Analysis
-
max time kernel
126s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
01-11-2023 11:31
General
-
Target
NEAS.a36b897c8bf70a49aedbb14d34f18f00_JC.exe
-
Size
73KB
-
MD5
a36b897c8bf70a49aedbb14d34f18f00
-
SHA1
479a3d1a06178ceb45520f34011275dcbe5cdb39
-
SHA256
de6f9544824f6c704ff711566ef18fb6a3a2d760cd2cdfab63b21f5c208f2190
-
SHA512
f692e071fe302920927c08ac09cc338a2dddf36038a47fc3fb32ce03122349117056350701359298b356e27e5989f8b9b1df02145de5de346e6e42b097ee6d0f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDWiekja1br3GGBxfotGpS7Pxdf:ymb3NkkiQ3mdBjFWXkj7afowpkt
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 61 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.a36b897c8bf70a49aedbb14d34f18f00_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.a36b897c8bf70a49aedbb14d34f18f00_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9w640.exec:\9w640.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7b953.exec:\7b953.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2bi61.exec:\2bi61.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t537133.exec:\t537133.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qouci.exec:\qouci.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x4wn90.exec:\x4wn90.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\oj4sn6c.exec:\oj4sn6c.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8d92a.exec:\8d92a.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1v6sn3.exec:\1v6sn3.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ub5wcs.exec:\ub5wcs.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p2w5c9.exec:\p2w5c9.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c01e3.exec:\c01e3.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jm3qum.exec:\jm3qum.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j3toqm.exec:\j3toqm.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o4r5o.exec:\o4r5o.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e9q74g.exec:\e9q74g.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\38uf56c.exec:\38uf56c.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8649g.exec:\8649g.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\68iot.exec:\68iot.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1l315.exec:\1l315.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t16i9.exec:\t16i9.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9n13in.exec:\9n13in.exe23⤵
- Executes dropped EXE
-
\??\c:\370vo.exec:\370vo.exe24⤵
- Executes dropped EXE
-
\??\c:\x9mc1.exec:\x9mc1.exe25⤵
- Executes dropped EXE
-
\??\c:\pkh5fw.exec:\pkh5fw.exe26⤵
- Executes dropped EXE
-
\??\c:\c0r50i5.exec:\c0r50i5.exe27⤵
- Executes dropped EXE
-
\??\c:\j5m7uv.exec:\j5m7uv.exe28⤵
- Executes dropped EXE
-
\??\c:\ikeci.exec:\ikeci.exe29⤵
- Executes dropped EXE
-
\??\c:\p4o34ik.exec:\p4o34ik.exe30⤵
- Executes dropped EXE
-
\??\c:\l05sr57.exec:\l05sr57.exe31⤵
- Executes dropped EXE
-
\??\c:\75il1es.exec:\75il1es.exe32⤵
- Executes dropped EXE
-
\??\c:\6gcqci.exec:\6gcqci.exe33⤵
- Executes dropped EXE
-
\??\c:\hd1377.exec:\hd1377.exe34⤵
- Executes dropped EXE
-
\??\c:\xsau68.exec:\xsau68.exe35⤵
- Executes dropped EXE
-
\??\c:\jg1jksc.exec:\jg1jksc.exe36⤵
- Executes dropped EXE
-
\??\c:\93793.exec:\93793.exe37⤵
- Executes dropped EXE
-
\??\c:\75us0.exec:\75us0.exe38⤵
- Executes dropped EXE
-
\??\c:\43599.exec:\43599.exe39⤵
- Executes dropped EXE
-
\??\c:\uaeeum.exec:\uaeeum.exe40⤵
- Executes dropped EXE
-
\??\c:\i4uco.exec:\i4uco.exe41⤵
- Executes dropped EXE
-
