Analysis
-
max time kernel
57s -
max time network
69s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
01-07-2024 02:20
General
-
Target
c2bc1b4a4c45756ae437ed48cd5e4b2433cf75e9f0fd65723c5412993f537aa4.exe
-
Size
261KB
-
MD5
ec62e95ad56fcdbe2c080fd22f3d53eb
-
SHA1
8cd16f45e30c6e421b8fb943a05e9ae2e105d203
-
SHA256
c2bc1b4a4c45756ae437ed48cd5e4b2433cf75e9f0fd65723c5412993f537aa4
-
SHA512
5ae90ba55fdd7afdb0a308afb51358aa0f71ccb2fa16bf1fbb72eef586f5280eed34b4892f982f0261ea8d06a6b3caf04f71d0b00b1a89c9a9ff7888c1fa16b8
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/T4i37K3BoKg0qQ:n3C9ytvn8whkb4i3e3GF/Q
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
UPX dump on OEP (original entry point) 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c2bc1b4a4c45756ae437ed48cd5e4b2433cf75e9f0fd65723c5412993f537aa4.exe"C:\Users\Admin\AppData\Local\Temp\c2bc1b4a4c45756ae437ed48cd5e4b2433cf75e9f0fd65723c5412993f537aa4.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvppp.exec:\pvppp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrllf.exec:\xxrrllf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhhh.exec:\bnhhhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvd.exec:\vvpvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjp.exec:\vjjjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxrlll.exec:\7lxrlll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtttb.exec:\nhtttb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttbb.exec:\htttbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvvp.exec:\1pvvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxllll.exec:\xxxllll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnnt.exec:\hhnnnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddv.exec:\vvddv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxxff.exec:\rlxxxff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbtb.exec:\ntbbtb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnnnt.exec:\9hnnnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvd.exec:\ppvvd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjj.exec:\ddpjj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhhh.exec:\bbhhhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpj.exec:\vpdpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlflfl.exec:\fxlflfl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrxfrr.exec:\llrxfrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbttt.exec:\tnbttt.exe23⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe24⤵
- Executes dropped EXE
-
\??\c:\5xfffff.exec:\5xfffff.exe25⤵
- Executes dropped EXE
-
\??\c:\9bhttn.exec:\9bhttn.exe26⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe27⤵
- Executes dropped EXE
-
\??\c:\xrxrllf.exec:\xrxrllf.exe28⤵
- Executes dropped EXE
-
\??\c:\xrxxllr.exec:\xrxxllr.exe29⤵
- Executes dropped EXE
-
\??\c:\tnhhtn.exec:\tnhhtn.exe30⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe31⤵
- Executes dropped EXE
-
\??\c:\5ddjd.exec:\5ddjd.exe32⤵
- Executes dropped EXE
-
\??\c:\fffffxr.exec:\fffffxr.exe33⤵
