Analysis
-
max time kernel
147s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
01-11-2023 11:31
General
-
Target
NEAS.a36b897c8bf70a49aedbb14d34f18f00_JC.exe
-
Size
73KB
-
MD5
a36b897c8bf70a49aedbb14d34f18f00
-
SHA1
479a3d1a06178ceb45520f34011275dcbe5cdb39
-
SHA256
de6f9544824f6c704ff711566ef18fb6a3a2d760cd2cdfab63b21f5c208f2190
-
SHA512
f692e071fe302920927c08ac09cc338a2dddf36038a47fc3fb32ce03122349117056350701359298b356e27e5989f8b9b1df02145de5de346e6e42b097ee6d0f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDWiekja1br3GGBxfotGpS7Pxdf:ymb3NkkiQ3mdBjFWXkj7afowpkt
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 63 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.a36b897c8bf70a49aedbb14d34f18f00_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.a36b897c8bf70a49aedbb14d34f18f00_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\q5899k.exec:\q5899k.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4w77fo1.exec:\4w77fo1.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6331c19.exec:\6331c19.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wtjl1f.exec:\wtjl1f.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\914hqek.exec:\914hqek.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhjk47.exec:\lhjk47.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\63pg5t.exec:\63pg5t.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\57599g9.exec:\57599g9.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fs9a7.exec:\fs9a7.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1123173.exec:\1123173.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dfcq27.exec:\dfcq27.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fd1u11.exec:\fd1u11.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v0d4183.exec:\v0d4183.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mux75.exec:\mux75.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\954k4o5.exec:\954k4o5.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\555ki1.exec:\555ki1.exe17⤵
- Executes dropped EXE
-
\??\c:\135931.exec:\135931.exe18⤵
- Executes dropped EXE
-
\??\c:\0913l55.exec:\0913l55.exe19⤵
- Executes dropped EXE
-
\??\c:\i8k58dw.exec:\i8k58dw.exe20⤵
- Executes dropped EXE
-
\??\c:\55276.exec:\55276.exe21⤵
- Executes dropped EXE
-
\??\c:\fwj3s.exec:\fwj3s.exe22⤵
- Executes dropped EXE
-
\??\c:\mmgg72s.exec:\mmgg72s.exe23⤵
- Executes dropped EXE
-
\??\c:\i433ee5.exec:\i433ee5.exe24⤵
- Executes dropped EXE
-
\??\c:\04ig56.exec:\04ig56.exe25⤵
- Executes dropped EXE
-
\??\c:\cmq70.exec:\cmq70.exe26⤵
- Executes dropped EXE
-
\??\c:\1t5q9.exec:\1t5q9.exe27⤵
- Executes dropped EXE
-
\??\c:\jo7g94.exec:\jo7g94.exe28⤵
- Executes dropped EXE
-
\??\c:\39111.exec:\39111.exe29⤵
- Executes dropped EXE
-
\??\c:\q193a1.exec:\q193a1.exe30⤵
- Executes dropped EXE
-
\??\c:\ms73p7.exec:\ms73p7.exe31⤵
- Executes dropped EXE
-
\??\c:\67ii1g.exec:\67ii1g.exe32⤵
- Executes dropped EXE
-
\??\c:\jq2x2.exec:\jq2x2.exe33⤵
- Executes dropped EXE
-
\??\c:\hj4bc.exec:\hj4bc.exe34⤵
- Executes dropped EXE
-
\??\c:\43732.exec:\43732.exe35⤵
- Executes dropped EXE
-
\??\c:\osp3o.exec:\osp3o.exe36⤵
- Executes dropped EXE
-
\??\c:\fcmuqk.exec:\fcmuqk.exe37⤵
- Executes dropped EXE
-
\??\c:\su0m9.exec:\su0m9.exe38⤵
- Executes dropped EXE
-
\??\c:\1l3gf10.exec:\1l3gf10.exe39⤵
- Executes dropped EXE
-
\??\c:\29spg.exec:\29spg.exe40⤵
- Executes dropped EXE
-
\??\c:\690a58q.exec:\690a58q.exe41⤵
- Executes dropped EXE
-
\??\c:\g1qi9.exec:\g1qi9.exe42⤵
