Analysis
-
max time kernel
150s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
05-07-2024 00:41
General
-
Target
22400d8cf569b1e56891b464c39cd52c35e10ec3cafd031f303960c0d324825c.exe
-
Size
842KB
-
MD5
cec61c10915c15976c60cf62cad60820
-
SHA1
bf8a250e6030cac8d47875db1c612f32218ccaf7
-
SHA256
22400d8cf569b1e56891b464c39cd52c35e10ec3cafd031f303960c0d324825c
-
SHA512
1c1bba78fe6dd0b0310209e86cadf0a16945ac4658bccb3217732dcac88a69d583837f2aeab6e738737e4149dd0cba899aaa9e735fbd45db0199a5d337e6e7c8
-
SSDEEP
24576:Sgdn8whSenedn8whhdn76gdn8whSfgdn8whSzj:TFyVPfk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\22400d8cf569b1e56891b464c39cd52c35e10ec3cafd031f303960c0d324825c.exe"C:\Users\Admin\AppData\Local\Temp\22400d8cf569b1e56891b464c39cd52c35e10ec3cafd031f303960c0d324825c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1rlffff.exec:\1rlffff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtbh.exec:\bbbtbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxfffr.exec:\llxfffr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbttt.exec:\thbttt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnnt.exec:\bhnnnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfflll.exec:\lxfflll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrfxll.exec:\rlrfxll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvj.exec:\vdjvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrxrxx.exec:\frrxrxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbtt.exec:\nhbbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxlll.exec:\rrfxlll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xlfxrl.exec:\5xlfxrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpjd.exec:\7vpjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrrrfl.exec:\3lrrrfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjp.exec:\jjpjp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbnh.exec:\nhhbnh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvpj.exec:\jjvpj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjp.exec:\dpvjp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxll.exec:\fxlrxll.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhtb.exec:\thhhtb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbnb.exec:\bbnbnb.exe23⤵
- Executes dropped EXE
-
\??\c:\fxllrxf.exec:\fxllrxf.exe24⤵
- Executes dropped EXE
-
\??\c:\9jvvp.exec:\9jvvp.exe25⤵
- Executes dropped EXE
-
\??\c:\hhhbbt.exec:\hhhbbt.exe26⤵
- Executes dropped EXE
-
\??\c:\nhhhht.exec:\nhhhht.exe27⤵
- Executes dropped EXE
-
\??\c:\vjjpj.exec:\vjjpj.exe28⤵
- Executes dropped EXE
-
\??\c:\xxlfrrr.exec:\xxlfrrr.exe29⤵
- Executes dropped EXE
-
\??\c:\fxffxxr.exec:\fxffxxr.exe30⤵
- Executes dropped EXE
-
\??\c:\btnbbb.exec:\btnbbb.exe31⤵
- Executes dropped EXE
-
\??\c:\bbtbht.exec:\bbtbht.exe32⤵
- Executes dropped EXE
-
\??\c:\5lllfff.exec:\5lllfff.exe33⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe34⤵
- Executes dropped EXE
-
\??\c:\hthhbh.exec:\hthhbh.exe35⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe36⤵
- Executes dropped EXE
