Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
01-07-2024 04:33
General
-
Target
f2dadb0556042dc291f1a7985f630a0f44d1205295bf1c73166127191d0c335f.exe
-
Size
93KB
-
MD5
e24f3ec5c237e0f6f9c70828cf4ae5e5
-
SHA1
ded123c56457f5d7e7797d484655e55389b42f2b
-
SHA256
f2dadb0556042dc291f1a7985f630a0f44d1205295bf1c73166127191d0c335f
-
SHA512
0c8aa2ee22a342fd056c9b95ff91ad33741a00aa43a9d0ae5778566eb19ae48cfc1d45ae2270ccaf3a5f0e7fa1032a6648d27f08212ea9d820a1f4d98abdb7ce
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDodtzac0Hobv0byLufTJfJvWV:ymb3NkkiQ3mdBjFodt27HobvcyLufNfM
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
UPX dump on OEP (original entry point) 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f2dadb0556042dc291f1a7985f630a0f44d1205295bf1c73166127191d0c335f.exe"C:\Users\Admin\AppData\Local\Temp\f2dadb0556042dc291f1a7985f630a0f44d1205295bf1c73166127191d0c335f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\htbthb.exec:\htbthb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvpp.exec:\5pvpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpdp.exec:\pvpdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnthtb.exec:\bnthtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvv.exec:\pjjvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlrffl.exec:\lrlrffl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnhb.exec:\tnbnhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbhh.exec:\thhbhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpdp.exec:\jjpdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjpp.exec:\9pjpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrlrxx.exec:\1xrlrxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbtb.exec:\nntbtb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbhnh.exec:\nbbhnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdj.exec:\pvjdj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrrff.exec:\xxlrrff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrrxf.exec:\xrlrrxf.exe17⤵
- Executes dropped EXE
-
\??\c:\hhnhhb.exec:\hhnhhb.exe18⤵
- Executes dropped EXE
-
\??\c:\vpdpj.exec:\vpdpj.exe19⤵
- Executes dropped EXE
-
\??\c:\5vpdv.exec:\5vpdv.exe20⤵
- Executes dropped EXE
-
\??\c:\fxlxlxr.exec:\fxlxlxr.exe21⤵
- Executes dropped EXE
-
\??\c:\rfrxxff.exec:\rfrxxff.exe22⤵
- Executes dropped EXE
-
\??\c:\tnbnbb.exec:\tnbnbb.exe23⤵
- Executes dropped EXE
-
\??\c:\tnbhtt.exec:\tnbhtt.exe24⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe25⤵
- Executes dropped EXE
-
\??\c:\1dpvj.exec:\1dpvj.exe26⤵
- Executes dropped EXE
-
\??\c:\lxfxllr.exec:\lxfxllr.exe27⤵
- Executes dropped EXE
-
\??\c:\tbbttn.exec:\tbbttn.exe28⤵
- Executes dropped EXE
-
\??\c:\bnbbhb.exec:\bnbbhb.exe29⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe30⤵
- Executes dropped EXE
-
\??\c:\rlfrffl.exec:\rlfrffl.exe31⤵
- Executes dropped EXE
-
\??\c:\3fflxfr.exec:\3fflxfr.exe32⤵
- Executes dropped EXE
-
\??\c:\7tnnnn.exec:\7tnnnn.exe33⤵
- Executes dropped EXE
