Analysis
-
max time kernel
101s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
01/11/2023, 14:20
General
-
Target
NEAS.cf504052d1e3389d486926a6980c1c60.exe
-
Size
133KB
-
MD5
cf504052d1e3389d486926a6980c1c60
-
SHA1
b55af8e29681448418671629ae3986c3d65c86f7
-
SHA256
f5989548553ba1ce86b28c2687c726570918183198f7ca63733fac5b35cad64a
-
SHA512
ee70aa254c893ade9d1711872ee9bb26dab1615cbd2bc4a7800bedfc0e6ed024a19a3b5e0362bef126b0bb56f55768ceaf1944663f6ae3c56bfaba875409b593
-
SSDEEP
3072:9hOmTsF93UYfwC6GIoutz5yLpcgDE4J/CyCB2y:9cm4FmowdHoS4/8Qy
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.cf504052d1e3389d486926a6980c1c60.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.cf504052d1e3389d486926a6980c1c60.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fprjd.exec:\fprjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrvbbpr.exec:\vrvbbpr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbrpr.exec:\ntbrpr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvnrd.exec:\vvnrd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llpfd.exec:\llpfd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnlfjx.exec:\bnlfjx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttt.exec:\hbttt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvhtt.exec:\jjvhtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvxhnv.exec:\jdvxhnv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lvtvhhh.exec:\lvtvhhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rvdrd.exec:\rvdrd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jfvntd.exec:\jfvntd.exe13⤵
-
\??\c:\fljxh.exec:\fljxh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\brxljpj.exec:\brxljpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bptvb.exec:\bptvb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxttf.exec:\pxttf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjpxrp.exec:\fjpxrp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhtbrd.exec:\rhtbrd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jtbff.exec:\jtbff.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\dbtlrjd.exec:\dbtlrjd.exe5⤵
- Executes dropped EXE
-
-
-
-
-
\??\c:\pljxxr.exec:\pljxxr.exe1⤵
- Executes dropped EXE
-
\??\c:\djvbv.exec:\djvbv.exe2⤵
- Executes dropped EXE
-
-
\??\c:\dndhn.exec:\dndhn.exe1⤵
- Executes dropped EXE
-
\??\c:\pffdpl.exec:\pffdpl.exe2⤵
- Executes dropped EXE
-
-
\??\c:\lpxltrn.exec:\lpxltrn.exe1⤵
- Executes dropped EXE
-
\??\c:\xjhdrvd.exec:\xjhdrvd.exe2⤵
- Executes dropped EXE
-
-
\??\c:\txlhr.exec:\txlhr.exe1⤵
- Executes dropped EXE
-
\??\c:\pxnjx.exec:\pxnjx.exe2⤵
- Executes dropped EXE
-
\??\c:\bfhvd.exec:\bfhvd.exe3⤵
- Executes dropped EXE
-
-
-