- Executes dropped EXE
-
\??\c:\9hnhbh.exec:\9hnhbh.exe34⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe35⤵
- Executes dropped EXE
-
\??\c:\1pjdv.exec:\1pjdv.exe36⤵
- Executes dropped EXE
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe37⤵
- Executes dropped EXE
-
\??\c:\hbhhhh.exec:\hbhhhh.exe38⤵
- Executes dropped EXE
-
\??\c:\tnnhbt.exec:\tnnhbt.exe39⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe40⤵
- Executes dropped EXE
-
\??\c:\7jdvj.exec:\7jdvj.exe41⤵
- Executes dropped EXE
-
\??\c:\flrlfxl.exec:\flrlfxl.exe42⤵
- Executes dropped EXE
-
\??\c:\rrxrfxr.exec:\rrxrfxr.exe43⤵
- Executes dropped EXE
-
\??\c:\1htthn.exec:\1htthn.exe44⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe45⤵
- Executes dropped EXE
-
\??\c:\pjvjp.exec:\pjvjp.exe46⤵
- Executes dropped EXE
-
\??\c:\3vvdp.exec:\3vvdp.exe47⤵
- Executes dropped EXE
-
\??\c:\7xxrffx.exec:\7xxrffx.exe48⤵
- Executes dropped EXE
-
\??\c:\lflffff.exec:\lflffff.exe49⤵
- Executes dropped EXE
-
\??\c:\1nhhhn.exec:\1nhhhn.exe50⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe51⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe52⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe53⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe54⤵
- Executes dropped EXE
-
\??\c:\rllfxxl.exec:\rllfxxl.exe55⤵
- Executes dropped EXE
-
\??\c:\1btbth.exec:\1btbth.exe56⤵
- Executes dropped EXE
-
\??\c:\vvjdd.exec:\vvjdd.exe57⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe58⤵
- Executes dropped EXE
-
\??\c:\xxxxxlr.exec:\xxxxxlr.exe59⤵
- Executes dropped EXE
-
\??\c:\5rxxrxx.exec:\5rxxrxx.exe60⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe61⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe62⤵
- Executes dropped EXE
-
\??\c:\5vvdv.exec:\5vvdv.exe63⤵
- Executes dropped EXE
-
\??\c:\lffxxxx.exec:\lffxxxx.exe64⤵
- Executes dropped EXE
-
\??\c:\rxfxxrr.exec:\rxfxxrr.exe65⤵
- Executes dropped EXE
-
\??\c:\btnttt.exec:\btnttt.exe66⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe67⤵
-
\??\c:\7dvpj.exec:\7dvpj.exe68⤵
-
\??\c:\frfxxxr.exec:\frfxxxr.exe69⤵
-
\??\c:\3rrrlll.exec:\3rrrlll.exe70⤵
-
\??\c:\bnthhh.exec:\bnthhh.exe71⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe72⤵
-
\??\c:\3pjdp.exec:\3pjdp.exe73⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe74⤵
-
\??\c:\fxrlxlf.exec:\fxrlxlf.exe75⤵
-
\??\c:\9bbnbb.exec:\9bbnbb.exe76⤵
-
\??\c:\hbnhtt.exec:\hbnhtt.exe77⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe78⤵
-
\??\c:\ppjdj.exec:\ppjdj.exe79⤵
-
\??\c:\flllllr.exec:\flllllr.exe80⤵
-
\??\c:\frllxrx.exec:\frllxrx.exe81⤵
-
\??\c:\thnbbt.exec:\thnbbt.exe82⤵
-
\??\c:\ntnnnt.exec:\ntnnnt.exe83⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe84⤵
-
\??\c:\7dvpd.exec:\7dvpd.exe85⤵
-
\??\c:\llfxffr.exec:\llfxffr.exe86⤵
-
\??\c:\xrlfllf.exec:\xrlfllf.exe87⤵
-
\??\c:\thhbbb.exec:\thhbbb.exe88⤵
-
\??\c:\5thhbb.exec:\5thhbb.exe89⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe90⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe91⤵
-
\??\c:\lfxrffx.exec:\lfxrffx.exe92⤵
-
