Analysis
-
max time kernel
117s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
14/10/2023, 17:57
General
-
Target
NEAS.691716b66eb8cfdcae6c17af87a38380.exe
-
Size
63KB
-
MD5
691716b66eb8cfdcae6c17af87a38380
-
SHA1
2373de145c1c0382ebaa1892d265485a39a6d07c
-
SHA256
8ce4d6408c93aae952669cbbd250600ad9f658800dd81531d7135e97e5cbfec4
-
SHA512
094189661c9bd42917af78aef17e7456c20757c0b1527f3737fbe8b44bb13b2ead2b0125788263f563f38f191e03d7261b029a1d103c1412e6eb156188757708
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4REh:ymb3NkkiQ3mdBjFIsIpZ+R4Rc
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.691716b66eb8cfdcae6c17af87a38380.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.691716b66eb8cfdcae6c17af87a38380.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrvbh.exec:\rrvbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dnjpthn.exec:\dnjpthn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\njxllj.exec:\njxllj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xnvdrhn.exec:\xnvdrhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hfdjdn.exec:\hfdjdn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xjfrxxb.exec:\xjfrxxb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llhrjrv.exec:\llhrjrv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dtjxh.exec:\dtjxh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfnxxdp.exec:\xfnxxdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfvph.exec:\pfvph.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bvhrv.exec:\bvhrv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lvjfb.exec:\lvjfb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvrbnfh.exec:\jvrbnfh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fpftxjv.exec:\fpftxjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxtbthd.exec:\hxtbthd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fvrfdf.exec:\fvrfdf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\brbxvnr.exec:\brbxvnr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnjdfvp.exec:\bnjdfvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjhpn.exec:\vjhpn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvffp.exec:\xvffp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrjxvjx.exec:\hrjxvjx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjbht.exec:\pjjbht.exe23⤵
