Analysis
-
max time kernel
150s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
05-07-2024 02:56
General
-
Target
cc5af6ad30d92abb514a6b33ef9c82e8ec8c32d5cf312331f9ae354c656df814.exe
-
Size
64KB
-
MD5
3baf356734cef6e7dc76a3a04a8383fa
-
SHA1
5cb41daa7459e85a15082005826c71c6c4daf99f
-
SHA256
cc5af6ad30d92abb514a6b33ef9c82e8ec8c32d5cf312331f9ae354c656df814
-
SHA512
1a9013bf3b2b61b3f1719b0ea4b2d858a9d6ddcea82db18b97d7a6add42f1c35d992e77cc0efaa5e3cef0c7312c9cfe965e7625d7293c805014a5090fb3daf42
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvAEaFJL/S:ymb3NkkiQ3mdBjFIvAvq
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc5af6ad30d92abb514a6b33ef9c82e8ec8c32d5cf312331f9ae354c656df814.exe"C:\Users\Admin\AppData\Local\Temp\cc5af6ad30d92abb514a6b33ef9c82e8ec8c32d5cf312331f9ae354c656df814.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxrxff.exec:\1lxrxff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vpjd.exec:\1vpjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpp.exec:\jpvpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flflxlx.exec:\flflxlx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnhh.exec:\btnnhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddd.exec:\pvddd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjpp.exec:\pvjpp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllxxx.exec:\xxllxxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnhh.exec:\tntnhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvj.exec:\pvvvj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlrrx.exec:\lrrlrrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrxxr.exec:\xlfrxxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnnh.exec:\hbtnnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fffxfl.exec:\3fffxfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ttttt.exec:\3ttttt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjddv.exec:\vjddv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddv.exec:\pvddv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlffx.exec:\lrrlffx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnbt.exec:\nbtnbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjvd.exec:\jvjvd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdp.exec:\jpjdp.exe23⤵
- Executes dropped EXE
-
\??\c:\1flfflf.exec:\1flfflf.exe24⤵
- Executes dropped EXE
-
\??\c:\thhbnb.exec:\thhbnb.exe25⤵
- Executes dropped EXE
-
\??\c:\vjdvd.exec:\vjdvd.exe26⤵
- Executes dropped EXE
-
\??\c:\fflfrrl.exec:\fflfrrl.exe27⤵
- Executes dropped EXE
-
\??\c:\3lrlrrf.exec:\3lrlrrf.exe28⤵
- Executes dropped EXE
-
\??\c:\tnnhbh.exec:\tnnhbh.exe29⤵
- Executes dropped EXE
-
\??\c:\djdpj.exec:\djdpj.exe30⤵
- Executes dropped EXE
-
\??\c:\xlxlfxl.exec:\xlxlfxl.exe31⤵
- Executes dropped EXE
-
\??\c:\tbnthn.exec:\tbnthn.exe32⤵
- Executes dropped EXE
-
\??\c:\djjpj.exec:\djjpj.exe33⤵
- Executes dropped EXE
-
\??\c:\xrxxffx.exec:\xrxxffx.exe34⤵
- Executes dropped EXE
-
\??\c:\xrlffff.exec:\xrlffff.exe35⤵
- Executes dropped EXE
-
\??\c:\hhtbbn.exec:\hhtbbn.exe36⤵
