Analysis
-
max time kernel
169s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
16/10/2023, 16:31
General
-
Target
NEAS.1ebb2d5abc03108f4725438e85f95b10_JC.exe
-
Size
45KB
-
MD5
1ebb2d5abc03108f4725438e85f95b10
-
SHA1
7b8739ab00580d0b35bc7d72ec6bb701ad4574bc
-
SHA256
1619312caf8107a6bbb01c18500d6ce5a3f3063ef59f417b4bfba5089d41d0b3
-
SHA512
9db15be549c096240bd133fa84d00e482c3a3e1a6cc315176814ea5c6718002669199ca7adabc582312a332d8f9097f281ef4187cd9a5c696bff1fe28229f8dd
-
SSDEEP
768:xvQB0ESOGg1UrYShBbgrrMo98l4yOoBDqANhhY/4El6BhGUVTnbcuyD7UNAFD:xvQBeOGtrYS3srx93UBWfwC6Ggnouy8q
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 61 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.1ebb2d5abc03108f4725438e85f95b10_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.1ebb2d5abc03108f4725438e85f95b10_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\msk6c8.exec:\msk6c8.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\489d3.exec:\489d3.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
\??\c:\9m98s.exec:\9m98s.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\17lo5k5.exec:\17lo5k5.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\40exs4w.exec:\40exs4w.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\19d2j4h.exec:\19d2j4h.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f1l260.exec:\f1l260.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ss5e3u.exec:\ss5e3u.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rmtgeh.exec:\rmtgeh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\382rta.exec:\382rta.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0s8eum.exec:\0s8eum.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pf6fv.exec:\pf6fv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h8oc3m.exec:\h8oc3m.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5et2j9.exec:\5et2j9.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\4186u9v.exec:\4186u9v.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjo20.exec:\fjo20.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dv68pj.exec:\dv68pj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jls8h1.exec:\jls8h1.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c886b.exec:\c886b.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
\??\c:\k42avo.exec:\k42avo.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\eku7apg.exec:\eku7apg.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8w7u90.exec:\8w7u90.exe3⤵
- Executes dropped EXE
-
\??\c:\8q16it.exec:\8q16it.exe4⤵
- Executes dropped EXE
-
-
-
-
\??\c:\440x5q.exec:\440x5q.exe1⤵
- Executes dropped EXE
-
\??\c:\83u7w.exec:\83u7w.exe2⤵
