Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
30-06-2024 21:19
General
-
Target
4da5e179858b40208c36458051199609a721aa93e3973abd75ee5886661d09bd.exe
-
Size
61KB
-
MD5
a2b73faba4334ce019f71e22a1bd996f
-
SHA1
b77fe53d99ad523cde4179aa6762f198236c3fef
-
SHA256
4da5e179858b40208c36458051199609a721aa93e3973abd75ee5886661d09bd
-
SHA512
255fcc877449ba46723151760dd1f29e2d3045bd8a2cf6f4adb10de0b77da80c4ab1c58395f348e58b7cecfea486b5e3437fc511a4a69205cfe0a57d07d27872
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzkzNb:ymb3NkkiQ3mdBjFIvlpb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\605845472\zmstage.exeC:\Users\Admin\AppData\Local\Temp\605845472\zmstage.exe1⤵
-
C:\Windows\system32\MusNotification.exeC:\Windows\system32\MusNotification.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\4da5e179858b40208c36458051199609a721aa93e3973abd75ee5886661d09bd.exe"C:\Users\Admin\AppData\Local\Temp\4da5e179858b40208c36458051199609a721aa93e3973abd75ee5886661d09bd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxrlf.exec:\rxxxrlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnnn.exec:\nnnnnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtnt.exec:\ttbtnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjj.exec:\vvjjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llfffx.exec:\7llfffx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5frxxfl.exec:\5frxxfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttbb.exec:\hbttbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjvj.exec:\djjvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvj.exec:\djvvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ffrfrf.exec:\9ffrfrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxllfl.exec:\xfxllfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnhh.exec:\bntnhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ddvj.exec:\5ddvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjp.exec:\dppjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxrrr.exec:\fffxrrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrlll.exec:\lrxrlll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbnt.exec:\tnbbnt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjv.exec:\djjjv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjjv.exec:\3vjjv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxrrr.exec:\frfxrrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfrlff.exec:\frfrlff.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhtt.exec:\bnnhtt.exe23⤵
- Executes dropped EXE
-
\??\c:\btttbb.exec:\btttbb.exe24⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe25⤵
- Executes dropped EXE
-
\??\c:\djjjv.exec:\djjjv.exe26⤵
- Executes dropped EXE
-
\??\c:\lffrrfl.exec:\lffrrfl.exe27⤵
- Executes dropped EXE
-
\??\c:\rllfxxr.exec:\rllfxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\hbbnnh.exec:\hbbnnh.exe29⤵
- Executes dropped EXE
-
\??\c:\djvpp.exec:\djvpp.exe30⤵
- Executes dropped EXE
-
\??\c:\9jvpd.exec:\9jvpd.exe31⤵
- Executes dropped EXE
-
\??\c:\xfxxlff.exec:\xfxxlff.exe32⤵
- Executes dropped EXE
-
\??\c:\ntbtbb.exec:\ntbtbb.exe33⤵
