Analysis
-
max time kernel
147s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
22-10-2023 14:13
General
-
Target
NEAS.e01b945aa22713b7128473015a0f5130_JC.exe
-
Size
79KB
-
MD5
e01b945aa22713b7128473015a0f5130
-
SHA1
5f0fe73f0899cded7570ac323e57d3478276ad71
-
SHA256
75a9458e09408c4d7929b0d0a691991e6da1caa4ce5fd74ffb881c2723d5c5e0
-
SHA512
4957a88c0fe38fffa9c8211530f1204ad0c23b1105da57b6a9ebb0e41f89a4941af3c4796816e559b3015e34ff71440e2dea62687037808b0e23605a7e217859
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDWiekja1br3GGBxfot3nmmnKc:ymb3NkkiQ3mdBjFWXkj7afodnmm3
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 61 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.e01b945aa22713b7128473015a0f5130_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.e01b945aa22713b7128473015a0f5130_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3sd73b.exec:\3sd73b.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n9dqwo3.exec:\n9dqwo3.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q29vab7.exec:\q29vab7.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ffug.exec:\3ffug.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8l5j2.exec:\8l5j2.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5894h.exec:\5894h.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\28fil28.exec:\28fil28.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jv3a8v.exec:\3jv3a8v.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\999w851.exec:\999w851.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8l8c67.exec:\8l8c67.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o7943i.exec:\o7943i.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v01ch.exec:\v01ch.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\74s5t.exec:\74s5t.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ej9pj.exec:\ej9pj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\72s6e.exec:\72s6e.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0w120w.exec:\0w120w.exe17⤵
- Executes dropped EXE
-
\??\c:\843frn7.exec:\843frn7.exe18⤵
- Executes dropped EXE
-
\??\c:\j6f8658.exec:\j6f8658.exe19⤵
- Executes dropped EXE
-
\??\c:\426ou.exec:\426ou.exe20⤵
- Executes dropped EXE
-
\??\c:\96j7393.exec:\96j7393.exe21⤵
- Executes dropped EXE
-
\??\c:\474j80.exec:\474j80.exe22⤵
- Executes dropped EXE
-
\??\c:\28p4ws.exec:\28p4ws.exe23⤵
- Executes dropped EXE
-
\??\c:\8sqro.exec:\8sqro.exe24⤵
- Executes dropped EXE
-
\??\c:\b2x3w1.exec:\b2x3w1.exe25⤵
- Executes dropped EXE
-
\??\c:\1eh11b4.exec:\1eh11b4.exe26⤵
- Executes dropped EXE
-
\??\c:\40d807m.exec:\40d807m.exe27⤵
- Executes dropped EXE
-
\??\c:\2jvg64.exec:\2jvg64.exe28⤵
- Executes dropped EXE
-
\??\c:\8r2dav.exec:\8r2dav.exe29⤵
- Executes dropped EXE
-
\??\c:\5u7d7p1.exec:\5u7d7p1.exe30⤵
- Executes dropped EXE
-
\??\c:\0dv8iq.exec:\0dv8iq.exe31⤵
- Executes dropped EXE
-
\??\c:\0glwd.exec:\0glwd.exe32⤵
- Executes dropped EXE
-
\??\c:\wilge.exec:\wilge.exe33⤵
- Executes dropped EXE
-
\??\c:\kfx41ae.exec:\kfx41ae.exe34⤵
- Executes dropped EXE
-
\??\c:\59284.exec:\59284.exe35⤵
- Executes dropped EXE
-
\??\c:\w0pr5u.exec:\w0pr5u.exe36⤵
- Executes dropped EXE
-
\??\c:\gjx8ix.exec:\gjx8ix.exe37⤵
- Executes dropped EXE
-
\??\c:\2v4m4.exec:\2v4m4.exe38⤵
- Executes dropped EXE
-
\??\c:\85o6w.exec:\85o6w.exe39⤵
- Executes dropped EXE
-
\??\c:\ie83p6j.exec:\ie83p6j.exe40⤵
- Executes dropped EXE
-
\??\c:\w5kgi.exec:\w5kgi.exe41⤵
- Executes dropped EXE
-
\??\c:\4v67059.exec:\4v67059.exe42⤵
