Analysis
-
max time kernel
152s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
14/10/2023, 11:55
General
-
Target
NEAS.0ccc71d79ae2246b52fd2ddf29aa2130_JC.exe
-
Size
101KB
-
MD5
0ccc71d79ae2246b52fd2ddf29aa2130
-
SHA1
6c0864930e3665e87c27ee9f2aa9aa7f715bd428
-
SHA256
72f35023967bb227f45c0b4742e160ea913f0babd9f0aeb9e6d2c28ac45fe3a1
-
SHA512
5fd0c7c25775ba58568b6897800c2e3a2178d621e6a4908d4f14c01a609dc3b3d47fdc762c044ce4d2cb10b5553ceee5d0edbfd7cea3ede6a014f7329422276b
-
SSDEEP
1536:9vQBeOGtrYS3srx93UBWfwC6Ggnouy8PbhnyLFbUZJjw5Ivov1d3ZdpQm6q:9hOmTsF93UYfwC6GIoutz5yLpRDN6q
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.0ccc71d79ae2246b52fd2ddf29aa2130_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.0ccc71d79ae2246b52fd2ddf29aa2130_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hq56w.exec:\hq56w.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3601v3.exec:\3601v3.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bat8g3.exec:\bat8g3.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6v3iv.exec:\6v3iv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\77msq30.exec:\77msq30.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22uope2.exec:\22uope2.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m11mb.exec:\m11mb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vv7qn08.exec:\vv7qn08.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xe369.exec:\xe369.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c6fw6.exec:\c6fw6.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\peq179f.exec:\peq179f.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\26m6ri.exec:\26m6ri.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rwvni2.exec:\9rwvni2.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxt465t.exec:\lxt465t.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ckd58.exec:\ckd58.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9n7kd.exec:\9n7kd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\931s99.exec:\931s99.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\08j7gf.exec:\08j7gf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vucj0.exec:\1vucj0.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ug34u.exec:\ug34u.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2duv5p3.exec:\2duv5p3.exe10⤵
- Executes dropped EXE
-
\??\c:\6s725.exec:\6s725.exe11⤵
- Executes dropped EXE
-
\??\c:\erusu.exec:\erusu.exe12⤵
- Executes dropped EXE
-
\??\c:\2opbw.exec:\2opbw.exe13⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\kk8pug9.exec:\kk8pug9.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\43njmw8.exec:\43njmw8.exe1⤵
- Executes dropped EXE
-
\??\c:\8rn259.exec:\8rn259.exe2⤵
- Executes dropped EXE
-
\??\c:\4d014.exec:\4d014.exe3⤵
- Executes dropped EXE
