Analysis
-
max time kernel
157s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
22-10-2023 14:13
General
-
Target
NEAS.3f4bbfa5810221964d204a0c6294e100_JC.exe
-
Size
118KB
-
MD5
3f4bbfa5810221964d204a0c6294e100
-
SHA1
466bec32e0ca0f86ef71ede41aa984efbe7fbd9d
-
SHA256
152c3ad1e7a2dbd1992eb1685b48ddd75e7ffbdf9849d3cd9edf9247375b730b
-
SHA512
12b670bf47e15832d726c9822102e24b888d8362a0d60cf9b54a223b44adf0b7388683556da6afc2b1881e69db981d4dd3aa2ed1c9c0f8db92b99e112dded227
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp9X2OXlj4Fdp:n3C9BRo7tvnJ9GFFdp
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 58 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.3f4bbfa5810221964d204a0c6294e100_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.3f4bbfa5810221964d204a0c6294e100_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\95ueb0.exec:\95ueb0.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\55qja.exec:\55qja.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\de9411.exec:\de9411.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4owms1.exec:\4owms1.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p2o46.exec:\p2o46.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gweiihw.exec:\gweiihw.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ip9b.exec:\7ip9b.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8036b.exec:\8036b.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l153ix2.exec:\l153ix2.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xieo5.exec:\xieo5.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a2uh0w.exec:\a2uh0w.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\68365.exec:\68365.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rx7m7o9.exec:\rx7m7o9.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\453gc3.exec:\453gc3.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pg2og0s.exec:\pg2og0s.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0m3slh.exec:\0m3slh.exe17⤵
- Executes dropped EXE
-
\??\c:\i53395m.exec:\i53395m.exe18⤵
- Executes dropped EXE
-
\??\c:\xn70t.exec:\xn70t.exe19⤵
- Executes dropped EXE
-
\??\c:\tqx3k.exec:\tqx3k.exe20⤵
- Executes dropped EXE
-
\??\c:\2i7g1w.exec:\2i7g1w.exe21⤵
- Executes dropped EXE
-
\??\c:\m964ma.exec:\m964ma.exe22⤵
- Executes dropped EXE
-
\??\c:\8w3ua3q.exec:\8w3ua3q.exe23⤵
- Executes dropped EXE
-
\??\c:\v1cs3c1.exec:\v1cs3c1.exe24⤵
- Executes dropped EXE
-
\??\c:\l5iq3.exec:\l5iq3.exe25⤵
- Executes dropped EXE
-
\??\c:\8455c.exec:\8455c.exe26⤵
- Executes dropped EXE
-
\??\c:\c5ss1.exec:\c5ss1.exe27⤵
- Executes dropped EXE
-
\??\c:\26j7r3.exec:\26j7r3.exe28⤵
- Executes dropped EXE
-
\??\c:\g14q6s.exec:\g14q6s.exe29⤵
- Executes dropped EXE
-
\??\c:\4qu1kqi.exec:\4qu1kqi.exe30⤵
- Executes dropped EXE
-
\??\c:\85in0.exec:\85in0.exe31⤵
- Executes dropped EXE
-
\??\c:\25x1e.exec:\25x1e.exe32⤵
- Executes dropped EXE
-
\??\c:\091u9.exec:\091u9.exe33⤵
- Executes dropped EXE
-
\??\c:\878o315.exec:\878o315.exe34⤵
- Executes dropped EXE
-
\??\c:\n73e25.exec:\n73e25.exe35⤵
- Executes dropped EXE
-
\??\c:\89as9i.exec:\89as9i.exe36⤵
- Executes dropped EXE
-
\??\c:\j7e9v.exec:\j7e9v.exe37⤵
- Executes dropped EXE
-
\??\c:\2b59ip1.exec:\2b59ip1.exe38⤵
- Executes dropped EXE
-
\??\c:\e6xp70x.exec:\e6xp70x.exe39⤵
- Executes dropped EXE
-
\??\c:\u1359c3.exec:\u1359c3.exe40⤵
- Executes dropped EXE
-
\??\c:\c8qc5.exec:\c8qc5.exe41⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\xr779kd.exec:\xr779kd.exe28⤵