-
\??\c:\5dppv.exec:\5dppv.exe34⤵
- Executes dropped EXE
-
\??\c:\5pjdj.exec:\5pjdj.exe35⤵
- Executes dropped EXE
-
\??\c:\1xlfrlr.exec:\1xlfrlr.exe36⤵
- Executes dropped EXE
-
\??\c:\fxlxxrx.exec:\fxlxxrx.exe37⤵
- Executes dropped EXE
-
\??\c:\thhhbb.exec:\thhhbb.exe38⤵
- Executes dropped EXE
-
\??\c:\hhnhbn.exec:\hhnhbn.exe39⤵
- Executes dropped EXE
-
\??\c:\3vjpp.exec:\3vjpp.exe40⤵
- Executes dropped EXE
-
\??\c:\vvdpj.exec:\vvdpj.exe41⤵
- Executes dropped EXE
-
\??\c:\9rlxrlf.exec:\9rlxrlf.exe42⤵
- Executes dropped EXE
-
\??\c:\9rrxlxl.exec:\9rrxlxl.exe43⤵
- Executes dropped EXE
-
\??\c:\5tnnnn.exec:\5tnnnn.exe44⤵
- Executes dropped EXE
-
\??\c:\hbhbhh.exec:\hbhbhh.exe45⤵
- Executes dropped EXE
-
\??\c:\vpvdp.exec:\vpvdp.exe46⤵
- Executes dropped EXE
-
\??\c:\rlrxflx.exec:\rlrxflx.exe47⤵
- Executes dropped EXE
-
\??\c:\7xrfrrx.exec:\7xrfrrx.exe48⤵
- Executes dropped EXE
-
\??\c:\bbtntb.exec:\bbtntb.exe49⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe50⤵
- Executes dropped EXE
-
\??\c:\djvdp.exec:\djvdp.exe51⤵
- Executes dropped EXE
-
\??\c:\7xrrfrf.exec:\7xrrfrf.exe52⤵
- Executes dropped EXE
-
\??\c:\xrffffr.exec:\xrffffr.exe53⤵
- Executes dropped EXE
-
\??\c:\tnbbnb.exec:\tnbbnb.exe54⤵
- Executes dropped EXE
-
\??\c:\hthbnb.exec:\hthbnb.exe55⤵
- Executes dropped EXE
-
\??\c:\5vppv.exec:\5vppv.exe56⤵
- Executes dropped EXE
-
\??\c:\vvvjp.exec:\vvvjp.exe57⤵
- Executes dropped EXE
-
\??\c:\lrxllxf.exec:\lrxllxf.exe58⤵
- Executes dropped EXE
-
\??\c:\3fflfrf.exec:\3fflfrf.exe59⤵
- Executes dropped EXE
-
\??\c:\bnbhnh.exec:\bnbhnh.exe60⤵
- Executes dropped EXE
-
\??\c:\3jjdd.exec:\3jjdd.exe61⤵
- Executes dropped EXE
-
\??\c:\dpvvj.exec:\dpvvj.exe62⤵
- Executes dropped EXE
-
\??\c:\xfflrrf.exec:\xfflrrf.exe63⤵
- Executes dropped EXE
-
\??\c:\fllfrlf.exec:\fllfrlf.exe64⤵
- Executes dropped EXE
-
\??\c:\hbhntb.exec:\hbhntb.exe65⤵
- Executes dropped EXE
-
\??\c:\5nbhnn.exec:\5nbhnn.exe66⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe67⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe68⤵
-
\??\c:\rlrlrrr.exec:\rlrlrrr.exe69⤵
-
\??\c:\llflflx.exec:\llflflx.exe70⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe71⤵
-
\??\c:\hnnhnb.exec:\hnnhnb.exe72⤵
-
\??\c:\7dvdp.exec:\7dvdp.exe73⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe74⤵
-
\??\c:\rflfffx.exec:\rflfffx.exe75⤵
-
\??\c:\xrllxlx.exec:\xrllxlx.exe76⤵
-
\??\c:\bthntn.exec:\bthntn.exe77⤵
-
\??\c:\tnbhhn.exec:\tnbhhn.exe78⤵
-
\??\c:\5thntb.exec:\5thntb.exe79⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe80⤵
-
\??\c:\5jjvv.exec:\5jjvv.exe81⤵
-
\??\c:\xxxlxxl.exec:\xxxlxxl.exe82⤵
-
\??\c:\rrrfrxf.exec:\rrrfrxf.exe83⤵
-
\??\c:\bbtbhb.exec:\bbtbhb.exe84⤵
-
\??\c:\thnthn.exec:\thnthn.exe85⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe86⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe87⤵
-
\??\c:\lflflfl.exec:\lflflfl.exe88⤵
-
\??\c:\lrxlrfr.exec:\lrxlrfr.exe89⤵
-
\??\c:\nntbbt.exec:\nntbbt.exe90⤵
-
