Analysis
-
max time kernel
150s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
23/07/2024, 02:46
General
-
Target
cad8f65496446837ea177abf3de6df54c31a168ab41677097c004fc03bafff8c.exe
-
Size
65KB
-
MD5
ab853a24eedc44c1ba125050e0bf27fd
-
SHA1
b525c2189626a148eb2f308c4db5091c41da8594
-
SHA256
cad8f65496446837ea177abf3de6df54c31a168ab41677097c004fc03bafff8c
-
SHA512
e13457a67745b6281ca9a60ce3631a37f38dc88bd87ba47ce672b3fa68c86c4ed922dce0a1f85007b96c2cb4edd8c014d48d8c70ca20715c810fcf31cd19ab2e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdWLLQYO:ymb3NkkiQ3mdBjFIFdkO
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cad8f65496446837ea177abf3de6df54c31a168ab41677097c004fc03bafff8c.exe"C:\Users\Admin\AppData\Local\Temp\cad8f65496446837ea177abf3de6df54c31a168ab41677097c004fc03bafff8c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3jjvj.exec:\3jjvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9frlfrl.exec:\9frlfrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthbt.exec:\bbthbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvp.exec:\jjdvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlfxl.exec:\xxrlfxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ttbtt.exec:\3ttbtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pdvj.exec:\5pdvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxllll.exec:\rrxllll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrfxl.exec:\xlxrfxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttnh.exec:\bnttnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvpj.exec:\7dvpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrrfl.exec:\lffrrfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbhb.exec:\bntbhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjv.exec:\dvvjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppdp.exec:\1ppdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlxrl.exec:\lrrlxrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntntn.exec:\nntntn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ttnbb.exec:\3ttnbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjd.exec:\dvpjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffxff.exec:\fxffxff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrfxl.exec:\fffrfxl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhtn.exec:\nnhhtn.exe23⤵
- Executes dropped EXE
-
\??\c:\vdvvd.exec:\vdvvd.exe24⤵
- Executes dropped EXE
-
\??\c:\frllllf.exec:\frllllf.exe25⤵
- Executes dropped EXE
-
\??\c:\thbbtn.exec:\thbbtn.exe26⤵
- Executes dropped EXE
-
\??\c:\tnbhnh.exec:\tnbhnh.exe27⤵
- Executes dropped EXE
-
\??\c:\3jjpj.exec:\3jjpj.exe28⤵
- Executes dropped EXE
-
\??\c:\rfxxlrl.exec:\rfxxlrl.exe29⤵
- Executes dropped EXE
-
\??\c:\fxfrfxl.exec:\fxfrfxl.exe30⤵
- Executes dropped EXE
-
\??\c:\bbbthh.exec:\bbbthh.exe31⤵
- Executes dropped EXE
-
\??\c:\rlrllll.exec:\rlrllll.exe32⤵
- Executes dropped EXE
-
\??\c:\xffrlfl.exec:\xffrlfl.exe33⤵
- Executes dropped EXE
-
\??\c:\nhnnbb.exec:\nhnnbb.exe34⤵
- Executes dropped EXE
-
\??\c:\1dvpj.exec:\1dvpj.exe35⤵
- Executes dropped EXE
-
\??\c:\3rfxrlf.exec:\3rfxrlf.exe36⤵
- Executes dropped EXE
-
\??\c:\lrrrlll.exec:\lrrrlll.exe37⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe38⤵
- Executes dropped EXE
-
\??\c:\bnbtnh.exec:\bnbtnh.exe39⤵
- Executes dropped EXE
-
\??\c:\vjddv.exec:\vjddv.exe40⤵
- Executes dropped EXE
-
\??\c:\xxrrrxx.exec:\xxrrrxx.exe41⤵
- Executes dropped EXE
-
\??\c:\hbttht.exec:\hbttht.exe42⤵
- Executes dropped EXE
-
\??\c:\djvjp.exec:\djvjp.exe43⤵
- Executes dropped EXE
-
\??\c:\7lflrxr.exec:\7lflrxr.exe44⤵
- Executes dropped EXE
