Analysis
-
max time kernel
58s -
max time network
48s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
30-06-2024 23:59
General
-
Target
8b41575f96493c7f892aca783009e11a3703db1153bd05cc7afd4f9409e2be01.exe
-
Size
152KB
-
MD5
7bcd5798fdab5d47b2e11443014a9277
-
SHA1
b13d46e96acad51f5a9302232b3077991cdf4976
-
SHA256
8b41575f96493c7f892aca783009e11a3703db1153bd05cc7afd4f9409e2be01
-
SHA512
b5846f52bcc7fd0683856dd1b33b63899831f921cea393a6ebc8d4d32b438db4d22a7956fe34cadb75fb4d0b5881e148ad2402a85fdeb9a622da12dc2eedd2fc
-
SSDEEP
3072:khOmTsF93UYfwC6GIoutpYcvrqrE66kropO6BWlPFH4tpU:kcm4FmowdHoSphraHcpOFltH4tpU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8b41575f96493c7f892aca783009e11a3703db1153bd05cc7afd4f9409e2be01.exe"C:\Users\Admin\AppData\Local\Temp\8b41575f96493c7f892aca783009e11a3703db1153bd05cc7afd4f9409e2be01.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffxrl.exec:\fxffxrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhhn.exec:\nhnhhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhbh.exec:\nbhhbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddv.exec:\ppddv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxfxf.exec:\fffxfxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfllr.exec:\rrlfllr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bnhhh.exec:\9bnhhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvv.exec:\jvdvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrrlrr.exec:\frrrlrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxxxx.exec:\fxrxxxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntnnh.exec:\nntnnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbbbb.exec:\7tbbbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpvd.exec:\vdpvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxffrx.exec:\ffxffrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbbb.exec:\tbhbbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbbt.exec:\hthbbt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvp.exec:\ddvvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxffxf.exec:\rfxffxf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnhh.exec:\hhtnhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnbh.exec:\hbnnbh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvp.exec:\vvvvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3djdd.exec:\3djdd.exe23⤵
- Executes dropped EXE
-
\??\c:\lxfxrxx.exec:\lxfxrxx.exe24⤵
- Executes dropped EXE
-
\??\c:\fxrfxxx.exec:\fxrfxxx.exe25⤵
- Executes dropped EXE
-
\??\c:\tnnhtb.exec:\tnnhtb.exe26⤵
- Executes dropped EXE
-
\??\c:\nnhhbb.exec:\nnhhbb.exe27⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe28⤵
- Executes dropped EXE
-
\??\c:\xrlrxrx.exec:\xrlrxrx.exe29⤵
- Executes dropped EXE
-
\??\c:\tttttt.exec:\tttttt.exe30⤵
- Executes dropped EXE
-
\??\c:\hntnhh.exec:\hntnhh.exe31⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe32⤵
- Executes dropped EXE
-
\??\c:\jjvjj.exec:\jjvjj.exe33⤵
- Executes dropped EXE
-
\??\c:\rllrlfx.exec:\rllrlfx.exe34⤵
- Executes dropped EXE