\??\c:\pvvpv.exec:\pvvpv.exe91⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe92⤵
-
\??\c:\lxlxffl.exec:\lxlxffl.exe93⤵
-
\??\c:\rrlfrrf.exec:\rrlfrrf.exe94⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe95⤵
-
\??\c:\hbhhtt.exec:\hbhhtt.exe96⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe97⤵
-
\??\c:\1jvjv.exec:\1jvjv.exe98⤵
-
\??\c:\9jpvv.exec:\9jpvv.exe99⤵
-
\??\c:\fxlxrxr.exec:\fxlxrxr.exe100⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe101⤵
-
\??\c:\9hbhnb.exec:\9hbhnb.exe102⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe103⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe104⤵
-
\??\c:\frlrfxf.exec:\frlrfxf.exe105⤵
-
\??\c:\flllfrr.exec:\flllfrr.exe106⤵
-
\??\c:\bbtbnn.exec:\bbtbnn.exe107⤵
-
\??\c:\pddjj.exec:\pddjj.exe108⤵
-
\??\c:\pvpvp.exec:\pvpvp.exe109⤵
-
\??\c:\1rfxxrx.exec:\1rfxxrx.exe110⤵
-
\??\c:\lrxfffl.exec:\lrxfffl.exe111⤵
-
\??\c:\3bbbnn.exec:\3bbbnn.exe112⤵
-
\??\c:\1httnt.exec:\1httnt.exe113⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe114⤵
-
\??\c:\3rrlllf.exec:\3rrlllf.exe115⤵
-
\??\c:\1lfflll.exec:\1lfflll.exe116⤵
-
\??\c:\hnhbbt.exec:\hnhbbt.exe117⤵
-
\??\c:\tbhttn.exec:\tbhttn.exe118⤵
-
\??\c:\jpjpd.exec:\jpjpd.exe119⤵
-
\??\c:\3ddpd.exec:\3ddpd.exe120⤵
-
\??\c:\xxlrrxf.exec:\xxlrrxf.exe121⤵
-
\??\c:\1fxflrf.exec:\1fxflrf.exe122⤵
-
\??\c:\bbtnnn.exec:\bbtnnn.exe123⤵
-
\??\c:\3bttnb.exec:\3bttnb.exe124⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe125⤵
-
\??\c:\pdjpj.exec:\pdjpj.exe126⤵
-
\??\c:\rxrrffl.exec:\rxrrffl.exe127⤵
-
\??\c:\rfxfffl.exec:\rfxfffl.exe128⤵
-
\??\c:\hbtntb.exec:\hbtntb.exe129⤵
-
\??\c:\bbnbbh.exec:\bbnbbh.exe130⤵
-
\??\c:\7jjpv.exec:\7jjpv.exe131⤵
-
\??\c:\vpvjv.exec:\vpvjv.exe132⤵
-
\??\c:\frllrxf.exec:\frllrxf.exe133⤵
-
\??\c:\1bhbth.exec:\1bhbth.exe134⤵
-
\??\c:\7jvpd.exec:\7jvpd.exe135⤵
-
\??\c:\9jdjp.exec:\9jdjp.exe136⤵
-
\??\c:\rlfrxfx.exec:\rlfrxfx.exe137⤵
-
\??\c:\xxfxrlr.exec:\xxfxrlr.exe138⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe139⤵
-
\??\c:\hnttnb.exec:\hnttnb.exe140⤵
-
\??\c:\9jvvd.exec:\9jvvd.exe141⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe142⤵
-
\??\c:\fxlxllr.exec:\fxlxllr.exe143⤵
-
\??\c:\hhbtht.exec:\hhbtht.exe144⤵
-
\??\c:\nhbbnt.exec:\nhbbnt.exe145⤵
-
\??\c:\dpddp.exec:\dpddp.exe146⤵
-
\??\c:\5dpjd.exec:\5dpjd.exe147⤵
-
\??\c:\flxfrrx.exec:\flxfrrx.exe148⤵
-
\??\c:\9xxrxxx.exec:\9xxrxxx.exe149⤵
-
\??\c:\nbnntn.exec:\nbnntn.exe150⤵
-
\??\c:\1tnhth.exec:\1tnhth.exe151⤵
-
\??\c:\jpdpj.exec:\jpdpj.exe152⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe153⤵
-
\??\c:\3frfflr.exec:\3frfflr.exe154⤵
-
\??\c:\7rrlfrl.exec:\7rrlfrl.exe155⤵
-
\??\c:\hntntb.exec:\hntntb.exe156⤵
-
\??\c:\hnnbnb.exec:\hnnbnb.exe157⤵
-
\??\c:\djpjp.exec:\djpjp.exe158⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe159⤵
-
\??\c:\1xrlrrf.exec:\1xrlrrf.exe160⤵
-
\??\c:\nnhntb.exec:\nnhntb.exe161⤵
-
\??\c:\hhbnht.exec:\hhbnht.exe162⤵
-
\??\c:\vdppv.exec:\vdppv.exe163⤵
-
\??\c:\jppvp.exec:\jppvp.exe164⤵
-
