Analysis
-
max time kernel
106s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
01/11/2023, 14:16
General
-
Target
NEAS.a391014537f7a960140f5954f40b65a0.exe
-
Size
88KB
-
MD5
a391014537f7a960140f5954f40b65a0
-
SHA1
d2eb165af0ce2a40d3c824e10e84f1bac38f28f2
-
SHA256
8cd871fcda57e2fbf5e665fba39d2002716626fa5ea962106baabad13dd8b216
-
SHA512
b41957ec471054e342252bec1d875c62bf79d2693a988876699343bc758c5a9c9207259f64982581028d7772192577686f2d4a263e87ab13bc2da53b79d3aacd
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/aF8:ymb3NkkiQ3mdBjFo73PYP1lri3K8c8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 62 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.a391014537f7a960140f5954f40b65a0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.a391014537f7a960140f5954f40b65a0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjfvb.exec:\pjfvb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\npjpnjv.exec:\npjpnjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\drdlbl.exec:\drdlbl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vhjfv.exec:\vhjfv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttlv.exec:\tttlv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\trlnhl.exec:\trlnhl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dhfff.exec:\dhfff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
\??\c:\lvnpt.exec:\lvnpt.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpbf.exec:\pdpbf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntblhd.exec:\ntblhd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
\??\c:\jrljl.exec:\jrljl.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lljbdff.exec:\lljbdff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fnxtjdt.exec:\fnxtjdt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbrvdfl.exec:\nbrvdfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fttjprx.exec:\fttjprx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jfrlvt.exec:\jfrlvt.exe6⤵
- Executes dropped EXE
-
\??\c:\blprpt.exec:\blprpt.exe7⤵
- Executes dropped EXE
-
\??\c:\nlllfvv.exec:\nlllfvv.exe8⤵
- Executes dropped EXE
-
\??\c:\ndvvp.exec:\ndvvp.exe9⤵
- Executes dropped EXE
-
\??\c:\fvhrnf.exec:\fvhrnf.exe10⤵
- Executes dropped EXE
-
\??\c:\ffbjv.exec:\ffbjv.exe11⤵
- Executes dropped EXE
-
\??\c:\pjnvxd.exec:\pjnvxd.exe12⤵
- Executes dropped EXE
-
