Analysis
-
max time kernel
152s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
14/10/2023, 17:53
General
-
Target
NEAS.4a30ef1384d697f2003c7b2a68b4c850.exe
-
Size
199KB
-
MD5
4a30ef1384d697f2003c7b2a68b4c850
-
SHA1
70c5c30c4557da5f743ea487679b12a8789f79a1
-
SHA256
280b15caae0c964fef091d838e476ece7342171ea4bcb576228251c08d7521f1
-
SHA512
e7486376269d61793792da295409d793bf103331ae7da6d004dc08d1a5569fb87effb29f06b2b800b4edfaf94b19d4eb5f30d598748909644fb38dd39cee8ff5
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmc51+GqekBJCvr6zJBUmGZrT:n3C9BRIG0asYFm71m8+GdkB9aZ/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 59 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.4a30ef1384d697f2003c7b2a68b4c850.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.4a30ef1384d697f2003c7b2a68b4c850.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\e038h4.exec:\e038h4.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\321b0r.exec:\321b0r.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gk99fcr.exec:\gk99fcr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s3xc4.exec:\s3xc4.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u4vt67g.exec:\u4vt67g.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v2267.exec:\v2267.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8kv33.exec:\8kv33.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g88sj.exec:\g88sj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\89475.exec:\89475.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\beia0.exec:\beia0.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6152ex.exec:\6152ex.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5brx614.exec:\5brx614.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v3i2a08.exec:\v3i2a08.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8sp2s.exec:\8sp2s.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e3j6p6.exec:\e3j6p6.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\65ttb1p.exec:\65ttb1p.exe17⤵
- Executes dropped EXE
-
\??\c:\k42599.exec:\k42599.exe18⤵
- Executes dropped EXE
-
\??\c:\5kkn9f.exec:\5kkn9f.exe19⤵
- Executes dropped EXE
-
\??\c:\fq71gp4.exec:\fq71gp4.exe20⤵
- Executes dropped EXE
-
\??\c:\k0rx30.exec:\k0rx30.exe21⤵
- Executes dropped EXE
-
\??\c:\b93x6p.exec:\b93x6p.exe22⤵
- Executes dropped EXE
-
\??\c:\n5872.exec:\n5872.exe23⤵
- Executes dropped EXE
-
\??\c:\43w0e06.exec:\43w0e06.exe24⤵
- Executes dropped EXE
-
\??\c:\82s7568.exec:\82s7568.exe25⤵
- Executes dropped EXE
-
\??\c:\18shqx.exec:\18shqx.exe26⤵
- Executes dropped EXE
-
\??\c:\q1b4762.exec:\q1b4762.exe27⤵
- Executes dropped EXE
-
\??\c:\5c6002.exec:\5c6002.exe28⤵
- Executes dropped EXE
-
\??\c:\9c9c60.exec:\9c9c60.exe29⤵
- Executes dropped EXE
-
\??\c:\kdt214.exec:\kdt214.exe30⤵
- Executes dropped EXE
-
\??\c:\u239rv.exec:\u239rv.exe31⤵
- Executes dropped EXE
-
\??\c:\1o1v2u.exec:\1o1v2u.exe32⤵
- Executes dropped EXE
-
\??\c:\g49qx.exec:\g49qx.exe33⤵
- Executes dropped EXE
-
\??\c:\j7l00vj.exec:\j7l00vj.exe34⤵
- Executes dropped EXE
-
\??\c:\8jpj3w.exec:\8jpj3w.exe35⤵
- Executes dropped EXE
-
\??\c:\xtblc81.exec:\xtblc81.exe36⤵
- Executes dropped EXE
-
\??\c:\pe8t2.exec:\pe8t2.exe37⤵
- Executes dropped EXE
-
\??\c:\2nox8.exec:\2nox8.exe38⤵
- Executes dropped EXE
-
\??\c:\fxl9183.exec:\fxl9183.exe39⤵
- Executes dropped EXE
-
\??\c:\96ddhl8.exec:\96ddhl8.exe40⤵
- Executes dropped EXE
-
\??\c:\8711et.exec:\8711et.exe41⤵
- Executes dropped EXE
-
\??\c:\1v3pj4.exec:\1v3pj4.exe42⤵