\??\c:\rxffffl.exec:\rxffffl.exe165⤵
-
\??\c:\ttthht.exec:\ttthht.exe166⤵
-
\??\c:\nbhbbh.exec:\nbhbbh.exe167⤵
-
\??\c:\ttbthh.exec:\ttbthh.exe168⤵
-
\??\c:\pddjp.exec:\pddjp.exe169⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe170⤵
-
\??\c:\lxrxxxf.exec:\lxrxxxf.exe171⤵
-
\??\c:\thnttt.exec:\thnttt.exe172⤵
-
\??\c:\7hbbtb.exec:\7hbbtb.exe173⤵
-
\??\c:\jvjvd.exec:\jvjvd.exe174⤵
-
\??\c:\dvppp.exec:\dvppp.exe175⤵
-
\??\c:\ddppp.exec:\ddppp.exe176⤵
-
\??\c:\rflllfl.exec:\rflllfl.exe177⤵
-
\??\c:\9xxxllx.exec:\9xxxllx.exe178⤵
-
\??\c:\9bttbn.exec:\9bttbn.exe179⤵
-
\??\c:\1bntbh.exec:\1bntbh.exe180⤵
-
\??\c:\9vpvd.exec:\9vpvd.exe181⤵
-
\??\c:\vpppd.exec:\vpppd.exe182⤵
-
\??\c:\lfxfllr.exec:\lfxfllr.exe183⤵
-
\??\c:\nbnttb.exec:\nbnttb.exe184⤵
-
\??\c:\bthhhh.exec:\bthhhh.exe185⤵
-
\??\c:\htbnnn.exec:\htbnnn.exe186⤵
-
\??\c:\djvjj.exec:\djvjj.exe187⤵
-
\??\c:\rlrxrxr.exec:\rlrxrxr.exe188⤵
-
\??\c:\fxxlfrl.exec:\fxxlfrl.exe189⤵
-
\??\c:\tnttbh.exec:\tnttbh.exe190⤵
-
\??\c:\1nnbbh.exec:\1nnbbh.exe191⤵
-
\??\c:\djjjj.exec:\djjjj.exe192⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe193⤵
-
\??\c:\fxrflfx.exec:\fxrflfx.exe194⤵
-
\??\c:\lffflrl.exec:\lffflrl.exe195⤵
-
\??\c:\1btnht.exec:\1btnht.exe196⤵
-
\??\c:\pppdp.exec:\pppdp.exe197⤵
-
\??\c:\1frxxfl.exec:\1frxxfl.exe198⤵
-
\??\c:\nnbnnn.exec:\nnbnnn.exe199⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe200⤵
-
\??\c:\fffxfxr.exec:\fffxfxr.exe201⤵
-
\??\c:\flxrffl.exec:\flxrffl.exe202⤵
-
\??\c:\hbhhhb.exec:\hbhhhb.exe203⤵
-
\??\c:\1jpvd.exec:\1jpvd.exe204⤵
-
\??\c:\fxrrlrr.exec:\fxrrlrr.exe205⤵
-
\??\c:\xxxxrxf.exec:\xxxxrxf.exe206⤵
-
\??\c:\tthbth.exec:\tthbth.exe207⤵
-
\??\c:\tnttnt.exec:\tnttnt.exe208⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe209⤵
-
\??\c:\1pddj.exec:\1pddj.exe210⤵
-
\??\c:\5rffffl.exec:\5rffffl.exe211⤵
-
\??\c:\xrflllf.exec:\xrflllf.exe212⤵
-
\??\c:\btnbhh.exec:\btnbhh.exe213⤵
-
\??\c:\5nbbhn.exec:\5nbbhn.exe214⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe215⤵
-
\??\c:\5pjpv.exec:\5pjpv.exe216⤵
-
\??\c:\xrlrrrx.exec:\xrlrrrx.exe217⤵
-
\??\c:\frflxxl.exec:\frflxxl.exe218⤵
-
\??\c:\bbhnbh.exec:\bbhnbh.exe219⤵
-
\??\c:\7nnhth.exec:\7nnhth.exe220⤵
-
\??\c:\vjpjp.exec:\vjpjp.exe221⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe222⤵
-
\??\c:\rrfrrlx.exec:\rrfrrlx.exe223⤵
-
\??\c:\9flrxxf.exec:\9flrxxf.exe224⤵
-
\??\c:\nhbnbh.exec:\nhbnbh.exe225⤵
-
\??\c:\ttnbnb.exec:\ttnbnb.exe226⤵
-
\??\c:\jjpdp.exec:\jjpdp.exe227⤵
-
\??\c:\pvppp.exec:\pvppp.exe228⤵
-
\??\c:\xlrrlxl.exec:\xlrrlxl.exe229⤵
-
\??\c:\lfrxlrf.exec:\lfrxlrf.exe230⤵
-
\??\c:\tbnbbn.exec:\tbnbbn.exe231⤵
-
\??\c:\nntntn.exec:\nntntn.exe232⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe233⤵
-
\??\c:\9rllxfx.exec:\9rllxfx.exe234⤵
-
\??\c:\rxllxrx.exec:\rxllxrx.exe235⤵
-
\??\c:\1xlrfrx.exec:\1xlrfrx.exe236⤵
-
\??\c:\nbhnnh.exec:\nbhnnh.exe237⤵
-
\??\c:\jjpdj.exec:\jjpdj.exe238⤵
-
\??\c:\3ppvd.exec:\3ppvd.exe239⤵
-
\??\c:\dddjd.exec:\dddjd.exe240⤵