-
\??\c:\rllxxxx.exec:\rllxxxx.exe45⤵
- Executes dropped EXE
-
\??\c:\hbbbtn.exec:\hbbbtn.exe46⤵
- Executes dropped EXE
-
\??\c:\httnnn.exec:\httnnn.exe47⤵
- Executes dropped EXE
-
\??\c:\vvjjj.exec:\vvjjj.exe48⤵
- Executes dropped EXE
-
\??\c:\fxlllll.exec:\fxlllll.exe49⤵
- Executes dropped EXE
-
\??\c:\llxrflx.exec:\llxrflx.exe50⤵
- Executes dropped EXE
-
\??\c:\hbhhhn.exec:\hbhhhn.exe51⤵
- Executes dropped EXE
-
\??\c:\nhhnbb.exec:\nhhnbb.exe52⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe53⤵
- Executes dropped EXE
-
\??\c:\fxflxxl.exec:\fxflxxl.exe54⤵
- Executes dropped EXE
-
\??\c:\nhbtbb.exec:\nhbtbb.exe55⤵
- Executes dropped EXE
-
\??\c:\dvdvj.exec:\dvdvj.exe56⤵
- Executes dropped EXE
-
\??\c:\xxllrlf.exec:\xxllrlf.exe57⤵
- Executes dropped EXE
-
\??\c:\rffllrr.exec:\rffllrr.exe58⤵
- Executes dropped EXE
-
\??\c:\htbhhn.exec:\htbhhn.exe59⤵
- Executes dropped EXE
-
\??\c:\9pjdp.exec:\9pjdp.exe60⤵
- Executes dropped EXE
-
\??\c:\9vvpj.exec:\9vvpj.exe61⤵
- Executes dropped EXE
-
\??\c:\lxrrlrl.exec:\lxrrlrl.exe62⤵
- Executes dropped EXE
-
\??\c:\flxrffx.exec:\flxrffx.exe63⤵
- Executes dropped EXE
-
\??\c:\tbtbhb.exec:\tbtbhb.exe64⤵
- Executes dropped EXE
-
\??\c:\jpdjv.exec:\jpdjv.exe65⤵
- Executes dropped EXE
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe66⤵
-
\??\c:\lllfffx.exec:\lllfffx.exe67⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe68⤵
-
\??\c:\7xxrxxr.exec:\7xxrxxr.exe69⤵
-
\??\c:\1xlflxl.exec:\1xlflxl.exe70⤵
-
\??\c:\lfrfrlx.exec:\lfrfrlx.exe71⤵
-
\??\c:\tbhthh.exec:\tbhthh.exe72⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe73⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe74⤵
-
\??\c:\9rxxfff.exec:\9rxxfff.exe75⤵
-
\??\c:\rlflxrl.exec:\rlflxrl.exe76⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe77⤵
-
\??\c:\jpdjv.exec:\jpdjv.exe78⤵
-
\??\c:\7dpdv.exec:\7dpdv.exe79⤵
-
\??\c:\flxlxxl.exec:\flxlxxl.exe80⤵
-
\??\c:\rrfrrfr.exec:\rrfrrfr.exe81⤵
-
\??\c:\httnth.exec:\httnth.exe82⤵
-
\??\c:\bbnhbb.exec:\bbnhbb.exe83⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe84⤵
-
\??\c:\1pppp.exec:\1pppp.exe85⤵
-
\??\c:\7rxlllr.exec:\7rxlllr.exe86⤵
-
\??\c:\lfllrxf.exec:\lfllrxf.exe87⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe88⤵
-
\??\c:\hbhbhh.exec:\hbhbhh.exe89⤵
-
\??\c:\jppdv.exec:\jppdv.exe90⤵
-
\??\c:\5jdpd.exec:\5jdpd.exe91⤵
-
\??\c:\fxxxlll.exec:\fxxxlll.exe92⤵
-
\??\c:\frxxxff.exec:\frxxxff.exe93⤵
-
\??\c:\nhnhnn.exec:\nhnhnn.exe94⤵
-
\??\c:\nnntht.exec:\nnntht.exe95⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe96⤵
-
\??\c:\1dpdp.exec:\1dpdp.exe97⤵
-
\??\c:\3flffxx.exec:\3flffxx.exe98⤵
-
\??\c:\lxrlxrl.exec:\lxrlxrl.exe99⤵
-
\??\c:\9bhhbb.exec:\9bhhbb.exe100⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe101⤵
-
\??\c:\9xxrxrf.exec:\9xxrxrf.exe102⤵
-
\??\c:\lllfffx.exec:\lllfffx.exe103⤵
-
\??\c:\hhbhbb.exec:\hhbhbb.exe104⤵
-
\??\c:\htttnn.exec:\htttnn.exe105⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe106⤵
-
\??\c:\fxxrrlx.exec:\fxxrrlx.exe107⤵
-
\??\c:\7lxrlll.exec:\7lxrlll.exe108⤵
-
\??\c:\9ttttt.exec:\9ttttt.exe109⤵
-
\??\c:\ttbbbh.exec:\ttbbbh.exe110⤵
-
\??\c:\jdppv.exec:\jdppv.exe111⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe112⤵
-
\??\c:\3rxrlrl.exec:\3rxrlrl.exe113⤵
-
\??\c:\hbtbtt.exec:\hbtbtt.exe114⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe115⤵
-
\??\c:\7htnnn.exec:\7htnnn.exe116⤵
-
\??\c:\dpddj.exec:\dpddj.exe117⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe118⤵
-
\??\c:\lfxrxff.exec:\lfxrxff.exe119⤵
-
\??\c:\rrxrxff.exec:\rrxrxff.exe120⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-