\??\c:\54cv96c.exec:\54cv96c.exe42⤵
- Executes dropped EXE
-
\??\c:\ossqgq.exec:\ossqgq.exe43⤵
- Executes dropped EXE
-
\??\c:\0db5cjq.exec:\0db5cjq.exe44⤵
- Executes dropped EXE
-
\??\c:\fl8w73.exec:\fl8w73.exe45⤵
- Executes dropped EXE
-
\??\c:\65ot8.exec:\65ot8.exe46⤵
- Executes dropped EXE
-
\??\c:\q6m1r7.exec:\q6m1r7.exe47⤵
- Executes dropped EXE
-
\??\c:\r8logm.exec:\r8logm.exe48⤵
- Executes dropped EXE
-
\??\c:\692g17c.exec:\692g17c.exe49⤵
- Executes dropped EXE
-
\??\c:\77gowgm.exec:\77gowgm.exe50⤵
- Executes dropped EXE
-
\??\c:\j7p996e.exec:\j7p996e.exe51⤵
- Executes dropped EXE
-
\??\c:\85k96h5.exec:\85k96h5.exe52⤵
- Executes dropped EXE
-
\??\c:\v33795.exec:\v33795.exe53⤵
- Executes dropped EXE
-
\??\c:\v0aqif1.exec:\v0aqif1.exe54⤵
- Executes dropped EXE
-
\??\c:\875qq.exec:\875qq.exe55⤵
- Executes dropped EXE
-
\??\c:\fk4si.exec:\fk4si.exe56⤵
- Executes dropped EXE
-
\??\c:\79735.exec:\79735.exe57⤵
- Executes dropped EXE
-
\??\c:\2mcs1.exec:\2mcs1.exe58⤵
- Executes dropped EXE
-
\??\c:\2w1sf1.exec:\2w1sf1.exe59⤵
- Executes dropped EXE
-
\??\c:\x1ask3.exec:\x1ask3.exe60⤵
- Executes dropped EXE
-
\??\c:\859335.exec:\859335.exe61⤵
- Executes dropped EXE
-
\??\c:\77111.exec:\77111.exe62⤵
- Executes dropped EXE
-
\??\c:\0q70l.exec:\0q70l.exe63⤵
- Executes dropped EXE
-
\??\c:\x7hh0.exec:\x7hh0.exe64⤵
- Executes dropped EXE
-
\??\c:\u79117.exec:\u79117.exe65⤵
- Executes dropped EXE
-
\??\c:\t1jem.exec:\t1jem.exe66⤵
-
\??\c:\f999735.exec:\f999735.exe67⤵
-
\??\c:\219v5wn.exec:\219v5wn.exe68⤵
-
\??\c:\sa4xx.exec:\sa4xx.exe69⤵
-
\??\c:\6r3mx69.exec:\6r3mx69.exe70⤵
-
\??\c:\gc399.exec:\gc399.exe71⤵
-
\??\c:\gk72s.exec:\gk72s.exe72⤵
-
\??\c:\mvlq03.exec:\mvlq03.exe73⤵
-
\??\c:\h0qwm.exec:\h0qwm.exe74⤵
-
\??\c:\gw0qwe.exec:\gw0qwe.exe75⤵
-
\??\c:\19mg12l.exec:\19mg12l.exe76⤵
-
\??\c:\0f16e.exec:\0f16e.exe77⤵
-
\??\c:\8sas61.exec:\8sas61.exe78⤵
-
\??\c:\r15997.exec:\r15997.exe79⤵
-
\??\c:\ah5qss5.exec:\ah5qss5.exe80⤵
-
\??\c:\3bsmu.exec:\3bsmu.exe81⤵
-
\??\c:\b1950.exec:\b1950.exe82⤵
-
\??\c:\28aeh.exec:\28aeh.exe83⤵
-
\??\c:\ji34v9w.exec:\ji34v9w.exe84⤵
-
\??\c:\133q9.exec:\133q9.exe85⤵
-
\??\c:\mmp35.exec:\mmp35.exe86⤵
-
\??\c:\68giwuq.exec:\68giwuq.exe87⤵
-
\??\c:\9h784c7.exec:\9h784c7.exe88⤵
-
\??\c:\0sf35.exec:\0sf35.exe89⤵
-
\??\c:\970nv1.exec:\970nv1.exe90⤵
-
\??\c:\75issd9.exec:\75issd9.exe91⤵
-
\??\c:\817jj35.exec:\817jj35.exe92⤵
-
\??\c:\2cc9j4c.exec:\2cc9j4c.exe93⤵
-
\??\c:\x351acg.exec:\x351acg.exe94⤵
-
\??\c:\49umckm.exec:\49umckm.exe95⤵
-
\??\c:\9b77394.exec:\9b77394.exe96⤵
-
\??\c:\83iok31.exec:\83iok31.exe97⤵
-
\??\c:\0cmn7.exec:\0cmn7.exe98⤵
-
\??\c:\031viw2.exec:\031viw2.exe99⤵
-
\??\c:\o8s7qh.exec:\o8s7qh.exe100⤵
-
\??\c:\935953s.exec:\935953s.exe101⤵
-
\??\c:\9x1913.exec:\9x1913.exe102⤵
-
\??\c:\47wp10l.exec:\47wp10l.exe103⤵
-
\??\c:\67rw1d0.exec:\67rw1d0.exe104⤵
-
\??\c:\81131.exec:\81131.exe105⤵
-
\??\c:\5gkka.exec:\5gkka.exe106⤵
-
\??\c:\0583l.exec:\0583l.exe107⤵
-
\??\c:\ausqp.exec:\ausqp.exe108⤵
-
\??\c:\vb1379.exec:\vb1379.exe109⤵
-
\??\c:\1px9e.exec:\1px9e.exe110⤵
-
\??\c:\13io6i.exec:\13io6i.exe111⤵
-
\??\c:\10825l.exec:\10825l.exe112⤵
-
\??\c:\im953.exec:\im953.exe113⤵
-
\??\c:\3b29w3.exec:\3b29w3.exe114⤵
-
\??\c:\2teed6g.exec:\2teed6g.exe115⤵
-
\??\c:\j8qgaah.exec:\j8qgaah.exe116⤵
-
\??\c:\qb5o50.exec:\qb5o50.exe117⤵
-
\??\c:\eet58g9.exec:\eet58g9.exe118⤵
-
\??\c:\sal1qg1.exec:\sal1qg1.exe119⤵
-
\??\c:\57ek91.exec:\57ek91.exe120⤵
-
\??\c:\959531.exec:\959531.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-