- Executes dropped EXE
-
\??\c:\thhtnh.exec:\thhtnh.exe34⤵
- Executes dropped EXE
-
\??\c:\jpjvp.exec:\jpjvp.exe35⤵
- Executes dropped EXE
-
\??\c:\frflffr.exec:\frflffr.exe36⤵
- Executes dropped EXE
-
\??\c:\fxlfrlx.exec:\fxlfrlx.exe37⤵
- Executes dropped EXE
-
\??\c:\bbbnbh.exec:\bbbnbh.exe38⤵
- Executes dropped EXE
-
\??\c:\nbbnhn.exec:\nbbnhn.exe39⤵
- Executes dropped EXE
-
\??\c:\jjddd.exec:\jjddd.exe40⤵
- Executes dropped EXE
-
\??\c:\llffrxl.exec:\llffrxl.exe41⤵
- Executes dropped EXE
-
\??\c:\5rllffx.exec:\5rllffx.exe42⤵
- Executes dropped EXE
-
\??\c:\ttbtbh.exec:\ttbtbh.exe43⤵
- Executes dropped EXE
-
\??\c:\btnnbb.exec:\btnnbb.exe44⤵
- Executes dropped EXE
-
\??\c:\jvjvp.exec:\jvjvp.exe45⤵
- Executes dropped EXE
-
\??\c:\7ddvp.exec:\7ddvp.exe46⤵
- Executes dropped EXE
-
\??\c:\fxlfllr.exec:\fxlfllr.exe47⤵
- Executes dropped EXE
-
\??\c:\lrlxxlf.exec:\lrlxxlf.exe48⤵
- Executes dropped EXE
-
\??\c:\nttbtb.exec:\nttbtb.exe49⤵
- Executes dropped EXE
-
\??\c:\tntbth.exec:\tntbth.exe50⤵
- Executes dropped EXE
-
\??\c:\dpjjd.exec:\dpjjd.exe51⤵
- Executes dropped EXE
-
\??\c:\9rflrfx.exec:\9rflrfx.exe52⤵
- Executes dropped EXE
-
\??\c:\xrxxxxr.exec:\xrxxxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\bttnhh.exec:\bttnhh.exe54⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe55⤵
- Executes dropped EXE
-
\??\c:\nnbtbn.exec:\nnbtbn.exe56⤵
- Executes dropped EXE
-
\??\c:\ddjpv.exec:\ddjpv.exe57⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe58⤵
- Executes dropped EXE
-
\??\c:\xrxxrrl.exec:\xrxxrrl.exe59⤵
- Executes dropped EXE
-
\??\c:\hbhbbb.exec:\hbhbbb.exe60⤵
- Executes dropped EXE
-
\??\c:\hbthtt.exec:\hbthtt.exe61⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe62⤵
- Executes dropped EXE
-
\??\c:\dvvvj.exec:\dvvvj.exe63⤵
- Executes dropped EXE
-
\??\c:\lxllffr.exec:\lxllffr.exe64⤵
- Executes dropped EXE
-
\??\c:\fxffflf.exec:\fxffflf.exe65⤵
- Executes dropped EXE
-
\??\c:\bhnttb.exec:\bhnttb.exe66⤵
-
\??\c:\hthnbh.exec:\hthnbh.exe67⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe68⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe69⤵
-
\??\c:\xxxrlll.exec:\xxxrlll.exe70⤵
-
\??\c:\xlrllrx.exec:\xlrllrx.exe71⤵
-
\??\c:\9bbhhn.exec:\9bbhhn.exe72⤵
-
\??\c:\7bntth.exec:\7bntth.exe73⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe74⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe75⤵
-
\??\c:\xrfxrrr.exec:\xrfxrrr.exe76⤵
-
\??\c:\1rlfxfx.exec:\1rlfxfx.exe77⤵
-
\??\c:\3rlfxxx.exec:\3rlfxxx.exe78⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe79⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe80⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe81⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe82⤵
-
\??\c:\ffrxlxl.exec:\ffrxlxl.exe83⤵
-
\??\c:\3flllll.exec:\3flllll.exe84⤵
-
\??\c:\bnnnnn.exec:\bnnnnn.exe85⤵
-
\??\c:\hhbtnn.exec:\hhbtnn.exe86⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe87⤵
-
\??\c:\7djdd.exec:\7djdd.exe88⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe89⤵
-
\??\c:\flrlfxx.exec:\flrlfxx.exe90⤵
-
\??\c:\fxfxrxx.exec:\fxfxrxx.exe91⤵
-
\??\c:\thtnnn.exec:\thtnnn.exe92⤵
