Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
01/11/2023, 22:55
General
-
Target
NEAS.b700606a9a8909a9a5707ee86a66bdf0_JC.exe
-
Size
71KB
-
MD5
b700606a9a8909a9a5707ee86a66bdf0
-
SHA1
253d3eb9eed34a42fadb35ec5672c083ba5447da
-
SHA256
62eb024cd559216149b48c450a6eb9425ff0f43e7cd66ed795d3189415ecab3c
-
SHA512
dce4e5437bd9d6882f7e070c1047669e9d4a9c0b813160f1f76d95c8c8e3d254877d052955b19ba372ca59d6be44679860bc92ba1cf04d4775e91d263ec5beca
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIugEuUm1I6:ymb3NkkiQ3mdBjFIugENm1I6
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 60 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.b700606a9a8909a9a5707ee86a66bdf0_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.b700606a9a8909a9a5707ee86a66bdf0_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\2etb96.exec:\2etb96.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3v54l.exec:\3v54l.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\08s94k.exec:\08s94k.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ua4m0.exec:\ua4m0.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\45es5q1.exec:\45es5q1.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1a1ialv.exec:\1a1ialv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i2513q.exec:\i2513q.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\034m39.exec:\034m39.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\87q017.exec:\87q017.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g1ie78p.exec:\g1ie78p.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k827h0.exec:\k827h0.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ga507.exec:\ga507.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\53x33.exec:\53x33.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5wie1mq.exec:\5wie1mq.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xwo5e5i.exec:\xwo5e5i.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a3kdj.exec:\a3kdj.exe17⤵
- Executes dropped EXE
-
\??\c:\n97qq.exec:\n97qq.exe18⤵
- Executes dropped EXE
-
\??\c:\hk36s.exec:\hk36s.exe19⤵
- Executes dropped EXE
-
\??\c:\to189.exec:\to189.exe20⤵
- Executes dropped EXE
-
\??\c:\311534.exec:\311534.exe21⤵
- Executes dropped EXE
-
\??\c:\lwqw32.exec:\lwqw32.exe22⤵
- Executes dropped EXE
-
\??\c:\aab614x.exec:\aab614x.exe23⤵
- Executes dropped EXE
-
\??\c:\q6w75.exec:\q6w75.exe24⤵
- Executes dropped EXE
-
\??\c:\xkl0fc9.exec:\xkl0fc9.exe25⤵
- Executes dropped EXE
-
\??\c:\u1k30o.exec:\u1k30o.exe26⤵
- Executes dropped EXE
-
\??\c:\6539f.exec:\6539f.exe27⤵
- Executes dropped EXE
-
\??\c:\1n4wj.exec:\1n4wj.exe28⤵
- Executes dropped EXE
-
\??\c:\396n9e5.exec:\396n9e5.exe29⤵
- Executes dropped EXE
-
\??\c:\350ct10.exec:\350ct10.exe30⤵
- Executes dropped EXE
-
\??\c:\7h6jox.exec:\7h6jox.exe31⤵
- Executes dropped EXE
-
\??\c:\q651e6l.exec:\q651e6l.exe32⤵
- Executes dropped EXE
-
\??\c:\s6mqc03.exec:\s6mqc03.exe33⤵
- Executes dropped EXE
-
\??\c:\fd16t5.exec:\fd16t5.exe34⤵
- Executes dropped EXE
-
\??\c:\7cwh7k3.exec:\7cwh7k3.exe35⤵
- Executes dropped EXE
-
\??\c:\sax7gf9.exec:\sax7gf9.exe36⤵
- Executes dropped EXE
-
\??\c:\xo31m.exec:\xo31m.exe37⤵
- Executes dropped EXE
-
\??\c:\samg2s.exec:\samg2s.exe38⤵
- Executes dropped EXE
-
\??\c:\j11sw.exec:\j11sw.exe39⤵
- Executes dropped EXE
-
\??\c:\c2ar2sc.exec:\c2ar2sc.exe40⤵
- Executes dropped EXE
-
\??\c:\ls79tu.exec:\ls79tu.exe41⤵
- Executes dropped EXE
-
\??\c:\m5751.exec:\m5751.exe42⤵
- Executes dropped EXE
