Analysis
-
max time kernel
101s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
17/11/2023, 05:18
General
-
Target
NEAS.6ee9e5e3fb9b92125a60e50be5ee91f0.exe
-
Size
438KB
-
MD5
6ee9e5e3fb9b92125a60e50be5ee91f0
-
SHA1
2f1301d36a321e8a225e64bc939572a6f4cf5b7b
-
SHA256
42d3d779220e23514ca2b75270f73037b35749f1683b1c89f16420f59d803cf3
-
SHA512
aa841c6c03c3901e851909bf0315511591b2246b93b82a5f409b017bdb6519aeeaeded1847093aa12effaa57bbc2425f2f0c891d53da17dbe9e30aa096fb3065
-
SSDEEP
12288:w4wFHoS9KxbNnidEhjEJd1kNpeUgI95yRoZHVaoJMOxFXnRV4PiGO0hUmHY:kKxbNndhjEJd1kNpeUgI95yRoZHgoJMO
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Malware Backdoor - Berbew 64 IoCs
Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.6ee9e5e3fb9b92125a60e50be5ee91f0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.6ee9e5e3fb9b92125a60e50be5ee91f0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjnlph.exec:\pjnlph.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvfrfbx.exec:\dvfrfbx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvdtr.exec:\hvdtr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fhdhltl.exec:\fhdhltl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bjnbxpt.exec:\bjnbxpt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjdpvt.exec:\tjdpvt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhnlp.exec:\rhnlp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jlfvbnb.exec:\jlfvbnb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nvrtp.exec:\nvrtp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nrdrvx.exec:\nrdrvx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nlplh.exec:\nlplh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rjffv.exec:\rjffv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\lplpx.exec:\lplpx.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xldhjpd.exec:\xldhjpd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\txxvb.exec:\txxvb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
\??\c:\trhpvjp.exec:\trhpvjp.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbhndvf.exec:\rbhndvf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbdvph.exec:\rbdvph.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fdbxv.exec:\fdbxv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxvlnlj.exec:\rxvlnlj.exe5⤵
- Executes dropped EXE
-
\??\c:\hxvdv.exec:\hxvdv.exe6⤵
- Executes dropped EXE
-
\??\c:\xvflhnp.exec:\xvflhnp.exe7⤵
- Executes dropped EXE
-
-
-
-
-
-
-
\??\c:\lpprlx.exec:\lpprlx.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dljnj.exec:\dljnj.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdhhbh.exec:\bdhhbh.exe1⤵
- Executes dropped EXE
