Analysis
-
max time kernel
150s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
14/10/2023, 08:18
General
-
Target
NEAS.dd09107c5f56832f6b448b69a9821950.exe
-
Size
125KB
-
MD5
dd09107c5f56832f6b448b69a9821950
-
SHA1
fc05b444619a1221447abfed50ab38378197946f
-
SHA256
cec322ec28b90e9ce2874e0b7867dbe8d328635cfb2cf4be552b1c98dd3e7416
-
SHA512
a6f0976aade66d59f96a593854279ed8ff6d31a7ae05ef9ea7cdf1284c59db140735f282dbfe6955cc41daa7929cbfbadc919bb2c6f35f3f2696da1ab9467557
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp9gZ6LrZp61Zb:n3C9BRo7tvnJ9va
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 61 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.dd09107c5f56832f6b448b69a9821950.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.dd09107c5f56832f6b448b69a9821950.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\6202p.exec:\6202p.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h6u98.exec:\h6u98.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ae51gh.exec:\ae51gh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\56d6i.exec:\56d6i.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\taj5i.exec:\taj5i.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8v46e7g.exec:\8v46e7g.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ni45d.exec:\5ni45d.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ta0uat.exec:\ta0uat.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bs37qv1.exec:\bs37qv1.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c31q71.exec:\c31q71.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1807w3f.exec:\1807w3f.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8b0n36.exec:\8b0n36.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lub72n.exec:\lub72n.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4uuwau.exec:\4uuwau.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3s1e373.exec:\3s1e373.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\17007m.exec:\17007m.exe17⤵
- Executes dropped EXE
-
\??\c:\97537w.exec:\97537w.exe18⤵
- Executes dropped EXE
-
\??\c:\46is3t.exec:\46is3t.exe19⤵
- Executes dropped EXE
-
\??\c:\m6478x5.exec:\m6478x5.exe20⤵
- Executes dropped EXE
-
\??\c:\4b37g.exec:\4b37g.exe21⤵
- Executes dropped EXE
-
\??\c:\ln5w73.exec:\ln5w73.exe22⤵
- Executes dropped EXE
-
\??\c:\4p76g92.exec:\4p76g92.exe23⤵
- Executes dropped EXE
-
\??\c:\5139un.exec:\5139un.exe24⤵
- Executes dropped EXE
-
\??\c:\ee343g.exec:\ee343g.exe25⤵
- Executes dropped EXE
-
\??\c:\w2ml8u9.exec:\w2ml8u9.exe26⤵
- Executes dropped EXE
-
\??\c:\gk5ov4.exec:\gk5ov4.exe27⤵
- Executes dropped EXE
-
\??\c:\g640r4g.exec:\g640r4g.exe28⤵
- Executes dropped EXE
-
\??\c:\5tfa7.exec:\5tfa7.exe29⤵
- Executes dropped EXE
-
\??\c:\6ofr8x3.exec:\6ofr8x3.exe30⤵
- Executes dropped EXE
-
\??\c:\fa17wl4.exec:\fa17wl4.exe31⤵
- Executes dropped EXE
-
\??\c:\g1nc2.exec:\g1nc2.exe32⤵
- Executes dropped EXE
-
\??\c:\b805df.exec:\b805df.exe33⤵
- Executes dropped EXE
-
\??\c:\xnciw.exec:\xnciw.exe34⤵
- Executes dropped EXE
-
\??\c:\n676b.exec:\n676b.exe35⤵
- Executes dropped EXE
-
\??\c:\0h9o110.exec:\0h9o110.exe36⤵
- Executes dropped EXE
-
\??\c:\05ssb8.exec:\05ssb8.exe37⤵
- Executes dropped EXE
-
\??\c:\q37e7c.exec:\q37e7c.exe38⤵
- Executes dropped EXE
-
\??\c:\j37m6s5.exec:\j37m6s5.exe39⤵
- Executes dropped EXE
-
\??\c:\0a57n.exec:\0a57n.exe40⤵
- Executes dropped EXE
-
\??\c:\bk9m17.exec:\bk9m17.exe41⤵
- Executes dropped EXE
-
\??\c:\oogc9s0.exec:\oogc9s0.exe42⤵
- Executes dropped EXE
