Analysis
-
max time kernel
51s -
max time network
50s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
22-10-2023 14:13
General
-
Target
NEAS.3f4bbfa5810221964d204a0c6294e100_JC.exe
-
Size
118KB
-
MD5
3f4bbfa5810221964d204a0c6294e100
-
SHA1
466bec32e0ca0f86ef71ede41aa984efbe7fbd9d
-
SHA256
152c3ad1e7a2dbd1992eb1685b48ddd75e7ffbdf9849d3cd9edf9247375b730b
-
SHA512
12b670bf47e15832d726c9822102e24b888d8362a0d60cf9b54a223b44adf0b7388683556da6afc2b1881e69db981d4dd3aa2ed1c9c0f8db92b99e112dded227
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp9X2OXlj4Fdp:n3C9BRo7tvnJ9GFFdp
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.3f4bbfa5810221964d204a0c6294e100_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.3f4bbfa5810221964d204a0c6294e100_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\6882o.exec:\6882o.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\90264ms.exec:\90264ms.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rv8t4d.exec:\rv8t4d.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8okausp.exec:\8okausp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qt9iu.exec:\qt9iu.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hps0.exec:\9hps0.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v5w1e.exec:\v5w1e.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t5mpowa.exec:\t5mpowa.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\sw33e.exec:\sw33e.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r53qj0.exec:\r53qj0.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8h837.exec:\8h837.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a3mqi.exec:\a3mqi.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n9x52.exec:\n9x52.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\509b4.exec:\509b4.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x96cgu.exec:\x96cgu.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6uo61.exec:\6uo61.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b3397.exec:\b3397.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\71793.exec:\71793.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f92a7.exec:\f92a7.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2p91537.exec:\2p91537.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9o2m7.exec:\9o2m7.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w6eh1a3.exec:\w6eh1a3.exe23⤵
- Executes dropped EXE
-
\??\c:\27guc.exec:\27guc.exe24⤵
- Executes dropped EXE
-
\??\c:\v64939.exec:\v64939.exe25⤵
- Executes dropped EXE
-
\??\c:\1frp8.exec:\1frp8.exe26⤵
- Executes dropped EXE
-
\??\c:\8375373.exec:\8375373.exe27⤵
- Executes dropped EXE
-
\??\c:\2wkiq9.exec:\2wkiq9.exe28⤵
- Executes dropped EXE
-
\??\c:\fd3xv0u.exec:\fd3xv0u.exe29⤵
- Executes dropped EXE
-
\??\c:\ng5qiu.exec:\ng5qiu.exe30⤵
- Executes dropped EXE
-
\??\c:\67mwg9.exec:\67mwg9.exe31⤵
- Executes dropped EXE
-
\??\c:\15w8c.exec:\15w8c.exe32⤵
- Executes dropped EXE
-
\??\c:\9e3bxwb.exec:\9e3bxwb.exe33⤵
- Executes dropped EXE
-
\??\c:\5x9311.exec:\5x9311.exe34⤵
- Executes dropped EXE
-
\??\c:\pk90k.exec:\pk90k.exe35⤵
- Executes dropped EXE
-
\??\c:\9oi5eh.exec:\9oi5eh.exe36⤵
- Executes dropped EXE
-
\??\c:\h76s4o.exec:\h76s4o.exe37⤵
- Executes dropped EXE
-
\??\c:\k311311.exec:\k311311.exe38⤵
- Executes dropped EXE
-
\??\c:\ei8ucg1.exec:\ei8ucg1.exe39⤵
- Executes dropped EXE
-
\??\c:\524q90.exec:\524q90.exe40⤵
- Executes dropped EXE
-
\??\c:\4e32i35.exec:\4e32i35.exe41⤵
- Executes dropped EXE
-
\??\c:\559535.exec:\559535.exe42⤵
