Analysis
-
max time kernel
127s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
21-10-2023 21:17
General
-
Target
NEAS.3736f85318ad9b2720306cdebb0c1c70.exe
-
Size
200KB
-
MD5
3736f85318ad9b2720306cdebb0c1c70
-
SHA1
0db0f320b4881c576d6ef03188726b434a41fbd8
-
SHA256
76eba39d5ba0feea71033be72348b934aaffe91e7680c7e2e00d7e38138bc8b1
-
SHA512
ef3230ded08bc1730e01e45fa1ce44eeb28a7b74475380ff334a16c56a27540d216a6e0cf777168a8bb50c24c0b22dd312e195e641a6174e5d2ef0f2c5ce737a
-
SSDEEP
6144:9cm4FmowdHoSyAszBd+za/p1slTjZXvEQo9dfG:/4wFHoSy1zBR/pMT9XvEhdfG
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.3736f85318ad9b2720306cdebb0c1c70.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.3736f85318ad9b2720306cdebb0c1c70.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dnvxj.exec:\dnvxj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tfnlp.exec:\tfnlp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvrr.exec:\jpvrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvjdx.exec:\jpvvjdx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dbddf.exec:\dbddf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dthvlv.exec:\dthvlv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrjxfx.exec:\lxrjxfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prhxj.exec:\prhxj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xnvpjn.exec:\xnvpjn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djtxfjr.exec:\djtxfjr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjttbtf.exec:\fjttbtf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\njllp.exec:\njllp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xbvnx.exec:\xbvnx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdnnhpv.exec:\bdnnhpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dxfdfh.exec:\dxfdfh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdxntd.exec:\jdxntd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxxtdf.exec:\nxxtdf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bfdpnbv.exec:\bfdpnbv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdbdx.exec:\jdbdx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffvbfpb.exec:\ffvbfpb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dnjdtr.exec:\dnjdtr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdtld.exec:\vdtld.exe23⤵
- Executes dropped EXE
-
\??\c:\jdbjp.exec:\jdbjp.exe24⤵
- Executes dropped EXE
-
\??\c:\vbljxj.exec:\vbljxj.exe25⤵
- Executes dropped EXE
-
\??\c:\rtjjj.exec:\rtjjj.exe26⤵
- Executes dropped EXE
-