-
\??\c:\7nnhtt.exec:\7nnhtt.exe35⤵
- Executes dropped EXE
-
\??\c:\3btnht.exec:\3btnht.exe36⤵
- Executes dropped EXE
-
\??\c:\7jjjj.exec:\7jjjj.exe37⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe38⤵
- Executes dropped EXE
-
\??\c:\7ffxrxr.exec:\7ffxrxr.exe39⤵
- Executes dropped EXE
-
\??\c:\lxxxlff.exec:\lxxxlff.exe40⤵
- Executes dropped EXE
-
\??\c:\hbbbtb.exec:\hbbbtb.exe41⤵
- Executes dropped EXE
-
\??\c:\nbbnbt.exec:\nbbnbt.exe42⤵
- Executes dropped EXE
-
\??\c:\9jddv.exec:\9jddv.exe43⤵
- Executes dropped EXE
-
\??\c:\llfrfxf.exec:\llfrfxf.exe44⤵
- Executes dropped EXE
-
\??\c:\lfxrxxf.exec:\lfxrxxf.exe45⤵
- Executes dropped EXE
-
\??\c:\7nnnhh.exec:\7nnnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\nnnbtn.exec:\nnnbtn.exe47⤵
- Executes dropped EXE
-
\??\c:\9jjdv.exec:\9jjdv.exe48⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe49⤵
- Executes dropped EXE
-
\??\c:\rfffxfx.exec:\rfffxfx.exe50⤵
- Executes dropped EXE
-
\??\c:\llllfll.exec:\llllfll.exe51⤵
- Executes dropped EXE
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe52⤵
- Executes dropped EXE
-
\??\c:\bbhhbb.exec:\bbhhbb.exe53⤵
- Executes dropped EXE
-
\??\c:\bhtttt.exec:\bhtttt.exe54⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe55⤵
- Executes dropped EXE
-
\??\c:\ddvjp.exec:\ddvjp.exe56⤵
- Executes dropped EXE
-
\??\c:\xrrxxff.exec:\xrrxxff.exe57⤵
- Executes dropped EXE
-
\??\c:\xxrrrrr.exec:\xxrrrrr.exe58⤵
- Executes dropped EXE
-
\??\c:\nhhhtn.exec:\nhhhtn.exe59⤵
- Executes dropped EXE
-
\??\c:\tnhbth.exec:\tnhbth.exe60⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe61⤵
- Executes dropped EXE
-
\??\c:\jdddd.exec:\jdddd.exe62⤵
- Executes dropped EXE
-
\??\c:\frrlxrf.exec:\frrlxrf.exe63⤵
- Executes dropped EXE
-
\??\c:\5rlffxx.exec:\5rlffxx.exe64⤵
- Executes dropped EXE
-
\??\c:\bnhbnh.exec:\bnhbnh.exe65⤵
- Executes dropped EXE
-
\??\c:\bhnhhb.exec:\bhnhhb.exe66⤵
- Executes dropped EXE
-
\??\c:\5hbtnn.exec:\5hbtnn.exe67⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe68⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe69⤵
-
\??\c:\rffllff.exec:\rffllff.exe70⤵
-
\??\c:\lfrrxxl.exec:\lfrrxxl.exe71⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe72⤵
-
\??\c:\tbhttt.exec:\tbhttt.exe73⤵
-
\??\c:\jdddp.exec:\jdddp.exe74⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe75⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe76⤵
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe77⤵
-
\??\c:\rxfffrr.exec:\rxfffrr.exe78⤵
-
\??\c:\bntnht.exec:\bntnht.exe79⤵
-
\??\c:\thbhnh.exec:\thbhnh.exe80⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe81⤵
-
\??\c:\djppp.exec:\djppp.exe82⤵
-
\??\c:\ffxrrrr.exec:\ffxrrrr.exe83⤵
-
\??\c:\lrrrrxx.exec:\lrrrrxx.exe84⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe85⤵
-
\??\c:\nthbbb.exec:\nthbbb.exe86⤵
-
\??\c:\djpjd.exec:\djpjd.exe87⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe88⤵
-
\??\c:\fxxllll.exec:\fxxllll.exe89⤵
-
\??\c:\lfrlflx.exec:\lfrlflx.exe90⤵
-
\??\c:\bbhhtn.exec:\bbhhtn.exe91⤵
-