- Executes dropped EXE
-
\??\c:\3289ns.exec:\3289ns.exe43⤵
- Executes dropped EXE
-
\??\c:\7555373.exec:\7555373.exe44⤵
- Executes dropped EXE
-
\??\c:\690i0.exec:\690i0.exe45⤵
- Executes dropped EXE
-
\??\c:\2u0nk.exec:\2u0nk.exe46⤵
- Executes dropped EXE
-
\??\c:\8e2oj59.exec:\8e2oj59.exe47⤵
- Executes dropped EXE
-
\??\c:\bgm6r.exec:\bgm6r.exe48⤵
- Executes dropped EXE
-
\??\c:\7bd105.exec:\7bd105.exe49⤵
-
\??\c:\f8q539.exec:\f8q539.exe50⤵
- Executes dropped EXE
-
\??\c:\b0f7k.exec:\b0f7k.exe51⤵
- Executes dropped EXE
-
\??\c:\2sf5sn3.exec:\2sf5sn3.exe52⤵
-
\??\c:\6kd10.exec:\6kd10.exe53⤵
-
\??\c:\gr3et1c.exec:\gr3et1c.exe54⤵
- Executes dropped EXE
-
\??\c:\89qb4kc.exec:\89qb4kc.exe55⤵
- Executes dropped EXE
-
\??\c:\91odq.exec:\91odq.exe56⤵
- Executes dropped EXE
-
\??\c:\iov317.exec:\iov317.exe57⤵
- Executes dropped EXE
-
\??\c:\v2wi16.exec:\v2wi16.exe58⤵
- Executes dropped EXE
-
\??\c:\xn1119g.exec:\xn1119g.exe59⤵
- Executes dropped EXE
-
\??\c:\0o57md.exec:\0o57md.exe60⤵
- Executes dropped EXE
-
\??\c:\6h3i8.exec:\6h3i8.exe61⤵
-
\??\c:\2w7of0m.exec:\2w7of0m.exe62⤵
- Executes dropped EXE
-
\??\c:\h712ue9.exec:\h712ue9.exe63⤵
- Executes dropped EXE
-
\??\c:\tr9uw7.exec:\tr9uw7.exe64⤵
- Executes dropped EXE
-
\??\c:\n3951.exec:\n3951.exe65⤵
- Executes dropped EXE
-
\??\c:\4i93773.exec:\4i93773.exe66⤵
-
\??\c:\9x9uq7d.exec:\9x9uq7d.exe67⤵
-
\??\c:\hc59e.exec:\hc59e.exe68⤵
-
\??\c:\b2kooe.exec:\b2kooe.exe69⤵
-
\??\c:\d3emqo.exec:\d3emqo.exe70⤵
-
\??\c:\p7wi5k.exec:\p7wi5k.exe71⤵
-
\??\c:\w9gv3g1.exec:\w9gv3g1.exe72⤵
-
\??\c:\898k5.exec:\898k5.exe73⤵
-
\??\c:\672a133.exec:\672a133.exe74⤵
-
\??\c:\0e1839.exec:\0e1839.exe75⤵
-
\??\c:\qib1gn1.exec:\qib1gn1.exe76⤵
-
\??\c:\v7ek7.exec:\v7ek7.exe77⤵
-
\??\c:\391195.exec:\391195.exe78⤵
-
\??\c:\fx2e71.exec:\fx2e71.exe79⤵
-
\??\c:\or8qf6f.exec:\or8qf6f.exe80⤵
-
\??\c:\d8p56ew.exec:\d8p56ew.exe81⤵
-
\??\c:\x38w5qo.exec:\x38w5qo.exe82⤵
-
\??\c:\p8k9w.exec:\p8k9w.exe83⤵
-
\??\c:\3o7915.exec:\3o7915.exe84⤵
-
\??\c:\68248.exec:\68248.exe85⤵
-
\??\c:\i876l.exec:\i876l.exe86⤵
-
\??\c:\67wnr9.exec:\67wnr9.exe87⤵
-
\??\c:\03h735k.exec:\03h735k.exe88⤵
-
\??\c:\c8s1u3.exec:\c8s1u3.exe89⤵
-
\??\c:\9sgqwk.exec:\9sgqwk.exe90⤵
-
\??\c:\136m32q.exec:\136m32q.exe91⤵
- Executes dropped EXE
-
\??\c:\n386ub9.exec:\n386ub9.exe92⤵
-
\??\c:\16k36v3.exec:\16k36v3.exe93⤵
-
\??\c:\u2456.exec:\u2456.exe94⤵
- Executes dropped EXE
-
\??\c:\37wx7.exec:\37wx7.exe95⤵
- Executes dropped EXE
-
\??\c:\ckc8qv.exec:\ckc8qv.exe96⤵
-
\??\c:\f8qqcw.exec:\f8qqcw.exe97⤵
-
\??\c:\wqf16c9.exec:\wqf16c9.exe98⤵
-
\??\c:\2t1gp4.exec:\2t1gp4.exe99⤵
-
\??\c:\i6o553.exec:\i6o553.exe100⤵
-
\??\c:\6u0h49.exec:\6u0h49.exe101⤵
-
\??\c:\7qf4o.exec:\7qf4o.exe102⤵
-
\??\c:\67e54tc.exec:\67e54tc.exe103⤵
- Executes dropped EXE
-
\??\c:\9suia.exec:\9suia.exe104⤵
-
\??\c:\1g7l5.exec:\1g7l5.exe105⤵
-
\??\c:\10uso.exec:\10uso.exe106⤵
-
\??\c:\834jv98.exec:\834jv98.exe107⤵
-
\??\c:\r5q7333.exec:\r5q7333.exe108⤵
-
\??\c:\qvrskb9.exec:\qvrskb9.exe109⤵
-
\??\c:\segr93.exec:\segr93.exe110⤵
-
\??\c:\402bv5.exec:\402bv5.exe111⤵
-
\??\c:\6gt7q.exec:\6gt7q.exe112⤵
-
\??\c:\426d807.exec:\426d807.exe113⤵
-
\??\c:\39571.exec:\39571.exe114⤵
-
\??\c:\eocos.exec:\eocos.exe115⤵
-
\??\c:\38wa3i.exec:\38wa3i.exe116⤵
-
\??\c:\8155591.exec:\8155591.exe117⤵
-
\??\c:\2437l.exec:\2437l.exe118⤵
-
\??\c:\2umak.exec:\2umak.exe119⤵
-
\??\c:\6gcb8k.exec:\6gcb8k.exe120⤵
-
\??\c:\2q1w5.exec:\2q1w5.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-