\??\c:\hhlpvdt.exec:\hhlpvdt.exe1⤵
- Executes dropped EXE
-
\??\c:\ddrhtb.exec:\ddrhtb.exe2⤵
- Executes dropped EXE
-
-
\??\c:\jtbptdj.exec:\jtbptdj.exe1⤵
- Executes dropped EXE
-
\??\c:\rfblxxt.exec:\rfblxxt.exe2⤵
- Executes dropped EXE
-
\??\c:\fthxfln.exec:\fthxfln.exe3⤵
- Executes dropped EXE
-
\??\c:\rhlvj.exec:\rhlvj.exe4⤵
- Executes dropped EXE
-
\??\c:\nrrtt.exec:\nrrtt.exe5⤵
- Executes dropped EXE
-
-
-
-
-
\??\c:\fdnlhl.exec:\fdnlhl.exe1⤵
- Executes dropped EXE
-
\??\c:\tjnpbpl.exec:\tjnpbpl.exe2⤵
- Executes dropped EXE
-
\??\c:\jrvdrtn.exec:\jrvdrtn.exe3⤵
- Executes dropped EXE
-
\??\c:\htldpp.exec:\htldpp.exe4⤵
- Executes dropped EXE
-
-
-
-
\??\c:\xrdhbl.exec:\xrdhbl.exe1⤵
- Executes dropped EXE
-
\??\c:\jpbpf.exec:\jpbpf.exe2⤵
- Executes dropped EXE
-
-
\??\c:\ldhrx.exec:\ldhrx.exe1⤵
- Executes dropped EXE
-
\??\c:\hdxxdfx.exec:\hdxxdfx.exe2⤵
- Executes dropped EXE
-
\??\c:\nlplxt.exec:\nlplxt.exe3⤵
- Executes dropped EXE
-
\??\c:\xxtxd.exec:\xxtxd.exe4⤵
- Executes dropped EXE
-
\??\c:\drphhr.exec:\drphhr.exe5⤵
- Executes dropped EXE
-
\??\c:\fbprhn.exec:\fbprhn.exe6⤵
- Executes dropped EXE
-
\??\c:\npphvfp.exec:\npphvfp.exe7⤵
- Executes dropped EXE
-
\??\c:\hbxfdt.exec:\hbxfdt.exe8⤵
-
\??\c:\nrxdtf.exec:\nrxdtf.exe9⤵
-
\??\c:\xvdtddf.exec:\xvdtddf.exe10⤵
-
\??\c:\trthr.exec:\trthr.exe11⤵
-
\??\c:\rvhnlbj.exec:\rvhnlbj.exe12⤵
-
\??\c:\tlhnnv.exec:\tlhnnv.exe13⤵
-
\??\c:\dxtjbpv.exec:\dxtjbpv.exe14⤵
-
\??\c:\vnjbpnv.exec:\vnjbpnv.exe15⤵
-
\??\c:\npnbr.exec:\npnbr.exe16⤵
-
\??\c:\fnndfxd.exec:\fnndfxd.exe17⤵
-
\??\c:\ttbdvjt.exec:\ttbdvjt.exe18⤵
-
\??\c:\rxjnjh.exec:\rxjnjh.exe19⤵
-
\??\c:\rjdjpvx.exec:\rjdjpvx.exe20⤵
-
\??\c:\lfxhddb.exec:\lfxhddb.exe21⤵
-
\??\c:\jhndb.exec:\jhndb.exe22⤵
-
\??\c:\jlppt.exec:\jlppt.exe23⤵
-
\??\c:\btrnx.exec:\btrnx.exe24⤵
-
\??\c:\njrpfd.exec:\njrpfd.exe25⤵
-
\??\c:\lxtfpbx.exec:\lxtfpbx.exe26⤵
-
\??\c:\xvfltld.exec:\xvfltld.exe27⤵
-
\??\c:\pxnrlx.exec:\pxnrlx.exe28⤵
-
\??\c:\tdnth.exec:\tdnth.exe29⤵
-
\??\c:\trvtdbv.exec:\trvtdbv.exe30⤵
-
\??\c:\lddjfb.exec:\lddjfb.exe31⤵
-
\??\c:\lptlff.exec:\lptlff.exe32⤵
-
\??\c:\ndjltjx.exec:\ndjltjx.exe33⤵
-
\??\c:\xbnbl.exec:\xbnbl.exe34⤵
-
\??\c:\ldlltpn.exec:\ldlltpn.exe35⤵
-
\??\c:\vjxlvp.exec:\vjxlvp.exe36⤵
-
\??\c:\xjvphxr.exec:\xjvphxr.exe37⤵
-
\??\c:\tpbrjp.exec:\tpbrjp.exe38⤵
-
\??\c:\hhhnvx.exec:\hhhnvx.exe39⤵
-
\??\c:\tnffpjr.exec:\tnffpjr.exe40⤵
-
\??\c:\xjlhx.exec:\xjlhx.exe41⤵
-
\??\c:\hvbfb.exec:\hvbfb.exe42⤵
-
\??\c:\rjhlpxd.exec:\rjhlpxd.exe43⤵
-
\??\c:\hrdxfbx.exec:\hrdxfbx.exe44⤵
-
\??\c:\drbrhp.exec:\drbrhp.exe45⤵
-
\??\c:\txhvb.exec:\txhvb.exe46⤵
-
\??\c:\nlxbn.exec:\nlxbn.exe47⤵
-
\??\c:\hprljv.exec:\hprljv.exe48⤵
-
\??\c:\rxbdl.exec:\rxbdl.exe49⤵