-
\??\c:\hbhnhh.exec:\hbhnhh.exe93⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe94⤵
-
\??\c:\dpvjv.exec:\dpvjv.exe95⤵
-
\??\c:\lflfxxr.exec:\lflfxxr.exe96⤵
-
\??\c:\5rrlflf.exec:\5rrlflf.exe97⤵
-
\??\c:\nnhbbb.exec:\nnhbbb.exe98⤵
-
\??\c:\rfrfrrr.exec:\rfrfrrr.exe99⤵
-
\??\c:\xfffrrl.exec:\xfffrrl.exe100⤵
-
\??\c:\tnntbn.exec:\tnntbn.exe101⤵
-
\??\c:\htntht.exec:\htntht.exe102⤵
-
\??\c:\vjjpp.exec:\vjjpp.exe103⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe104⤵
-
\??\c:\lfllxfr.exec:\lfllxfr.exe105⤵
-
\??\c:\xrxflxx.exec:\xrxflxx.exe106⤵
-
\??\c:\tbtttb.exec:\tbtttb.exe107⤵
-
\??\c:\9hhhbb.exec:\9hhhbb.exe108⤵
-
\??\c:\ddddj.exec:\ddddj.exe109⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe110⤵
-
\??\c:\7xlxxxf.exec:\7xlxxxf.exe111⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe112⤵
-
\??\c:\5jppp.exec:\5jppp.exe113⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe114⤵
-
\??\c:\xrlfffx.exec:\xrlfffx.exe115⤵
-
\??\c:\lffxrrr.exec:\lffxrrr.exe116⤵
-
\??\c:\3ttnnh.exec:\3ttnnh.exe117⤵
-
\??\c:\bhhhtt.exec:\bhhhtt.exe118⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe119⤵
-
\??\c:\5pddp.exec:\5pddp.exe120⤵
-
\??\c:\3lrlllr.exec:\3lrlllr.exe121⤵
-
\??\c:\lffxfff.exec:\lffxfff.exe122⤵
-
\??\c:\nnbtnn.exec:\nnbtnn.exe123⤵
-
\??\c:\nnnnbb.exec:\nnnnbb.exe124⤵
-
\??\c:\hnnhtb.exec:\hnnhtb.exe125⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe126⤵
-
\??\c:\pdvdv.exec:\pdvdv.exe127⤵
-
\??\c:\ffxrrxl.exec:\ffxrrxl.exe128⤵
-
\??\c:\fxlxxfx.exec:\fxlxxfx.exe129⤵
-
\??\c:\bnttbb.exec:\bnttbb.exe130⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe131⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe132⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe133⤵
-
\??\c:\3ddvp.exec:\3ddvp.exe134⤵
-
\??\c:\frllfxx.exec:\frllfxx.exe135⤵
-
\??\c:\fxfxrxx.exec:\fxfxrxx.exe136⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe137⤵
-
\??\c:\5tbbbb.exec:\5tbbbb.exe138⤵
-
\??\c:\tnnhth.exec:\tnnhth.exe139⤵
-
\??\c:\vpppd.exec:\vpppd.exe140⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe141⤵
-
\??\c:\fxfflfl.exec:\fxfflfl.exe142⤵
-
\??\c:\rrxxflx.exec:\rrxxflx.exe143⤵
-
\??\c:\bbhbhh.exec:\bbhbhh.exe144⤵
-
\??\c:\btbbnb.exec:\btbbnb.exe145⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe146⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe147⤵
-
\??\c:\vvjvv.exec:\vvjvv.exe148⤵
-
\??\c:\lffxxxr.exec:\lffxxxr.exe149⤵
-
\??\c:\lllllff.exec:\lllllff.exe150⤵
-
\??\c:\tnttth.exec:\tnttth.exe151⤵
-
\??\c:\httnbb.exec:\httnbb.exe152⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe153⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe154⤵
-
\??\c:\3dppp.exec:\3dppp.exe155⤵
-
\??\c:\7fffrrf.exec:\7fffrrf.exe156⤵
-
\??\c:\ffllllf.exec:\ffllllf.exe157⤵
-
\??\c:\5tnbtt.exec:\5tnbtt.exe158⤵
-
\??\c:\bhnhtt.exec:\bhnhtt.exe159⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe160⤵
-
\??\c:\pdjvv.exec:\pdjvv.exe161⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe162⤵
-
\??\c:\3lxxrrr.exec:\3lxxrrr.exe163⤵
-
\??\c:\xflxlll.exec:\xflxlll.exe164⤵
-
\??\c:\3bbtnn.exec:\3bbtnn.exe165⤵
