Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
23/07/2024, 12:45
General
-
Target
b8d32d58c62504ec10559113f782eb50N.exe
-
Size
523KB
-
MD5
b8d32d58c62504ec10559113f782eb50
-
SHA1
9134085e8e84199b23aad8189dbf6d125143172b
-
SHA256
bfeeee3d2737f117e68db46600b416614c6217759c6bb383fcafbfc6fecab355
-
SHA512
94dff61181a2c84dd9ceb6f99b24c9c1d8a8c09b11b222f41dfcfd53746ded28ffc856817d80ca288457f3f9a5779d98d0fd3ab9e33e831b14f9536bd6cd0269
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2CfNnkymTwaJ3o89H3x+v:q7Tc2NYHUrAwfMHNnpls4894v
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b8d32d58c62504ec10559113f782eb50N.exe"C:\Users\Admin\AppData\Local\Temp\b8d32d58c62504ec10559113f782eb50N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvvp.exec:\1dvvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxfrxl.exec:\xxxfrxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbnht.exec:\1bbnht.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttttt.exec:\bttttt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjp.exec:\dvdjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpv.exec:\pjvpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxflxf.exec:\fxxflxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhthh.exec:\nhhthh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvv.exec:\jdvvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbntn.exec:\7bbntn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpdv.exec:\jjpdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttntnt.exec:\ttntnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbnbn.exec:\tbbnbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxxll.exec:\xxfxxll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhbnb.exec:\hnhbnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxrxl.exec:\xrlxrxl.exe17⤵
- Executes dropped EXE
-
\??\c:\1tbbbh.exec:\1tbbbh.exe18⤵
- Executes dropped EXE
-
\??\c:\lxlrlrx.exec:\lxlrlrx.exe19⤵
- Executes dropped EXE
-
\??\c:\rrflxfr.exec:\rrflxfr.exe20⤵
- Executes dropped EXE
-
\??\c:\hhtnbh.exec:\hhtnbh.exe21⤵
- Executes dropped EXE
-
\??\c:\rrfrxlr.exec:\rrfrxlr.exe22⤵
- Executes dropped EXE
-
\??\c:\pppvd.exec:\pppvd.exe23⤵
- Executes dropped EXE
-
\??\c:\vppdp.exec:\vppdp.exe24⤵
- Executes dropped EXE
-
\??\c:\1nnnbh.exec:\1nnnbh.exe25⤵
- Executes dropped EXE
-
\??\c:\jdjpv.exec:\jdjpv.exe26⤵
- Executes dropped EXE
-
\??\c:\xxfxxrr.exec:\xxfxxrr.exe27⤵
- Executes dropped EXE
-
\??\c:\hhbnth.exec:\hhbnth.exe28⤵
- Executes dropped EXE
-
\??\c:\lflrlrl.exec:\lflrlrl.exe29⤵
- Executes dropped EXE
-
\??\c:\ntbtth.exec:\ntbtth.exe30⤵
- Executes dropped EXE
-
\??\c:\flxfrfl.exec:\flxfrfl.exe31⤵
- Executes dropped EXE
-
\??\c:\bnbhth.exec:\bnbhth.exe32⤵
- Executes dropped EXE
-
\??\c:\lffrrxr.exec:\lffrrxr.exe33⤵
- Executes dropped EXE
-
\??\c:\tnttbh.exec:\tnttbh.exe34⤵
- Executes dropped EXE
-
\??\c:\dpppj.exec:\dpppj.exe35⤵
- Executes dropped EXE
-
\??\c:\9jvvd.exec:\9jvvd.exe36⤵
- Executes dropped EXE
-
\??\c:\fxlrffr.exec:\fxlrffr.exe37⤵
- Executes dropped EXE
-
\??\c:\nhbnnt.exec:\nhbnnt.exe38⤵
- Executes dropped EXE
-
\??\c:\vvpdj.exec:\vvpdj.exe39⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe40⤵
- Executes dropped EXE
-
\??\c:\xxxfxrl.exec:\xxxfxrl.exe41⤵
- Executes dropped EXE
-
\??\c:\nhbhtb.exec:\nhbhtb.exe42⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe43⤵
- Executes dropped EXE
-
\??\c:\pjjdj.exec:\pjjdj.exe44⤵
- Executes dropped EXE
-
\??\c:\rlllrxf.exec:\rlllrxf.exe45⤵
- Executes dropped EXE
-