- Executes dropped EXE
-
\??\c:\jjpvp.exec:\jjpvp.exe37⤵
- Executes dropped EXE
-
\??\c:\1vpjd.exec:\1vpjd.exe38⤵
- Executes dropped EXE
-
\??\c:\rrxxrrl.exec:\rrxxrrl.exe39⤵
- Executes dropped EXE
-
\??\c:\ffxlfff.exec:\ffxlfff.exe40⤵
- Executes dropped EXE
-
\??\c:\thbbth.exec:\thbbth.exe41⤵
- Executes dropped EXE
-
\??\c:\pjpdj.exec:\pjpdj.exe42⤵
- Executes dropped EXE
-
\??\c:\9lxrrrr.exec:\9lxrrrr.exe43⤵
- Executes dropped EXE
-
\??\c:\llxlxxf.exec:\llxlxxf.exe44⤵
- Executes dropped EXE
-
\??\c:\bbttnn.exec:\bbttnn.exe45⤵
- Executes dropped EXE
-
\??\c:\ddppp.exec:\ddppp.exe46⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe47⤵
- Executes dropped EXE
-
\??\c:\rllllff.exec:\rllllff.exe48⤵
- Executes dropped EXE
-
\??\c:\ffxxflf.exec:\ffxxflf.exe49⤵
- Executes dropped EXE
-
\??\c:\1hbhth.exec:\1hbhth.exe50⤵
- Executes dropped EXE
-
\??\c:\bthbbb.exec:\bthbbb.exe51⤵
- Executes dropped EXE
-
\??\c:\rlrlxxx.exec:\rlrlxxx.exe52⤵
- Executes dropped EXE
-
\??\c:\9nnhtt.exec:\9nnhtt.exe53⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe54⤵
- Executes dropped EXE
-
\??\c:\xxxxffl.exec:\xxxxffl.exe55⤵
- Executes dropped EXE
-
\??\c:\hhnhhh.exec:\hhnhhh.exe56⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe57⤵
- Executes dropped EXE
-
\??\c:\jvjjd.exec:\jvjjd.exe58⤵
- Executes dropped EXE
-
\??\c:\rrfllxr.exec:\rrfllxr.exe59⤵
- Executes dropped EXE
-
\??\c:\tthbtt.exec:\tthbtt.exe60⤵
- Executes dropped EXE
-
\??\c:\dppvv.exec:\dppvv.exe61⤵
- Executes dropped EXE
-
\??\c:\3vvjv.exec:\3vvjv.exe62⤵
- Executes dropped EXE
-
\??\c:\7rfrxlr.exec:\7rfrxlr.exe63⤵
- Executes dropped EXE
-
\??\c:\ntthhn.exec:\ntthhn.exe64⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe65⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe66⤵
-
\??\c:\lrflffx.exec:\lrflffx.exe67⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe68⤵
-
\??\c:\1nnnnt.exec:\1nnnnt.exe69⤵
-
\??\c:\vvppv.exec:\vvppv.exe70⤵
-
\??\c:\fllfxxl.exec:\fllfxxl.exe71⤵
-
\??\c:\nthhbb.exec:\nthhbb.exe72⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe73⤵
-
\??\c:\lrrfxxx.exec:\lrrfxxx.exe74⤵
-
\??\c:\nbhhth.exec:\nbhhth.exe75⤵
-
\??\c:\pvpvj.exec:\pvpvj.exe76⤵
-
\??\c:\vdddv.exec:\vdddv.exe77⤵
-
\??\c:\tnhhbt.exec:\tnhhbt.exe78⤵
-
\??\c:\vdddp.exec:\vdddp.exe79⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe80⤵
-
\??\c:\lrxrflr.exec:\lrxrflr.exe81⤵
-
\??\c:\5nnnnb.exec:\5nnnnb.exe82⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe83⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe84⤵
-
\??\c:\frlxxlr.exec:\frlxxlr.exe85⤵
-
\??\c:\bthtnn.exec:\bthtnn.exe86⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe87⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe88⤵
-
\??\c:\rfrllfl.exec:\rfrllfl.exe89⤵
-
\??\c:\xllfrlf.exec:\xllfrlf.exe90⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe91⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe92⤵
-
\??\c:\xxlfxxx.exec:\xxlfxxx.exe93⤵
-
\??\c:\fxrllrl.exec:\fxrllrl.exe94⤵
-
\??\c:\hbbtbh.exec:\hbbtbh.exe95⤵
-