-
\??\c:\8am3m0.exec:\8am3m0.exe43⤵
- Executes dropped EXE
-
\??\c:\65u213.exec:\65u213.exe44⤵
- Executes dropped EXE
-
\??\c:\9t6g59m.exec:\9t6g59m.exe45⤵
- Executes dropped EXE
-
\??\c:\d6gje.exec:\d6gje.exe46⤵
- Executes dropped EXE
-
\??\c:\26i12.exec:\26i12.exe47⤵
- Executes dropped EXE
-
\??\c:\g7i2g.exec:\g7i2g.exe48⤵
- Executes dropped EXE
-
\??\c:\to51j3.exec:\to51j3.exe49⤵
- Executes dropped EXE
-
\??\c:\6j979vf.exec:\6j979vf.exe50⤵
- Executes dropped EXE
-
\??\c:\mvq2k04.exec:\mvq2k04.exe51⤵
- Executes dropped EXE
-
\??\c:\9x87k.exec:\9x87k.exe52⤵
- Executes dropped EXE
-
\??\c:\3609157.exec:\3609157.exe53⤵
- Executes dropped EXE
-
\??\c:\xqvu5w.exec:\xqvu5w.exe54⤵
- Executes dropped EXE
-
\??\c:\47g9a.exec:\47g9a.exe55⤵
- Executes dropped EXE
-
\??\c:\4408k.exec:\4408k.exe56⤵
- Executes dropped EXE
-
\??\c:\32md8.exec:\32md8.exe57⤵
- Executes dropped EXE
-
\??\c:\0mo9abp.exec:\0mo9abp.exe58⤵
- Executes dropped EXE
-
\??\c:\87q5833.exec:\87q5833.exe59⤵
- Executes dropped EXE
-
\??\c:\62q93.exec:\62q93.exe60⤵
- Executes dropped EXE
-
\??\c:\rw72cnm.exec:\rw72cnm.exe61⤵
- Executes dropped EXE
-
\??\c:\kus59.exec:\kus59.exe62⤵
- Executes dropped EXE
-
\??\c:\l9o9c7r.exec:\l9o9c7r.exe63⤵
- Executes dropped EXE
-
\??\c:\9s19e15.exec:\9s19e15.exe64⤵
- Executes dropped EXE
-
\??\c:\h57813.exec:\h57813.exe65⤵
- Executes dropped EXE
-
\??\c:\3er9a.exec:\3er9a.exe66⤵
-
\??\c:\nq5ci.exec:\nq5ci.exe67⤵
-
\??\c:\05339uk.exec:\05339uk.exe68⤵
-
\??\c:\2s616.exec:\2s616.exe69⤵
-
\??\c:\fsr5v9q.exec:\fsr5v9q.exe70⤵
-
\??\c:\4ks7bj.exec:\4ks7bj.exe71⤵
-
\??\c:\b5nsi6p.exec:\b5nsi6p.exe72⤵
-
\??\c:\x40l0.exec:\x40l0.exe73⤵
-
\??\c:\4mf96.exec:\4mf96.exe74⤵
-
\??\c:\1334r8.exec:\1334r8.exe75⤵
-
\??\c:\4n5d78.exec:\4n5d78.exe76⤵
-
\??\c:\j3i7e6.exec:\j3i7e6.exe77⤵
-
\??\c:\1equj6u.exec:\1equj6u.exe78⤵
-
\??\c:\278s6s5.exec:\278s6s5.exe79⤵
-
\??\c:\4fcx4.exec:\4fcx4.exe80⤵
-
\??\c:\xgwgob4.exec:\xgwgob4.exe81⤵
-
\??\c:\n27bh50.exec:\n27bh50.exe82⤵
-
\??\c:\xm72j.exec:\xm72j.exe83⤵
-
\??\c:\6c397u1.exec:\6c397u1.exe84⤵
-
\??\c:\83i303g.exec:\83i303g.exe85⤵
-
\??\c:\43s38.exec:\43s38.exe86⤵
-
\??\c:\4j3op8m.exec:\4j3op8m.exe87⤵
-
\??\c:\g7m38r.exec:\g7m38r.exe88⤵
-
\??\c:\o0c4w.exec:\o0c4w.exe89⤵
-
\??\c:\5sqmwa.exec:\5sqmwa.exe90⤵
-
\??\c:\j74i36i.exec:\j74i36i.exe91⤵
-
\??\c:\fkg1g.exec:\fkg1g.exe92⤵
-
\??\c:\g98ee5s.exec:\g98ee5s.exe93⤵
-
\??\c:\l759a.exec:\l759a.exe94⤵
-
\??\c:\j4cv4.exec:\j4cv4.exe95⤵
-
\??\c:\l3ka9ft.exec:\l3ka9ft.exe96⤵
-
\??\c:\bw9a3.exec:\bw9a3.exe97⤵
-
\??\c:\a38nh5m.exec:\a38nh5m.exe98⤵
-
\??\c:\fau8sb9.exec:\fau8sb9.exe99⤵
-
\??\c:\8grcr84.exec:\8grcr84.exe100⤵
-
\??\c:\81f7w0.exec:\81f7w0.exe101⤵
-
\??\c:\3p2h28.exec:\3p2h28.exe102⤵
-
\??\c:\h94e9.exec:\h94e9.exe103⤵
-
\??\c:\lwf919o.exec:\lwf919o.exe104⤵
-
\??\c:\rx3ebo.exec:\rx3ebo.exe105⤵
-
\??\c:\rw4l52.exec:\rw4l52.exe106⤵
-
\??\c:\kv90en.exec:\kv90en.exe107⤵
-
\??\c:\35uv4.exec:\35uv4.exe108⤵
-
\??\c:\o0s3n.exec:\o0s3n.exe109⤵
-
\??\c:\k8ikt9.exec:\k8ikt9.exe110⤵
-
\??\c:\0e121m9.exec:\0e121m9.exe111⤵
-
\??\c:\60i5u.exec:\60i5u.exe112⤵
-
\??\c:\t6vdlpq.exec:\t6vdlpq.exe113⤵
-
\??\c:\9l6wv1k.exec:\9l6wv1k.exe114⤵
-
\??\c:\kt5tl3i.exec:\kt5tl3i.exe115⤵
-
\??\c:\9q9k934.exec:\9q9k934.exe116⤵
-
\??\c:\4933wp.exec:\4933wp.exe117⤵
-
\??\c:\t1ir1o.exec:\t1ir1o.exe118⤵
-
\??\c:\43o9c.exec:\43o9c.exe119⤵
-
\??\c:\tq7i97.exec:\tq7i97.exe120⤵
-
\??\c:\6c9w94u.exec:\6c9w94u.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-