-
\??\c:\xvxxvfv.exec:\xvxxvfv.exe2⤵
- Executes dropped EXE
-
\??\c:\bjbllld.exec:\bjbllld.exe3⤵
- Executes dropped EXE
-
\??\c:\dfvbr.exec:\dfvbr.exe4⤵
- Executes dropped EXE
-
\??\c:\lntxxf.exec:\lntxxf.exe5⤵
- Executes dropped EXE
-
\??\c:\pblbttb.exec:\pblbttb.exe6⤵
- Executes dropped EXE
-
\??\c:\nndfl.exec:\nndfl.exe7⤵
- Executes dropped EXE
-
\??\c:\nftbrb.exec:\nftbrb.exe8⤵
- Executes dropped EXE
-
\??\c:\bbbfb.exec:\bbbfb.exe9⤵
- Executes dropped EXE
-
\??\c:\prjrb.exec:\prjrb.exe10⤵
- Executes dropped EXE
-
\??\c:\bfltdtd.exec:\bfltdtd.exe11⤵
- Executes dropped EXE
-
\??\c:\rhlhd.exec:\rhlhd.exe12⤵
- Executes dropped EXE
-
\??\c:\rlxprbv.exec:\rlxprbv.exe13⤵
- Executes dropped EXE
-
\??\c:\prdxvhl.exec:\prdxvhl.exe14⤵
- Executes dropped EXE
-
\??\c:\lxtxlrj.exec:\lxtxlrj.exe15⤵
- Executes dropped EXE
-
\??\c:\jhhxvpt.exec:\jhhxvpt.exe16⤵
- Executes dropped EXE
-
\??\c:\tthffjd.exec:\tthffjd.exe17⤵
- Executes dropped EXE
-
\??\c:\hlpnljx.exec:\hlpnljx.exe18⤵
- Executes dropped EXE
-
\??\c:\vtxlxff.exec:\vtxlxff.exe19⤵
- Executes dropped EXE
-
\??\c:\dnflxfn.exec:\dnflxfn.exe20⤵
- Executes dropped EXE
-
\??\c:\tnhpfd.exec:\tnhpfd.exe21⤵
- Executes dropped EXE
-
\??\c:\rjptlx.exec:\rjptlx.exe22⤵
-
\??\c:\njdxhpx.exec:\njdxhpx.exe23⤵
-
\??\c:\lnpxrd.exec:\lnpxrd.exe24⤵
-
\??\c:\dphrlfh.exec:\dphrlfh.exe25⤵
- Executes dropped EXE
-
\??\c:\rjvflnx.exec:\rjvflnx.exe26⤵
- Executes dropped EXE
-
\??\c:\lrjbrp.exec:\lrjbrp.exe27⤵
- Executes dropped EXE
-
\??\c:\xfjhhph.exec:\xfjhhph.exe28⤵
- Executes dropped EXE
-
\??\c:\xfxppx.exec:\xfxppx.exe29⤵
- Executes dropped EXE
-
\??\c:\nvtvlf.exec:\nvtvlf.exe30⤵
- Executes dropped EXE
-
\??\c:\lvttnd.exec:\lvttnd.exe31⤵
- Executes dropped EXE
-
\??\c:\ljhrl.exec:\ljhrl.exe32⤵
- Executes dropped EXE
-
\??\c:\hppjr.exec:\hppjr.exe33⤵
-
\??\c:\xpfpht.exec:\xpfpht.exe34⤵
-
\??\c:\lhbhvh.exec:\lhbhvh.exe35⤵
- Executes dropped EXE
-
\??\c:\jrbrxjd.exec:\jrbrxjd.exe36⤵
-
\??\c:\fnvbdx.exec:\fnvbdx.exe37⤵
- Executes dropped EXE
-
\??\c:\hrjjb.exec:\hrjjb.exe38⤵
- Executes dropped EXE
-
\??\c:\rtxxbhr.exec:\rtxxbhr.exe39⤵
- Executes dropped EXE
-
\??\c:\dxbhxj.exec:\dxbhxj.exe40⤵
- Executes dropped EXE
-
\??\c:\jvvbxnt.exec:\jvvbxnt.exe41⤵
-
\??\c:\htjvrhn.exec:\htjvrhn.exe42⤵
-
\??\c:\tpdnrx.exec:\tpdnrx.exe43⤵
-
\??\c:\drtdn.exec:\drtdn.exe44⤵
-
\??\c:\llxnj.exec:\llxnj.exe45⤵
-
\??\c:\rhhlxxh.exec:\rhhlxxh.exe46⤵
-
\??\c:\vtlxnb.exec:\vtlxnb.exe47⤵
-
\??\c:\lbpbbdb.exec:\lbpbbdb.exe48⤵
-
\??\c:\fhxltll.exec:\fhxltll.exe49⤵
-
\??\c:\bprrt.exec:\bprrt.exe50⤵
-
\??\c:\vrhttj.exec:\vrhttj.exe51⤵
-
\??\c:\lpphffb.exec:\lpphffb.exe52⤵
-
\??\c:\lnfppll.exec:\lnfppll.exe53⤵