- Executes dropped EXE
-
\??\c:\dvtjr.exec:\dvtjr.exe24⤵
- Executes dropped EXE
-
\??\c:\bnrjb.exec:\bnrjb.exe25⤵
- Executes dropped EXE
-
\??\c:\blxrvb.exec:\blxrvb.exe26⤵
- Executes dropped EXE
-
\??\c:\nddrb.exec:\nddrb.exe27⤵
- Executes dropped EXE
-
\??\c:\nvrnpj.exec:\nvrnpj.exe28⤵
- Executes dropped EXE
-
\??\c:\fnhfjp.exec:\fnhfjp.exe29⤵
- Executes dropped EXE
-
\??\c:\njhjlnx.exec:\njhjlnx.exe30⤵
- Executes dropped EXE
-
\??\c:\fblhxbd.exec:\fblhxbd.exe31⤵
- Executes dropped EXE
-
\??\c:\phhrf.exec:\phhrf.exe32⤵
- Executes dropped EXE
-
\??\c:\vrlnl.exec:\vrlnl.exe33⤵
- Executes dropped EXE
-
\??\c:\pvbrdp.exec:\pvbrdp.exe34⤵
-
\??\c:\tjnxfv.exec:\tjnxfv.exe35⤵
- Executes dropped EXE
-
\??\c:\pbjbnn.exec:\pbjbnn.exe36⤵
- Executes dropped EXE
-
\??\c:\tddpxv.exec:\tddpxv.exe37⤵
- Executes dropped EXE
-
\??\c:\rvlnrl.exec:\rvlnrl.exe38⤵
- Executes dropped EXE
-
\??\c:\fbhbrvb.exec:\fbhbrvb.exe39⤵
- Executes dropped EXE
-
\??\c:\nvbvnjj.exec:\nvbvnjj.exe40⤵
-
\??\c:\xdtddrx.exec:\xdtddrx.exe41⤵
-
\??\c:\hddtjhr.exec:\hddtjhr.exe42⤵
- Executes dropped EXE
-
\??\c:\nvndbfl.exec:\nvndbfl.exe43⤵
- Executes dropped EXE
-
\??\c:\trrdjtx.exec:\trrdjtx.exe44⤵
- Executes dropped EXE
-
\??\c:\njjjnfr.exec:\njjjnfr.exe45⤵
- Executes dropped EXE
-
\??\c:\jrvfj.exec:\jrvfj.exe46⤵
- Executes dropped EXE
-
\??\c:\rbfxlrx.exec:\rbfxlrx.exe47⤵
- Executes dropped EXE
-
\??\c:\nptxn.exec:\nptxn.exe48⤵
- Executes dropped EXE
-
\??\c:\rtlnnh.exec:\rtlnnh.exe49⤵
- Executes dropped EXE
-
\??\c:\prrbnl.exec:\prrbnl.exe50⤵
- Executes dropped EXE
-
\??\c:\xlfphdf.exec:\xlfphdf.exe51⤵
- Executes dropped EXE
-
\??\c:\bbdfphr.exec:\bbdfphr.exe52⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\fxljd.exec:\fxljd.exe1⤵
- Executes dropped EXE
-
\??\c:\fbntfbv.exec:\fbntfbv.exe2⤵
- Executes dropped EXE
-
\??\c:\htdfvn.exec:\htdfvn.exe3⤵
- Executes dropped EXE
-
-
-
\??\c:\tfdrp.exec:\tfdrp.exe1⤵
- Executes dropped EXE
-
\??\c:\dttnv.exec:\dttnv.exe2⤵
- Executes dropped EXE
-
\??\c:\bblnndn.exec:\bblnndn.exe3⤵
- Executes dropped EXE
-
\??\c:\fbvxxr.exec:\fbvxxr.exe4⤵
- Executes dropped EXE
-
-
-
-
\??\c:\vthflj.exec:\vthflj.exe1⤵
- Executes dropped EXE
-
\??\c:\phxnhd.exec:\phxnhd.exe2⤵
