Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
02/11/2023, 21:00
General
-
Target
NEAS.317a44f40205f8008842a51e0d22d4d0_JC.exe
-
Size
176KB
-
MD5
317a44f40205f8008842a51e0d22d4d0
-
SHA1
864563b8b058f94773ca777b32ec98adc31e84c0
-
SHA256
867a8ebabb9d6cbb159f5ca022f0333ac5d9ee47e9a1321897db5a1e46957605
-
SHA512
aa06adecdddb185a4732875aecb2636ea9759bd0049a526c751d4c4c9ab87411d9df3fe3452a2e8a4b6ae400a81df3431cf14465110c9f718cb5d6d3b762744a
-
SSDEEP
3072:3hOmTsF93UYfwC6GIoutw8YcvrqrE66kropO6BWlPFH4tw1D4O:3cm4FmowdHoSzhraHcpOFltH4twl4O
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.317a44f40205f8008842a51e0d22d4d0_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.317a44f40205f8008842a51e0d22d4d0_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\h976e.exec:\h976e.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xu67u.exec:\xu67u.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mxweq0.exec:\mxweq0.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\133uc.exec:\133uc.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ue837d.exec:\ue837d.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\514j8.exec:\514j8.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\19v0l.exec:\19v0l.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d2vwu.exec:\d2vwu.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\77casu.exec:\77casu.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mwqe0.exec:\mwqe0.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\29mtdw.exec:\29mtdw.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r0flg6.exec:\r0flg6.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fs2xjg.exec:\9fs2xjg.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j168i.exec:\j168i.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\61919q.exec:\61919q.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k6rrh9.exec:\k6rrh9.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\sl1c197.exec:\sl1c197.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fs92c5.exec:\fs92c5.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nfdv11.exec:\nfdv11.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dk8ia.exec:\dk8ia.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8h8eo9.exec:\8h8eo9.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0l15i.exec:\0l15i.exe23⤵
- Executes dropped EXE
-
\??\c:\0og08.exec:\0og08.exe24⤵
- Executes dropped EXE
-
\??\c:\1go421n.exec:\1go421n.exe25⤵
- Executes dropped EXE
-
\??\c:\b6k82r.exec:\b6k82r.exe26⤵
- Executes dropped EXE
-
\??\c:\8kmwmi.exec:\8kmwmi.exe27⤵
- Executes dropped EXE
-
\??\c:\073wqwo.exec:\073wqwo.exe28⤵
- Executes dropped EXE
-
\??\c:\l8h9ig0.exec:\l8h9ig0.exe29⤵
- Executes dropped EXE
-
\??\c:\09j5h.exec:\09j5h.exe30⤵
- Executes dropped EXE
-
\??\c:\4qp4sp9.exec:\4qp4sp9.exe31⤵
- Executes dropped EXE
-
\??\c:\u4sbi6.exec:\u4sbi6.exe32⤵
- Executes dropped EXE
-
\??\c:\ovsw359.exec:\ovsw359.exe33⤵
- Executes dropped EXE
-
\??\c:\to0al3g.exec:\to0al3g.exe34⤵
- Executes dropped EXE
-
\??\c:\852o4l1.exec:\852o4l1.exe35⤵
- Executes dropped EXE
-
\??\c:\jc21q.exec:\jc21q.exe36⤵
- Executes dropped EXE
-
\??\c:\9m1w3.exec:\9m1w3.exe37⤵
- Executes dropped EXE
-
\??\c:\7aqw6pv.exec:\7aqw6pv.exe38⤵
- Executes dropped EXE
-
\??\c:\rg74115.exec:\rg74115.exe39⤵
- Executes dropped EXE
-
\??\c:\8c1391.exec:\8c1391.exe40⤵
- Executes dropped EXE
-
\??\c:\12d6s7.exec:\12d6s7.exe41⤵
- Executes dropped EXE
-
\??\c:\s4kkgko.exec:\s4kkgko.exe42⤵