- Executes dropped EXE
-
\??\c:\w218t.exec:\w218t.exe43⤵
- Executes dropped EXE
-
\??\c:\64o43vt.exec:\64o43vt.exe44⤵
- Executes dropped EXE
-
\??\c:\2220nf.exec:\2220nf.exe45⤵
- Executes dropped EXE
-
\??\c:\66cl6.exec:\66cl6.exe46⤵
- Executes dropped EXE
-
\??\c:\748n4ee.exec:\748n4ee.exe47⤵
- Executes dropped EXE
-
\??\c:\8xs64p.exec:\8xs64p.exe48⤵
- Executes dropped EXE
-
\??\c:\09c32.exec:\09c32.exe49⤵
- Executes dropped EXE
-
\??\c:\3h674.exec:\3h674.exe50⤵
- Executes dropped EXE
-
\??\c:\52q6amb.exec:\52q6amb.exe51⤵
- Executes dropped EXE
-
\??\c:\l4j3i46.exec:\l4j3i46.exe52⤵
- Executes dropped EXE
-
\??\c:\3304et.exec:\3304et.exe53⤵
- Executes dropped EXE
-
\??\c:\cbwrvvh.exec:\cbwrvvh.exe54⤵
- Executes dropped EXE
-
\??\c:\pn7fcrr.exec:\pn7fcrr.exe55⤵
- Executes dropped EXE
-
\??\c:\6o667l9.exec:\6o667l9.exe56⤵
- Executes dropped EXE
-
\??\c:\l2a9vt.exec:\l2a9vt.exe57⤵
- Executes dropped EXE
-
\??\c:\nj9vj6.exec:\nj9vj6.exe58⤵
- Executes dropped EXE
-
\??\c:\p931q.exec:\p931q.exe59⤵
- Executes dropped EXE
-
\??\c:\v6bt97.exec:\v6bt97.exe60⤵
- Executes dropped EXE
-
\??\c:\060x4.exec:\060x4.exe61⤵
- Executes dropped EXE
-
\??\c:\fdejjd.exec:\fdejjd.exe62⤵
- Executes dropped EXE
-
\??\c:\c06at.exec:\c06at.exe63⤵
- Executes dropped EXE
-
\??\c:\rcs5p0.exec:\rcs5p0.exe64⤵
- Executes dropped EXE
-
\??\c:\6sne694.exec:\6sne694.exe65⤵
- Executes dropped EXE
-
\??\c:\90al6c5.exec:\90al6c5.exe66⤵
-
\??\c:\r00uw.exec:\r00uw.exe67⤵
-
\??\c:\m0f25.exec:\m0f25.exe68⤵
-
\??\c:\x1dgp8.exec:\x1dgp8.exe69⤵
-
\??\c:\76xu03.exec:\76xu03.exe70⤵
-
\??\c:\0830p2.exec:\0830p2.exe71⤵
-
\??\c:\49ojs.exec:\49ojs.exe72⤵
-
\??\c:\5p06l6.exec:\5p06l6.exe73⤵
-
\??\c:\777h6.exec:\777h6.exe74⤵
-
\??\c:\kp3pdf.exec:\kp3pdf.exe75⤵
-
\??\c:\mw7u3.exec:\mw7u3.exe76⤵
-
\??\c:\ak152.exec:\ak152.exe77⤵
-
\??\c:\988s3p9.exec:\988s3p9.exe78⤵
-
\??\c:\e8306.exec:\e8306.exe79⤵
-
\??\c:\8ou44.exec:\8ou44.exe80⤵
-
\??\c:\7aetk.exec:\7aetk.exe81⤵
-
\??\c:\4o7bcl5.exec:\4o7bcl5.exe82⤵
-
\??\c:\642nh7.exec:\642nh7.exe83⤵
-
\??\c:\ut5ivjs.exec:\ut5ivjs.exe84⤵
-
\??\c:\c5t1x7c.exec:\c5t1x7c.exe85⤵
-
\??\c:\13lxq0.exec:\13lxq0.exe86⤵
-
\??\c:\5tn8q04.exec:\5tn8q04.exe87⤵
-
\??\c:\73d8vs.exec:\73d8vs.exe88⤵
-
\??\c:\uhtc59h.exec:\uhtc59h.exe89⤵
-
\??\c:\fh4n6.exec:\fh4n6.exe90⤵
-
\??\c:\fshkge5.exec:\fshkge5.exe91⤵
-
\??\c:\ugpa89p.exec:\ugpa89p.exe92⤵
-
\??\c:\qki400.exec:\qki400.exe93⤵
-
\??\c:\rs7v07w.exec:\rs7v07w.exe94⤵
-
\??\c:\3pfgmf8.exec:\3pfgmf8.exe95⤵
-
\??\c:\jhxjm68.exec:\jhxjm68.exe96⤵
-
\??\c:\bvj0s9v.exec:\bvj0s9v.exe97⤵
-
\??\c:\25s8x.exec:\25s8x.exe98⤵
-
\??\c:\1x345.exec:\1x345.exe99⤵
-
\??\c:\80ha309.exec:\80ha309.exe100⤵
-
\??\c:\gcmf4j.exec:\gcmf4j.exe101⤵
-
\??\c:\o5dkcj.exec:\o5dkcj.exe102⤵
-
\??\c:\k0t6c4.exec:\k0t6c4.exe103⤵
-
\??\c:\ph685.exec:\ph685.exe104⤵
-
\??\c:\408knb.exec:\408knb.exe105⤵
-
\??\c:\1g88l9.exec:\1g88l9.exe106⤵
-
\??\c:\j9k8j.exec:\j9k8j.exe107⤵
-
\??\c:\u1t6u.exec:\u1t6u.exe108⤵
-
\??\c:\xfjv7.exec:\xfjv7.exe109⤵
-
\??\c:\tl637n1.exec:\tl637n1.exe110⤵
-
\??\c:\86438j.exec:\86438j.exe111⤵
-
\??\c:\w98e62.exec:\w98e62.exe112⤵
-
\??\c:\ptuc6.exec:\ptuc6.exe113⤵
-
\??\c:\8844ba.exec:\8844ba.exe114⤵
-
\??\c:\xa4brj.exec:\xa4brj.exe115⤵
-
\??\c:\04l5267.exec:\04l5267.exe116⤵
-
\??\c:\3qe8f.exec:\3qe8f.exe117⤵
-
\??\c:\j7lu5bb.exec:\j7lu5bb.exe118⤵
-
\??\c:\qru5k81.exec:\qru5k81.exe119⤵
-
\??\c:\v2q76.exec:\v2q76.exe120⤵
-
\??\c:\79th4.exec:\79th4.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-