Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
23/07/2024, 02:43
General
-
Target
c93cf89e10adc817bb5cc3c33b7d2ff3a019fafe87e8e2a0f4561d4255c02c85.exe
-
Size
76KB
-
MD5
13f5f8f2a7e9c0f4e6474d55655cee4c
-
SHA1
9d8887516b327ee68bd9fdac1a9245dc4a2dc51e
-
SHA256
c93cf89e10adc817bb5cc3c33b7d2ff3a019fafe87e8e2a0f4561d4255c02c85
-
SHA512
6986de896f56909c5a8840d22596a6ccf8c5e9c055578c485f19ffe3390c54579325f5e2f41f4923f078952a327b94369c7f43ca79441103b391bf180985ba64
-
SSDEEP
1536:/vQBeOGtrYS3srx93UBWfwC6Ggnouy8jb5Di4rBamDR3A:/hOmTsF93UYfwC6GIoutkm9Q
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 52 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c93cf89e10adc817bb5cc3c33b7d2ff3a019fafe87e8e2a0f4561d4255c02c85.exe"C:\Users\Admin\AppData\Local\Temp\c93cf89e10adc817bb5cc3c33b7d2ff3a019fafe87e8e2a0f4561d4255c02c85.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\djpdd.exec:\djpdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxfxfl.exec:\rfxfxfl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvj.exec:\djvvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrxrxl.exec:\9rrxrxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntnt.exec:\nhntnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnhh.exec:\bntnhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvdp.exec:\vdvdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxfxlx.exec:\flxfxlx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnthn.exec:\ntnthn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpd.exec:\dvvpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrflf.exec:\xrlrflf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfflxfr.exec:\rfflxfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnbbh.exec:\hhnbbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppjd.exec:\9ppjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddp.exec:\vdddp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fflllx.exec:\1fflllx.exe17⤵
- Executes dropped EXE
-
\??\c:\lrxfllx.exec:\lrxfllx.exe18⤵
- Executes dropped EXE
-
\??\c:\pdpdp.exec:\pdpdp.exe19⤵
- Executes dropped EXE
-
\??\c:\lrlxrff.exec:\lrlxrff.exe20⤵
- Executes dropped EXE
-
\??\c:\lxfflrx.exec:\lxfflrx.exe21⤵
- Executes dropped EXE
-
\??\c:\bbnbht.exec:\bbnbht.exe22⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe23⤵
- Executes dropped EXE
-
\??\c:\rffxlfl.exec:\rffxlfl.exe24⤵
- Executes dropped EXE
-
\??\c:\fflxrxr.exec:\fflxrxr.exe25⤵
- Executes dropped EXE
-
\??\c:\hhbnhn.exec:\hhbnhn.exe26⤵
- Executes dropped EXE
-
\??\c:\nhthbh.exec:\nhthbh.exe27⤵
- Executes dropped EXE
-
\??\c:\ddpdj.exec:\ddpdj.exe28⤵
- Executes dropped EXE
-
\??\c:\llfflrx.exec:\llfflrx.exe29⤵
- Executes dropped EXE
-
\??\c:\tbttbt.exec:\tbttbt.exe30⤵
- Executes dropped EXE
-
\??\c:\hnbbhh.exec:\hnbbhh.exe31⤵
- Executes dropped EXE
-
\??\c:\vppjp.exec:\vppjp.exe32⤵
- Executes dropped EXE
-
\??\c:\fxxfrfr.exec:\fxxfrfr.exe33⤵
-
\??\c:\hbbhhn.exec:\hbbhhn.exe34⤵
- Executes dropped EXE
-
\??\c:\llxfflf.exec:\llxfflf.exe35⤵
- Executes dropped EXE
-
\??\c:\hbtbhn.exec:\hbtbhn.exe36⤵
- Executes dropped EXE
-
\??\c:\ttnnnt.exec:\ttnnnt.exe37⤵
- Executes dropped EXE
-
\??\c:\vpjvv.exec:\vpjvv.exe38⤵
- Executes dropped EXE
-
\??\c:\pvddp.exec:\pvddp.exe39⤵
- Executes dropped EXE
-
\??\c:\lrxxrlx.exec:\lrxxrlx.exe40⤵
- Executes dropped EXE
-
\??\c:\lfffrxf.exec:\lfffrxf.exe41⤵
- Executes dropped EXE
-
\??\c:\hthbnh.exec:\hthbnh.exe42⤵
- Executes dropped EXE
-
\??\c:\djdjj.exec:\djdjj.exe43⤵
- Executes dropped EXE
-
\??\c:\vjvpv.exec:\vjvpv.exe44⤵
- Executes dropped EXE
-