\??\c:\5hbbtt.exec:\5hbbtt.exe93⤵
-
\??\c:\hnhnbb.exec:\hnhnbb.exe94⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe95⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe96⤵
-
\??\c:\fxlfxrr.exec:\fxlfxrr.exe97⤵
-
\??\c:\5hhnnb.exec:\5hhnnb.exe98⤵
-
\??\c:\btthnh.exec:\btthnh.exe99⤵
-
\??\c:\jjddv.exec:\jjddv.exe100⤵
-
\??\c:\5pjdj.exec:\5pjdj.exe101⤵
-
\??\c:\3rxrllf.exec:\3rxrllf.exe102⤵
-
\??\c:\bnhbtn.exec:\bnhbtn.exe103⤵
-
\??\c:\1nnbtn.exec:\1nnbtn.exe104⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe105⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe106⤵
-
\??\c:\5rxxxxl.exec:\5rxxxxl.exe107⤵
-
\??\c:\lfxrrlf.exec:\lfxrrlf.exe108⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe109⤵
-
\??\c:\htbttn.exec:\htbttn.exe110⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe111⤵
-
\??\c:\5dvpp.exec:\5dvpp.exe112⤵
-
\??\c:\lfffrrl.exec:\lfffrrl.exe113⤵
-
\??\c:\rrrlfff.exec:\rrrlfff.exe114⤵
-
\??\c:\hhntht.exec:\hhntht.exe115⤵
-
\??\c:\ttbntn.exec:\ttbntn.exe116⤵
-
\??\c:\jjjpp.exec:\jjjpp.exe117⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe118⤵
-
\??\c:\vddpj.exec:\vddpj.exe119⤵
-
\??\c:\rffrlfx.exec:\rffrlfx.exe120⤵
-
\??\c:\xrllrrx.exec:\xrllrrx.exe121⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe122⤵
-
\??\c:\bntbtb.exec:\bntbtb.exe123⤵
-
\??\c:\7djjd.exec:\7djjd.exe124⤵
-
\??\c:\3vvpj.exec:\3vvpj.exe125⤵
-
\??\c:\9xrlxxr.exec:\9xrlxxr.exe126⤵
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe127⤵
-
\??\c:\9hnhbb.exec:\9hnhbb.exe128⤵
-
\??\c:\hhnnnb.exec:\hhnnnb.exe129⤵
-
\??\c:\dppjd.exec:\dppjd.exe130⤵
-
\??\c:\pdddd.exec:\pdddd.exe131⤵
-
\??\c:\1xlxxfl.exec:\1xlxxfl.exe132⤵
-
\??\c:\xrfllrl.exec:\xrfllrl.exe133⤵
-
\??\c:\hhhttt.exec:\hhhttt.exe134⤵
-
\??\c:\tbhnbn.exec:\tbhnbn.exe135⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe136⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe137⤵
-
\??\c:\7lrlllx.exec:\7lrlllx.exe138⤵
-
\??\c:\9xfxxxr.exec:\9xfxxxr.exe139⤵
-
\??\c:\nnnhth.exec:\nnnhth.exe140⤵
-
\??\c:\tbbnbt.exec:\tbbnbt.exe141⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe142⤵
-
\??\c:\vddvp.exec:\vddvp.exe143⤵
-
\??\c:\9rxrllf.exec:\9rxrllf.exe144⤵
-
\??\c:\rllfllr.exec:\rllfllr.exe145⤵
-
\??\c:\bnnhhh.exec:\bnnhhh.exe146⤵
-
\??\c:\1tthhb.exec:\1tthhb.exe147⤵
-
\??\c:\dpppp.exec:\dpppp.exe148⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe149⤵
-
\??\c:\lffllll.exec:\lffllll.exe150⤵
-
\??\c:\xrxxfxl.exec:\xrxxfxl.exe151⤵
-
\??\c:\hhbbnh.exec:\hhbbnh.exe152⤵
-
\??\c:\tnnnbt.exec:\tnnnbt.exe153⤵
-
\??\c:\hhnttb.exec:\hhnttb.exe154⤵
-
\??\c:\5dvpp.exec:\5dvpp.exe155⤵
-
\??\c:\vpddv.exec:\vpddv.exe156⤵
-
\??\c:\llrxrxx.exec:\llrxrxx.exe157⤵
-
\??\c:\dvddj.exec:\dvddj.exe158⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe159⤵
-
\??\c:\lffxrlf.exec:\lffxrlf.exe160⤵
-
\??\c:\fffffff.exec:\fffffff.exe161⤵
-
\??\c:\nntttb.exec:\nntttb.exe162⤵
-
\??\c:\3hnttb.exec:\3hnttb.exe163⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe164⤵
-
\??\c:\jpdjj.exec:\jpdjj.exe165⤵
-
\??\c:\lrfxxxx.exec:\lrfxxxx.exe166⤵
-
