Analysis
-
max time kernel
120s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
23/07/2024, 12:45 UTC
General
-
Target
b8d32d58c62504ec10559113f782eb50N.exe
-
Size
523KB
-
MD5
b8d32d58c62504ec10559113f782eb50
-
SHA1
9134085e8e84199b23aad8189dbf6d125143172b
-
SHA256
bfeeee3d2737f117e68db46600b416614c6217759c6bb383fcafbfc6fecab355
-
SHA512
94dff61181a2c84dd9ceb6f99b24c9c1d8a8c09b11b222f41dfcfd53746ded28ffc856817d80ca288457f3f9a5779d98d0fd3ab9e33e831b14f9536bd6cd0269
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2CfNnkymTwaJ3o89H3x+v:q7Tc2NYHUrAwfMHNnpls4894v
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b8d32d58c62504ec10559113f782eb50N.exe"C:\Users\Admin\AppData\Local\Temp\b8d32d58c62504ec10559113f782eb50N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllxll.exec:\rfllxll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bhthb.exec:\7bhthb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntttb.exec:\bntttb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdv.exec:\pdvdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ffxxxx.exec:\3ffxxxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxfff.exec:\frxxfff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtttt.exec:\tbtttt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpv.exec:\ddvpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frllrx.exec:\3frllrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfffrr.exec:\rlfffrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdj.exec:\jdpdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxffl.exec:\lffxffl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjj.exec:\jjpjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhbh.exec:\bbbhbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlllll.exec:\lxlllll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxflrrx.exec:\lxflrrx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvv.exec:\jpdvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllffr.exec:\llllffr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhnb.exec:\bbbhnb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjj.exec:\dvvjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxxfl.exec:\lxfxxfl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbbb.exec:\tnbbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\pvjjv.exec:\pvjjv.exe24⤵
- Executes dropped EXE
-
\??\c:\bbnnhh.exec:\bbnnhh.exe25⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe26⤵
- Executes dropped EXE
-
\??\c:\lxffxrl.exec:\lxffxrl.exe27⤵
- Executes dropped EXE
-
\??\c:\dpdjj.exec:\dpdjj.exe28⤵
- Executes dropped EXE
-
\??\c:\bnnnhh.exec:\bnnnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\bntttb.exec:\bntttb.exe30⤵
- Executes dropped EXE
-
\??\c:\vvdvd.exec:\vvdvd.exe31⤵
- Executes dropped EXE
-
\??\c:\lxxfrfx.exec:\lxxfrfx.exe32⤵
- Executes dropped EXE
-
\??\c:\ppddj.exec:\ppddj.exe33⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe34⤵
- Executes dropped EXE
-
\??\c:\nbbbbb.exec:\nbbbbb.exe35⤵
- Executes dropped EXE
-
\??\c:\ddpjj.exec:\ddpjj.exe36⤵
- Executes dropped EXE
-
\??\c:\rrrrlll.exec:\rrrrlll.exe37⤵
- Executes dropped EXE
-
\??\c:\nhnnnn.exec:\nhnnnn.exe38⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe39⤵
-
\??\c:\flflflr.exec:\flflflr.exe40⤵
- Executes dropped EXE
-
\??\c:\bbnthn.exec:\bbnthn.exe41⤵
- Executes dropped EXE
-
\??\c:\pvppd.exec:\pvppd.exe42⤵
- Executes dropped EXE
-
\??\c:\rfrrrll.exec:\rfrrrll.exe43⤵
- Executes dropped EXE
-
\??\c:\9vddd.exec:\9vddd.exe44⤵