\??\c:\thttnn.exec:\thttnn.exe92⤵
-
\??\c:\9vdjj.exec:\9vdjj.exe93⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe94⤵
-
\??\c:\rrxxflr.exec:\rrxxflr.exe95⤵
-
\??\c:\rlrxfll.exec:\rlrxfll.exe96⤵
-
\??\c:\1hhbtt.exec:\1hhbtt.exe97⤵
-
\??\c:\hbtnnn.exec:\hbtnnn.exe98⤵
-
\??\c:\vjdjj.exec:\vjdjj.exe99⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe100⤵
-
\??\c:\ffffflr.exec:\ffffflr.exe101⤵
-
\??\c:\llxxxfl.exec:\llxxxfl.exe102⤵
-
\??\c:\ntbbbh.exec:\ntbbbh.exe103⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe104⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe105⤵
-
\??\c:\vjjpp.exec:\vjjpp.exe106⤵
-
\??\c:\rxxrrrr.exec:\rxxrrrr.exe107⤵
-
\??\c:\rfllflf.exec:\rfllflf.exe108⤵
-
\??\c:\5tbbtn.exec:\5tbbtn.exe109⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe110⤵
-
\??\c:\rxlrflf.exec:\rxlrflf.exe111⤵
-
\??\c:\xlfflxf.exec:\xlfflxf.exe112⤵
-
\??\c:\hhnntb.exec:\hhnntb.exe113⤵
-
\??\c:\bthbhh.exec:\bthbhh.exe114⤵
-
\??\c:\9vddj.exec:\9vddj.exe115⤵
-
\??\c:\vjdpp.exec:\vjdpp.exe116⤵
-
\??\c:\pjppj.exec:\pjppj.exe117⤵
-
\??\c:\vdppp.exec:\vdppp.exe118⤵
-
\??\c:\xllflfx.exec:\xllflfx.exe119⤵
-
\??\c:\pvddd.exec:\pvddd.exe120⤵
-
\??\c:\vppjv.exec:\vppjv.exe121⤵
-
\??\c:\rrrxxxr.exec:\rrrxxxr.exe122⤵
-
\??\c:\5rfllxx.exec:\5rfllxx.exe123⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe124⤵
-
\??\c:\bhttnh.exec:\bhttnh.exe125⤵
-
\??\c:\xxffxlx.exec:\xxffxlx.exe126⤵
-
\??\c:\hthhhb.exec:\hthhhb.exe127⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe128⤵
-
\??\c:\ffxxxff.exec:\ffxxxff.exe129⤵
-
\??\c:\jddpj.exec:\jddpj.exe130⤵
-
\??\c:\frrlfxx.exec:\frrlfxx.exe131⤵
-
\??\c:\xfrlrfx.exec:\xfrlrfx.exe132⤵
-
\??\c:\hbhntb.exec:\hbhntb.exe133⤵
-
\??\c:\1vjdd.exec:\1vjdd.exe134⤵
-
\??\c:\xxxrrrl.exec:\xxxrrrl.exe135⤵
-
\??\c:\9bhhhn.exec:\9bhhhn.exe136⤵
-
\??\c:\rrrlflf.exec:\rrrlflf.exe137⤵
-
\??\c:\bhhhbh.exec:\bhhhbh.exe138⤵
-
\??\c:\rlxxlrr.exec:\rlxxlrr.exe139⤵
-
\??\c:\nnnhbt.exec:\nnnhbt.exe140⤵
-
\??\c:\nnntth.exec:\nnntth.exe141⤵
-
\??\c:\djjjv.exec:\djjjv.exe142⤵
-
\??\c:\9jvpd.exec:\9jvpd.exe143⤵
-
\??\c:\xxxrfxx.exec:\xxxrfxx.exe144⤵
-
\??\c:\bnttnh.exec:\bnttnh.exe145⤵
-
\??\c:\9tthht.exec:\9tthht.exe146⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe147⤵
-
\??\c:\9ppdp.exec:\9ppdp.exe148⤵
-
\??\c:\lxflxlr.exec:\lxflxlr.exe149⤵
-
\??\c:\nthttn.exec:\nthttn.exe150⤵
-
\??\c:\jppjd.exec:\jppjd.exe151⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe152⤵
-
\??\c:\fflllrr.exec:\fflllrr.exe153⤵
-
\??\c:\9xxrllf.exec:\9xxrllf.exe154⤵
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe155⤵
-
\??\c:\hnbhth.exec:\hnbhth.exe156⤵
-
\??\c:\bhnnth.exec:\bhnnth.exe157⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe158⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe159⤵
-
\??\c:\ffrlxxx.exec:\ffrlxxx.exe160⤵
-
\??\c:\lffrllf.exec:\lffrllf.exe161⤵
-
\??\c:\7ntbtt.exec:\7ntbtt.exe162⤵
-
\??\c:\htbttt.exec:\htbttt.exe163⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe164⤵
-
\??\c:\5vvdv.exec:\5vvdv.exe165⤵
-
\??\c:\nbhtnn.exec:\nbhtnn.exe166⤵