- Executes dropped EXE
-
\??\c:\vbfpb.exec:\vbfpb.exe3⤵
- Executes dropped EXE
-
\??\c:\jfrrfh.exec:\jfrrfh.exe4⤵
- Executes dropped EXE
-
\??\c:\nvpnffp.exec:\nvpnffp.exe5⤵
- Executes dropped EXE
-
\??\c:\rvrfb.exec:\rvrfb.exe6⤵
- Executes dropped EXE
-
\??\c:\pxjtf.exec:\pxjtf.exe7⤵
-
\??\c:\nthlb.exec:\nthlb.exe8⤵
-
\??\c:\dffdx.exec:\dffdx.exe9⤵
-
\??\c:\hrddfbl.exec:\hrddfbl.exe10⤵
-
\??\c:\vpxhb.exec:\vpxhb.exe11⤵
-
\??\c:\plfpxjj.exec:\plfpxjj.exe12⤵
-
\??\c:\xbtdllp.exec:\xbtdllp.exe13⤵
-
\??\c:\ffpjvr.exec:\ffpjvr.exe14⤵
-
\??\c:\xrblrr.exec:\xrblrr.exe15⤵
-
\??\c:\jnbjjp.exec:\jnbjjp.exe16⤵
-
\??\c:\lhjjtv.exec:\lhjjtv.exe17⤵
- Executes dropped EXE
-
\??\c:\hlfrj.exec:\hlfrj.exe18⤵
- Executes dropped EXE
-
\??\c:\vjlbhnp.exec:\vjlbhnp.exe19⤵
-
\??\c:\bjlfrt.exec:\bjlfrt.exe20⤵
-
\??\c:\fxjxvb.exec:\fxjxvb.exe21⤵
-
\??\c:\vtdvr.exec:\vtdvr.exe22⤵
-
\??\c:\jlnnhj.exec:\jlnnhj.exe23⤵
-
\??\c:\lxfjthr.exec:\lxfjthr.exe24⤵
-
\??\c:\dpfdv.exec:\dpfdv.exe25⤵
-
\??\c:\xtdlfjd.exec:\xtdlfjd.exe26⤵
-
\??\c:\lbvnrjl.exec:\lbvnrjl.exe27⤵
-
\??\c:\bhhvjj.exec:\bhhvjj.exe28⤵
-
\??\c:\fldnf.exec:\fldnf.exe29⤵
-
\??\c:\jhvhvnx.exec:\jhvhvnx.exe30⤵
-
\??\c:\tvbxfjd.exec:\tvbxfjd.exe31⤵
-
\??\c:\nhhrbb.exec:\nhhrbb.exe32⤵
-
\??\c:\plrjdj.exec:\plrjdj.exe33⤵
-
\??\c:\bfjfd.exec:\bfjfd.exe34⤵
-
\??\c:\rbdhj.exec:\rbdhj.exe35⤵
-
\??\c:\rhnblh.exec:\rhnblh.exe36⤵
-
\??\c:\fhhddbt.exec:\fhhddbt.exe37⤵
-
\??\c:\jfvfprf.exec:\jfvfprf.exe38⤵
-
\??\c:\npvjdvb.exec:\npvjdvb.exe39⤵
-
\??\c:\hjvjlt.exec:\hjvjlt.exe40⤵
-
\??\c:\tlbdn.exec:\tlbdn.exe41⤵
-
\??\c:\npxhhlj.exec:\npxhhlj.exe42⤵
-
\??\c:\njvfjv.exec:\njvfjv.exe43⤵
-
\??\c:\ndfxhf.exec:\ndfxhf.exe44⤵
-
\??\c:\vtpprpl.exec:\vtpprpl.exe45⤵
-
\??\c:\vpfxht.exec:\vpfxht.exe46⤵
-
\??\c:\rrhntt.exec:\rrhntt.exe47⤵
-
\??\c:\rlplxjh.exec:\rlplxjh.exe48⤵
-
\??\c:\fjlxjp.exec:\fjlxjp.exe49⤵
-
\??\c:\fldpfbp.exec:\fldpfbp.exe50⤵
-
\??\c:\dlfbb.exec:\dlfbb.exe51⤵
-
\??\c:\jxrjh.exec:\jxrjh.exe52⤵
-
\??\c:\tjftxvf.exec:\tjftxvf.exe53⤵
-
\??\c:\fjbrf.exec:\fjbrf.exe54⤵
-
\??\c:\ffvft.exec:\ffvft.exe55⤵
-
\??\c:\tjxdd.exec:\tjxdd.exe56⤵
-
\??\c:\jdhvd.exec:\jdhvd.exe57⤵
-
\??\c:\txpvjn.exec:\txpvjn.exe58⤵
-
\??\c:\npxdp.exec:\npxdp.exe59⤵
-
\??\c:\vphvp.exec:\vphvp.exe60⤵