\??\c:\nxlrntj.exec:\nxlrntj.exe13⤵
- Executes dropped EXE
-
\??\c:\xjlfvnj.exec:\xjlfvnj.exe14⤵
- Executes dropped EXE
-
\??\c:\hrfnp.exec:\hrfnp.exe15⤵
- Executes dropped EXE
-
\??\c:\bddrdvv.exec:\bddrdvv.exe16⤵
- Executes dropped EXE
-
\??\c:\ffnhh.exec:\ffnhh.exe17⤵
- Executes dropped EXE
-
\??\c:\xtftl.exec:\xtftl.exe18⤵
- Executes dropped EXE
-
\??\c:\pxlnl.exec:\pxlnl.exe19⤵
- Executes dropped EXE
-
\??\c:\pnnjj.exec:\pnnjj.exe20⤵
- Executes dropped EXE
-
\??\c:\bhnlt.exec:\bhnlt.exe21⤵
- Executes dropped EXE
-
\??\c:\ntlfdx.exec:\ntlfdx.exe22⤵
- Executes dropped EXE
-
\??\c:\ltdhhjb.exec:\ltdhhjb.exe23⤵
- Executes dropped EXE
-
\??\c:\jltlb.exec:\jltlb.exe24⤵
- Executes dropped EXE
-
\??\c:\njrphjf.exec:\njrphjf.exe25⤵
- Executes dropped EXE
-
\??\c:\ltbxt.exec:\ltbxt.exe26⤵
- Executes dropped EXE
-
\??\c:\rlphhl.exec:\rlphhl.exe27⤵
- Executes dropped EXE
-
\??\c:\rttjpvp.exec:\rttjpvp.exe28⤵
- Executes dropped EXE
-
\??\c:\tftjdl.exec:\tftjdl.exe29⤵
- Executes dropped EXE
-
\??\c:\drtjffh.exec:\drtjffh.exe30⤵
- Executes dropped EXE
-
\??\c:\nfbhrv.exec:\nfbhrv.exe31⤵
- Executes dropped EXE
-
\??\c:\ldlfjj.exec:\ldlfjj.exe32⤵
- Executes dropped EXE
-
\??\c:\ppbblv.exec:\ppbblv.exe33⤵
- Executes dropped EXE
-
\??\c:\nlpfdjp.exec:\nlpfdjp.exe34⤵
- Executes dropped EXE
-
\??\c:\xhrdjr.exec:\xhrdjr.exe35⤵
- Executes dropped EXE
-
\??\c:\rdxtbnx.exec:\rdxtbnx.exe36⤵
- Executes dropped EXE
-
\??\c:\rrdrrl.exec:\rrdrrl.exe37⤵
- Executes dropped EXE
-
\??\c:\njdvxtf.exec:\njdvxtf.exe38⤵
- Executes dropped EXE
-
\??\c:\vlxnn.exec:\vlxnn.exe39⤵
- Executes dropped EXE
-
\??\c:\thxhrtb.exec:\thxhrtb.exe40⤵
- Executes dropped EXE
-
\??\c:\vdhrj.exec:\vdhrj.exe41⤵
- Executes dropped EXE
-
\??\c:\flhvrj.exec:\flhvrj.exe42⤵
- Executes dropped EXE
-
\??\c:\nnfttff.exec:\nnfttff.exe43⤵
- Executes dropped EXE
-
\??\c:\jnfrjt.exec:\jnfrjt.exe44⤵
- Executes dropped EXE
-
\??\c:\vldnhnf.exec:\vldnhnf.exe45⤵
- Executes dropped EXE
-
\??\c:\fpffnl.exec:\fpffnl.exe46⤵
- Executes dropped EXE
-
\??\c:\ddbtnr.exec:\ddbtnr.exe47⤵
- Executes dropped EXE
-
\??\c:\bjxjlx.exec:\bjxjlx.exe48⤵
- Executes dropped EXE
-
\??\c:\ttrvtfd.exec:\ttrvtfd.exe49⤵
- Executes dropped EXE
-
\??\c:\bfdbxf.exec:\bfdbxf.exe50⤵
- Executes dropped EXE
-
\??\c:\xhthf.exec:\xhthf.exe51⤵
- Executes dropped EXE
-
\??\c:\bffvl.exec:\bffvl.exe52⤵
