Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
14-10-2023 08:20
General
-
Target
NEAS.e6dc16f1f377606bbfe7023ef3e41500.exe
-
Size
103KB
-
MD5
e6dc16f1f377606bbfe7023ef3e41500
-
SHA1
b4f59751fe0f67ef34ac3ce0b5179501a1e5362c
-
SHA256
518539d676441805f9d577dbc8826f02efb4d39fd10675e6fb06f8b3189fbf07
-
SHA512
dd488ab50fba1169dec583c61f30c9bbd994acefbdfe801a2fcfa99454798350776b5222fedcb140201ec7cb1e5d8c8132d7250de251d3295123ae8ac261d06e
-
SSDEEP
3072:9hOmTsF93UYfwC6GIoutz5yLpcka62c+CQnL:9cm4FmowdHoSZ6l8nL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 63 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.e6dc16f1f377606bbfe7023ef3e41500.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.e6dc16f1f377606bbfe7023ef3e41500.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1v14pn.exec:\1v14pn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9h5u94.exec:\9h5u94.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9811715.exec:\9811715.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8t4o37.exec:\8t4o37.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\51unk.exec:\51unk.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mi5333r.exec:\mi5333r.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gu1384r.exec:\gu1384r.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2j158.exec:\2j158.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d3m93b1.exec:\d3m93b1.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\air1a.exec:\air1a.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6780d7.exec:\6780d7.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6g5t1.exec:\6g5t1.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v6xw6.exec:\v6xw6.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4cwuwi.exec:\4cwuwi.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m29115.exec:\m29115.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a9379k.exec:\a9379k.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p8cmm1.exec:\p8cmm1.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d7ux6.exec:\d7ux6.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6u2ct.exec:\6u2ct.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\17ks9.exec:\17ks9.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wa90sb.exec:\wa90sb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\uauog70.exec:\uauog70.exe23⤵
- Executes dropped EXE
-
\??\c:\4i12r78.exec:\4i12r78.exe24⤵
- Executes dropped EXE
-
\??\c:\9915w.exec:\9915w.exe25⤵
- Executes dropped EXE
-
\??\c:\q6e5931.exec:\q6e5931.exe26⤵
- Executes dropped EXE
-
\??\c:\39wvs.exec:\39wvs.exe27⤵
- Executes dropped EXE
-
\??\c:\6mkacum.exec:\6mkacum.exe28⤵
- Executes dropped EXE
-
\??\c:\7kmkqa.exec:\7kmkqa.exe29⤵
- Executes dropped EXE
-
\??\c:\qb9eau.exec:\qb9eau.exe30⤵
- Executes dropped EXE
-
\??\c:\2vkam8.exec:\2vkam8.exe31⤵
- Executes dropped EXE
-
\??\c:\40smsm.exec:\40smsm.exe32⤵
- Executes dropped EXE
-
\??\c:\9b4bp.exec:\9b4bp.exe33⤵
- Executes dropped EXE
-
\??\c:\0i9396w.exec:\0i9396w.exe34⤵
- Executes dropped EXE
-
\??\c:\l16o9g.exec:\l16o9g.exe35⤵
- Executes dropped EXE
-
\??\c:\aab8k.exec:\aab8k.exe36⤵
- Executes dropped EXE
-
\??\c:\5awoe6i.exec:\5awoe6i.exe37⤵
- Executes dropped EXE
-
\??\c:\m2t9u.exec:\m2t9u.exe38⤵
- Executes dropped EXE
-
\??\c:\95nna.exec:\95nna.exe39⤵
- Executes dropped EXE
-
\??\c:\ks3cw1.exec:\ks3cw1.exe40⤵
- Executes dropped EXE
-
\??\c:\m1u14q.exec:\m1u14q.exe41⤵
- Executes dropped EXE
-
\??\c:\haiao30.exec:\haiao30.exe42⤵