\??\c:\rxrrxfr.exec:\rxrrxfr.exe45⤵
- Executes dropped EXE
-
\??\c:\tnhbtb.exec:\tnhbtb.exe46⤵
- Executes dropped EXE
-
\??\c:\5thtbt.exec:\5thtbt.exe47⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe48⤵
- Executes dropped EXE
-
\??\c:\jvvdj.exec:\jvvdj.exe49⤵
- Executes dropped EXE
-
\??\c:\frxrlxl.exec:\frxrlxl.exe50⤵
- Executes dropped EXE
-
\??\c:\bhnthn.exec:\bhnthn.exe51⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe52⤵
- Executes dropped EXE
-
\??\c:\1xrflxl.exec:\1xrflxl.exe53⤵
- Executes dropped EXE
-
\??\c:\3lfxlrl.exec:\3lfxlrl.exe54⤵
- Executes dropped EXE
-
\??\c:\ttttnb.exec:\ttttnb.exe55⤵
- Executes dropped EXE
-
\??\c:\pdpdp.exec:\pdpdp.exe56⤵
- Executes dropped EXE
-
\??\c:\pdvdv.exec:\pdvdv.exe57⤵
- Executes dropped EXE
-
\??\c:\rlxfxxr.exec:\rlxfxxr.exe58⤵
- Executes dropped EXE
-
\??\c:\rlxfrfr.exec:\rlxfrfr.exe59⤵
- Executes dropped EXE
-
\??\c:\nbthhh.exec:\nbthhh.exe60⤵
- Executes dropped EXE
-
\??\c:\hbnbnh.exec:\hbnbnh.exe61⤵
- Executes dropped EXE
-
\??\c:\vjjpj.exec:\vjjpj.exe62⤵
- Executes dropped EXE
-
\??\c:\5rlxlll.exec:\5rlxlll.exe63⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe64⤵
- Executes dropped EXE
-
\??\c:\5nnhtt.exec:\5nnhtt.exe65⤵
- Executes dropped EXE
-
\??\c:\7dpvv.exec:\7dpvv.exe66⤵
- Executes dropped EXE
-
\??\c:\rxfxllx.exec:\rxfxllx.exe67⤵
-
\??\c:\lllfrfr.exec:\lllfrfr.exe68⤵
-
\??\c:\hntnnt.exec:\hntnnt.exe69⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe70⤵
-
\??\c:\vdppd.exec:\vdppd.exe71⤵
-
\??\c:\xrlflxl.exec:\xrlflxl.exe72⤵
-
\??\c:\xfxxxxl.exec:\xfxxxxl.exe73⤵
-
\??\c:\bhtbhb.exec:\bhtbhb.exe74⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe75⤵
-
\??\c:\vjddj.exec:\vjddj.exe76⤵
-
\??\c:\rlflrxl.exec:\rlflrxl.exe77⤵
-
\??\c:\rxlllrx.exec:\rxlllrx.exe78⤵
-
\??\c:\tthtth.exec:\tthtth.exe79⤵
-
\??\c:\3hbhhb.exec:\3hbhhb.exe80⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe81⤵
-
\??\c:\flfxlfl.exec:\flfxlfl.exe82⤵
-
\??\c:\hhnbth.exec:\hhnbth.exe83⤵
-
\??\c:\hnhhnb.exec:\hnhhnb.exe84⤵
-
\??\c:\jdppv.exec:\jdppv.exe85⤵
-
\??\c:\pvddv.exec:\pvddv.exe86⤵
-
\??\c:\lrllffl.exec:\lrllffl.exe87⤵
-
\??\c:\tnnhhb.exec:\tnnhhb.exe88⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe89⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe90⤵
-
\??\c:\fxrfxfr.exec:\fxrfxfr.exe91⤵
-
\??\c:\xrxlfrr.exec:\xrxlfrr.exe92⤵
-
\??\c:\nhbhnt.exec:\nhbhnt.exe93⤵
-
\??\c:\hbtnht.exec:\hbtnht.exe94⤵
-
\??\c:\pjddd.exec:\pjddd.exe95⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe96⤵
-
\??\c:\frrlrlr.exec:\frrlrlr.exe97⤵
-
\??\c:\frxrrlr.exec:\frxrrlr.exe98⤵
-
\??\c:\bhnnbb.exec:\bhnnbb.exe99⤵
-
\??\c:\dpddp.exec:\dpddp.exe100⤵
-
\??\c:\pvddj.exec:\pvddj.exe101⤵
-
\??\c:\9lxxffr.exec:\9lxxffr.exe102⤵
-
\??\c:\nhbhth.exec:\nhbhth.exe103⤵
-
\??\c:\tbbthb.exec:\tbbthb.exe104⤵
-
\??\c:\9btntn.exec:\9btntn.exe105⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe106⤵
-
\??\c:\rlllffl.exec:\rlllffl.exe107⤵
-
\??\c:\5ntnnn.exec:\5ntnnn.exe108⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe109⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe110⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe111⤵
-
\??\c:\5xxlflr.exec:\5xxlflr.exe112⤵
-
\??\c:\1lfxrfr.exec:\1lfxrfr.exe113⤵
-
\??\c:\nbnhnn.exec:\nbnhnn.exe114⤵
-
\??\c:\hhbnbh.exec:\hhbnbh.exe115⤵
-
\??\c:\9jjjp.exec:\9jjjp.exe116⤵
-
\??\c:\5jdvd.exec:\5jdvd.exe117⤵
-
\??\c:\1xxlxfr.exec:\1xxlxfr.exe118⤵
-
\??\c:\5lrfrfr.exec:\5lrfrfr.exe119⤵
-
\??\c:\xlrfrlr.exec:\xlrfrlr.exe120⤵
-
\??\c:\hthnbh.exec:\hthnbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-