- Executes dropped EXE
-
\??\c:\bprnrv.exec:\bprnrv.exe53⤵
- Executes dropped EXE
-
\??\c:\xtnhbp.exec:\xtnhbp.exe54⤵
- Executes dropped EXE
-
\??\c:\xnlblr.exec:\xnlblr.exe55⤵
-
\??\c:\txxdtbf.exec:\txxdtbf.exe56⤵
-
\??\c:\vnnff.exec:\vnnff.exe57⤵
-
\??\c:\lpdnjrt.exec:\lpdnjrt.exe58⤵
-
\??\c:\drlhf.exec:\drlhf.exe59⤵
-
\??\c:\vvndjb.exec:\vvndjb.exe60⤵
-
\??\c:\fbdljhv.exec:\fbdljhv.exe61⤵
-
\??\c:\tnrvlff.exec:\tnrvlff.exe62⤵
-
\??\c:\dbpjrpj.exec:\dbpjrpj.exe63⤵
-
\??\c:\bfhdjh.exec:\bfhdjh.exe64⤵
-
\??\c:\nfhjd.exec:\nfhjd.exe65⤵
-
\??\c:\vrlrh.exec:\vrlrh.exe66⤵
-
\??\c:\tlrhxjf.exec:\tlrhxjf.exe67⤵
-
\??\c:\tpdrvvb.exec:\tpdrvvb.exe68⤵
-
\??\c:\tjrvnn.exec:\tjrvnn.exe69⤵
-
\??\c:\lxrhb.exec:\lxrhb.exe70⤵
-
\??\c:\tfddhvf.exec:\tfddhvf.exe71⤵
-
\??\c:\prvrfh.exec:\prvrfh.exe72⤵
-
\??\c:\jnhlj.exec:\jnhlj.exe73⤵
-
\??\c:\nrtvttr.exec:\nrtvttr.exe74⤵
-
\??\c:\fhjfb.exec:\fhjfb.exe75⤵
-
\??\c:\fdpdp.exec:\fdpdp.exe76⤵
-
\??\c:\xhdvd.exec:\xhdvd.exe77⤵
-
\??\c:\vrjnr.exec:\vrjnr.exe78⤵
-
\??\c:\jdbtp.exec:\jdbtp.exe79⤵
-
\??\c:\plrxht.exec:\plrxht.exe80⤵
-
\??\c:\frltjv.exec:\frltjv.exe81⤵
-
\??\c:\njxpth.exec:\njxpth.exe82⤵
-
\??\c:\bvvxlf.exec:\bvvxlf.exe83⤵
-
\??\c:\bhvxxf.exec:\bhvxxf.exe84⤵
-
\??\c:\dhlbtdl.exec:\dhlbtdl.exe85⤵
-
\??\c:\njxxdj.exec:\njxxdj.exe86⤵
-
\??\c:\phtrhj.exec:\phtrhj.exe87⤵
-
\??\c:\jrnnj.exec:\jrnnj.exe88⤵
-
\??\c:\jfdjph.exec:\jfdjph.exe89⤵
-
\??\c:\nnnfn.exec:\nnnfn.exe90⤵
-
\??\c:\vlndtdb.exec:\vlndtdb.exe91⤵
-
\??\c:\brpdnrj.exec:\brpdnrj.exe92⤵
-
\??\c:\lnbnlb.exec:\lnbnlb.exe93⤵
-
\??\c:\xrbppjl.exec:\xrbppjl.exe94⤵
-
\??\c:\jfjddhh.exec:\jfjddhh.exe95⤵
-
\??\c:\fxftpn.exec:\fxftpn.exe96⤵
-
\??\c:\xttxn.exec:\xttxn.exe97⤵
-
\??\c:\drpbtbx.exec:\drpbtbx.exe98⤵
-
\??\c:\bvvprfb.exec:\bvvprfb.exe99⤵
-
\??\c:\pjjrj.exec:\pjjrj.exe100⤵
-
\??\c:\vbndvv.exec:\vbndvv.exe101⤵
-
\??\c:\bpbvrb.exec:\bpbvrb.exe102⤵
-
\??\c:\fptjtvv.exec:\fptjtvv.exe103⤵
-
\??\c:\dllxp.exec:\dllxp.exe104⤵
-
\??\c:\fjtbflv.exec:\fjtbflv.exe105⤵
-
\??\c:\lvpptf.exec:\lvpptf.exe106⤵
-
\??\c:\dhvfr.exec:\dhvfr.exe107⤵
-
\??\c:\nlbjt.exec:\nlbjt.exe108⤵
-
\??\c:\dlppfrv.exec:\dlppfrv.exe109⤵
-
\??\c:\nffhhrh.exec:\nffhhrh.exe110⤵
-
\??\c:\jxhbfrl.exec:\jxhbfrl.exe111⤵
-
\??\c:\nthfvr.exec:\nthfvr.exe112⤵
-
\??\c:\dddjd.exec:\dddjd.exe113⤵
-
\??\c:\nhntfv.exec:\nhntfv.exe114⤵
-
