Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
23/07/2024, 01:39
General
-
Target
b0e4769237b377f146bd724335318082d23d84c4b858b480c49cd42776a40723.exe
-
Size
307KB
-
MD5
b2bc95fe5facde6a73e069038240b258
-
SHA1
582add77f35531211b0a8a8a1d44c4fdd28bb1f6
-
SHA256
b0e4769237b377f146bd724335318082d23d84c4b858b480c49cd42776a40723
-
SHA512
d43d297b5ae72161fc1956a378e55b69cd066ad60f65d83035c3d27bf03177df29290b9b7e340fdbd08916972d29afac70367d043a65bbd4e58bf930b3e17aba
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LAIRUohDLS0k+sLiiBVS0ILlMcGGW7sRCl9eMMf:n3C9BRo/AIuunS3+sOiBVSXxMxTsm9er
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b0e4769237b377f146bd724335318082d23d84c4b858b480c49cd42776a40723.exe"C:\Users\Admin\AppData\Local\Temp\b0e4769237b377f146bd724335318082d23d84c4b858b480c49cd42776a40723.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrlrl.exec:\lrxrlrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnthhn.exec:\tnthhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpp.exec:\ddvpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdj.exec:\dpjdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxrxr.exec:\xlfxrxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbhn.exec:\nntbhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvp.exec:\jjjvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflflff.exec:\xflflff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbbb.exec:\nbbbbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffxfx.exec:\xrffxfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbnt.exec:\tbhbnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxxxr.exec:\xlrxxxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbhtn.exec:\bhbhtn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvp.exec:\vddvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtt.exec:\btbbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdv.exec:\ddjdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxxrrl.exec:\lrxxrrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdv.exec:\jvpdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnn.exec:\tnttnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddpv.exec:\dddpv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnthn.exec:\hbnthn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjj.exec:\pppjj.exe23⤵
- Executes dropped EXE
-
\??\c:\frrxrfr.exec:\frrxrfr.exe24⤵
- Executes dropped EXE
-
\??\c:\fxxrffl.exec:\fxxrffl.exe25⤵
- Executes dropped EXE
-
\??\c:\nnhhhh.exec:\nnhhhh.exe26⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe27⤵
- Executes dropped EXE
-
\??\c:\tbbhhh.exec:\tbbhhh.exe28⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe29⤵
- Executes dropped EXE
-
\??\c:\3bhbbb.exec:\3bhbbb.exe30⤵
- Executes dropped EXE
-
\??\c:\nnntth.exec:\nnntth.exe31⤵
- Executes dropped EXE
-
\??\c:\dpjdj.exec:\dpjdj.exe32⤵
- Executes dropped EXE
-
\??\c:\xrxlffx.exec:\xrxlffx.exe33⤵
- Executes dropped EXE
-
\??\c:\jjpjp.exec:\jjpjp.exe34⤵
- Executes dropped EXE
-
\??\c:\3fxxxff.exec:\3fxxxff.exe35⤵
- Executes dropped EXE
-
\??\c:\bbhhhh.exec:\bbhhhh.exe36⤵
- Executes dropped EXE
-
\??\c:\7ppjd.exec:\7ppjd.exe37⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe38⤵
- Executes dropped EXE
-
\??\c:\httttt.exec:\httttt.exe39⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe40⤵
- Executes dropped EXE
-
\??\c:\rrlfxff.exec:\rrlfxff.exe41⤵
- Executes dropped EXE
-
\??\c:\nnttbt.exec:\nnttbt.exe42⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe43⤵
- Executes dropped EXE
-
\??\c:\dpjvv.exec:\dpjvv.exe44⤵