- Executes dropped EXE
-
\??\c:\982tc20.exec:\982tc20.exe3⤵
- Executes dropped EXE
-
\??\c:\l881r28.exec:\l881r28.exe4⤵
- Executes dropped EXE
-
\??\c:\va5wug6.exec:\va5wug6.exe5⤵
- Executes dropped EXE
-
\??\c:\2r36gm.exec:\2r36gm.exe6⤵
- Executes dropped EXE
-
\??\c:\5br28.exec:\5br28.exe7⤵
- Executes dropped EXE
-
\??\c:\5x26i.exec:\5x26i.exe8⤵
- Executes dropped EXE
-
\??\c:\m0v342m.exec:\m0v342m.exe9⤵
- Executes dropped EXE
-
\??\c:\6u7ax72.exec:\6u7ax72.exe10⤵
- Executes dropped EXE
-
\??\c:\ea137q.exec:\ea137q.exe11⤵
- Executes dropped EXE
-
\??\c:\6128j1.exec:\6128j1.exe12⤵
- Executes dropped EXE
-
\??\c:\rj842x.exec:\rj842x.exe13⤵
- Executes dropped EXE
-
\??\c:\n5sis5o.exec:\n5sis5o.exe14⤵
- Executes dropped EXE
-
\??\c:\cuai8.exec:\cuai8.exe15⤵
- Executes dropped EXE
-
\??\c:\pm0o5b8.exec:\pm0o5b8.exe16⤵
- Executes dropped EXE
-
\??\c:\8i54p.exec:\8i54p.exe17⤵
- Executes dropped EXE
-
\??\c:\54gogks.exec:\54gogks.exe18⤵
- Executes dropped EXE
-
\??\c:\w7ut1s.exec:\w7ut1s.exe19⤵
- Executes dropped EXE
-
\??\c:\5p2e7h.exec:\5p2e7h.exe20⤵
- Executes dropped EXE
-
\??\c:\weoc6x2.exec:\weoc6x2.exe21⤵
- Executes dropped EXE
-
\??\c:\v955fs.exec:\v955fs.exe22⤵
- Executes dropped EXE
-
\??\c:\gtk7xh2.exec:\gtk7xh2.exe23⤵
- Executes dropped EXE
-
\??\c:\h3nw9u1.exec:\h3nw9u1.exe24⤵
- Executes dropped EXE
-
\??\c:\aidd64.exec:\aidd64.exe25⤵
- Executes dropped EXE
-
\??\c:\eem1hkm.exec:\eem1hkm.exe26⤵
- Executes dropped EXE
-
\??\c:\9v6vha.exec:\9v6vha.exe27⤵
- Executes dropped EXE
-
\??\c:\gm261.exec:\gm261.exe28⤵
- Executes dropped EXE
-
\??\c:\27pj807.exec:\27pj807.exe29⤵
- Executes dropped EXE
-
\??\c:\h90u6vb.exec:\h90u6vb.exe30⤵
- Executes dropped EXE
-
\??\c:\39eg7r7.exec:\39eg7r7.exe31⤵
- Executes dropped EXE
-
\??\c:\7xx03jf.exec:\7xx03jf.exe32⤵
- Executes dropped EXE
-
\??\c:\1fwgkm.exec:\1fwgkm.exe33⤵
- Executes dropped EXE
-
\??\c:\glqfqg.exec:\glqfqg.exe34⤵
- Executes dropped EXE
-
\??\c:\4an0ie.exec:\4an0ie.exe35⤵
- Executes dropped EXE
-
\??\c:\3f6s3t.exec:\3f6s3t.exe36⤵
- Executes dropped EXE
-
\??\c:\4c8revs.exec:\4c8revs.exe37⤵
- Executes dropped EXE
-
\??\c:\l6av1.exec:\l6av1.exe38⤵
- Executes dropped EXE
-
\??\c:\o59k1.exec:\o59k1.exe39⤵
- Executes dropped EXE
-
\??\c:\2lq80.exec:\2lq80.exe40⤵
- Executes dropped EXE
-
\??\c:\2wd4xc.exec:\2wd4xc.exe41⤵
- Executes dropped EXE
-
\??\c:\34539jp.exec:\34539jp.exe42⤵
-
\??\c:\ka35w70.exec:\ka35w70.exe43⤵
-
\??\c:\73e10.exec:\73e10.exe44⤵
-
\??\c:\2ex0h7.exec:\2ex0h7.exe45⤵
-
\??\c:\6o711.exec:\6o711.exe46⤵
-
\??\c:\caec72.exec:\caec72.exe47⤵
-
\??\c:\m68pxt6.exec:\m68pxt6.exe48⤵
-
\??\c:\5jkgk8f.exec:\5jkgk8f.exe49⤵
-
\??\c:\4l42h3.exec:\4l42h3.exe50⤵
