Analysis
-
max time kernel
129s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
13/10/2023, 20:12
General
-
Target
NEAS.3895a5c94372b3212d4db331bca76d70.exe
-
Size
77KB
-
MD5
3895a5c94372b3212d4db331bca76d70
-
SHA1
7a0b70e9760077702d3132605b33505225ed1b98
-
SHA256
2c161f66ec334bce1c19c1cb5af8f65667f40952a99eceae7064a14de0cac652
-
SHA512
126fb831b65c973fe286ad10be5c34245e7da2945b3713d21a82e99aa3ce94bf85c4e3d336dfa9967539b32ffc7afa7d5237af1ccdaccab92dfedf77bd6ff428
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIjaQkPcy8WTeAwHSYq9:ymb3NkkiQ3mdBjFIpkPcy8qsHSH9
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.3895a5c94372b3212d4db331bca76d70.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.3895a5c94372b3212d4db331bca76d70.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1quaw.exec:\1quaw.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2gg7ci.exec:\2gg7ci.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bx9j318.exec:\bx9j318.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\cl9279.exec:\cl9279.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\snbc23.exec:\snbc23.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q6hko3m.exec:\q6hko3m.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\99l1374.exec:\99l1374.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pptxjbt.exec:\pptxjbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2d7a5.exec:\2d7a5.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\51r9d3x.exec:\51r9d3x.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4g145.exec:\4g145.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\elg07l.exec:\elg07l.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d4urgk.exec:\d4urgk.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9wb4q6c.exec:\9wb4q6c.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ujw1xi9.exec:\ujw1xi9.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\64x248f.exec:\64x248f.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\st9c10.exec:\st9c10.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g73q5n3.exec:\g73q5n3.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbn58l.exec:\hbn58l.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6jv8oic.exec:\6jv8oic.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6q41p.exec:\6q41p.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5759a.exec:\5759a.exe23⤵
- Executes dropped EXE
-
\??\c:\t7q9c.exec:\t7q9c.exe24⤵
- Executes dropped EXE
-
\??\c:\p1538.exec:\p1538.exe25⤵
- Executes dropped EXE
-
\??\c:\u440ma.exec:\u440ma.exe26⤵
- Executes dropped EXE
-
\??\c:\ve49i.exec:\ve49i.exe27⤵
- Executes dropped EXE
-
\??\c:\7o36331.exec:\7o36331.exe28⤵
- Executes dropped EXE
-
\??\c:\2li5q.exec:\2li5q.exe29⤵
- Executes dropped EXE
-
\??\c:\c2qux.exec:\c2qux.exe30⤵
- Executes dropped EXE
-
\??\c:\s10bnv5.exec:\s10bnv5.exe31⤵
- Executes dropped EXE
-
\??\c:\gkisqn.exec:\gkisqn.exe32⤵
- Executes dropped EXE
-
\??\c:\442l77.exec:\442l77.exe33⤵
- Executes dropped EXE
-
\??\c:\ka3kk.exec:\ka3kk.exe34⤵
- Executes dropped EXE
-
\??\c:\50i35o.exec:\50i35o.exe35⤵
- Executes dropped EXE
-
\??\c:\oagko6.exec:\oagko6.exe36⤵
- Executes dropped EXE
-
\??\c:\h23m797.exec:\h23m797.exe37⤵
- Executes dropped EXE
-
\??\c:\hi4io.exec:\hi4io.exe38⤵
- Executes dropped EXE
-
\??\c:\2354gaq.exec:\2354gaq.exe39⤵
- Executes dropped EXE
-
\??\c:\j47w03p.exec:\j47w03p.exe40⤵
- Executes dropped EXE
-
\??\c:\765b53s.exec:\765b53s.exe41⤵
- Executes dropped EXE
-