-
\??\c:\fnjvt.exec:\fnjvt.exe50⤵
-
\??\c:\fbhvtp.exec:\fbhvtp.exe51⤵
-
\??\c:\vdhdf.exec:\vdhdf.exe52⤵
-
\??\c:\xtjnd.exec:\xtjnd.exe53⤵
-
\??\c:\xvddtlr.exec:\xvddtlr.exe54⤵
-
\??\c:\bjrdtd.exec:\bjrdtd.exe55⤵
-
\??\c:\xtpdp.exec:\xtpdp.exe56⤵
-
\??\c:\nljdb.exec:\nljdb.exe57⤵
-
\??\c:\npdnprj.exec:\npdnprj.exe58⤵
-
\??\c:\htnjjr.exec:\htnjjr.exe59⤵
-
\??\c:\hpbffn.exec:\hpbffn.exe60⤵
-
\??\c:\nvnjd.exec:\nvnjd.exe61⤵
-
\??\c:\rnplj.exec:\rnplj.exe62⤵
-
\??\c:\rtvpdvl.exec:\rtvpdvl.exe63⤵
-
\??\c:\rtppdhh.exec:\rtppdhh.exe64⤵
-
\??\c:\nxrbtd.exec:\nxrbtd.exe65⤵
-
\??\c:\dpvhtdn.exec:\dpvhtdn.exe66⤵
-
\??\c:\xvtvpnx.exec:\xvtvpnx.exe67⤵
-
\??\c:\pxtvv.exec:\pxtvv.exe68⤵
-
\??\c:\rxbbh.exec:\rxbbh.exe69⤵
-
\??\c:\tflbxd.exec:\tflbxd.exe70⤵
-
\??\c:\bnfrpln.exec:\bnfrpln.exe71⤵
-
\??\c:\fdxxbx.exec:\fdxxbx.exe72⤵
-
\??\c:\vhddbll.exec:\vhddbll.exe73⤵
-
\??\c:\dpldrdb.exec:\dpldrdb.exe74⤵
-
\??\c:\fxbrxt.exec:\fxbrxt.exe75⤵
-
\??\c:\tjhdhpp.exec:\tjhdhpp.exe76⤵
-
\??\c:\vrvjh.exec:\vrvjh.exe77⤵
-
\??\c:\bnnphnr.exec:\bnnphnr.exe78⤵
-
\??\c:\lbnrlv.exec:\lbnrlv.exe79⤵
-
\??\c:\ltdhnhr.exec:\ltdhnhr.exe80⤵
-
\??\c:\bpddtvf.exec:\bpddtvf.exe81⤵
-
\??\c:\jnjxv.exec:\jnjxv.exe82⤵
-
\??\c:\vfbxtf.exec:\vfbxtf.exe83⤵
-
\??\c:\vhxjbj.exec:\vhxjbj.exe84⤵
-
\??\c:\vdjvbvt.exec:\vdjvbvt.exe85⤵
-
\??\c:\lhddpr.exec:\lhddpr.exe86⤵
-
\??\c:\brhtxl.exec:\brhtxl.exe87⤵
-
\??\c:\hbdvf.exec:\hbdvf.exe88⤵
-
\??\c:\bxlxftn.exec:\bxlxftn.exe89⤵
-
\??\c:\xnthpxt.exec:\xnthpxt.exe90⤵
-
\??\c:\tvxvdfh.exec:\tvxvdfh.exe91⤵
-
\??\c:\tljnlt.exec:\tljnlt.exe92⤵
-
\??\c:\dvpfv.exec:\dvpfv.exe93⤵
-
\??\c:\bdbrt.exec:\bdbrt.exe94⤵
-
\??\c:\lvppt.exec:\lvppt.exe95⤵
-
\??\c:\bnvhlbx.exec:\bnvhlbx.exe96⤵
-
\??\c:\dtbdvpn.exec:\dtbdvpn.exe97⤵
-
\??\c:\prplt.exec:\prplt.exe98⤵
-
\??\c:\djpjt.exec:\djpjt.exe99⤵
-
\??\c:\jhrpfnl.exec:\jhrpfnl.exe100⤵
-
\??\c:\vxnpj.exec:\vxnpj.exe101⤵
-
\??\c:\xljrjb.exec:\xljrjb.exe102⤵
-
\??\c:\bhrjvvd.exec:\bhrjvvd.exe103⤵
-
\??\c:\jdvbx.exec:\jdvbx.exe104⤵
-
\??\c:\ddpdxnr.exec:\ddpdxnr.exe105⤵
-
\??\c:\fjjfjnh.exec:\fjjfjnh.exe106⤵
-
\??\c:\bltjxr.exec:\bltjxr.exe107⤵
-
\??\c:\xtfjtbp.exec:\xtfjtbp.exe108⤵
-
\??\c:\hdxhj.exec:\hdxhj.exe109⤵
-
\??\c:\xdvrhf.exec:\xdvrhf.exe110⤵
-
\??\c:\xjdlbxt.exec:\xjdlbxt.exe111⤵
-
\??\c:\ttxbp.exec:\ttxbp.exe112⤵
-
\??\c:\jbllb.exec:\jbllb.exe113⤵
-
\??\c:\rjbfppr.exec:\rjbfppr.exe114⤵
-
\??\c:\pfjdl.exec:\pfjdl.exe115⤵
-
\??\c:\bttdt.exec:\bttdt.exe116⤵
-
\??\c:\pvrthb.exec:\pvrthb.exe117⤵
-
\??\c:\tnndjx.exec:\tnndjx.exe118⤵
-
\??\c:\tnpdnnr.exec:\tnpdnnr.exe119⤵
-
\??\c:\xhbtnx.exec:\xhbtnx.exe120⤵
-
\??\c:\fvjrpnl.exec:\fvjrpnl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-