\??\c:\hnxdjvb.exec:\hnxdjvb.exe115⤵
-
\??\c:\lvdlbfj.exec:\lvdlbfj.exe116⤵
-
\??\c:\bxdxtvr.exec:\bxdxtvr.exe117⤵
-
\??\c:\drrfl.exec:\drrfl.exe118⤵
-
\??\c:\tfjrlxx.exec:\tfjrlxx.exe119⤵
-
\??\c:\vdbtb.exec:\vdbtb.exe120⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\pfdnjj.exec:\pfdnjj.exe1⤵
-
\??\c:\hhdhn.exec:\hhdhn.exe2⤵
-
\??\c:\ndlvhhr.exec:\ndlvhhr.exe3⤵
-
\??\c:\hbjrxd.exec:\hbjrxd.exe4⤵
-
\??\c:\hlrnn.exec:\hlrnn.exe5⤵
-
\??\c:\jhpdff.exec:\jhpdff.exe6⤵
-
\??\c:\nxjdn.exec:\nxjdn.exe7⤵
-
\??\c:\ntrrr.exec:\ntrrr.exe8⤵
-
\??\c:\vdnfl.exec:\vdnfl.exe9⤵
-
\??\c:\frblbrd.exec:\frblbrd.exe10⤵
-
\??\c:\djpjl.exec:\djpjl.exe11⤵
-
\??\c:\flxdv.exec:\flxdv.exe12⤵
-
\??\c:\jtbbxjn.exec:\jtbbxjn.exe13⤵
-
\??\c:\bpxtlbn.exec:\bpxtlbn.exe14⤵
-
\??\c:\nbrpxhb.exec:\nbrpxhb.exe15⤵
-
\??\c:\djvlbb.exec:\djvlbb.exe16⤵
-
\??\c:\dnjrjtf.exec:\dnjrjtf.exe17⤵
-
\??\c:\tfrpbt.exec:\tfrpbt.exe18⤵
-
\??\c:\jtjbbjb.exec:\jtjbbjb.exe19⤵
-
\??\c:\xdlhf.exec:\xdlhf.exe20⤵
-
\??\c:\vhnbjjb.exec:\vhnbjjb.exe21⤵
-
\??\c:\vvhnnhh.exec:\vvhnnhh.exe22⤵
-
\??\c:\xndxtn.exec:\xndxtn.exe23⤵
-
\??\c:\vbfbvl.exec:\vbfbvl.exe24⤵
-
\??\c:\vnnjr.exec:\vnnjr.exe25⤵
-
\??\c:\vhnjn.exec:\vhnjn.exe26⤵
-
\??\c:\xthld.exec:\xthld.exe27⤵
-
\??\c:\bnlllnb.exec:\bnlllnb.exe28⤵
-
\??\c:\fxrntrj.exec:\fxrntrj.exe29⤵
-
\??\c:\pnlvjr.exec:\pnlvjr.exe30⤵
-
\??\c:\dtlht.exec:\dtlht.exe31⤵
-
\??\c:\jbtbr.exec:\jbtbr.exe32⤵
-
\??\c:\jhbplnh.exec:\jhbplnh.exe33⤵
-
\??\c:\xrbhxr.exec:\xrbhxr.exe34⤵
-
\??\c:\bxvlr.exec:\bxvlr.exe35⤵
-
\??\c:\rxhdbll.exec:\rxhdbll.exe36⤵
-
\??\c:\bfjhlrn.exec:\bfjhlrn.exe37⤵
-
\??\c:\xbhjv.exec:\xbhjv.exe38⤵
-
\??\c:\jvpjbtn.exec:\jvpjbtn.exe39⤵
-
\??\c:\bhrbnrn.exec:\bhrbnrn.exe40⤵
-
\??\c:\bvhvff.exec:\bvhvff.exe41⤵
-
\??\c:\bhxnjhh.exec:\bhxnjhh.exe42⤵
-
\??\c:\dbrfjr.exec:\dbrfjr.exe43⤵
-
\??\c:\fvhhr.exec:\fvhhr.exe44⤵
-
\??\c:\rrdjb.exec:\rrdjb.exe45⤵
-
\??\c:\bvbvnh.exec:\bvbvnh.exe46⤵
-
\??\c:\bxpxlj.exec:\bxpxlj.exe47⤵
-
\??\c:\hrtxxfj.exec:\hrtxxfj.exe48⤵
-
\??\c:\xvtdhh.exec:\xvtdhh.exe49⤵
-
\??\c:\nhxfd.exec:\nhxfd.exe50⤵
-
\??\c:\rfnfdt.exec:\rfnfdt.exe51⤵
-
\??\c:\fnvvxl.exec:\fnvvxl.exe52⤵
-
\??\c:\xrhjjnf.exec:\xrhjjnf.exe53⤵
-
\??\c:\rtfrxdv.exec:\rtfrxdv.exe54⤵
-
\??\c:\dhlfphf.exec:\dhlfphf.exe55⤵
-
\??\c:\bfvnlxl.exec:\bfvnlxl.exe56⤵
-
\??\c:\ftdbt.exec:\ftdbt.exe57⤵
-
\??\c:\fxlvtb.exec:\fxlvtb.exe58⤵