-
\??\c:\lllxfrf.exec:\lllxfrf.exe37⤵
- Executes dropped EXE
-
\??\c:\nnntnt.exec:\nnntnt.exe38⤵
- Executes dropped EXE
-
\??\c:\vdpvd.exec:\vdpvd.exe39⤵
- Executes dropped EXE
-
\??\c:\lfrlffx.exec:\lfrlffx.exe40⤵
- Executes dropped EXE
-
\??\c:\pvvdj.exec:\pvvdj.exe41⤵
- Executes dropped EXE
-
\??\c:\frfxrxl.exec:\frfxrxl.exe42⤵
- Executes dropped EXE
-
\??\c:\thttbh.exec:\thttbh.exe43⤵
- Executes dropped EXE
-
\??\c:\vvvpp.exec:\vvvpp.exe44⤵
- Executes dropped EXE
-
\??\c:\xxlfxff.exec:\xxlfxff.exe45⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe46⤵
- Executes dropped EXE
-
\??\c:\flxrxxx.exec:\flxrxxx.exe47⤵
- Executes dropped EXE
-
\??\c:\pjpdv.exec:\pjpdv.exe48⤵
- Executes dropped EXE
-
\??\c:\7htnnt.exec:\7htnnt.exe49⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe50⤵
- Executes dropped EXE
-
\??\c:\ttbbbt.exec:\ttbbbt.exe51⤵
- Executes dropped EXE
-
\??\c:\jjpvv.exec:\jjpvv.exe52⤵
- Executes dropped EXE
-
\??\c:\fxxxxxr.exec:\fxxxxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\hntnhn.exec:\hntnhn.exe54⤵
- Executes dropped EXE
-
\??\c:\frxxxff.exec:\frxxxff.exe55⤵
- Executes dropped EXE
-
\??\c:\1hbhbh.exec:\1hbhbh.exe56⤵
- Executes dropped EXE
-
\??\c:\jjdjj.exec:\jjdjj.exe57⤵
- Executes dropped EXE
-
\??\c:\tttnnn.exec:\tttnnn.exe58⤵
- Executes dropped EXE
-
\??\c:\jjpdj.exec:\jjpdj.exe59⤵
- Executes dropped EXE
-
\??\c:\llxfxfr.exec:\llxfxfr.exe60⤵
- Executes dropped EXE
-
\??\c:\bhbntt.exec:\bhbntt.exe61⤵
- Executes dropped EXE
-
\??\c:\fllffrx.exec:\fllffrx.exe62⤵
- Executes dropped EXE
-
\??\c:\nnhtnn.exec:\nnhtnn.exe63⤵
- Executes dropped EXE
-
\??\c:\rfxlfxl.exec:\rfxlfxl.exe64⤵
- Executes dropped EXE
-
\??\c:\vjdvv.exec:\vjdvv.exe65⤵
- Executes dropped EXE
-
\??\c:\nbtbhn.exec:\nbtbhn.exe66⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe67⤵
-
\??\c:\llrllrx.exec:\llrllrx.exe68⤵
-
\??\c:\nhhtnn.exec:\nhhtnn.exe69⤵
-
\??\c:\rxxfrll.exec:\rxxfrll.exe70⤵
-
\??\c:\3thhbb.exec:\3thhbb.exe71⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe72⤵
-
\??\c:\lfxxrrr.exec:\lfxxrrr.exe73⤵
-
\??\c:\pppjd.exec:\pppjd.exe74⤵
-
\??\c:\xflfxxx.exec:\xflfxxx.exe75⤵
-
\??\c:\btbttn.exec:\btbttn.exe76⤵
-
\??\c:\vddpj.exec:\vddpj.exe77⤵
-
\??\c:\thbttt.exec:\thbttt.exe78⤵
-
\??\c:\9pjdp.exec:\9pjdp.exe79⤵
-
\??\c:\1fflflf.exec:\1fflflf.exe80⤵
-
\??\c:\djppp.exec:\djppp.exe81⤵
-
\??\c:\fflllll.exec:\fflllll.exe82⤵
-
\??\c:\nbtttt.exec:\nbtttt.exe83⤵
-
\??\c:\fxlrlll.exec:\fxlrlll.exe84⤵
-
\??\c:\nthhbh.exec:\nthhbh.exe85⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe86⤵
-
\??\c:\7lrllfx.exec:\7lrllfx.exe87⤵
-
\??\c:\htnnhh.exec:\htnnhh.exe88⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe89⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe90⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe91⤵
-
\??\c:\xfrlxxl.exec:\xfrlxxl.exe92⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe93⤵
-
\??\c:\ffrlrfl.exec:\ffrlrfl.exe94⤵
-
\??\c:\ntbtbt.exec:\ntbtbt.exe95⤵
-
\??\c:\llfxrrx.exec:\llfxrrx.exe96⤵
-
\??\c:\thhthb.exec:\thhthb.exe97⤵