\??\c:\35w631.exec:\35w631.exe42⤵
- Executes dropped EXE
-
\??\c:\7j5n7f0.exec:\7j5n7f0.exe43⤵
- Executes dropped EXE
-
\??\c:\bi45k.exec:\bi45k.exe44⤵
- Executes dropped EXE
-
\??\c:\qcoae.exec:\qcoae.exe45⤵
- Executes dropped EXE
-
\??\c:\3aqog.exec:\3aqog.exe46⤵
- Executes dropped EXE
-
\??\c:\pj4pghc.exec:\pj4pghc.exe47⤵
- Executes dropped EXE
-
\??\c:\366w6rl.exec:\366w6rl.exe48⤵
- Executes dropped EXE
-
\??\c:\h35481.exec:\h35481.exe49⤵
- Executes dropped EXE
-
\??\c:\62eu2.exec:\62eu2.exe50⤵
- Executes dropped EXE
-
\??\c:\ti17516.exec:\ti17516.exe51⤵
- Executes dropped EXE
-
\??\c:\r3bk8.exec:\r3bk8.exe52⤵
- Executes dropped EXE
-
\??\c:\6e117t8.exec:\6e117t8.exe53⤵
- Executes dropped EXE
-
\??\c:\021ix.exec:\021ix.exe54⤵
- Executes dropped EXE
-
\??\c:\5tp705.exec:\5tp705.exe55⤵
- Executes dropped EXE
-
\??\c:\9h297.exec:\9h297.exe56⤵
- Executes dropped EXE
-
\??\c:\5hni1m.exec:\5hni1m.exe57⤵
- Executes dropped EXE
-
\??\c:\4rufae.exec:\4rufae.exe58⤵
- Executes dropped EXE
-
\??\c:\noi9gb.exec:\noi9gb.exe59⤵
- Executes dropped EXE
-
\??\c:\t2r71.exec:\t2r71.exe60⤵
- Executes dropped EXE
-
\??\c:\3b0u0.exec:\3b0u0.exe61⤵
- Executes dropped EXE
-
\??\c:\v7g00q.exec:\v7g00q.exe62⤵
- Executes dropped EXE
-
\??\c:\8mv3g0.exec:\8mv3g0.exe63⤵
- Executes dropped EXE
-
\??\c:\irmj315.exec:\irmj315.exe64⤵
- Executes dropped EXE
-
\??\c:\3lf7j1.exec:\3lf7j1.exe65⤵
- Executes dropped EXE
-
\??\c:\453th8x.exec:\453th8x.exe66⤵
-
\??\c:\3n81a.exec:\3n81a.exe67⤵
-
\??\c:\vsm6kx.exec:\vsm6kx.exe68⤵
-
\??\c:\sn1j44.exec:\sn1j44.exe69⤵
-
\??\c:\20kb8.exec:\20kb8.exe70⤵
-
\??\c:\932h08.exec:\932h08.exe71⤵
-
\??\c:\16csb2b.exec:\16csb2b.exe72⤵
-
\??\c:\7g3b2.exec:\7g3b2.exe73⤵
-
\??\c:\erg7jv.exec:\erg7jv.exe74⤵
-
\??\c:\870a7.exec:\870a7.exe75⤵
-
\??\c:\ame4bu.exec:\ame4bu.exe76⤵
-
\??\c:\k7r1k.exec:\k7r1k.exe77⤵
-
\??\c:\rk4ws.exec:\rk4ws.exe78⤵
-
\??\c:\96i6gv3.exec:\96i6gv3.exe79⤵
-
\??\c:\0p99v.exec:\0p99v.exe80⤵
-
\??\c:\b86o2.exec:\b86o2.exe81⤵
-
\??\c:\o6fa7.exec:\o6fa7.exe82⤵
-
\??\c:\gm723l.exec:\gm723l.exe83⤵
-
\??\c:\2im0pj.exec:\2im0pj.exe84⤵
-
\??\c:\47hfm.exec:\47hfm.exe85⤵
-
\??\c:\e34x3.exec:\e34x3.exe86⤵
-
\??\c:\75tb5h.exec:\75tb5h.exe87⤵
-
\??\c:\dk27q53.exec:\dk27q53.exe88⤵
-
\??\c:\6t36k1.exec:\6t36k1.exe89⤵
-
\??\c:\oq1tf.exec:\oq1tf.exe90⤵
-
\??\c:\u54p0.exec:\u54p0.exe91⤵
-
\??\c:\54cu7v3.exec:\54cu7v3.exe92⤵
-
\??\c:\n90i33.exec:\n90i33.exe93⤵
-
\??\c:\k4qi31.exec:\k4qi31.exe94⤵
-
\??\c:\3thoa.exec:\3thoa.exe95⤵
-
\??\c:\1f7n531.exec:\1f7n531.exe96⤵
-
\??\c:\wo1h8f7.exec:\wo1h8f7.exe97⤵
-
\??\c:\6dgjn4.exec:\6dgjn4.exe98⤵
-
\??\c:\7j271b.exec:\7j271b.exe99⤵
-
\??\c:\x1s4482.exec:\x1s4482.exe100⤵
-
\??\c:\3jsb3i3.exec:\3jsb3i3.exe101⤵
-
\??\c:\595a2g.exec:\595a2g.exe102⤵
-
\??\c:\f5359.exec:\f5359.exe103⤵
-
\??\c:\n8m7w74.exec:\n8m7w74.exe104⤵
-
\??\c:\459xv.exec:\459xv.exe105⤵
-
\??\c:\68rx1.exec:\68rx1.exe106⤵
-
\??\c:\e9a325.exec:\e9a325.exe107⤵
-
\??\c:\95me9id.exec:\95me9id.exe108⤵
-
\??\c:\lqaro0l.exec:\lqaro0l.exe109⤵
-
\??\c:\6753v9q.exec:\6753v9q.exe110⤵
-
\??\c:\jp9s8k7.exec:\jp9s8k7.exe111⤵
-
\??\c:\16949i3.exec:\16949i3.exe112⤵
-
\??\c:\072a1h.exec:\072a1h.exe113⤵
-
\??\c:\7d983.exec:\7d983.exe114⤵
-
\??\c:\03xig.exec:\03xig.exe115⤵
-
\??\c:\lm70k1.exec:\lm70k1.exe116⤵
-
\??\c:\o76x5u.exec:\o76x5u.exe117⤵
-
\??\c:\4g4aqt.exec:\4g4aqt.exe118⤵
-
\??\c:\xr8ux9.exec:\xr8ux9.exe119⤵
-
\??\c:\6dk134w.exec:\6dk134w.exe120⤵
-
\??\c:\c119150.exec:\c119150.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-