- Executes dropped EXE
-
\??\c:\1tttbb.exec:\1tttbb.exe45⤵
- Executes dropped EXE
-
\??\c:\hhtbtt.exec:\hhtbtt.exe46⤵
- Executes dropped EXE
-
\??\c:\lrrlxrr.exec:\lrrlxrr.exe47⤵
- Executes dropped EXE
-
\??\c:\tnbbtb.exec:\tnbbtb.exe48⤵
- Executes dropped EXE
-
\??\c:\rflffrl.exec:\rflffrl.exe49⤵
- Executes dropped EXE
-
\??\c:\rxfxrrx.exec:\rxfxrrx.exe50⤵
- Executes dropped EXE
-
\??\c:\djjjd.exec:\djjjd.exe51⤵
- Executes dropped EXE
-
\??\c:\lfrxxxf.exec:\lfrxxxf.exe52⤵
- Executes dropped EXE
-
\??\c:\tnnhnn.exec:\tnnhnn.exe53⤵
- Executes dropped EXE
-
\??\c:\fflffff.exec:\fflffff.exe54⤵
- Executes dropped EXE
-
\??\c:\tbhhhh.exec:\tbhhhh.exe55⤵
- Executes dropped EXE
-
\??\c:\ddppp.exec:\ddppp.exe56⤵
- Executes dropped EXE
-
\??\c:\flxxxrf.exec:\flxxxrf.exe57⤵
- Executes dropped EXE
-
\??\c:\tntttt.exec:\tntttt.exe58⤵
- Executes dropped EXE
-
\??\c:\tbhbbb.exec:\tbhbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe60⤵
- Executes dropped EXE
-
\??\c:\lxrrxxx.exec:\lxrrxxx.exe61⤵
- Executes dropped EXE
-
\??\c:\hntbbb.exec:\hntbbb.exe62⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe63⤵
- Executes dropped EXE
-
\??\c:\rrlrrxr.exec:\rrlrrxr.exe64⤵
- Executes dropped EXE
-
\??\c:\7hnnhh.exec:\7hnnhh.exe65⤵
- Executes dropped EXE
-
\??\c:\nhhtnb.exec:\nhhtnb.exe66⤵
- Executes dropped EXE
-
\??\c:\jjvjv.exec:\jjvjv.exe67⤵
-
\??\c:\9xlrrll.exec:\9xlrrll.exe68⤵
-
\??\c:\hntbhb.exec:\hntbhb.exe69⤵
-
\??\c:\jpddj.exec:\jpddj.exe70⤵
-
\??\c:\xrfffll.exec:\xrfffll.exe71⤵
-
\??\c:\nbtnhh.exec:\nbtnhh.exe72⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe73⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe74⤵
-
\??\c:\7lfffff.exec:\7lfffff.exe75⤵
-
\??\c:\bhtnbt.exec:\bhtnbt.exe76⤵
-
\??\c:\vvppj.exec:\vvppj.exe77⤵
-
\??\c:\fxlxrll.exec:\fxlxrll.exe78⤵
-
\??\c:\ntttnt.exec:\ntttnt.exe79⤵
-
\??\c:\5vvjd.exec:\5vvjd.exe80⤵
-
\??\c:\3lrrrxx.exec:\3lrrrxx.exe81⤵
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe82⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe83⤵
-
\??\c:\jvppv.exec:\jvppv.exe84⤵
-
\??\c:\1flfxxx.exec:\1flfxxx.exe85⤵
-
\??\c:\bbbhbb.exec:\bbbhbb.exe86⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe87⤵
-
\??\c:\djpdp.exec:\djpdp.exe88⤵
-
\??\c:\lfrxxxf.exec:\lfrxxxf.exe89⤵
-
\??\c:\bnbhbb.exec:\bnbhbb.exe90⤵
-
\??\c:\vdjjp.exec:\vdjjp.exe91⤵
-
\??\c:\3lxrxxx.exec:\3lxrxxx.exe92⤵
-
\??\c:\hbhbnn.exec:\hbhbnn.exe93⤵
-
\??\c:\jppdv.exec:\jppdv.exe94⤵
-
\??\c:\9frllll.exec:\9frllll.exe95⤵
-
\??\c:\xfrlrrr.exec:\xfrlrrr.exe96⤵
-
\??\c:\3nnhhn.exec:\3nnhhn.exe97⤵
-
\??\c:\1pvpp.exec:\1pvpp.exe98⤵
-
\??\c:\9rfxxfx.exec:\9rfxxfx.exe99⤵
-
\??\c:\thtnhh.exec:\thtnhh.exe100⤵
-
\??\c:\pddvv.exec:\pddvv.exe101⤵
-
\??\c:\3lrlffr.exec:\3lrlffr.exe102⤵
-
\??\c:\ttttnh.exec:\ttttnh.exe103⤵
-
\??\c:\5jvpp.exec:\5jvpp.exe104⤵
-
\??\c:\3jvvp.exec:\3jvvp.exe105⤵
-
\??\c:\5rfxflf.exec:\5rfxflf.exe106⤵
-
\??\c:\hnnnth.exec:\hnnnth.exe107⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe108⤵
-
\??\c:\lfllllf.exec:\lfllllf.exe109⤵
-
\??\c:\tnbbtb.exec:\tnbbtb.exe110⤵
-
\??\c:\pvvdj.exec:\pvvdj.exe111⤵
-
\??\c:\5fxxxxx.exec:\5fxxxxx.exe112⤵
-
\??\c:\9bnhtb.exec:\9bnhtb.exe113⤵
-
\??\c:\ttbbbh.exec:\ttbbbh.exe114⤵
-
\??\c:\pjddd.exec:\pjddd.exe115⤵
-
\??\c:\fxlfflr.exec:\fxlfflr.exe116⤵
-
\??\c:\hnbbbh.exec:\hnbbbh.exe117⤵
-
\??\c:\pvjpp.exec:\pvjpp.exe118⤵
-
\??\c:\vvddd.exec:\vvddd.exe119⤵
-
\??\c:\1fxxrlr.exec:\1fxxrlr.exe120⤵
-
\??\c:\1tbbtb.exec:\1tbbtb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-