-
\??\c:\9pdvv.exec:\9pdvv.exe98⤵
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe99⤵
-
\??\c:\jjddj.exec:\jjddj.exe100⤵
-
\??\c:\lxxfxrl.exec:\lxxfxrl.exe101⤵
-
\??\c:\bbbbtn.exec:\bbbbtn.exe102⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe103⤵
-
\??\c:\frlrrrl.exec:\frlrrrl.exe104⤵
-
\??\c:\nntnbt.exec:\nntnbt.exe105⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe106⤵
-
\??\c:\bhnhhb.exec:\bhnhhb.exe107⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe108⤵
-
\??\c:\lxrffxl.exec:\lxrffxl.exe109⤵
-
\??\c:\btnbtt.exec:\btnbtt.exe110⤵
-
\??\c:\pjvjj.exec:\pjvjj.exe111⤵
-
\??\c:\bhntht.exec:\bhntht.exe112⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe113⤵
-
\??\c:\ffrxlxf.exec:\ffrxlxf.exe114⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe115⤵
-
\??\c:\1jvjj.exec:\1jvjj.exe116⤵
-
\??\c:\3hhtnh.exec:\3hhtnh.exe117⤵
-
\??\c:\9vdpj.exec:\9vdpj.exe118⤵
-
\??\c:\frlfrfr.exec:\frlfrfr.exe119⤵
-
\??\c:\httbnh.exec:\httbnh.exe120⤵
-
\??\c:\lrllxff.exec:\lrllxff.exe121⤵
-
\??\c:\bhthht.exec:\bhthht.exe122⤵
-
\??\c:\jpddd.exec:\jpddd.exe123⤵
-
\??\c:\frrrlfx.exec:\frrrlfx.exe124⤵
-
\??\c:\5bnhbb.exec:\5bnhbb.exe125⤵
-
\??\c:\rxrxxrr.exec:\rxrxxrr.exe126⤵
-
\??\c:\7tbthh.exec:\7tbthh.exe127⤵
-
\??\c:\jvjvd.exec:\jvjvd.exe128⤵
-
\??\c:\xxlfflx.exec:\xxlfflx.exe129⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe130⤵
-
\??\c:\lflllfr.exec:\lflllfr.exe131⤵
-
\??\c:\btbhhh.exec:\btbhhh.exe132⤵
-
\??\c:\7ppjv.exec:\7ppjv.exe133⤵
-
\??\c:\rrxlfxl.exec:\rrxlfxl.exe134⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe135⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe136⤵
-
\??\c:\ffrrxrx.exec:\ffrrxrx.exe137⤵
-
\??\c:\jpdvj.exec:\jpdvj.exe138⤵
-
\??\c:\rfxlxfr.exec:\rfxlxfr.exe139⤵
-
\??\c:\nbtttt.exec:\nbtttt.exe140⤵
-
\??\c:\9pvpj.exec:\9pvpj.exe141⤵
-
\??\c:\rfflflr.exec:\rfflflr.exe142⤵
-
\??\c:\bbntht.exec:\bbntht.exe143⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe144⤵
-
\??\c:\ppddd.exec:\ppddd.exe145⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe146⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe147⤵
-
\??\c:\xllxxrr.exec:\xllxxrr.exe148⤵
-
\??\c:\vjppj.exec:\vjppj.exe149⤵
-
\??\c:\hbttbt.exec:\hbttbt.exe150⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe151⤵
-
\??\c:\flxrrrr.exec:\flxrrrr.exe152⤵
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe153⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe154⤵
-
\??\c:\frfxrrl.exec:\frfxrrl.exe155⤵
-
\??\c:\nthhbb.exec:\nthhbb.exe156⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe157⤵
-
\??\c:\lrxrlll.exec:\lrxrlll.exe158⤵
-
\??\c:\hbhntb.exec:\hbhntb.exe159⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe160⤵
-
\??\c:\rlxrlll.exec:\rlxrlll.exe161⤵
-
\??\c:\hnhtbt.exec:\hnhtbt.exe162⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe163⤵
-
\??\c:\1ttnhh.exec:\1ttnhh.exe164⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe165⤵
-
\??\c:\ffrrlxl.exec:\ffrrlxl.exe166⤵
-
\??\c:\nbnhtt.exec:\nbnhtt.exe167⤵
-
\??\c:\3vvvp.exec:\3vvvp.exe168⤵