-
\??\c:\vrjhrfp.exec:\vrjhrfp.exe59⤵
-
\??\c:\fphjv.exec:\fphjv.exe60⤵
-
\??\c:\rxnlr.exec:\rxnlr.exe61⤵
-
\??\c:\bjvth.exec:\bjvth.exe62⤵
-
\??\c:\tjbbxb.exec:\tjbbxb.exe63⤵
-
\??\c:\rdpjntn.exec:\rdpjntn.exe64⤵
-
\??\c:\pvfvp.exec:\pvfvp.exe65⤵
-
\??\c:\fnrnlx.exec:\fnrnlx.exe66⤵
-
\??\c:\nfdvlv.exec:\nfdvlv.exe67⤵
-
\??\c:\vtxlp.exec:\vtxlp.exe68⤵
-
\??\c:\rhxpn.exec:\rhxpn.exe69⤵
-
\??\c:\vjnlx.exec:\vjnlx.exe70⤵
-
\??\c:\bnprfn.exec:\bnprfn.exe71⤵
-
\??\c:\xndjdhv.exec:\xndjdhv.exe72⤵
-
\??\c:\tdlrdbr.exec:\tdlrdbr.exe73⤵
-
\??\c:\brjlbnf.exec:\brjlbnf.exe74⤵
-
\??\c:\xrdpd.exec:\xrdpd.exe75⤵
-
\??\c:\llbhxjd.exec:\llbhxjd.exe76⤵
-
\??\c:\rhnfbj.exec:\rhnfbj.exe77⤵
-
\??\c:\vvxfxj.exec:\vvxfxj.exe78⤵
-
\??\c:\nnfpj.exec:\nnfpj.exe79⤵
-
\??\c:\djrhff.exec:\djrhff.exe80⤵
-
\??\c:\xlfpjbj.exec:\xlfpjbj.exe81⤵
-
\??\c:\tdhhlh.exec:\tdhhlh.exe82⤵
-
\??\c:\vhthh.exec:\vhthh.exe83⤵
-
\??\c:\npxvn.exec:\npxvn.exe84⤵
-
\??\c:\rhdvpl.exec:\rhdvpl.exe85⤵
-
\??\c:\xljfptj.exec:\xljfptj.exe86⤵
-
\??\c:\xvrrd.exec:\xvrrd.exe87⤵
-
\??\c:\lxjpjv.exec:\lxjpjv.exe88⤵
-
\??\c:\drjvbj.exec:\drjvbj.exe89⤵
-
\??\c:\vxldlv.exec:\vxldlv.exe90⤵
-
\??\c:\hbhhh.exec:\hbhhh.exe91⤵
-
\??\c:\ttfnhd.exec:\ttfnhd.exe92⤵
-
\??\c:\tbnlltj.exec:\tbnlltj.exe93⤵
-
\??\c:\vrlfxh.exec:\vrlfxh.exe94⤵
-
\??\c:\npnrnvx.exec:\npnrnvx.exe95⤵
-
\??\c:\tfjrdvh.exec:\tfjrdvh.exe96⤵
-
\??\c:\xnfhjd.exec:\xnfhjd.exe97⤵
-
\??\c:\lxtfh.exec:\lxtfh.exe98⤵
-
\??\c:\bhppv.exec:\bhppv.exe99⤵
-
\??\c:\nntlb.exec:\nntlb.exe100⤵
-
\??\c:\fdxtdn.exec:\fdxtdn.exe101⤵
-
\??\c:\rtbrf.exec:\rtbrf.exe102⤵
-
\??\c:\fnffjtb.exec:\fnffjtb.exe103⤵
-
\??\c:\xxnln.exec:\xxnln.exe104⤵
-
\??\c:\ldddfbh.exec:\ldddfbh.exe105⤵
-
\??\c:\dvvnl.exec:\dvvnl.exe106⤵
-
\??\c:\tnxjjf.exec:\tnxjjf.exe107⤵
-
\??\c:\ltxntdx.exec:\ltxntdx.exe108⤵
-
\??\c:\xhhnlbj.exec:\xhhnlbj.exe109⤵
-
\??\c:\fpttt.exec:\fpttt.exe110⤵
-
\??\c:\vbxjl.exec:\vbxjl.exe111⤵
-
\??\c:\brjvxnt.exec:\brjvxnt.exe112⤵
-
\??\c:\pvllnj.exec:\pvllnj.exe113⤵
-
\??\c:\lvlth.exec:\lvlth.exe114⤵
-
\??\c:\nlnbhdb.exec:\nlnbhdb.exe115⤵
-
\??\c:\tnxhh.exec:\tnxhh.exe116⤵
-
\??\c:\dpdxl.exec:\dpdxl.exe117⤵
-
\??\c:\bpvllf.exec:\bpvllf.exe118⤵
-
\??\c:\hfhbhjx.exec:\hfhbhjx.exe119⤵
-
\??\c:\pvprnt.exec:\pvprnt.exe120⤵
-
\??\c:\pbbph.exec:\pbbph.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-