-
\??\c:\bbtbtt.exec:\bbtbtt.exe167⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe168⤵
-
\??\c:\flrrxxx.exec:\flrrxxx.exe169⤵
-
\??\c:\fffrlll.exec:\fffrlll.exe170⤵
-
\??\c:\ttbbhn.exec:\ttbbhn.exe171⤵
-
\??\c:\tbbbnn.exec:\tbbbnn.exe172⤵
-
\??\c:\dvvjj.exec:\dvvjj.exe173⤵
-
\??\c:\7flrlrr.exec:\7flrlrr.exe174⤵
-
\??\c:\7hhhbb.exec:\7hhhbb.exe175⤵
-
\??\c:\hthbbh.exec:\hthbbh.exe176⤵
-
\??\c:\1pppv.exec:\1pppv.exe177⤵
-
\??\c:\vjvdp.exec:\vjvdp.exe178⤵
-
\??\c:\3lxrllr.exec:\3lxrllr.exe179⤵
-
\??\c:\ttnhbb.exec:\ttnhbb.exe180⤵
-
\??\c:\frffllr.exec:\frffllr.exe181⤵
-
\??\c:\tbbntb.exec:\tbbntb.exe182⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe183⤵
-
\??\c:\djjdv.exec:\djjdv.exe184⤵
-
\??\c:\nbhnnt.exec:\nbhnnt.exe185⤵
-
\??\c:\tbnhht.exec:\tbnhht.exe186⤵
-
\??\c:\rxlrxff.exec:\rxlrxff.exe187⤵
-
\??\c:\xxrfxff.exec:\xxrfxff.exe188⤵
-
\??\c:\ntnnth.exec:\ntnnth.exe189⤵
-
\??\c:\nnbhhn.exec:\nnbhhn.exe190⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe191⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe192⤵
-
\??\c:\ffxfxfx.exec:\ffxfxfx.exe193⤵
-
\??\c:\fxxrxxl.exec:\fxxrxxl.exe194⤵
-
\??\c:\1bbttn.exec:\1bbttn.exe195⤵
-
\??\c:\9jvvj.exec:\9jvvj.exe196⤵
-
\??\c:\xrxflrx.exec:\xrxflrx.exe197⤵
-
\??\c:\bbhhhn.exec:\bbhhhn.exe198⤵
-
\??\c:\bthnnt.exec:\bthnnt.exe199⤵
-
\??\c:\vjjpv.exec:\vjjpv.exe200⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe201⤵
-
\??\c:\flffffx.exec:\flffffx.exe202⤵
-
\??\c:\ffxlxlf.exec:\ffxlxlf.exe203⤵
-
\??\c:\btnnnt.exec:\btnnnt.exe204⤵
-
\??\c:\fflflrx.exec:\fflflrx.exe205⤵
-
\??\c:\nbbhtb.exec:\nbbhtb.exe206⤵
-
\??\c:\nntbtt.exec:\nntbtt.exe207⤵
-
\??\c:\htthnn.exec:\htthnn.exe208⤵
-
\??\c:\3djpp.exec:\3djpp.exe209⤵
-
\??\c:\fxfffll.exec:\fxfffll.exe210⤵
-
\??\c:\xlxffll.exec:\xlxffll.exe211⤵
-
\??\c:\tbtnht.exec:\tbtnht.exe212⤵
-
\??\c:\rfrxfxx.exec:\rfrxfxx.exe213⤵
-
\??\c:\ntnhhb.exec:\ntnhhb.exe214⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe215⤵
-
\??\c:\jjpvd.exec:\jjpvd.exe216⤵
-
\??\c:\nhnnbn.exec:\nhnnbn.exe217⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe218⤵
-
\??\c:\httthb.exec:\httthb.exe219⤵
-
\??\c:\rlrxffl.exec:\rlrxffl.exe220⤵
-
\??\c:\xxfffll.exec:\xxfffll.exe221⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe222⤵
-
\??\c:\7rfffrx.exec:\7rfffrx.exe223⤵
-
\??\c:\ttnbbb.exec:\ttnbbb.exe224⤵
-
\??\c:\ntnbbh.exec:\ntnbbh.exe225⤵
-
\??\c:\llrrrrr.exec:\llrrrrr.exe226⤵
-
\??\c:\bnntbh.exec:\bnntbh.exe227⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe228⤵
-
\??\c:\djpdj.exec:\djpdj.exe229⤵
-
\??\c:\xllllrf.exec:\xllllrf.exe230⤵
-
\??\c:\jpjdp.exec:\jpjdp.exe231⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe232⤵
-
\??\c:\fxrrrxx.exec:\fxrrrxx.exe233⤵
-
\??\c:\bbnnnh.exec:\bbnnnh.exe234⤵
-
\??\c:\lrllffl.exec:\lrllffl.exe235⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe236⤵
-
\??\c:\nbthnt.exec:\nbthnt.exe237⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe238⤵
-
\??\c:\dpppp.exec:\dpppp.exe239⤵
-
\??\c:\xrxlrlr.exec:\xrxlrlr.exe240⤵