-
\??\c:\xxffrxr.exec:\xxffrxr.exe169⤵
-
\??\c:\ddddp.exec:\ddddp.exe170⤵
-
\??\c:\tnbnth.exec:\tnbnth.exe171⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe172⤵
-
\??\c:\lrllrxf.exec:\lrllrxf.exe173⤵
-
\??\c:\nhhhht.exec:\nhhhht.exe174⤵
-
\??\c:\lrrfrxf.exec:\lrrfrxf.exe175⤵
-
\??\c:\1bhbhh.exec:\1bhbhh.exe176⤵
-
\??\c:\pvddd.exec:\pvddd.exe177⤵
-
\??\c:\bbnhbh.exec:\bbnhbh.exe178⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe179⤵
-
\??\c:\flrrllr.exec:\flrrllr.exe180⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe181⤵
-
\??\c:\lxxllff.exec:\lxxllff.exe182⤵
-
\??\c:\5hbtnh.exec:\5hbtnh.exe183⤵
-
\??\c:\jjddp.exec:\jjddp.exe184⤵
-
\??\c:\xxlffrx.exec:\xxlffrx.exe185⤵
-
\??\c:\djddv.exec:\djddv.exe186⤵
-
\??\c:\lfxfrlx.exec:\lfxfrlx.exe187⤵
-
\??\c:\1bhbnh.exec:\1bhbnh.exe188⤵
-
\??\c:\pjddd.exec:\pjddd.exe189⤵
-
\??\c:\xfxxrrl.exec:\xfxxrrl.exe190⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe191⤵
-
\??\c:\nbtttn.exec:\nbtttn.exe192⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe193⤵
-
\??\c:\xrrlxxl.exec:\xrrlxxl.exe194⤵
-
\??\c:\tnnhbn.exec:\tnnhbn.exe195⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe196⤵
-
\??\c:\hhbtnh.exec:\hhbtnh.exe197⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe198⤵
-
\??\c:\lrrrrlx.exec:\lrrrrlx.exe199⤵
-
\??\c:\tbntbt.exec:\tbntbt.exe200⤵
-
\??\c:\pjddp.exec:\pjddp.exe201⤵
-
\??\c:\rrxflll.exec:\rrxflll.exe202⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe203⤵
-
\??\c:\rrrxxrl.exec:\rrrxxrl.exe204⤵
-
\??\c:\bhhbht.exec:\bhhbht.exe205⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe206⤵
-
\??\c:\1hhhhh.exec:\1hhhhh.exe207⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe208⤵
-
\??\c:\ffxxlrx.exec:\ffxxlrx.exe209⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe210⤵
-
\??\c:\fxxlxll.exec:\fxxlxll.exe211⤵
-
\??\c:\nhnhnt.exec:\nhnhnt.exe212⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe213⤵
-
\??\c:\hhnhbt.exec:\hhnhbt.exe214⤵
-
\??\c:\jddjp.exec:\jddjp.exe215⤵
-
\??\c:\rrxlfrr.exec:\rrxlfrr.exe216⤵
-
\??\c:\htnbnb.exec:\htnbnb.exe217⤵
-
\??\c:\vddpj.exec:\vddpj.exe218⤵
-
\??\c:\xrxllxr.exec:\xrxllxr.exe219⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe220⤵
-
\??\c:\frrfffx.exec:\frrfffx.exe221⤵
-
\??\c:\bnbttb.exec:\bnbttb.exe222⤵
-
\??\c:\pvddv.exec:\pvddv.exe223⤵
-
\??\c:\rfffrlr.exec:\rfffrlr.exe224⤵
-
\??\c:\djdpd.exec:\djdpd.exe225⤵
-
\??\c:\rrlfxxx.exec:\rrlfxxx.exe226⤵
-
\??\c:\hnthnt.exec:\hnthnt.exe227⤵
-
\??\c:\thtbhb.exec:\thtbhb.exe228⤵
-
\??\c:\9xlfllr.exec:\9xlfllr.exe229⤵
-
\??\c:\ttnhhb.exec:\ttnhhb.exe230⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe231⤵
-
\??\c:\xxrrllr.exec:\xxrrllr.exe232⤵
-
\??\c:\ntnnbb.exec:\ntnnbb.exe233⤵
-
\??\c:\xfllxxl.exec:\xfllxxl.exe234⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe235⤵
-
\??\c:\jvvpv.exec:\jvvpv.exe236⤵
-
\??\c:\lrxrxrx.exec:\lrxrxrx.exe237⤵
-
\??\c:\nbhhnb.exec:\nbhhnb.exe238⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe239⤵
-
\??\c:\xrrrllf.exec:\xrrrllf.exe240⤵