
-
\??\c:\llllrrr.exec:\llllrrr.exe61⤵
- Executes dropped EXE
-
\??\c:\rlrrrrx.exec:\rlrrrrx.exe62⤵
- Executes dropped EXE
-
\??\c:\xlrlflf.exec:\xlrlflf.exe63⤵
- Executes dropped EXE
-
\??\c:\8404004.exec:\8404004.exe64⤵
- Executes dropped EXE
-
\??\c:\bnnnhh.exec:\bnnnhh.exe65⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe66⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe67⤵
-
\??\c:\q80044.exec:\q80044.exe68⤵
-
\??\c:\k42882.exec:\k42882.exe69⤵
-
\??\c:\u204466.exec:\u204466.exe70⤵
-
\??\c:\pdddd.exec:\pdddd.exe71⤵
-
\??\c:\lrfffff.exec:\lrfffff.exe72⤵
-
\??\c:\ppddd.exec:\ppddd.exe73⤵
-
\??\c:\886868.exec:\886868.exe74⤵
-
\??\c:\xfrllrf.exec:\xfrllrf.exe75⤵
-
\??\c:\rrllrxr.exec:\rrllrxr.exe76⤵
-
\??\c:\8644844.exec:\8644844.exe77⤵
-
\??\c:\284488.exec:\284488.exe78⤵
-
\??\c:\thntbb.exec:\thntbb.exe79⤵
-
\??\c:\5ppjj.exec:\5ppjj.exe80⤵
-
\??\c:\jpvjj.exec:\jpvjj.exe81⤵
-
\??\c:\ttbtnt.exec:\ttbtnt.exe82⤵
-
\??\c:\xrrflfr.exec:\xrrflfr.exe83⤵
-
\??\c:\rrfffll.exec:\rrfffll.exe84⤵
-
\??\c:\bbtbtb.exec:\bbtbtb.exe85⤵
-
\??\c:\4864448.exec:\4864448.exe86⤵
-
\??\c:\i828222.exec:\i828222.exe87⤵
-
\??\c:\084848.exec:\084848.exe88⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe89⤵
-
\??\c:\nntttt.exec:\nntttt.exe90⤵
-
\??\c:\84060.exec:\84060.exe91⤵
-
\??\c:\6448004.exec:\6448004.exe92⤵
-
\??\c:\80424.exec:\80424.exe93⤵
-
\??\c:\462266.exec:\462266.exe94⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe95⤵
-
\??\c:\nthhbb.exec:\nthhbb.exe96⤵
-
\??\c:\04822.exec:\04822.exe97⤵
-
\??\c:\5lxrlfx.exec:\5lxrlfx.exe98⤵
-
\??\c:\vdpvv.exec:\vdpvv.exe99⤵
-
\??\c:\rlllfll.exec:\rlllfll.exe100⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe101⤵
-
\??\c:\0622466.exec:\0622466.exe102⤵
-
\??\c:\222222.exec:\222222.exe103⤵
-
\??\c:\062062.exec:\062062.exe104⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe105⤵
-
\??\c:\682600.exec:\682600.exe106⤵
-
\??\c:\pppjd.exec:\pppjd.exe107⤵
-
\??\c:\xflfrrl.exec:\xflfrrl.exe108⤵
-
\??\c:\o888824.exec:\o888824.exe109⤵
-
\??\c:\rfrxrrr.exec:\rfrxrrr.exe110⤵
-
\??\c:\nttnhb.exec:\nttnhb.exe111⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe112⤵
-
\??\c:\bttbtt.exec:\bttbtt.exe113⤵
-
\??\c:\2066448.exec:\2066448.exe114⤵
-
\??\c:\8400460.exec:\8400460.exe115⤵
-
\??\c:\s0088.exec:\s0088.exe116⤵
-
\??\c:\68848.exec:\68848.exe117⤵
-
\??\c:\hnhbnn.exec:\hnhbnn.exe118⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe119⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe120⤵
-
\??\c:\840266.exec:\840266.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-