-
\??\c:\vbbxrnr.exec:\vbbxrnr.exe61⤵
-
\??\c:\lnbxd.exec:\lnbxd.exe62⤵
-
\??\c:\jvlvbhd.exec:\jvlvbhd.exe63⤵
-
\??\c:\fjbnp.exec:\fjbnp.exe64⤵
-
\??\c:\flrlf.exec:\flrlf.exe65⤵
-
\??\c:\vrrxnl.exec:\vrrxnl.exe66⤵
-
\??\c:\fljbh.exec:\fljbh.exe67⤵
-
\??\c:\bvpvnl.exec:\bvpvnl.exe68⤵
-
\??\c:\fbtbpp.exec:\fbtbpp.exe69⤵
-
\??\c:\dltvbdr.exec:\dltvbdr.exe70⤵
-
\??\c:\tdfnl.exec:\tdfnl.exe71⤵
-
\??\c:\rbftjlr.exec:\rbftjlr.exe72⤵
-
\??\c:\nvnfpv.exec:\nvnfpv.exe73⤵
-
\??\c:\vbjnhd.exec:\vbjnhd.exe74⤵
-
\??\c:\dtbhv.exec:\dtbhv.exe75⤵
-
\??\c:\phrnjrb.exec:\phrnjrb.exe76⤵
-
\??\c:\brbbtd.exec:\brbbtd.exe77⤵
-
\??\c:\rfnftt.exec:\rfnftt.exe78⤵
-
\??\c:\lfxlvfd.exec:\lfxlvfd.exe79⤵
-
\??\c:\tvhxf.exec:\tvhxf.exe80⤵
-
\??\c:\thtvdx.exec:\thtvdx.exe81⤵
-
\??\c:\xpdjfjn.exec:\xpdjfjn.exe82⤵
-
\??\c:\fbnldv.exec:\fbnldv.exe83⤵
-
\??\c:\jxrvbfb.exec:\jxrvbfb.exe84⤵
-
\??\c:\lvhvv.exec:\lvhvv.exe85⤵
-
\??\c:\bljdb.exec:\bljdb.exe86⤵
-
\??\c:\jjpdtb.exec:\jjpdtb.exe87⤵
-
\??\c:\ptdbx.exec:\ptdbx.exe88⤵
-
\??\c:\lxdxtf.exec:\lxdxtf.exe89⤵
-
\??\c:\vhnrd.exec:\vhnrd.exe90⤵
-
\??\c:\xlrbv.exec:\xlrbv.exe91⤵
-
\??\c:\dfdbv.exec:\dfdbv.exe92⤵
-
\??\c:\htdnhb.exec:\htdnhb.exe93⤵
-
\??\c:\tvfvltp.exec:\tvfvltp.exe94⤵
-
\??\c:\lfvbbfr.exec:\lfvbbfr.exe95⤵
-
\??\c:\pntrr.exec:\pntrr.exe96⤵
-
\??\c:\dflbnn.exec:\dflbnn.exe97⤵
-
\??\c:\dnprd.exec:\dnprd.exe98⤵
-
\??\c:\njbvhx.exec:\njbvhx.exe99⤵
-
\??\c:\pnhpf.exec:\pnhpf.exe100⤵
-
\??\c:\bxfvv.exec:\bxfvv.exe101⤵
-
\??\c:\xrxddn.exec:\xrxddn.exe102⤵
-
\??\c:\lrxxv.exec:\lrxxv.exe103⤵
-
\??\c:\ldljhbj.exec:\ldljhbj.exe104⤵
-
\??\c:\hjdff.exec:\hjdff.exe105⤵
-
\??\c:\tbllvr.exec:\tbllvr.exe106⤵
-
\??\c:\djdjf.exec:\djdjf.exe107⤵
-
\??\c:\nnjdxdp.exec:\nnjdxdp.exe108⤵
-
\??\c:\xxntvt.exec:\xxntvt.exe109⤵
-
\??\c:\bfdrxt.exec:\bfdrxt.exe110⤵
-
\??\c:\fjrtn.exec:\fjrtn.exe111⤵
-
\??\c:\xlrlj.exec:\xlrlj.exe112⤵
-
\??\c:\jfvvpr.exec:\jfvvpr.exe113⤵
-
\??\c:\jtvndvn.exec:\jtvndvn.exe114⤵
-
\??\c:\hxlxnnv.exec:\hxlxnnv.exe115⤵
-
\??\c:\jdxbrnv.exec:\jdxbrnv.exe116⤵
-
\??\c:\dhfhxf.exec:\dhfhxf.exe117⤵
-
\??\c:\tfhjnbn.exec:\tfhjnbn.exe118⤵
-
\??\c:\vnlnxjp.exec:\vnlnxjp.exe119⤵
-
\??\c:\tdvvjlf.exec:\tdvvjlf.exe120⤵
-
\??\c:\ddlrh.exec:\ddlrh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-