-
\??\c:\rckc0.exec:\rckc0.exe29⤵
-
\??\c:\2q7483.exec:\2q7483.exe30⤵
-
\??\c:\091c9.exec:\091c9.exe31⤵
-
\??\c:\2kp03o.exec:\2kp03o.exe32⤵
-
\??\c:\6754uds.exec:\6754uds.exe33⤵
-
\??\c:\7qo1ki9.exec:\7qo1ki9.exe34⤵
-
\??\c:\4ojie.exec:\4ojie.exe35⤵
-
\??\c:\8b3k3.exec:\8b3k3.exe36⤵
-
\??\c:\gnwj1.exec:\gnwj1.exe37⤵
-
\??\c:\n7urx23.exec:\n7urx23.exe38⤵
-
\??\c:\t09777.exec:\t09777.exe39⤵
-
\??\c:\312w10.exec:\312w10.exe40⤵
-
\??\c:\65q1a.exec:\65q1a.exe41⤵
-
\??\c:\09gw36n.exec:\09gw36n.exe42⤵
-
\??\c:\pw7881.exec:\pw7881.exe43⤵
-
\??\c:\276c3e.exec:\276c3e.exe44⤵
-
\??\c:\x7ur8.exec:\x7ur8.exe45⤵
-
\??\c:\logeik7.exec:\logeik7.exe46⤵
-
\??\c:\hx5c7m5.exec:\hx5c7m5.exe47⤵
-
\??\c:\68df3.exec:\68df3.exe48⤵
-
\??\c:\bq31gb5.exec:\bq31gb5.exe49⤵
-
\??\c:\bv7mt9.exec:\bv7mt9.exe50⤵
-
\??\c:\j913i5.exec:\j913i5.exe51⤵
-
\??\c:\8g545u.exec:\8g545u.exe52⤵
-
\??\c:\5c9vmt1.exec:\5c9vmt1.exe53⤵
-
\??\c:\x7k950p.exec:\x7k950p.exe54⤵
-
\??\c:\d153k3g.exec:\d153k3g.exe55⤵
-
\??\c:\dk7e8a.exec:\dk7e8a.exe56⤵
-
\??\c:\vab7wg7.exec:\vab7wg7.exe57⤵
-
\??\c:\i99h875.exec:\i99h875.exe58⤵
-
\??\c:\83wl3cv.exec:\83wl3cv.exe59⤵
-
\??\c:\okd16r.exec:\okd16r.exe60⤵
-
\??\c:\40c75s.exec:\40c75s.exe61⤵
-
\??\c:\0767oa.exec:\0767oa.exe62⤵
-
\??\c:\v15w2w.exec:\v15w2w.exe63⤵
-
\??\c:\rq176s.exec:\rq176s.exe64⤵
-
\??\c:\68hh7.exec:\68hh7.exe65⤵
-
\??\c:\5rmi9g.exec:\5rmi9g.exe66⤵
-
\??\c:\410p6.exec:\410p6.exe67⤵
-
\??\c:\134g17.exec:\134g17.exe68⤵
-
\??\c:\650m33.exec:\650m33.exe69⤵
-
\??\c:\7j77wa.exec:\7j77wa.exe70⤵
-
\??\c:\t19a17g.exec:\t19a17g.exe71⤵
-
\??\c:\251198.exec:\251198.exe72⤵
-
\??\c:\nlks1.exec:\nlks1.exe73⤵
-
\??\c:\g24cg.exec:\g24cg.exe74⤵
-
\??\c:\5155n71.exec:\5155n71.exe75⤵
-
\??\c:\v30uwa.exec:\v30uwa.exe76⤵
-
\??\c:\7qsgaa.exec:\7qsgaa.exe77⤵
-
\??\c:\8161uq.exec:\8161uq.exe78⤵
-
\??\c:\387946.exec:\387946.exe79⤵
-
\??\c:\26t4t.exec:\26t4t.exe80⤵
-
\??\c:\m2w5o1.exec:\m2w5o1.exe81⤵
-
\??\c:\sg9k6k5.exec:\sg9k6k5.exe82⤵
-
\??\c:\egp27.exec:\egp27.exe83⤵
-
\??\c:\s2t78o3.exec:\s2t78o3.exe84⤵
-
\??\c:\98xg5ed.exec:\98xg5ed.exe85⤵
-
\??\c:\lsk45.exec:\lsk45.exe86⤵
-
\??\c:\tv7c17.exec:\tv7c17.exe87⤵
-
\??\c:\3d8u56.exec:\3d8u56.exe88⤵
-
\??\c:\59wo9i.exec:\59wo9i.exe89⤵
-
\??\c:\og6av.exec:\og6av.exe90⤵
-
\??\c:\4713ut.exec:\4713ut.exe91⤵
-
\??\c:\pq33kco.exec:\pq33kco.exe92⤵
-
\??\c:\81q39h.exec:\81q39h.exe93⤵
-
\??\c:\h134m57.exec:\h134m57.exe94⤵
-
\??\c:\h5xp58.exec:\h5xp58.exe95⤵
-
\??\c:\8e39j.exec:\8e39j.exe96⤵
-
\??\c:\4wi5u.exec:\4wi5u.exe97⤵
-
\??\c:\1u14qf.exec:\1u14qf.exe98⤵
-
\??\c:\o052sh2.exec:\o052sh2.exe99⤵
-
\??\c:\f9p0n6d.exec:\f9p0n6d.exe100⤵
-
\??\c:\fcv9i3o.exec:\fcv9i3o.exe101⤵
-
\??\c:\8179uj.exec:\8179uj.exe102⤵
-
\??\c:\4sc3sx.exec:\4sc3sx.exe103⤵
-
\??\c:\35930.exec:\35930.exe104⤵
-
\??\c:\f5ce9.exec:\f5ce9.exe105⤵
-
\??\c:\tn2ia.exec:\tn2ia.exe106⤵
-
\??\c:\vcc6q0m.exec:\vcc6q0m.exe107⤵
-
\??\c:\ggx8x2.exec:\ggx8x2.exe108⤵
-
\??\c:\s45qwr9.exec:\s45qwr9.exe109⤵
-
\??\c:\nw3e9sv.exec:\nw3e9sv.exe110⤵
-
\??\c:\2c9ck.exec:\2c9ck.exe111⤵
-
\??\c:\47k7smk.exec:\47k7smk.exe112⤵
-
\??\c:\949trt.exec:\949trt.exe113⤵
-
\??\c:\07ecv9.exec:\07ecv9.exe114⤵
-
\??\c:\b18m10.exec:\b18m10.exe115⤵
-
\??\c:\k760wv6.exec:\k760wv6.exe116⤵
-
\??\c:\8eqq5.exec:\8eqq5.exe117⤵
-
\??\c:\1x7u8.exec:\1x7u8.exe118⤵
-
\??\c:\pwa78.exec:\pwa78.exe119⤵
-
\??\c:\d559wih.exec:\d559wih.exe120⤵
-
\??\c:\pa893a7.exec:\pa893a7.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-