- Executes dropped EXE
-
\??\c:\w629j8.exec:\w629j8.exe43⤵
- Executes dropped EXE
-
\??\c:\udj315.exec:\udj315.exe44⤵
- Executes dropped EXE
-
\??\c:\399n46r.exec:\399n46r.exe45⤵
- Executes dropped EXE
-
\??\c:\qgmk8d.exec:\qgmk8d.exe46⤵
- Executes dropped EXE
-
\??\c:\db12t.exec:\db12t.exe47⤵
- Executes dropped EXE
-
\??\c:\j4fufc.exec:\j4fufc.exe48⤵
- Executes dropped EXE
-
\??\c:\7255u43.exec:\7255u43.exe49⤵
- Executes dropped EXE
-
\??\c:\202422.exec:\202422.exe50⤵
- Executes dropped EXE
-
\??\c:\52h34r2.exec:\52h34r2.exe51⤵
- Executes dropped EXE
-
\??\c:\f7co2od.exec:\f7co2od.exe52⤵
- Executes dropped EXE
-
\??\c:\4qg598j.exec:\4qg598j.exe53⤵
- Executes dropped EXE
-
\??\c:\kmmdh.exec:\kmmdh.exe54⤵
- Executes dropped EXE
-
\??\c:\o5fr8l.exec:\o5fr8l.exe55⤵
- Executes dropped EXE
-
\??\c:\n4gv2.exec:\n4gv2.exe56⤵
- Executes dropped EXE
-
\??\c:\548ss7l.exec:\548ss7l.exe57⤵
- Executes dropped EXE
-
\??\c:\91k7i23.exec:\91k7i23.exe58⤵
- Executes dropped EXE
-
\??\c:\0i8vd08.exec:\0i8vd08.exe59⤵
- Executes dropped EXE
-
\??\c:\m23h5.exec:\m23h5.exe60⤵
- Executes dropped EXE
-
\??\c:\wedpb.exec:\wedpb.exe61⤵
- Executes dropped EXE
-
\??\c:\5ae2u6.exec:\5ae2u6.exe62⤵
- Executes dropped EXE
-
\??\c:\1f612b.exec:\1f612b.exe63⤵
- Executes dropped EXE
-
\??\c:\w1p3e.exec:\w1p3e.exe64⤵
- Executes dropped EXE
-
\??\c:\4pi6rha.exec:\4pi6rha.exe65⤵
- Executes dropped EXE
-
\??\c:\u11a9j.exec:\u11a9j.exe66⤵
-
\??\c:\k28pnn.exec:\k28pnn.exe67⤵
-
\??\c:\vlp066q.exec:\vlp066q.exe68⤵
-
\??\c:\41lu6.exec:\41lu6.exe69⤵
-
\??\c:\403r4.exec:\403r4.exe70⤵
-
\??\c:\16q4bh.exec:\16q4bh.exe71⤵
-
\??\c:\27egf6d.exec:\27egf6d.exe72⤵
-
\??\c:\hxu282.exec:\hxu282.exe73⤵
-
\??\c:\g31rxf0.exec:\g31rxf0.exe74⤵
-
\??\c:\9d3js0.exec:\9d3js0.exe75⤵
-
\??\c:\wj87li.exec:\wj87li.exe76⤵
-
\??\c:\654v4.exec:\654v4.exe77⤵
-
\??\c:\0xioi0.exec:\0xioi0.exe78⤵
-
\??\c:\2523b.exec:\2523b.exe79⤵
-
\??\c:\61n30q.exec:\61n30q.exe80⤵
-
\??\c:\9u702.exec:\9u702.exe81⤵
-
\??\c:\s21xc.exec:\s21xc.exe82⤵
-
\??\c:\i980d8.exec:\i980d8.exe83⤵
-
\??\c:\064x4xl.exec:\064x4xl.exe84⤵
-
\??\c:\3j0f412.exec:\3j0f412.exe85⤵
-
\??\c:\do0e2i5.exec:\do0e2i5.exe86⤵
-
\??\c:\f9jp41j.exec:\f9jp41j.exe87⤵
-
\??\c:\3k08x.exec:\3k08x.exe88⤵
-
\??\c:\33s86.exec:\33s86.exe89⤵
-
\??\c:\30p0j.exec:\30p0j.exe90⤵
-
\??\c:\g40a9sd.exec:\g40a9sd.exe91⤵
-
\??\c:\nd416.exec:\nd416.exe92⤵
-
\??\c:\s6n02.exec:\s6n02.exe93⤵
-
\??\c:\ua9s20.exec:\ua9s20.exe94⤵
-
\??\c:\14x462.exec:\14x462.exe95⤵
-
\??\c:\981871.exec:\981871.exe96⤵
-
\??\c:\93888gf.exec:\93888gf.exe97⤵
-
\??\c:\69931.exec:\69931.exe98⤵
-
\??\c:\24j68u6.exec:\24j68u6.exe99⤵
-
\??\c:\00283.exec:\00283.exe100⤵
-
\??\c:\51v1b.exec:\51v1b.exe101⤵
-
\??\c:\3f6no.exec:\3f6no.exe102⤵
-
\??\c:\k03wm3.exec:\k03wm3.exe103⤵
-
\??\c:\4875eq.exec:\4875eq.exe104⤵
-
\??\c:\rb2lq3.exec:\rb2lq3.exe105⤵
-
\??\c:\qc3tw2.exec:\qc3tw2.exe106⤵
-
\??\c:\e924p.exec:\e924p.exe107⤵
-
\??\c:\421n7h.exec:\421n7h.exe108⤵
-
\??\c:\6adm7a.exec:\6adm7a.exe109⤵
-
\??\c:\b993dv.exec:\b993dv.exe110⤵
-
\??\c:\u3wekc.exec:\u3wekc.exe111⤵
-
\??\c:\get69vv.exec:\get69vv.exe112⤵
-
\??\c:\7q2a0aj.exec:\7q2a0aj.exe113⤵
-
\??\c:\ogjvx.exec:\ogjvx.exe114⤵
-
\??\c:\6jm9qj.exec:\6jm9qj.exe115⤵
-
\??\c:\9ktt09.exec:\9ktt09.exe116⤵
-
\??\c:\j6x28.exec:\j6x28.exe117⤵
-
\??\c:\75cf8.exec:\75cf8.exe118⤵
-
\??\c:\d322b.exec:\d322b.exe119⤵
-
\??\c:\85527v.exec:\85527v.exe120⤵
-
\??\c:\43impp.exec:\43impp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-