-
\??\c:\cgxqqe.exec:\cgxqqe.exe51⤵
-
\??\c:\131i74b.exec:\131i74b.exe52⤵
-
\??\c:\1l7qj3i.exec:\1l7qj3i.exe53⤵
-
\??\c:\2b1ao.exec:\2b1ao.exe54⤵
-
\??\c:\42l1m1.exec:\42l1m1.exe55⤵
-
\??\c:\fqvnc.exec:\fqvnc.exe56⤵
-
\??\c:\kuf61.exec:\kuf61.exe57⤵
-
\??\c:\s9t5a3g.exec:\s9t5a3g.exe58⤵
-
\??\c:\cirr29n.exec:\cirr29n.exe59⤵
-
\??\c:\tsg26f.exec:\tsg26f.exe60⤵
-
\??\c:\34fn2.exec:\34fn2.exe61⤵
-
\??\c:\84dg82.exec:\84dg82.exe62⤵
-
\??\c:\375t129.exec:\375t129.exe63⤵
-
\??\c:\5934692.exec:\5934692.exe64⤵
-
\??\c:\hi370m.exec:\hi370m.exe65⤵
-
\??\c:\3ip28uc.exec:\3ip28uc.exe66⤵
-
\??\c:\if68i5r.exec:\if68i5r.exe67⤵
-
\??\c:\55h4k1.exec:\55h4k1.exe68⤵
-
\??\c:\4647d.exec:\4647d.exe69⤵
-
\??\c:\8fkaae.exec:\8fkaae.exe70⤵
-
\??\c:\wxks8li.exec:\wxks8li.exe71⤵
-
\??\c:\sxlc2.exec:\sxlc2.exe72⤵
-
\??\c:\n355a.exec:\n355a.exe73⤵
-
\??\c:\2nart.exec:\2nart.exe74⤵
-
\??\c:\bf933.exec:\bf933.exe75⤵
-
\??\c:\k029cq.exec:\k029cq.exe76⤵
-
\??\c:\rcx58r.exec:\rcx58r.exe77⤵
-
\??\c:\u3t885.exec:\u3t885.exe78⤵
-
\??\c:\706880g.exec:\706880g.exe79⤵
-
\??\c:\g8oi9.exec:\g8oi9.exe80⤵
-
\??\c:\76qa44j.exec:\76qa44j.exe81⤵
-
\??\c:\7l00dj2.exec:\7l00dj2.exe82⤵
-
\??\c:\r40tv8.exec:\r40tv8.exe83⤵
-
\??\c:\p2k137.exec:\p2k137.exe84⤵
-
\??\c:\q344r6p.exec:\q344r6p.exe85⤵
-
\??\c:\8ejm6.exec:\8ejm6.exe86⤵
-
\??\c:\1f955.exec:\1f955.exe87⤵
-
\??\c:\437qt9.exec:\437qt9.exe88⤵
-
\??\c:\t6e105.exec:\t6e105.exe89⤵
-
\??\c:\61s76a.exec:\61s76a.exe90⤵
-
\??\c:\aet5r9.exec:\aet5r9.exe91⤵
-
\??\c:\3s3b7mx.exec:\3s3b7mx.exe92⤵
-
\??\c:\9q61r.exec:\9q61r.exe93⤵
-
\??\c:\fa07d.exec:\fa07d.exe94⤵
-
\??\c:\97wlvu.exec:\97wlvu.exe95⤵
-
\??\c:\r7er50.exec:\r7er50.exe96⤵
-
\??\c:\8l991.exec:\8l991.exe97⤵
-
\??\c:\41mx5.exec:\41mx5.exe98⤵
-
\??\c:\k8g130e.exec:\k8g130e.exe99⤵
-
\??\c:\ekh8e.exec:\ekh8e.exe100⤵
-
\??\c:\585k1.exec:\585k1.exe101⤵
-
\??\c:\21bq42.exec:\21bq42.exe102⤵
-
\??\c:\6k70u7m.exec:\6k70u7m.exe103⤵
-
\??\c:\4347hs.exec:\4347hs.exe104⤵
-
\??\c:\llb05.exec:\llb05.exe105⤵
-
\??\c:\g8w463.exec:\g8w463.exe106⤵
-
\??\c:\r9i18ip.exec:\r9i18ip.exe107⤵
-
\??\c:\9o8p5.exec:\9o8p5.exe108⤵
-
\??\c:\9u5o9.exec:\9u5o9.exe109⤵
-
\??\c:\3om6gmo.exec:\3om6gmo.exe110⤵
-
\??\c:\0j92622.exec:\0j92622.exe111⤵
-
\??\c:\878c4.exec:\878c4.exe112⤵
-
\??\c:\066ue.exec:\066ue.exe113⤵
-
\??\c:\f855kuw.exec:\f855kuw.exe114⤵
-
\??\c:\0hl8035.exec:\0hl8035.exe115⤵
-
\??\c:\9m65a9.exec:\9m65a9.exe116⤵
-
\??\c:\8r4d8.exec:\8r4d8.exe117⤵
-
\??\c:\h2ob2s6.exec:\h2ob2s6.exe118⤵
-
\??\c:\3ntghc.exec:\3ntghc.exe119⤵
-
\??\c:\4wj1627.exec:\4wj1627.exe120⤵
-
\??\c:\0220o.exec:\0220o.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-