-
\??\c:\9752st.exec:\9752st.exe43⤵
- Executes dropped EXE
-
\??\c:\bp10is.exec:\bp10is.exe44⤵
- Executes dropped EXE
-
\??\c:\couqg.exec:\couqg.exe45⤵
- Executes dropped EXE
-
\??\c:\odljt.exec:\odljt.exe46⤵
- Executes dropped EXE
-
\??\c:\iup9gs.exec:\iup9gs.exe47⤵
- Executes dropped EXE
-
\??\c:\93sh7.exec:\93sh7.exe48⤵
- Executes dropped EXE
-
\??\c:\335ax.exec:\335ax.exe49⤵
- Executes dropped EXE
-
\??\c:\5o5su41.exec:\5o5su41.exe50⤵
- Executes dropped EXE
-
\??\c:\g21u5.exec:\g21u5.exe51⤵
- Executes dropped EXE
-
\??\c:\wkks333.exec:\wkks333.exe52⤵
- Executes dropped EXE
-
\??\c:\cou3w9.exec:\cou3w9.exe53⤵
- Executes dropped EXE
-
\??\c:\0799pfd.exec:\0799pfd.exe54⤵
- Executes dropped EXE
-
\??\c:\rfou001.exec:\rfou001.exe55⤵
- Executes dropped EXE
-
\??\c:\8fi9qq4.exec:\8fi9qq4.exe56⤵
- Executes dropped EXE
-
\??\c:\1u5q13.exec:\1u5q13.exe57⤵
- Executes dropped EXE
-
\??\c:\owaw1i.exec:\owaw1i.exe58⤵
- Executes dropped EXE
-
\??\c:\3936j.exec:\3936j.exe59⤵
- Executes dropped EXE
-
\??\c:\hk191.exec:\hk191.exe60⤵
- Executes dropped EXE
-
\??\c:\35373t.exec:\35373t.exe61⤵
- Executes dropped EXE
-
\??\c:\ha9k8.exec:\ha9k8.exe62⤵
- Executes dropped EXE
-
\??\c:\22cb9.exec:\22cb9.exe63⤵
- Executes dropped EXE
-
\??\c:\c8cj78s.exec:\c8cj78s.exe64⤵
- Executes dropped EXE
-
\??\c:\257mc.exec:\257mc.exe65⤵
- Executes dropped EXE
-
\??\c:\8kac5o7.exec:\8kac5o7.exe66⤵
-
\??\c:\vg7435.exec:\vg7435.exe67⤵
-
\??\c:\a30f2u5.exec:\a30f2u5.exe68⤵
-
\??\c:\56xb4h.exec:\56xb4h.exe69⤵
-
\??\c:\959q4.exec:\959q4.exe70⤵
-
\??\c:\49eme7g.exec:\49eme7g.exe71⤵
-
\??\c:\q67gkjo.exec:\q67gkjo.exe72⤵
-
\??\c:\o49re.exec:\o49re.exe73⤵
-
\??\c:\9pb5f.exec:\9pb5f.exe74⤵
-
\??\c:\m78m4.exec:\m78m4.exe75⤵
-
\??\c:\k51kg75.exec:\k51kg75.exe76⤵
-
\??\c:\5k7i77.exec:\5k7i77.exe77⤵
-
\??\c:\jb4gl.exec:\jb4gl.exe78⤵
-
\??\c:\a4mdomo.exec:\a4mdomo.exe79⤵
-
\??\c:\km8ik.exec:\km8ik.exe80⤵
-
\??\c:\be7179.exec:\be7179.exe81⤵
-
\??\c:\6925w.exec:\6925w.exe82⤵
-
\??\c:\rk119a.exec:\rk119a.exe83⤵
-
\??\c:\29gn6mn.exec:\29gn6mn.exe84⤵
-
\??\c:\k9u5m.exec:\k9u5m.exe85⤵
-
\??\c:\3q76d7.exec:\3q76d7.exe86⤵
-
\??\c:\w12i2m.exec:\w12i2m.exe87⤵
-
\??\c:\5t9c935.exec:\5t9c935.exe88⤵
-
\??\c:\2731e17.exec:\2731e17.exe89⤵
-
\??\c:\e139135.exec:\e139135.exe90⤵
-
\??\c:\tsf1mb5.exec:\tsf1mb5.exe91⤵
-
\??\c:\icp7g15.exec:\icp7g15.exe92⤵
-
\??\c:\nmr9h7.exec:\nmr9h7.exe93⤵
-
\??\c:\ae350r.exec:\ae350r.exe94⤵
-
\??\c:\2ckf5.exec:\2ckf5.exe95⤵
-
\??\c:\20qauw3.exec:\20qauw3.exe96⤵
-
\??\c:\u4h1kc.exec:\u4h1kc.exe97⤵
-
\??\c:\7x787.exec:\7x787.exe98⤵
-
\??\c:\93ccc.exec:\93ccc.exe99⤵
-
\??\c:\83519.exec:\83519.exe100⤵
-
\??\c:\06af50.exec:\06af50.exe101⤵
-
\??\c:\3p18r1.exec:\3p18r1.exe102⤵
-
\??\c:\bai989.exec:\bai989.exe103⤵
-
\??\c:\0q34f.exec:\0q34f.exe104⤵
-
\??\c:\8d0j0k9.exec:\8d0j0k9.exe105⤵
-
\??\c:\0ha3w5.exec:\0ha3w5.exe106⤵
-
\??\c:\rqx4up.exec:\rqx4up.exe107⤵
-
\??\c:\e2q7cj.exec:\e2q7cj.exe108⤵
-
\??\c:\h2idd9.exec:\h2idd9.exe109⤵
-
\??\c:\57i52el.exec:\57i52el.exe110⤵
-
\??\c:\ppe3kba.exec:\ppe3kba.exe111⤵
-
\??\c:\jf77ek7.exec:\jf77ek7.exe112⤵
-
\??\c:\31oc6i9.exec:\31oc6i9.exe113⤵
-
\??\c:\la9k16.exec:\la9k16.exe114⤵
-
\??\c:\3w3a115.exec:\3w3a115.exe115⤵
-
\??\c:\pe125.exec:\pe125.exe116⤵
-
\??\c:\7v34139.exec:\7v34139.exe117⤵
-
\??\c:\99h07.exec:\99h07.exe118⤵
-
\??\c:\hx0i96i.exec:\hx0i96i.exe119⤵
-
\??\c:\nm192lm.exec:\nm192lm.exe120⤵
-
\??\c:\91qs7.exec:\91qs7.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-