Analysis
-
max time kernel
182s -
max time network
197s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
03/11/2023, 01:29
General
-
Target
NEAS.a7c3285aeb7db9d478978198d0e77af0_JC.exe
-
Size
85KB
-
MD5
a7c3285aeb7db9d478978198d0e77af0
-
SHA1
75c5b1095c3de45cedf67514b68d7c1382dedb69
-
SHA256
0909e1efab0b689ce23fdb8f41561cff2f5d50a45bdf0a3249a38784f843d5a2
-
SHA512
20cb7f4eb992be2f1140c5ad028145de792538624b1b940354c8fac8d7d3e8786fb0b4d4842b0792e9b0ba1816577e22434fd82f74b9277b249ed214240832b0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rvV:ymb3NkkiQ3mdBjFo73PYP1lri3K8bV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.a7c3285aeb7db9d478978198d0e77af0_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.a7c3285aeb7db9d478978198d0e77af0_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5k357h.exec:\5k357h.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vlkskj.exec:\vlkskj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\98dls6.exec:\98dls6.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\317m2q3.exec:\317m2q3.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9iti89.exec:\9iti89.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u59092.exec:\u59092.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\68mb4c.exec:\68mb4c.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2t00t0.exec:\2t00t0.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i611k.exec:\i611k.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f6r2k.exec:\f6r2k.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\011fi.exec:\011fi.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9926j2.exec:\9926j2.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tkh5u.exec:\tkh5u.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4s75g2e.exec:\4s75g2e.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q1c48kx.exec:\q1c48kx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\277vdw.exec:\277vdw.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x6vc27u.exec:\x6vc27u.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n816c.exec:\n816c.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s7mc11j.exec:\s7mc11j.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v2062.exec:\v2062.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1cn8331.exec:\1cn8331.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\675jf16.exec:\675jf16.exe23⤵
- Executes dropped EXE
-
\??\c:\8n3p2.exec:\8n3p2.exe24⤵
- Executes dropped EXE
-
\??\c:\6f0ek9.exec:\6f0ek9.exe25⤵
- Executes dropped EXE
-
\??\c:\wj8d337.exec:\wj8d337.exe26⤵
- Executes dropped EXE
-
\??\c:\rxlsg6.exec:\rxlsg6.exe27⤵
- Executes dropped EXE
-
\??\c:\0080046.exec:\0080046.exe28⤵
- Executes dropped EXE
-
\??\c:\o1397r.exec:\o1397r.exe29⤵
- Executes dropped EXE
-
\??\c:\t7730.exec:\t7730.exe30⤵
- Executes dropped EXE
-
\??\c:\d91i545.exec:\d91i545.exe31⤵
- Executes dropped EXE
-
\??\c:\4q72q.exec:\4q72q.exe32⤵
- Executes dropped EXE
-
\??\c:\4oqni32.exec:\4oqni32.exe33⤵
- Executes dropped EXE
-
\??\c:\u684uc.exec:\u684uc.exe34⤵
- Executes dropped EXE
-
\??\c:\3n175d.exec:\3n175d.exe35⤵
- Executes dropped EXE
-
\??\c:\47ok8l.exec:\47ok8l.exe36⤵
- Executes dropped EXE
-
\??\c:\u17qs5.exec:\u17qs5.exe37⤵
- Executes dropped EXE
-
\??\c:\bb2rj.exec:\bb2rj.exe38⤵
- Executes dropped EXE
-
\??\c:\h736ci.exec:\h736ci.exe39⤵
- Executes dropped EXE
-
\??\c:\5t7j87.exec:\5t7j87.exe40⤵
- Executes dropped EXE
-
\??\c:\c7k7hr.exec:\c7k7hr.exe41⤵
- Executes dropped EXE
-