- Executes dropped EXE
-
\??\c:\5xrlllf.exec:\5xrlllf.exe45⤵
- Executes dropped EXE
-
\??\c:\bbtnhn.exec:\bbtnhn.exe46⤵
- Executes dropped EXE
-
\??\c:\3lrlfrf.exec:\3lrlfrf.exe47⤵
- Executes dropped EXE
-
\??\c:\tthbbt.exec:\tthbbt.exe48⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe49⤵
- Executes dropped EXE
-
\??\c:\rxffxxr.exec:\rxffxxr.exe50⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe51⤵
- Executes dropped EXE
-
\??\c:\rflfxxr.exec:\rflfxxr.exe52⤵
- Executes dropped EXE
-
\??\c:\lxrlrrf.exec:\lxrlrrf.exe53⤵
- Executes dropped EXE
-
\??\c:\7tnhbb.exec:\7tnhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe55⤵
- Executes dropped EXE
-
\??\c:\jpjdv.exec:\jpjdv.exe56⤵
- Executes dropped EXE
-
\??\c:\xlrllll.exec:\xlrllll.exe57⤵
- Executes dropped EXE
-
\??\c:\ntbbtb.exec:\ntbbtb.exe58⤵
- Executes dropped EXE
-
\??\c:\5djjj.exec:\5djjj.exe59⤵
- Executes dropped EXE
-
\??\c:\hhtnnn.exec:\hhtnnn.exe60⤵
- Executes dropped EXE
-
\??\c:\1dppd.exec:\1dppd.exe61⤵
- Executes dropped EXE
-
\??\c:\rxllfff.exec:\rxllfff.exe62⤵
- Executes dropped EXE
-
\??\c:\lfffxlf.exec:\lfffxlf.exe63⤵
- Executes dropped EXE
-
\??\c:\hhtntt.exec:\hhtntt.exe64⤵
- Executes dropped EXE
-
\??\c:\ddppv.exec:\ddppv.exe65⤵
- Executes dropped EXE
-
\??\c:\xffxxrr.exec:\xffxxrr.exe66⤵
-
\??\c:\nntbhn.exec:\nntbhn.exe67⤵
-
\??\c:\hbhnnb.exec:\hbhnnb.exe68⤵
-
\??\c:\ppppv.exec:\ppppv.exe69⤵
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe70⤵
-
\??\c:\bthhhh.exec:\bthhhh.exe71⤵
-
\??\c:\5vppp.exec:\5vppp.exe72⤵
-
\??\c:\rfffxxx.exec:\rfffxxx.exe73⤵
-
\??\c:\rrxfxxf.exec:\rrxfxxf.exe74⤵
-
\??\c:\htbnbt.exec:\htbnbt.exe75⤵
-
\??\c:\5ddvj.exec:\5ddvj.exe76⤵
-
\??\c:\1llfxfx.exec:\1llfxfx.exe77⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe78⤵
-
\??\c:\nnnntt.exec:\nnnntt.exe79⤵
-
\??\c:\vpppj.exec:\vpppj.exe80⤵
-
\??\c:\rrxrrrr.exec:\rrxrrrr.exe81⤵
-
\??\c:\3bnhtn.exec:\3bnhtn.exe82⤵
-
\??\c:\hhnhhh.exec:\hhnhhh.exe83⤵
-
\??\c:\pvvdv.exec:\pvvdv.exe84⤵
-
\??\c:\9rrlllf.exec:\9rrlllf.exe85⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe86⤵
-
\??\c:\nbnttb.exec:\nbnttb.exe87⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe88⤵
-
\??\c:\rlrxrxx.exec:\rlrxrxx.exe89⤵
-
\??\c:\tbhbtb.exec:\tbhbtb.exe90⤵
-
\??\c:\bnhttt.exec:\bnhttt.exe91⤵
-
\??\c:\jppjd.exec:\jppjd.exe92⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe93⤵
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe94⤵
-
\??\c:\hnthhb.exec:\hnthhb.exe95⤵
-
\??\c:\5vvpj.exec:\5vvpj.exe96⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe97⤵
-
\??\c:\llrlxxr.exec:\llrlxxr.exe98⤵
-
\??\c:\tnnbbb.exec:\tnnbbb.exe99⤵
-
\??\c:\jjddd.exec:\jjddd.exe100⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe101⤵
-
\??\c:\frrrrll.exec:\frrrrll.exe102⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe103⤵
-
\??\c:\nnhhbh.exec:\nnhhbh.exe104⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe105⤵
-
\??\c:\ffflrfl.exec:\ffflrfl.exe106⤵
-
\??\c:\nntttt.exec:\nntttt.exe107⤵
-
\??\c:\3pdpj.exec:\3pdpj.exe108⤵
-
\??\c:\9rllflf.exec:\9rllflf.exe109⤵
-
\??\c:\rllxxxx.exec:\rllxxxx.exe110⤵
-
\??\c:\tbtnhb.exec:\tbtnhb.exe111⤵
-
\??\c:\9rxxxxr.exec:\9rxxxxr.exe112⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe113⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe114⤵
-
\??\c:\xxllllr.exec:\xxllllr.exe115⤵
-
\??\c:\nhtthn.exec:\nhtthn.exe116⤵
-
\??\c:\bnttth.exec:\bnttth.exe117⤵
-
\??\c:\pddvp.exec:\pddvp.exe118⤵
-
\??\c:\llrrxfr.exec:\llrrxfr.exe119⤵
-
\??\c:\hntnhb.exec:\hntnhb.exe120⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-