-
\??\c:\ds9c3.exec:\ds9c3.exe4⤵
- Executes dropped EXE
-
\??\c:\k6ivj86.exec:\k6ivj86.exe5⤵
- Executes dropped EXE
-
\??\c:\c0j5384.exec:\c0j5384.exe6⤵
- Executes dropped EXE
-
\??\c:\j3627x.exec:\j3627x.exe7⤵
- Executes dropped EXE
-
\??\c:\13sx0.exec:\13sx0.exe8⤵
- Executes dropped EXE
-
\??\c:\l9wv74.exec:\l9wv74.exe9⤵
- Executes dropped EXE
-
\??\c:\go745.exec:\go745.exe10⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
\??\c:\w2h54h.exec:\w2h54h.exe1⤵
- Executes dropped EXE
-
\??\c:\ew681.exec:\ew681.exe2⤵
- Executes dropped EXE
-
\??\c:\p44d2t.exec:\p44d2t.exe3⤵
- Executes dropped EXE
-
\??\c:\655e1.exec:\655e1.exe4⤵
- Executes dropped EXE
-
\??\c:\s6997xc.exec:\s6997xc.exe5⤵
- Executes dropped EXE
-
\??\c:\df2779.exec:\df2779.exe6⤵
- Executes dropped EXE
-
\??\c:\7x8rw.exec:\7x8rw.exe7⤵
- Executes dropped EXE
-
\??\c:\n67n5.exec:\n67n5.exe8⤵
- Executes dropped EXE
-
\??\c:\28lip.exec:\28lip.exe9⤵
- Executes dropped EXE
-
\??\c:\6o1i7.exec:\6o1i7.exe10⤵
- Executes dropped EXE
-
\??\c:\31v795.exec:\31v795.exe11⤵
- Executes dropped EXE
-
\??\c:\0t976.exec:\0t976.exe12⤵
- Executes dropped EXE
-
\??\c:\v844d.exec:\v844d.exe13⤵
- Executes dropped EXE
-
\??\c:\21i11.exec:\21i11.exe14⤵
- Executes dropped EXE
-
\??\c:\8egp64h.exec:\8egp64h.exe15⤵
- Executes dropped EXE
-
\??\c:\xm06v8.exec:\xm06v8.exe16⤵
- Executes dropped EXE
-
\??\c:\ill72hl.exec:\ill72hl.exe17⤵
- Executes dropped EXE
-
\??\c:\qc529.exec:\qc529.exe18⤵
- Executes dropped EXE
-
\??\c:\0x8jb.exec:\0x8jb.exe19⤵
- Executes dropped EXE
-
\??\c:\bo7w7af.exec:\bo7w7af.exe20⤵
- Executes dropped EXE
-
\??\c:\8w3cr.exec:\8w3cr.exe21⤵
- Executes dropped EXE
-
\??\c:\d2p88x.exec:\d2p88x.exe22⤵
- Executes dropped EXE
-
\??\c:\5bgd48.exec:\5bgd48.exe23⤵
- Executes dropped EXE
-
\??\c:\fb4l57.exec:\fb4l57.exe24⤵
- Executes dropped EXE
-
\??\c:\2d7jn.exec:\2d7jn.exe25⤵
- Executes dropped EXE
-
\??\c:\1x93l.exec:\1x93l.exe26⤵
- Executes dropped EXE
-
\??\c:\axt20j.exec:\axt20j.exe27⤵
- Executes dropped EXE
-
\??\c:\x9hnr7j.exec:\x9hnr7j.exe28⤵
- Executes dropped EXE
-
\??\c:\089760f.exec:\089760f.exe29⤵
- Executes dropped EXE
-
\??\c:\70w54f.exec:\70w54f.exe30⤵
-
\??\c:\1g6u10.exec:\1g6u10.exe31⤵
-
\??\c:\7v3dxjk.exec:\7v3dxjk.exe32⤵
-
\??\c:\12n9860.exec:\12n9860.exe33⤵
-
\??\c:\r68859.exec:\r68859.exe34⤵
-
\??\c:\1pgckk.exec:\1pgckk.exe35⤵
-
\??\c:\ed008x.exec:\ed008x.exe36⤵
-
\??\c:\x648b8m.exec:\x648b8m.exe37⤵
-
\??\c:\hi7g9u.exec:\hi7g9u.exe38⤵
-
\??\c:\35ndcs.exec:\35ndcs.exe39⤵
-
\??\c:\t06r9.exec:\t06r9.exe40⤵
-
\??\c:\t07rpmw.exec:\t07rpmw.exe41⤵
-
\??\c:\3d73j7.exec:\3d73j7.exe42⤵
-
\??\c:\rgk3xvv.exec:\rgk3xvv.exe43⤵
-
\??\c:\5n94bf.exec:\5n94bf.exe44⤵
-
\??\c:\693ui.exec:\693ui.exe45⤵
-
\??\c:\hng0hg3.exec:\hng0hg3.exe46⤵
-