\??\c:\cf386.exec:\cf386.exe42⤵
- Executes dropped EXE
-
\??\c:\2848462.exec:\2848462.exe43⤵
- Executes dropped EXE
-
\??\c:\1mmq96.exec:\1mmq96.exe44⤵
- Executes dropped EXE
-
\??\c:\1390iq.exec:\1390iq.exe45⤵
- Executes dropped EXE
-
\??\c:\7whim.exec:\7whim.exe46⤵
- Executes dropped EXE
-
\??\c:\1rps9.exec:\1rps9.exe47⤵
- Executes dropped EXE
-
\??\c:\f91i5c.exec:\f91i5c.exe48⤵
- Executes dropped EXE
-
\??\c:\k0lcum.exec:\k0lcum.exe49⤵
- Executes dropped EXE
-
\??\c:\hp0h568.exec:\hp0h568.exe50⤵
- Executes dropped EXE
-
\??\c:\0w4311l.exec:\0w4311l.exe51⤵
- Executes dropped EXE
-
\??\c:\taec3oo.exec:\taec3oo.exe52⤵
- Executes dropped EXE
-
\??\c:\h6s0q0.exec:\h6s0q0.exe53⤵
- Executes dropped EXE
-
\??\c:\522sw.exec:\522sw.exe54⤵
- Executes dropped EXE
-
\??\c:\l10140.exec:\l10140.exe55⤵
- Executes dropped EXE
-
\??\c:\1gm09.exec:\1gm09.exe56⤵
- Executes dropped EXE
-
\??\c:\8q37neh.exec:\8q37neh.exe57⤵
- Executes dropped EXE
-
\??\c:\33e52.exec:\33e52.exe58⤵
- Executes dropped EXE
-
\??\c:\x60ba00.exec:\x60ba00.exe59⤵
- Executes dropped EXE
-
\??\c:\db96n8.exec:\db96n8.exe60⤵
- Executes dropped EXE
-
\??\c:\303m0oa.exec:\303m0oa.exe61⤵
- Executes dropped EXE
-
\??\c:\b8w85pw.exec:\b8w85pw.exe62⤵
- Executes dropped EXE
-
\??\c:\14h98c.exec:\14h98c.exe63⤵
- Executes dropped EXE
-
\??\c:\3xccrbq.exec:\3xccrbq.exe64⤵
- Executes dropped EXE
-
\??\c:\iq7i59l.exec:\iq7i59l.exe65⤵
- Executes dropped EXE
-
\??\c:\526917a.exec:\526917a.exe66⤵
-
\??\c:\992h3.exec:\992h3.exe67⤵
-
\??\c:\vuic888.exec:\vuic888.exe68⤵
-
\??\c:\0ii21r.exec:\0ii21r.exe69⤵
-
\??\c:\6413497.exec:\6413497.exe70⤵
-
\??\c:\698nt6.exec:\698nt6.exe71⤵
-
\??\c:\wm527s.exec:\wm527s.exe72⤵
-
\??\c:\duivk.exec:\duivk.exe73⤵
-
\??\c:\ttee23c.exec:\ttee23c.exe74⤵
-
\??\c:\6d9ff2.exec:\6d9ff2.exe75⤵
-
\??\c:\n07od.exec:\n07od.exe76⤵
-
\??\c:\914u4.exec:\914u4.exe77⤵
-
\??\c:\7mu3o.exec:\7mu3o.exe78⤵
-
\??\c:\owb7n.exec:\owb7n.exe79⤵
-
\??\c:\q29wqeu.exec:\q29wqeu.exe80⤵
-
\??\c:\l2m378k.exec:\l2m378k.exe81⤵
-
\??\c:\227b7i.exec:\227b7i.exe82⤵
-
\??\c:\qqh12.exec:\qqh12.exe83⤵
-
\??\c:\1b74s3.exec:\1b74s3.exe84⤵
-
\??\c:\97aogg1.exec:\97aogg1.exe85⤵
-
\??\c:\1l3u745.exec:\1l3u745.exe86⤵
-
\??\c:\89x1i8.exec:\89x1i8.exe87⤵
-
\??\c:\k2hhv.exec:\k2hhv.exe88⤵
-
\??\c:\qufl0lg.exec:\qufl0lg.exe89⤵
-
\??\c:\h81r8.exec:\h81r8.exe90⤵
-
\??\c:\67s863s.exec:\67s863s.exe91⤵
-
\??\c:\4oit9.exec:\4oit9.exe92⤵
-
\??\c:\625fr.exec:\625fr.exe93⤵
-
\??\c:\k26qw5.exec:\k26qw5.exe94⤵
-
\??\c:\87dr2.exec:\87dr2.exe95⤵
-
\??\c:\9r40x0.exec:\9r40x0.exe96⤵
-
\??\c:\lfmv5pk.exec:\lfmv5pk.exe97⤵
-
\??\c:\7g1qq.exec:\7g1qq.exe98⤵
-
\??\c:\872f7.exec:\872f7.exe99⤵
-
\??\c:\h247ag.exec:\h247ag.exe100⤵
-
\??\c:\03s055.exec:\03s055.exe101⤵
-
\??\c:\n4t98ir.exec:\n4t98ir.exe102⤵
-
\??\c:\ox4aq3.exec:\ox4aq3.exe103⤵
-
\??\c:\6itcr.exec:\6itcr.exe104⤵
-
\??\c:\0r6amc.exec:\0r6amc.exe105⤵
-
\??\c:\2ui3i.exec:\2ui3i.exe106⤵
-
\??\c:\qkeorx.exec:\qkeorx.exe107⤵
-
\??\c:\drl2ke5.exec:\drl2ke5.exe108⤵
-
\??\c:\9inxi.exec:\9inxi.exe109⤵
-
\??\c:\758ge.exec:\758ge.exe110⤵
-
\??\c:\7okis.exec:\7okis.exe111⤵
-
\??\c:\o162c0a.exec:\o162c0a.exe112⤵
-
\??\c:\uii6g9.exec:\uii6g9.exe113⤵
-
\??\c:\k44l5c8.exec:\k44l5c8.exe114⤵
-
\??\c:\1g566.exec:\1g566.exe115⤵
-
\??\c:\2qwx9.exec:\2qwx9.exe116⤵
-
\??\c:\wswqom.exec:\wswqom.exe117⤵
-
\??\c:\aoi1p9.exec:\aoi1p9.exe118⤵
-
\??\c:\3o5m2.exec:\3o5m2.exe119⤵
-
\??\c:\13g22d0.exec:\13g22d0.exe120⤵
-
\??\c:\j43f13.exec:\j43f13.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-