\??\c:\tttnnt.exec:\tttnnt.exe96⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe97⤵
-
\??\c:\1rllflf.exec:\1rllflf.exe98⤵
-
\??\c:\rrlrffl.exec:\rrlrffl.exe99⤵
-
\??\c:\bthnhb.exec:\bthnhb.exe100⤵
-
\??\c:\jddvp.exec:\jddvp.exe101⤵
-
\??\c:\flrrxxr.exec:\flrrxxr.exe102⤵
-
\??\c:\lllfllf.exec:\lllfllf.exe103⤵
-
\??\c:\nbhbtb.exec:\nbhbtb.exe104⤵
-
\??\c:\pppdv.exec:\pppdv.exe105⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe106⤵
-
\??\c:\lrxrxxl.exec:\lrxrxxl.exe107⤵
-
\??\c:\nhbhhb.exec:\nhbhhb.exe108⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe109⤵
-
\??\c:\ddjvp.exec:\ddjvp.exe110⤵
-
\??\c:\frlxrfr.exec:\frlxrfr.exe111⤵
-
\??\c:\xxlrxlx.exec:\xxlrxlx.exe112⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe113⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe114⤵
-
\??\c:\vdvpd.exec:\vdvpd.exe115⤵
-
\??\c:\7rfrxrx.exec:\7rfrxrx.exe116⤵
-
\??\c:\frxlrrr.exec:\frxlrrr.exe117⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe118⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe119⤵
-
\??\c:\lrfrffl.exec:\lrfrffl.exe120⤵
-
\??\c:\xffxrrr.exec:\xffxrrr.exe121⤵
-
\??\c:\nhnnhb.exec:\nhnnhb.exe122⤵
-
\??\c:\jjdpv.exec:\jjdpv.exe123⤵
-
\??\c:\rllllrr.exec:\rllllrr.exe124⤵
-
\??\c:\hhnhnt.exec:\hhnhnt.exe125⤵
-
\??\c:\btttnn.exec:\btttnn.exe126⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe127⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe128⤵
-
\??\c:\rflfxrr.exec:\rflfxrr.exe129⤵
-
\??\c:\xflfxxr.exec:\xflfxxr.exe130⤵
-
\??\c:\hhtbhb.exec:\hhtbhb.exe131⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe132⤵
-
\??\c:\9jjjj.exec:\9jjjj.exe133⤵
-
\??\c:\rxxxrfx.exec:\rxxxrfx.exe134⤵
-
\??\c:\bnhbtt.exec:\bnhbtt.exe135⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe136⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe137⤵
-
\??\c:\rrlxrrf.exec:\rrlxrrf.exe138⤵
-
\??\c:\hhnbbn.exec:\hhnbbn.exe139⤵
-
\??\c:\nbbtht.exec:\nbbtht.exe140⤵
-
\??\c:\pvjdd.exec:\pvjdd.exe141⤵
-
\??\c:\vpvjv.exec:\vpvjv.exe142⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe143⤵
-
\??\c:\lfrrrrr.exec:\lfrrrrr.exe144⤵
-
\??\c:\bbtnnt.exec:\bbtnnt.exe145⤵
-
\??\c:\5pjjd.exec:\5pjjd.exe146⤵
-
\??\c:\jddjj.exec:\jddjj.exe147⤵
-
\??\c:\lfffxrx.exec:\lfffxrx.exe148⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe149⤵
-
\??\c:\lflllxx.exec:\lflllxx.exe150⤵
-
\??\c:\fxxrffx.exec:\fxxrffx.exe151⤵
-
\??\c:\bhnbnh.exec:\bhnbnh.exe152⤵
-
\??\c:\7ddpv.exec:\7ddpv.exe153⤵
-
\??\c:\vjjvv.exec:\vjjvv.exe154⤵
-
\??\c:\rxxlrxr.exec:\rxxlrxr.exe155⤵
-
\??\c:\rxrfxxr.exec:\rxrfxxr.exe156⤵
-
\??\c:\tbbtnh.exec:\tbbtnh.exe157⤵
-
\??\c:\vjpdd.exec:\vjpdd.exe158⤵
-
\??\c:\nntbhn.exec:\nntbhn.exe159⤵
-
\??\c:\3jppj.exec:\3jppj.exe160⤵
-
\??\c:\djdpj.exec:\djdpj.exe161⤵
-
\??\c:\frrfxff.exec:\frrfxff.exe162⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe163⤵
-
\??\c:\xrfxflf.exec:\xrfxflf.exe164⤵
-
\??\c:\hhbntb.exec:\hhbntb.exe165⤵
-
\??\c:\ttbhtt.exec:\ttbhtt.exe166⤵
-
\??\c:\vppjj.exec:\vppjj.exe167⤵
-
\??\c:\rxfxrxf.exec:\rxfxrxf.exe168⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe169⤵