-
\??\c:\jtjppf.exec:\jtjppf.exe54⤵
-
\??\c:\ltllxrr.exec:\ltllxrr.exe55⤵
-
\??\c:\rdjlhx.exec:\rdjlhx.exe56⤵
-
\??\c:\fdlpnp.exec:\fdlpnp.exe57⤵
-
\??\c:\llhxp.exec:\llhxp.exe58⤵
-
\??\c:\ddpbl.exec:\ddpbl.exe59⤵
-
\??\c:\rvxdhv.exec:\rvxdhv.exe60⤵
-
\??\c:\rhnll.exec:\rhnll.exe61⤵
-
\??\c:\xpvrjd.exec:\xpvrjd.exe62⤵
-
\??\c:\fnxrjv.exec:\fnxrjv.exe63⤵
-
\??\c:\bbddd.exec:\bbddd.exe64⤵
-
\??\c:\rtfxp.exec:\rtfxp.exe65⤵
-
\??\c:\lxnlvvp.exec:\lxnlvvp.exe66⤵
-
\??\c:\xdnnj.exec:\xdnnj.exe67⤵
-
\??\c:\njtpv.exec:\njtpv.exe68⤵
- Executes dropped EXE
-
\??\c:\dftlx.exec:\dftlx.exe69⤵
- Executes dropped EXE
-
\??\c:\rtdrf.exec:\rtdrf.exe70⤵
- Executes dropped EXE
-
\??\c:\hfnxhb.exec:\hfnxhb.exe71⤵
-
\??\c:\ptnvnh.exec:\ptnvnh.exe72⤵
-
\??\c:\phnjnp.exec:\phnjnp.exe73⤵
-
\??\c:\hdjrtdl.exec:\hdjrtdl.exe74⤵
-
\??\c:\dhhlbjl.exec:\dhhlbjl.exe75⤵
-
\??\c:\btxxr.exec:\btxxr.exe76⤵
-
\??\c:\dxbdvjt.exec:\dxbdvjt.exe77⤵
-
\??\c:\jbvbll.exec:\jbvbll.exe78⤵
-
\??\c:\xhltn.exec:\xhltn.exe79⤵
- Executes dropped EXE
-
\??\c:\hrvphrf.exec:\hrvphrf.exe80⤵
- Executes dropped EXE
-
\??\c:\bbjprb.exec:\bbjprb.exe81⤵
-
\??\c:\lhtdt.exec:\lhtdt.exe82⤵
- Executes dropped EXE
-
\??\c:\bvrjx.exec:\bvrjx.exe83⤵
-
\??\c:\xtrjx.exec:\xtrjx.exe84⤵
-
\??\c:\blttt.exec:\blttt.exe85⤵
-
\??\c:\fpldlld.exec:\fpldlld.exe86⤵
-
\??\c:\lnlbth.exec:\lnlbth.exe87⤵
-
\??\c:\xftvflj.exec:\xftvflj.exe88⤵
-
\??\c:\fxrvv.exec:\fxrvv.exe89⤵
-
\??\c:\lvjdf.exec:\lvjdf.exe90⤵
-
\??\c:\hvhpfl.exec:\hvhpfl.exe91⤵
-
\??\c:\ntjvrpx.exec:\ntjvrpx.exe92⤵
-
\??\c:\jvdhxx.exec:\jvdhxx.exe93⤵
-
\??\c:\bfflf.exec:\bfflf.exe94⤵
-
\??\c:\bvljj.exec:\bvljj.exe95⤵
-
\??\c:\ddxttbj.exec:\ddxttbj.exe96⤵
-
\??\c:\jvppn.exec:\jvppn.exe97⤵
-
\??\c:\hpjjb.exec:\hpjjb.exe98⤵
-
\??\c:\drxxlvb.exec:\drxxlvb.exe99⤵
-
\??\c:\rtlrpvx.exec:\rtlrpvx.exe100⤵
-
\??\c:\dpnbjxr.exec:\dpnbjxr.exe101⤵
-
\??\c:\vjrrfpx.exec:\vjrrfpx.exe102⤵
-
\??\c:\llxvhp.exec:\llxvhp.exe103⤵
-
\??\c:\jbxjbnh.exec:\jbxjbnh.exe104⤵
-
\??\c:\rvxlr.exec:\rvxlr.exe105⤵
-
\??\c:\jtbpj.exec:\jtbpj.exe106⤵
-
\??\c:\hjfvln.exec:\hjfvln.exe107⤵
-
\??\c:\hhdrb.exec:\hhdrb.exe108⤵
-
\??\c:\rrxtdb.exec:\rrxtdb.exe109⤵
-
\??\c:\fllnlv.exec:\fllnlv.exe110⤵
-
\??\c:\rjhtbj.exec:\rjhtbj.exe111⤵
-
\??\c:\njphpp.exec:\njphpp.exe112⤵
-
\??\c:\tbxfrn.exec:\tbxfrn.exe113⤵
-
\??\c:\rpptln.exec:\rpptln.exe114⤵
-
\??\c:\pfvlpdl.exec:\pfvlpdl.exe115⤵
-
\??\c:\htpjnd.exec:\htpjnd.exe116⤵
-
\??\c:\ftbrtf.exec:\ftbrtf.exe117⤵
-
\??\c:\rvpvdtj.exec:\rvpvdtj.exe118⤵
-
\??\c:\xdntbb.exec:\xdntbb.exe119⤵
-
\??\c:\flpnhfv.exec:\flpnhfv.exe120⤵
-
\??\c:\dxnvb.exec:\dxnvb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-