-
\??\c:\tbhhbh.exec:\tbhhbh.exe166⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe167⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe168⤵
-
\??\c:\rxlxxfr.exec:\rxlxxfr.exe169⤵
-
\??\c:\ffxllfr.exec:\ffxllfr.exe170⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe171⤵
-
\??\c:\htbhhh.exec:\htbhhh.exe172⤵
-
\??\c:\dvddv.exec:\dvddv.exe173⤵
-
\??\c:\dpjjd.exec:\dpjjd.exe174⤵
-
\??\c:\frxlfrl.exec:\frxlfrl.exe175⤵
-
\??\c:\lrrllff.exec:\lrrllff.exe176⤵
-
\??\c:\xllfrfl.exec:\xllfrfl.exe177⤵
-
\??\c:\ntbttb.exec:\ntbttb.exe178⤵
-
\??\c:\nbhhbt.exec:\nbhhbt.exe179⤵
-
\??\c:\1ddvj.exec:\1ddvj.exe180⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe181⤵
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe182⤵
-
\??\c:\fxfffff.exec:\fxfffff.exe183⤵
-
\??\c:\bbtthh.exec:\bbtthh.exe184⤵
-
\??\c:\bbbbbh.exec:\bbbbbh.exe185⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe186⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe187⤵
-
\??\c:\3jjjv.exec:\3jjjv.exe188⤵
-
\??\c:\lfxrrrl.exec:\lfxrrrl.exe189⤵
-
\??\c:\xxffllr.exec:\xxffllr.exe190⤵
-
\??\c:\tbhnnb.exec:\tbhnnb.exe191⤵
-
\??\c:\5tthhb.exec:\5tthhb.exe192⤵
-
\??\c:\jpdjv.exec:\jpdjv.exe193⤵
-
\??\c:\1djdp.exec:\1djdp.exe194⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe195⤵
-
\??\c:\rfrrffr.exec:\rfrrffr.exe196⤵
-
\??\c:\fxrrlll.exec:\fxrrlll.exe197⤵
-
\??\c:\9hnttt.exec:\9hnttt.exe198⤵
-
\??\c:\thhnnn.exec:\thhnnn.exe199⤵
-
\??\c:\htnhth.exec:\htnhth.exe200⤵
-
\??\c:\djvdd.exec:\djvdd.exe201⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe202⤵
-
\??\c:\rfxxrxr.exec:\rfxxrxr.exe203⤵
-
\??\c:\rflllrx.exec:\rflllrx.exe204⤵
-
\??\c:\xxlxfrx.exec:\xxlxfrx.exe205⤵
-
\??\c:\nnbbht.exec:\nnbbht.exe206⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe207⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe208⤵
-
\??\c:\dppvj.exec:\dppvj.exe209⤵
-
\??\c:\5vvvp.exec:\5vvvp.exe210⤵
-
\??\c:\xrlflrr.exec:\xrlflrr.exe211⤵
-
\??\c:\rxlllff.exec:\rxlllff.exe212⤵
-
\??\c:\ttntht.exec:\ttntht.exe213⤵
-
\??\c:\tbbnbn.exec:\tbbnbn.exe214⤵
-
\??\c:\9pvdp.exec:\9pvdp.exe215⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe216⤵
-
\??\c:\jddjd.exec:\jddjd.exe217⤵
-
\??\c:\xfffxxr.exec:\xfffxxr.exe218⤵
-
\??\c:\rfxxllx.exec:\rfxxllx.exe219⤵
-
\??\c:\bhbnth.exec:\bhbnth.exe220⤵
-
\??\c:\tnnnbb.exec:\tnnnbb.exe221⤵
-
\??\c:\rfxxrrl.exec:\rfxxrrl.exe222⤵
-
\??\c:\xlllffx.exec:\xlllffx.exe223⤵
-
\??\c:\bnttbh.exec:\bnttbh.exe224⤵
-
\??\c:\5ttbhn.exec:\5ttbhn.exe225⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe226⤵
-
\??\c:\7pppj.exec:\7pppj.exe227⤵
-
\??\c:\9xffrrr.exec:\9xffrrr.exe228⤵
-
\??\c:\rfxfxfr.exec:\rfxfxfr.exe229⤵
-
\??\c:\nhnhhn.exec:\nhnhhn.exe230⤵
-
\??\c:\nbbbhn.exec:\nbbbhn.exe231⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe232⤵
-
\??\c:\djdjv.exec:\djdjv.exe233⤵
-
\??\c:\rlrlxrr.exec:\rlrlxrr.exe234⤵
-
\??\c:\rflfrlr.exec:\rflfrlr.exe235⤵
-
\??\c:\thtbht.exec:\thtbht.exe236⤵
-
\??\c:\nhnhbt.exec:\nhnhbt.exe237⤵
-
\??\c:\tttnhn.exec:\tttnhn.exe238⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe239⤵
-
\??\c:\vddjv.exec:\vddjv.exe240⤵