- Executes dropped EXE
-
\??\c:\792ap.exec:\792ap.exe43⤵
- Executes dropped EXE
-
\??\c:\ew7430.exec:\ew7430.exe44⤵
- Executes dropped EXE
-
\??\c:\4r1h2q.exec:\4r1h2q.exe45⤵
- Executes dropped EXE
-
\??\c:\d3lp52u.exec:\d3lp52u.exe46⤵
- Executes dropped EXE
-
\??\c:\b5eu891.exec:\b5eu891.exe47⤵
- Executes dropped EXE
-
\??\c:\m84314.exec:\m84314.exe48⤵
- Executes dropped EXE
-
\??\c:\88p8g69.exec:\88p8g69.exe49⤵
- Executes dropped EXE
-
\??\c:\emh16bp.exec:\emh16bp.exe50⤵
- Executes dropped EXE
-
\??\c:\9a6k7.exec:\9a6k7.exe51⤵
- Executes dropped EXE
-
\??\c:\38wf4.exec:\38wf4.exe52⤵
- Executes dropped EXE
-
\??\c:\kl9sb.exec:\kl9sb.exe53⤵
- Executes dropped EXE
-
\??\c:\ua89110.exec:\ua89110.exe54⤵
- Executes dropped EXE
-
\??\c:\7ogg9io.exec:\7ogg9io.exe55⤵
- Executes dropped EXE
-
\??\c:\qi2hj8.exec:\qi2hj8.exe56⤵
- Executes dropped EXE
-
\??\c:\nll49.exec:\nll49.exe57⤵
- Executes dropped EXE
-
\??\c:\h3w59.exec:\h3w59.exe58⤵
- Executes dropped EXE
-
\??\c:\r8793t.exec:\r8793t.exe59⤵
- Executes dropped EXE
-
\??\c:\s2g38.exec:\s2g38.exe60⤵
- Executes dropped EXE
-
\??\c:\wtr8l.exec:\wtr8l.exe61⤵
- Executes dropped EXE
-
\??\c:\b1d67w.exec:\b1d67w.exe62⤵
- Executes dropped EXE
-
\??\c:\28b57q5.exec:\28b57q5.exe63⤵
-
\??\c:\7x44r7.exec:\7x44r7.exe64⤵
- Executes dropped EXE
-
\??\c:\h84v7.exec:\h84v7.exe65⤵
- Executes dropped EXE
-
\??\c:\f81lll.exec:\f81lll.exe66⤵
-
\??\c:\5d3d1t.exec:\5d3d1t.exe67⤵
-
\??\c:\19p5s.exec:\19p5s.exe68⤵
-
\??\c:\o87e3g.exec:\o87e3g.exe69⤵
-
\??\c:\i8nld.exec:\i8nld.exe70⤵
-
\??\c:\r82bdn6.exec:\r82bdn6.exe71⤵
-
\??\c:\p2k82n4.exec:\p2k82n4.exe72⤵
-
\??\c:\du3a58.exec:\du3a58.exe73⤵
-
\??\c:\180nvtq.exec:\180nvtq.exe74⤵
-
\??\c:\2dhc4.exec:\2dhc4.exe75⤵
-
\??\c:\5a636.exec:\5a636.exe76⤵
-
\??\c:\6ta08.exec:\6ta08.exe77⤵
-
\??\c:\6t1l9.exec:\6t1l9.exe78⤵
-
\??\c:\kmq2te.exec:\kmq2te.exe79⤵
-
\??\c:\x4l56.exec:\x4l56.exe80⤵
-
\??\c:\gkk14.exec:\gkk14.exe81⤵
-
\??\c:\v6v5h9w.exec:\v6v5h9w.exe82⤵
-
\??\c:\8e4u44.exec:\8e4u44.exe83⤵
-
\??\c:\r7eci9.exec:\r7eci9.exe84⤵
-
\??\c:\52tm607.exec:\52tm607.exe85⤵
-
\??\c:\10d1m.exec:\10d1m.exe86⤵
-
\??\c:\expg2.exec:\expg2.exe87⤵
-
\??\c:\333773.exec:\333773.exe88⤵
-
\??\c:\91an8.exec:\91an8.exe89⤵
-
\??\c:\i0a804.exec:\i0a804.exe90⤵
-
\??\c:\926lne8.exec:\926lne8.exe91⤵
-
\??\c:\lit7uem.exec:\lit7uem.exe92⤵
-
\??\c:\x3uj89.exec:\x3uj89.exe93⤵
-
\??\c:\op04d.exec:\op04d.exe94⤵
-
\??\c:\hr278s7.exec:\hr278s7.exe95⤵
-
\??\c:\obh1a.exec:\obh1a.exe96⤵
-
\??\c:\71s76d9.exec:\71s76d9.exe97⤵
-
\??\c:\p86d7u.exec:\p86d7u.exe98⤵
-
\??\c:\3b4k1e.exec:\3b4k1e.exe99⤵
-
\??\c:\i545aa.exec:\i545aa.exe100⤵
-
\??\c:\019m0.exec:\019m0.exe101⤵
-
\??\c:\4e283.exec:\4e283.exe102⤵
- Executes dropped EXE
-
\??\c:\7ae87p.exec:\7ae87p.exe103⤵
-
\??\c:\u0chm46.exec:\u0chm46.exe104⤵
-
\??\c:\8n7a70m.exec:\8n7a70m.exe105⤵
-
\??\c:\hx82pl.exec:\hx82pl.exe106⤵
-
\??\c:\802xxn.exec:\802xxn.exe107⤵
-
\??\c:\o9i30.exec:\o9i30.exe108⤵
-
\??\c:\fpi82.exec:\fpi82.exe109⤵
-
\??\c:\n2xd4o3.exec:\n2xd4o3.exe110⤵
-
\??\c:\16ni1ar.exec:\16ni1ar.exe111⤵
-
\??\c:\3d3p628.exec:\3d3p628.exe112⤵
-
\??\c:\8ddu75.exec:\8ddu75.exe113⤵
-
\??\c:\0tg22.exec:\0tg22.exe114⤵
-
\??\c:\xw7s55.exec:\xw7s55.exe115⤵
-
\??\c:\r4humwl.exec:\r4humwl.exe116⤵
-
\??\c:\85635.exec:\85635.exe117⤵
-
\??\c:\0j0v6e.exec:\0j0v6e.exe118⤵
-
\??\c:\af7kb.exec:\af7kb.exe119⤵
-
\??\c:\51299n.exec:\51299n.exe120⤵
-
\??\c:\2frv8.exec:\2frv8.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-