- Executes dropped EXE
-
\??\c:\a3151.exec:\a3151.exe43⤵
- Executes dropped EXE
-
\??\c:\95qa79.exec:\95qa79.exe44⤵
- Executes dropped EXE
-
\??\c:\r7ef0a.exec:\r7ef0a.exe45⤵
- Executes dropped EXE
-
\??\c:\16v53q.exec:\16v53q.exe46⤵
- Executes dropped EXE
-
\??\c:\33o72.exec:\33o72.exe47⤵
- Executes dropped EXE
-
\??\c:\45gh9.exec:\45gh9.exe48⤵
- Executes dropped EXE
-
\??\c:\r8n317.exec:\r8n317.exe49⤵
- Executes dropped EXE
-
\??\c:\e94ni.exec:\e94ni.exe50⤵
- Executes dropped EXE
-
\??\c:\16mf4iq.exec:\16mf4iq.exe51⤵
- Executes dropped EXE
-
\??\c:\ga725o.exec:\ga725o.exe52⤵
- Executes dropped EXE
-
\??\c:\f51u7.exec:\f51u7.exe53⤵
- Executes dropped EXE
-
\??\c:\fgs137.exec:\fgs137.exe54⤵
- Executes dropped EXE
-
\??\c:\xuc46.exec:\xuc46.exe55⤵
- Executes dropped EXE
-
\??\c:\68qiwka.exec:\68qiwka.exe56⤵
- Executes dropped EXE
-
\??\c:\dk8ix72.exec:\dk8ix72.exe57⤵
- Executes dropped EXE
-
\??\c:\aeq5m.exec:\aeq5m.exe58⤵
- Executes dropped EXE
-
\??\c:\l17ooo.exec:\l17ooo.exe59⤵
- Executes dropped EXE
-
\??\c:\617sc70.exec:\617sc70.exe60⤵
- Executes dropped EXE
-
\??\c:\35s31.exec:\35s31.exe61⤵
- Executes dropped EXE
-
\??\c:\5nt11c.exec:\5nt11c.exe62⤵
- Executes dropped EXE
-
\??\c:\3109395.exec:\3109395.exe63⤵
- Executes dropped EXE
-
\??\c:\ki5k9e.exec:\ki5k9e.exe64⤵
- Executes dropped EXE
-
\??\c:\11ef142.exec:\11ef142.exe65⤵
- Executes dropped EXE
-
\??\c:\3f12r77.exec:\3f12r77.exe66⤵
-
\??\c:\etum5u.exec:\etum5u.exe67⤵
-
\??\c:\kjti6.exec:\kjti6.exe68⤵
-
\??\c:\o78o18.exec:\o78o18.exe69⤵
-
\??\c:\4qx9eo.exec:\4qx9eo.exe70⤵
-
\??\c:\97ss1o1.exec:\97ss1o1.exe71⤵
-
\??\c:\55d775v.exec:\55d775v.exe72⤵
-
\??\c:\pqaus6a.exec:\pqaus6a.exe73⤵
-
\??\c:\7p1lw.exec:\7p1lw.exe74⤵
-
\??\c:\v2aqu.exec:\v2aqu.exe75⤵
-
\??\c:\hknuo.exec:\hknuo.exe76⤵
-
\??\c:\r70wx92.exec:\r70wx92.exe77⤵
-
\??\c:\t76w736.exec:\t76w736.exe78⤵
-
\??\c:\7s5w52.exec:\7s5w52.exe79⤵
-
\??\c:\eg39315.exec:\eg39315.exe80⤵
-
\??\c:\47c713.exec:\47c713.exe81⤵
-
\??\c:\4cv0r17.exec:\4cv0r17.exe82⤵
-
\??\c:\41aa7.exec:\41aa7.exe83⤵
-
\??\c:\o2ecoos.exec:\o2ecoos.exe84⤵
-
\??\c:\91a52q.exec:\91a52q.exe85⤵
-
\??\c:\h92h8.exec:\h92h8.exe86⤵
-
\??\c:\em3399.exec:\em3399.exe87⤵
-
\??\c:\2k67bi.exec:\2k67bi.exe88⤵
-
\??\c:\r10wgu.exec:\r10wgu.exe89⤵
-
\??\c:\6asj9u.exec:\6asj9u.exe90⤵
-
\??\c:\35oi3.exec:\35oi3.exe91⤵
-
\??\c:\ji0q3.exec:\ji0q3.exe92⤵
-
\??\c:\rj0gfe.exec:\rj0gfe.exe93⤵
-
\??\c:\n5759q.exec:\n5759q.exe94⤵
-
\??\c:\wl15cj.exec:\wl15cj.exe95⤵
-
\??\c:\756e7.exec:\756e7.exe96⤵
-
\??\c:\2n8559.exec:\2n8559.exe97⤵
-
\??\c:\o921792.exec:\o921792.exe98⤵
-
\??\c:\j13o7eo.exec:\j13o7eo.exe99⤵
-
\??\c:\3mf4s76.exec:\3mf4s76.exe100⤵
-
\??\c:\7f8v63f.exec:\7f8v63f.exe101⤵
-
\??\c:\om72il.exec:\om72il.exe102⤵
-
\??\c:\354a99.exec:\354a99.exe103⤵
-
\??\c:\sc72st7.exec:\sc72st7.exe104⤵
-
\??\c:\6an1b.exec:\6an1b.exe105⤵
-
\??\c:\1aq98o.exec:\1aq98o.exe106⤵
-
\??\c:\2krsv.exec:\2krsv.exe107⤵
-
\??\c:\89731r.exec:\89731r.exe108⤵
-
\??\c:\841n28.exec:\841n28.exe109⤵
-
\??\c:\t7a3k.exec:\t7a3k.exe110⤵
-
\??\c:\8d54i.exec:\8d54i.exe111⤵
-
\??\c:\977s92i.exec:\977s92i.exe112⤵
-
\??\c:\3576s59.exec:\3576s59.exe113⤵
-
\??\c:\l4o77.exec:\l4o77.exe114⤵
-
\??\c:\7ojja.exec:\7ojja.exe115⤵
-
\??\c:\iep6o7.exec:\iep6o7.exe116⤵
-
\??\c:\n7198w.exec:\n7198w.exe117⤵
-
\??\c:\5aca5.exec:\5aca5.exe118⤵
-
\??\c:\v4o12s.exec:\v4o12s.exe119⤵
-
\??\c:\u6l17mn.exec:\u6l17mn.exe120⤵
-
\??\c:\gtk0mp.exec:\gtk0mp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-