-
\??\c:\nnbbht.exec:\nnbbht.exe170⤵
-
\??\c:\3jdvj.exec:\3jdvj.exe171⤵
-
\??\c:\lxlfffr.exec:\lxlfffr.exe172⤵
-
\??\c:\5xffffx.exec:\5xffffx.exe173⤵
-
\??\c:\nnthbb.exec:\nnthbb.exe174⤵
-
\??\c:\tbbntt.exec:\tbbntt.exe175⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe176⤵
-
\??\c:\lxfrfrx.exec:\lxfrfrx.exe177⤵
-
\??\c:\tbnhth.exec:\tbnhth.exe178⤵
-
\??\c:\jpjpv.exec:\jpjpv.exe179⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe180⤵
-
\??\c:\9lfrffl.exec:\9lfrffl.exe181⤵
-
\??\c:\bhhntb.exec:\bhhntb.exe182⤵
-
\??\c:\tbnhnh.exec:\tbnhnh.exe183⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe184⤵
-
\??\c:\xffxrrx.exec:\xffxrrx.exe185⤵
-
\??\c:\tnbntb.exec:\tnbntb.exe186⤵
-
\??\c:\thbnbt.exec:\thbnbt.exe187⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe188⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe189⤵
-
\??\c:\5lxllff.exec:\5lxllff.exe190⤵
-
\??\c:\3lxxlfr.exec:\3lxxlfr.exe191⤵
-
\??\c:\ttntbt.exec:\ttntbt.exe192⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe193⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe194⤵
-
\??\c:\fffxflr.exec:\fffxflr.exe195⤵
-
\??\c:\bthnnh.exec:\bthnnh.exe196⤵
-
\??\c:\pjppp.exec:\pjppp.exe197⤵
-
\??\c:\1ppjd.exec:\1ppjd.exe198⤵
-
\??\c:\bhthtt.exec:\bhthtt.exe199⤵
-
\??\c:\hnhnhb.exec:\hnhnhb.exe200⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe201⤵
-
\??\c:\xfrlfxx.exec:\xfrlfxx.exe202⤵
-
\??\c:\ntbttn.exec:\ntbttn.exe203⤵
-
\??\c:\bbthbn.exec:\bbthbn.exe204⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe205⤵
-
\??\c:\lxfrxxl.exec:\lxfrxxl.exe206⤵
-
\??\c:\rlfxllx.exec:\rlfxllx.exe207⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe208⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe209⤵
-
\??\c:\rlrrrlf.exec:\rlrrrlf.exe210⤵
-
\??\c:\hntnth.exec:\hntnth.exe211⤵
-
\??\c:\tnnbth.exec:\tnnbth.exe212⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe213⤵
-
\??\c:\jpddd.exec:\jpddd.exe214⤵
-
\??\c:\flfxrlx.exec:\flfxrlx.exe215⤵
-
\??\c:\btnbnn.exec:\btnbnn.exe216⤵
-
\??\c:\vvdjd.exec:\vvdjd.exe217⤵
-
\??\c:\jjpvj.exec:\jjpvj.exe218⤵
-
\??\c:\xlflxlf.exec:\xlflxlf.exe219⤵
-
\??\c:\bthnnb.exec:\bthnnb.exe220⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe221⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe222⤵
-
\??\c:\fxfllfl.exec:\fxfllfl.exe223⤵
-
\??\c:\bbnhtb.exec:\bbnhtb.exe224⤵
-
\??\c:\ttbnht.exec:\ttbnht.exe225⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe226⤵
-
\??\c:\lxffxxx.exec:\lxffxxx.exe227⤵
-
\??\c:\tntbnh.exec:\tntbnh.exe228⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe229⤵
-
\??\c:\rlffxfx.exec:\rlffxfx.exe230⤵
-
\??\c:\fxfllxr.exec:\fxfllxr.exe231⤵
-
\??\c:\hhhbnh.exec:\hhhbnh.exe232⤵
-
\??\c:\vvjvv.exec:\vvjvv.exe233⤵
-
\??\c:\5vdvv.exec:\5vdvv.exe234⤵
-
\??\c:\rrrlflf.exec:\rrrlflf.exe235⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe236⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe237⤵
-
\??\c:\rrrxlxx.exec:\rrrxlxx.exe238⤵
-
\??\c:\lrxxrll.exec:\lrxxrll.exe239⤵
-
\??\c:\bnnbhh.exec:\bnnbhh.exe240⤵