\??\c:\hdpljjd.exec:\hdpljjd.exe27⤵
- Executes dropped EXE
-
\??\c:\xfrhrnl.exec:\xfrhrnl.exe28⤵
- Executes dropped EXE
-
\??\c:\tjxtx.exec:\tjxtx.exe29⤵
- Executes dropped EXE
-
\??\c:\ljtbf.exec:\ljtbf.exe30⤵
- Executes dropped EXE
-
\??\c:\bpvht.exec:\bpvht.exe31⤵
- Executes dropped EXE
-
\??\c:\xfdtbx.exec:\xfdtbx.exe32⤵
- Executes dropped EXE
-
\??\c:\bbtdl.exec:\bbtdl.exe33⤵
- Executes dropped EXE
-
\??\c:\plthn.exec:\plthn.exe34⤵
- Executes dropped EXE
-
\??\c:\pvplnjb.exec:\pvplnjb.exe35⤵
- Executes dropped EXE
-
\??\c:\npnjpr.exec:\npnjpr.exe36⤵
- Executes dropped EXE
-
\??\c:\xjbvt.exec:\xjbvt.exe37⤵
- Executes dropped EXE
-
\??\c:\jvlrjfj.exec:\jvlrjfj.exe38⤵
- Executes dropped EXE
-
\??\c:\lllllfj.exec:\lllllfj.exe39⤵
- Executes dropped EXE
-
\??\c:\dlvlvr.exec:\dlvlvr.exe40⤵
- Executes dropped EXE
-
\??\c:\djxhjf.exec:\djxhjf.exe41⤵
- Executes dropped EXE
-
\??\c:\vbnprn.exec:\vbnprn.exe42⤵
- Executes dropped EXE
-
\??\c:\ltjfhlv.exec:\ltjfhlv.exe43⤵
- Executes dropped EXE
-
\??\c:\fndxj.exec:\fndxj.exe44⤵
- Executes dropped EXE
-
\??\c:\bjvjjr.exec:\bjvjjr.exe45⤵
- Executes dropped EXE
-
\??\c:\nxvtf.exec:\nxvtf.exe46⤵
- Executes dropped EXE
-
\??\c:\dlnvrrr.exec:\dlnvrrr.exe47⤵
-
\??\c:\lfntjj.exec:\lfntjj.exe48⤵
- Executes dropped EXE
-
\??\c:\dpnvrn.exec:\dpnvrn.exe49⤵
- Executes dropped EXE
-
\??\c:\rhxvl.exec:\rhxvl.exe50⤵
- Executes dropped EXE
-
\??\c:\xbvdd.exec:\xbvdd.exe51⤵
- Executes dropped EXE
-
\??\c:\pfbrld.exec:\pfbrld.exe52⤵
- Executes dropped EXE
-
\??\c:\bbphjlp.exec:\bbphjlp.exe53⤵
- Executes dropped EXE
-
\??\c:\lbbvfff.exec:\lbbvfff.exe54⤵
- Executes dropped EXE
-
\??\c:\hpptjff.exec:\hpptjff.exe55⤵
- Executes dropped EXE
-
\??\c:\pbfpdr.exec:\pbfpdr.exe56⤵
- Executes dropped EXE
-
\??\c:\dhjfvl.exec:\dhjfvl.exe57⤵
- Executes dropped EXE
-
\??\c:\lnfrfbv.exec:\lnfrfbv.exe58⤵
- Executes dropped EXE
-
\??\c:\rlltrx.exec:\rlltrx.exe59⤵
- Executes dropped EXE
-
\??\c:\hltdtl.exec:\hltdtl.exe60⤵
- Executes dropped EXE
-
\??\c:\jxthd.exec:\jxthd.exe61⤵
- Executes dropped EXE
-
\??\c:\xvjpjfn.exec:\xvjpjfn.exe62⤵
- Executes dropped EXE
-
\??\c:\dpjnd.exec:\dpjnd.exe63⤵
- Executes dropped EXE
-
\??\c:\vfjdxh.exec:\vfjdxh.exe64⤵
- Executes dropped EXE
-
\??\c:\txrjfn.exec:\txrjfn.exe65⤵
- Executes dropped EXE
-
\??\c:\nbvnx.exec:\nbvnx.exe66⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\djdbht.exec:\djdbht.exe50⤵
-
\??\c:\lbbpvlj.exec:\lbbpvlj.exe51⤵
-
\??\c:\dffhdb.exec:\dffhdb.exe52⤵
-
\??\c:\rhljvn.exec:\rhljvn.exe53⤵
-
\??\c:\tbrprfp.exec:\tbrprfp.exe54⤵