\??\c:\3ntbhh.exec:\3ntbhh.exe46⤵
- Executes dropped EXE
-
\??\c:\5jdjj.exec:\5jdjj.exe47⤵
- Executes dropped EXE
-
\??\c:\pdddp.exec:\pdddp.exe48⤵
- Executes dropped EXE
-
\??\c:\ffflrxr.exec:\ffflrxr.exe49⤵
- Executes dropped EXE
-
\??\c:\nhthnt.exec:\nhthnt.exe50⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe51⤵
- Executes dropped EXE
-
\??\c:\9jjjj.exec:\9jjjj.exe52⤵
- Executes dropped EXE
-
\??\c:\rlffflr.exec:\rlffflr.exe53⤵
- Executes dropped EXE
-
\??\c:\7btnbn.exec:\7btnbn.exe54⤵
- Executes dropped EXE
-
\??\c:\7vpdv.exec:\7vpdv.exe55⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe56⤵
- Executes dropped EXE
-
\??\c:\xxlrxxl.exec:\xxlrxxl.exe57⤵
- Executes dropped EXE
-
\??\c:\3hbbtb.exec:\3hbbtb.exe58⤵
- Executes dropped EXE
-
\??\c:\btntnt.exec:\btntnt.exe59⤵
- Executes dropped EXE
-
\??\c:\rrllxlx.exec:\rrllxlx.exe60⤵
- Executes dropped EXE
-
\??\c:\xrlfrfl.exec:\xrlfrfl.exe61⤵
- Executes dropped EXE
-
\??\c:\ttbtth.exec:\ttbtth.exe62⤵
- Executes dropped EXE
-
\??\c:\5vpvd.exec:\5vpvd.exe63⤵
- Executes dropped EXE
-
\??\c:\vpdpj.exec:\vpdpj.exe64⤵
- Executes dropped EXE
-
\??\c:\nnhtnb.exec:\nnhtnb.exe65⤵
- Executes dropped EXE
-
\??\c:\vjdpd.exec:\vjdpd.exe66⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe67⤵
-
\??\c:\rlxfllx.exec:\rlxfllx.exe68⤵
-
\??\c:\hhntht.exec:\hhntht.exe69⤵
-
\??\c:\ttntnt.exec:\ttntnt.exe70⤵
-
\??\c:\5rxrxrr.exec:\5rxrxrr.exe71⤵
-
\??\c:\llrrlff.exec:\llrrlff.exe72⤵
-
\??\c:\hhtnhn.exec:\hhtnhn.exe73⤵
-
\??\c:\vdpvp.exec:\vdpvp.exe74⤵
-
\??\c:\rrlrllx.exec:\rrlrllx.exe75⤵
-
\??\c:\rlrflrx.exec:\rlrflrx.exe76⤵
-
\??\c:\nhbnbb.exec:\nhbnbb.exe77⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe78⤵
-
\??\c:\rlflrfx.exec:\rlflrfx.exe79⤵
-
\??\c:\9lfrrrx.exec:\9lfrrrx.exe80⤵
-
\??\c:\nhbnhn.exec:\nhbnhn.exe81⤵
-
\??\c:\jpddd.exec:\jpddd.exe82⤵
-
\??\c:\rlxflrx.exec:\rlxflrx.exe83⤵
-
\??\c:\lfrrxrf.exec:\lfrrxrf.exe84⤵
-
\??\c:\btbnbh.exec:\btbnbh.exe85⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe86⤵
-
\??\c:\flflxxf.exec:\flflxxf.exe87⤵
-
\??\c:\xffrrrx.exec:\xffrrrx.exe88⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe89⤵
-
\??\c:\9jpjj.exec:\9jpjj.exe90⤵
-
\??\c:\fflfxrf.exec:\fflfxrf.exe91⤵
-
\??\c:\nnhnbh.exec:\nnhnbh.exe92⤵
-
\??\c:\tnthnb.exec:\tnthnb.exe93⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe94⤵
-
\??\c:\rfxxlrf.exec:\rfxxlrf.exe95⤵
-
\??\c:\hbbhtb.exec:\hbbhtb.exe96⤵
-
\??\c:\hbnttb.exec:\hbnttb.exe97⤵
-
\??\c:\dppvp.exec:\dppvp.exe98⤵
-
\??\c:\fxrfrfx.exec:\fxrfrfx.exe99⤵
-
\??\c:\bbhbbt.exec:\bbhbbt.exe100⤵
-
\??\c:\btnbht.exec:\btnbht.exe101⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe102⤵
-
\??\c:\xxfxrfx.exec:\xxfxrfx.exe103⤵
-
\??\c:\rrlxxxr.exec:\rrlxxxr.exe104⤵
-
\??\c:\hnnhtn.exec:\hnnhtn.exe105⤵
-
\??\c:\dpjpp.exec:\dpjpp.exe106⤵
-
\??\c:\rllxfxx.exec:\rllxfxx.exe107⤵
-
\??\c:\llxlfrl.exec:\llxlfrl.exe108⤵
-
\??\c:\tntthh.exec:\tntthh.exe109⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe110⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe111⤵
-
\??\c:\frlrxrr.exec:\frlrxrr.exe112⤵
-
\??\c:\hbbhtb.exec:\hbbhtb.exe113⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe114⤵
-
\??\c:\fffllxl.exec:\fffllxl.exe115⤵
-
\??\c:\hbnbbh.exec:\hbnbbh.exe116⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe117⤵
-
\??\c:\xfflfrl.exec:\xfflfrl.exe118⤵
-
\??\c:\bnhhnt.exec:\bnhhnt.exe119⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe120⤵
-
\??\c:\lflxlxf.exec:\lflxlxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-