\??\c:\4avu024.exec:\4avu024.exe47⤵
-
\??\c:\0377t9.exec:\0377t9.exe48⤵
-
\??\c:\kj69jx.exec:\kj69jx.exe49⤵
-
\??\c:\3m7s167.exec:\3m7s167.exe50⤵
-
\??\c:\91uk3es.exec:\91uk3es.exe51⤵
-
\??\c:\927l97.exec:\927l97.exe52⤵
-
\??\c:\4jnll6.exec:\4jnll6.exe53⤵
-
\??\c:\8dx25.exec:\8dx25.exe54⤵
-
\??\c:\x90947.exec:\x90947.exe55⤵
-
\??\c:\74s5f.exec:\74s5f.exe56⤵
-
\??\c:\7u539.exec:\7u539.exe57⤵
-
\??\c:\dw9t5.exec:\dw9t5.exe58⤵
-
\??\c:\g0jm3iw.exec:\g0jm3iw.exe59⤵
-
\??\c:\6j9e31.exec:\6j9e31.exe60⤵
-
\??\c:\xvpa6g.exec:\xvpa6g.exe61⤵
-
\??\c:\0w05xb4.exec:\0w05xb4.exe62⤵
-
\??\c:\t32m3.exec:\t32m3.exe63⤵
-
\??\c:\f5n39.exec:\f5n39.exe64⤵
-
\??\c:\8mggkou.exec:\8mggkou.exe65⤵
-
\??\c:\2p2g99.exec:\2p2g99.exe66⤵
-
\??\c:\m1i50sl.exec:\m1i50sl.exe67⤵
-
\??\c:\cg3e5.exec:\cg3e5.exe68⤵
-
\??\c:\31m6ur0.exec:\31m6ur0.exe69⤵
-
\??\c:\0pldav.exec:\0pldav.exe70⤵
-
\??\c:\0j59c.exec:\0j59c.exe71⤵
-
\??\c:\pp403ck.exec:\pp403ck.exe72⤵
-
\??\c:\4f7u9sc.exec:\4f7u9sc.exe73⤵
-
\??\c:\5905m33.exec:\5905m33.exe74⤵
-
\??\c:\q34b4o.exec:\q34b4o.exe75⤵
-
\??\c:\gm30h.exec:\gm30h.exe76⤵
-
\??\c:\ow4kl0w.exec:\ow4kl0w.exe77⤵
-
\??\c:\q8i7w.exec:\q8i7w.exe78⤵
-
\??\c:\xp2p6x7.exec:\xp2p6x7.exe79⤵
-
\??\c:\vsf0ep.exec:\vsf0ep.exe80⤵
-
\??\c:\se495.exec:\se495.exe81⤵
-
\??\c:\d5i159t.exec:\d5i159t.exe82⤵
-
\??\c:\jw3oc.exec:\jw3oc.exe83⤵
-
\??\c:\4a678.exec:\4a678.exe84⤵
-
\??\c:\90dm7wf.exec:\90dm7wf.exe85⤵
-
\??\c:\3373v.exec:\3373v.exe86⤵
-
\??\c:\2w7sp3.exec:\2w7sp3.exe87⤵
-
\??\c:\310u6.exec:\310u6.exe88⤵
-
\??\c:\f7s7kxk.exec:\f7s7kxk.exe89⤵
-
\??\c:\8h629nn.exec:\8h629nn.exe90⤵
-
\??\c:\2b15q1.exec:\2b15q1.exe91⤵
-
\??\c:\2r9x6.exec:\2r9x6.exe92⤵
-
\??\c:\qq22l.exec:\qq22l.exe93⤵
-
\??\c:\4h9a1.exec:\4h9a1.exe94⤵
-
\??\c:\o7rbe.exec:\o7rbe.exe95⤵
-
\??\c:\l9x5x.exec:\l9x5x.exe96⤵
-
\??\c:\857fk.exec:\857fk.exe97⤵
-
\??\c:\472rswd.exec:\472rswd.exe98⤵
-
\??\c:\54x55.exec:\54x55.exe99⤵
-
\??\c:\69kkm.exec:\69kkm.exe100⤵
-
\??\c:\wcb4m57.exec:\wcb4m57.exe101⤵
-
\??\c:\n64rd35.exec:\n64rd35.exe102⤵
-
\??\c:\w0381p.exec:\w0381p.exe103⤵
-
\??\c:\7od27.exec:\7od27.exe104⤵
-
\??\c:\v3oc7.exec:\v3oc7.exe105⤵
-
\??\c:\5f55919.exec:\5f55919.exe106⤵
-
\??\c:\1b48bp4.exec:\1b48bp4.exe107⤵
-
\??\c:\0878p1.exec:\0878p1.exe108⤵
-
\??\c:\9u9g38.exec:\9u9g38.exe109⤵
-
\??\c:\f235c.exec:\f235c.exe110⤵
-
\??\c:\4cw9c.exec:\4cw9c.exe111⤵
-
\??\c:\91a73.exec:\91a73.exe112⤵
-
\??\c:\qk10n.exec:\qk10n.exe113⤵
-
\??\c:\v8f605.exec:\v8f605.exe114⤵
-
\??\c:\v4087b8.exec:\v4087b8.exe115⤵
-
\??\c:\723w5oa.exec:\723w5oa.exe116⤵
-
\??\c:\wq16w.exec:\wq16w.exe117⤵
-
\??\c:\7l3rr.exec:\7l3rr.exe118⤵
-
\??\c:\e8319qs.exec:\e8319qs.exe119⤵
-
\??\c:\kc559.exec:\kc559.exe120⤵
-
\??\c:\15e5130.exec:\15e5130.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-