-
\??\c:\hpthnd.exec:\hpthnd.exe55⤵
-
\??\c:\tnvljdt.exec:\tnvljdt.exe56⤵
-
\??\c:\fhrfvf.exec:\fhrfvf.exe57⤵
-
\??\c:\tldbt.exec:\tldbt.exe58⤵
-
\??\c:\rnttj.exec:\rnttj.exe59⤵
-
\??\c:\dnxtff.exec:\dnxtff.exe60⤵
-
\??\c:\tvbndd.exec:\tvbndd.exe61⤵
-
\??\c:\lhrddn.exec:\lhrddn.exe62⤵
-
\??\c:\lphbr.exec:\lphbr.exe63⤵
-
\??\c:\jxjnpv.exec:\jxjnpv.exe64⤵
-
\??\c:\xtvfptd.exec:\xtvfptd.exe65⤵
-
\??\c:\bxpdvdn.exec:\bxpdvdn.exe66⤵
-
\??\c:\ddnnpx.exec:\ddnnpx.exe67⤵
-
\??\c:\xxnvxhj.exec:\xxnvxhj.exe68⤵
-
\??\c:\rbntdfr.exec:\rbntdfr.exe69⤵
-
\??\c:\fpjrrx.exec:\fpjrrx.exe70⤵
-
\??\c:\hdvbrnn.exec:\hdvbrnn.exe71⤵
-
\??\c:\lnjlfl.exec:\lnjlfl.exe72⤵
-
\??\c:\bbpjrvt.exec:\bbpjrvt.exe73⤵
-
\??\c:\fvjfbh.exec:\fvjfbh.exe74⤵
-
\??\c:\xxtvr.exec:\xxtvr.exe75⤵
-
\??\c:\fhbpr.exec:\fhbpr.exe76⤵
-
\??\c:\vxplfdr.exec:\vxplfdr.exe77⤵
-
\??\c:\ltvbtl.exec:\ltvbtl.exe78⤵
-
\??\c:\hfjxl.exec:\hfjxl.exe79⤵
-
\??\c:\pthpj.exec:\pthpj.exe80⤵
-
\??\c:\tdnxlj.exec:\tdnxlj.exe81⤵
-
\??\c:\hfxrl.exec:\hfxrl.exe82⤵
-
\??\c:\hfxrphb.exec:\hfxrphb.exe83⤵
-
\??\c:\lrrhvd.exec:\lrrhvd.exe84⤵
-
\??\c:\thtrbv.exec:\thtrbv.exe85⤵
-
\??\c:\ttpbjx.exec:\ttpbjx.exe86⤵
-
\??\c:\xpdvjlr.exec:\xpdvjlr.exe87⤵
-
\??\c:\hhlrbl.exec:\hhlrbl.exe88⤵
-
\??\c:\bljfjpn.exec:\bljfjpn.exe89⤵
-
\??\c:\fpnljnj.exec:\fpnljnj.exe90⤵
-
\??\c:\xblrpj.exec:\xblrpj.exe91⤵
-
\??\c:\npfpj.exec:\npfpj.exe92⤵
-
\??\c:\fxxnj.exec:\fxxnj.exe93⤵
-
\??\c:\xtblb.exec:\xtblb.exe94⤵
-
\??\c:\tlndfdx.exec:\tlndfdx.exe95⤵
-
\??\c:\vnbrp.exec:\vnbrp.exe96⤵
-
\??\c:\ltvlvrb.exec:\ltvlvrb.exe97⤵
-
\??\c:\hvrrn.exec:\hvrrn.exe98⤵
-
\??\c:\rtfthtl.exec:\rtfthtl.exe99⤵
-
\??\c:\vfvffdj.exec:\vfvffdj.exe100⤵
-
\??\c:\bfdvjj.exec:\bfdvjj.exe101⤵
-
\??\c:\bnnxph.exec:\bnnxph.exe102⤵
-
\??\c:\tvffvvl.exec:\tvffvvl.exe103⤵
-
\??\c:\ffbhbpt.exec:\ffbhbpt.exe104⤵
-
\??\c:\plljrnn.exec:\plljrnn.exe105⤵
-
\??\c:\ftbxrdf.exec:\ftbxrdf.exe106⤵
-
\??\c:\jnlvh.exec:\jnlvh.exe107⤵
-
\??\c:\vpntn.exec:\vpntn.exe108⤵
-
\??\c:\dbvlbtx.exec:\dbvlbtx.exe109⤵
-
\??\c:\xrxjnnt.exec:\xrxjnnt.exe110⤵
-
\??\c:\xlnnttp.exec:\xlnnttp.exe111⤵
-
\??\c:\tlndnr.exec:\tlndnr.exe112⤵
-
\??\c:\pdhxbt.exec:\pdhxbt.exe113⤵
-
\??\c:\llvrrxr.exec:\llvrrxr.exe114⤵
-
\??\c:\bldvnp.exec:\bldvnp.exe115⤵
-
\??\c:\nddtdhj.exec:\nddtdhj.exe116⤵
-
\??\c:\dnjfvtv.exec:\dnjfvtv.exe117⤵
-
\??\c:\rhdvbh.exec:\rhdvbh.exe118⤵
-
\??\c:\nhnppfr.exec:\nhnppfr.exe119⤵
-
\??\c:\htdphh.exec:\htdphh.exe120⤵
-
\??\c:\lxxbvpx.exec:\lxxbvpx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-