\??\c:\fxrlffx.exec:\fxrlffx.exe167⤵
-
\??\c:\bbnntn.exec:\bbnntn.exe168⤵
-
\??\c:\hnnhhb.exec:\hnnhhb.exe169⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe170⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe171⤵
-
\??\c:\3rlxlxr.exec:\3rlxlxr.exe172⤵
-
\??\c:\rxffxxx.exec:\rxffxxx.exe173⤵
-
\??\c:\bnnhhb.exec:\bnnhhb.exe174⤵
-
\??\c:\9bhhtt.exec:\9bhhtt.exe175⤵
-
\??\c:\ppddd.exec:\ppddd.exe176⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe177⤵
-
\??\c:\rxxfxlf.exec:\rxxfxlf.exe178⤵
-
\??\c:\9ffxrrl.exec:\9ffxrrl.exe179⤵
-
\??\c:\llxxxrx.exec:\llxxxrx.exe180⤵
-
\??\c:\bbhtnh.exec:\bbhtnh.exe181⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe182⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe183⤵
-
\??\c:\flffflf.exec:\flffflf.exe184⤵
-
\??\c:\5llrllf.exec:\5llrllf.exe185⤵
-
\??\c:\9tnhbh.exec:\9tnhbh.exe186⤵
-
\??\c:\vjddd.exec:\vjddd.exe187⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe188⤵
-
\??\c:\lffrlfx.exec:\lffrlfx.exe189⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe190⤵
-
\??\c:\thnhhb.exec:\thnhhb.exe191⤵
-
\??\c:\jdddv.exec:\jdddv.exe192⤵
-
\??\c:\fflffff.exec:\fflffff.exe193⤵
-
\??\c:\3tttnn.exec:\3tttnn.exe194⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe195⤵
-
\??\c:\djddj.exec:\djddj.exe196⤵
-
\??\c:\rrrxxxf.exec:\rrrxxxf.exe197⤵
-
\??\c:\3ffffff.exec:\3ffffff.exe198⤵
-
\??\c:\tbhbbh.exec:\tbhbbh.exe199⤵
-
\??\c:\thhhbh.exec:\thhhbh.exe200⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe201⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe202⤵
-
\??\c:\lllxfxr.exec:\lllxfxr.exe203⤵
-
\??\c:\xflxxxr.exec:\xflxxxr.exe204⤵
-
\??\c:\9nnhht.exec:\9nnhht.exe205⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe206⤵
-
\??\c:\7jjvj.exec:\7jjvj.exe207⤵
-
\??\c:\xllxrfl.exec:\xllxrfl.exe208⤵
-
\??\c:\hntbbh.exec:\hntbbh.exe209⤵
-
\??\c:\9dppd.exec:\9dppd.exe210⤵
-
\??\c:\3djdd.exec:\3djdd.exe211⤵
-
\??\c:\rlxxxlx.exec:\rlxxxlx.exe212⤵
-
\??\c:\ttbbhn.exec:\ttbbhn.exe213⤵
-
\??\c:\nthbbt.exec:\nthbbt.exe214⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe215⤵
-
\??\c:\vppvd.exec:\vppvd.exe216⤵
-
\??\c:\9xfxxxl.exec:\9xfxxxl.exe217⤵
-
\??\c:\rxrfffr.exec:\rxrfffr.exe218⤵
-
\??\c:\tttbhb.exec:\tttbhb.exe219⤵
-
\??\c:\nhnhnn.exec:\nhnhnn.exe220⤵
-
\??\c:\jvpjj.exec:\jvpjj.exe221⤵
-
\??\c:\3ppjv.exec:\3ppjv.exe222⤵
-
\??\c:\lflfrlr.exec:\lflfrlr.exe223⤵
-
\??\c:\ttntbh.exec:\ttntbh.exe224⤵
-
\??\c:\bttntn.exec:\bttntn.exe225⤵
-
\??\c:\9pddv.exec:\9pddv.exe226⤵
-
\??\c:\xxfxllx.exec:\xxfxllx.exe227⤵
-
\??\c:\lfxrrll.exec:\lfxrrll.exe228⤵
-
\??\c:\btnhtn.exec:\btnhtn.exe229⤵
-
\??\c:\bttbth.exec:\bttbth.exe230⤵
-
\??\c:\7ppjj.exec:\7ppjj.exe231⤵
-
\??\c:\9jpjj.exec:\9jpjj.exe232⤵
-
\??\c:\lrrlfxr.exec:\lrrlfxr.exe233⤵
-
\??\c:\xllfllf.exec:\xllfllf.exe234⤵
-
\??\c:\hhhhtn.exec:\hhhhtn.exe235⤵
-
\??\c:\pvvjv.exec:\pvvjv.exe236⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe237⤵
-
\??\c:\rrxlfxr.exec:\rrxlfxr.exe238⤵
-
\??\c:\flrlffx.exec:\flrlffx.exe239⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe240⤵