- Executes dropped EXE
-
\??\c:\1goug.exec:\1goug.exe43⤵
- Executes dropped EXE
-
\??\c:\uas4608.exec:\uas4608.exe44⤵
- Executes dropped EXE
-
\??\c:\63mf2.exec:\63mf2.exe45⤵
- Executes dropped EXE
-
\??\c:\k3ak32.exec:\k3ak32.exe46⤵
- Executes dropped EXE
-
\??\c:\jwmi6q.exec:\jwmi6q.exe47⤵
- Executes dropped EXE
-
\??\c:\8iuqg1q.exec:\8iuqg1q.exe48⤵
- Executes dropped EXE
-
\??\c:\4u7qa5e.exec:\4u7qa5e.exe49⤵
- Executes dropped EXE
-
\??\c:\236r76.exec:\236r76.exe50⤵
- Executes dropped EXE
-
\??\c:\818kl.exec:\818kl.exe51⤵
- Executes dropped EXE
-
\??\c:\97579m.exec:\97579m.exe52⤵
- Executes dropped EXE
-
\??\c:\7h5w7x.exec:\7h5w7x.exe53⤵
- Executes dropped EXE
-
\??\c:\8p70t.exec:\8p70t.exe54⤵
- Executes dropped EXE
-
\??\c:\qme7u.exec:\qme7u.exe55⤵
- Executes dropped EXE
-
\??\c:\gsoua.exec:\gsoua.exe56⤵
- Executes dropped EXE
-
\??\c:\417i3.exec:\417i3.exe57⤵
- Executes dropped EXE
-
\??\c:\u2i86.exec:\u2i86.exe58⤵
- Executes dropped EXE
-
\??\c:\jckq9k.exec:\jckq9k.exe59⤵
- Executes dropped EXE
-
\??\c:\o7n9oxl.exec:\o7n9oxl.exe60⤵
- Executes dropped EXE
-
\??\c:\41735.exec:\41735.exe61⤵
- Executes dropped EXE
-
\??\c:\o4sm0.exec:\o4sm0.exe62⤵
- Executes dropped EXE
-
\??\c:\q0em18.exec:\q0em18.exe63⤵
- Executes dropped EXE
-
\??\c:\393m2o5.exec:\393m2o5.exe64⤵
- Executes dropped EXE
-
\??\c:\5b5q3gc.exec:\5b5q3gc.exe65⤵
- Executes dropped EXE
-
\??\c:\fq3c6u.exec:\fq3c6u.exe66⤵
-
\??\c:\x011kd7.exec:\x011kd7.exe67⤵
-
\??\c:\67q77.exec:\67q77.exe68⤵
-
\??\c:\kci99.exec:\kci99.exe69⤵
-
\??\c:\fwgw1c9.exec:\fwgw1c9.exe70⤵
-
\??\c:\1k30v5.exec:\1k30v5.exe71⤵
-
\??\c:\3d9gn92.exec:\3d9gn92.exe72⤵
-
\??\c:\9r3oj9.exec:\9r3oj9.exe73⤵
-
\??\c:\63am2q8.exec:\63am2q8.exe74⤵
-
\??\c:\w7uk9.exec:\w7uk9.exe75⤵
-
\??\c:\44qbau.exec:\44qbau.exe76⤵
-
\??\c:\17r1648.exec:\17r1648.exe77⤵
-
\??\c:\vpuo3s.exec:\vpuo3s.exe78⤵
-
\??\c:\53q5e.exec:\53q5e.exe79⤵
-
\??\c:\216sx4.exec:\216sx4.exe80⤵
-
\??\c:\27shkkq.exec:\27shkkq.exe81⤵
-
\??\c:\24o5axq.exec:\24o5axq.exe82⤵
-
\??\c:\76at6.exec:\76at6.exe83⤵
-
\??\c:\gn7q5ld.exec:\gn7q5ld.exe84⤵
-
\??\c:\5d3672l.exec:\5d3672l.exe85⤵
-
\??\c:\p90jq7.exec:\p90jq7.exe86⤵
-
\??\c:\88e49.exec:\88e49.exe87⤵
-
\??\c:\e3oq17e.exec:\e3oq17e.exe88⤵
-
\??\c:\55enes7.exec:\55enes7.exe89⤵
-
\??\c:\na90c.exec:\na90c.exe90⤵
-
\??\c:\xm59kn9.exec:\xm59kn9.exe91⤵
-
\??\c:\553fg3.exec:\553fg3.exe92⤵
-
\??\c:\8mi3ug6.exec:\8mi3ug6.exe93⤵
-
\??\c:\iug9u9m.exec:\iug9u9m.exe94⤵
-
\??\c:\53ku2u.exec:\53ku2u.exe95⤵
-
\??\c:\mk169.exec:\mk169.exe96⤵
-
\??\c:\vc4622k.exec:\vc4622k.exe97⤵
-
\??\c:\lok5vos.exec:\lok5vos.exe98⤵
-
\??\c:\7toi14x.exec:\7toi14x.exe99⤵
-
\??\c:\jq7e4s.exec:\jq7e4s.exe100⤵
-
\??\c:\m6i34.exec:\m6i34.exe101⤵
-
\??\c:\scgf5.exec:\scgf5.exe102⤵
-
\??\c:\g0k19.exec:\g0k19.exe103⤵
-
\??\c:\06vrm24.exec:\06vrm24.exe104⤵
-
\??\c:\m6s50w.exec:\m6s50w.exe105⤵
-
\??\c:\cwsms36.exec:\cwsms36.exe106⤵
-
\??\c:\ld71wc7.exec:\ld71wc7.exe107⤵
-
\??\c:\ag3dph.exec:\ag3dph.exe108⤵
-
\??\c:\caf9e.exec:\caf9e.exe109⤵
-
\??\c:\k7uc50s.exec:\k7uc50s.exe110⤵
-
\??\c:\9r2w4.exec:\9r2w4.exe111⤵
-
\??\c:\fi57w.exec:\fi57w.exe112⤵
-
\??\c:\x453o09.exec:\x453o09.exe113⤵
-
\??\c:\hq3k313.exec:\hq3k313.exe114⤵
-
\??\c:\9959o.exec:\9959o.exe115⤵
-
\??\c:\0j72l70.exec:\0j72l70.exe116⤵
-
\??\c:\5k1q7.exec:\5k1q7.exe117⤵
-
\??\c:\g2j7d.exec:\g2j7d.exe118⤵
-
\??\c:\da33o5.exec:\da33o5.exe119⤵
-
\??\c:\735i87.exec:\735i87.exe120⤵
-
\??\c:\ci315.exec:\ci315.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-