Analysis
-
max time kernel
116s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
14/10/2023, 19:09
General
-
Target
NEAS.b4743d49c07eb51b75342cd84dfa3580.exe
-
Size
180KB
-
MD5
b4743d49c07eb51b75342cd84dfa3580
-
SHA1
52d0900fff61288856ac2724f504b9d89eb3c966
-
SHA256
45327db619963076aca7a58b3b6514aaa83f96ad53f648c99c82784c1f76804e
-
SHA512
0eab12b48e3cec6f54c4732a52a216c5dd4185ff1e9364eba0211af024ea954df2ddeaeda85f6f3237b1b3282eb3bd31438fc51d756fb52be264cc4516062d22
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqgT4+IJPK:PhOm2sI93UufdC67ciJTm5K
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.b4743d49c07eb51b75342cd84dfa3580.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.b4743d49c07eb51b75342cd84dfa3580.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\njk4k.exec:\njk4k.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t1rr0aj.exec:\t1rr0aj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\919o9.exec:\919o9.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u8f69t7.exec:\u8f69t7.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\008ti2.exec:\008ti2.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\810e3.exec:\810e3.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\so6269.exec:\so6269.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l1819.exec:\l1819.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t8hvgc.exec:\t8hvgc.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\69swo.exec:\69swo.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\81or985.exec:\81or985.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrwe5q8.exec:\vrwe5q8.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t1cvn.exec:\t1cvn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j68v8wb.exec:\j68v8wb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\72p1220.exec:\72p1220.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vnu63g.exec:\vnu63g.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t2j0h52.exec:\t2j0h52.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qr219.exec:\qr219.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b6m2m2.exec:\b6m2m2.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7asshu.exec:\7asshu.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\94mt7.exec:\94mt7.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q2n96.exec:\q2n96.exe23⤵
- Executes dropped EXE
-
\??\c:\colgtqu.exec:\colgtqu.exe24⤵
- Executes dropped EXE
-
\??\c:\o0aqx.exec:\o0aqx.exe25⤵
- Executes dropped EXE
-
\??\c:\7l797x.exec:\7l797x.exe26⤵
- Executes dropped EXE
-
\??\c:\6180uf4.exec:\6180uf4.exe27⤵
- Executes dropped EXE
-
\??\c:\plei150.exec:\plei150.exe28⤵
- Executes dropped EXE
-
\??\c:\996bbu.exec:\996bbu.exe29⤵
- Executes dropped EXE
-
\??\c:\qa2g88m.exec:\qa2g88m.exe30⤵
- Executes dropped EXE
-
\??\c:\m3qsk0h.exec:\m3qsk0h.exe31⤵
- Executes dropped EXE
-
\??\c:\r6xmhs.exec:\r6xmhs.exe32⤵
- Executes dropped EXE
-
\??\c:\b6xd96o.exec:\b6xd96o.exe33⤵
- Executes dropped EXE
-
\??\c:\636i1p.exec:\636i1p.exe34⤵
-
\??\c:\1w25c.exec:\1w25c.exe35⤵
- Executes dropped EXE
-
\??\c:\wl01r.exec:\wl01r.exe36⤵
- Executes dropped EXE
-
\??\c:\f8v5h4.exec:\f8v5h4.exe37⤵
- Executes dropped EXE
-
\??\c:\m9u6n.exec:\m9u6n.exe38⤵
- Executes dropped EXE
-
\??\c:\q2l184b.exec:\q2l184b.exe39⤵
- Executes dropped EXE
-
\??\c:\92up7.exec:\92up7.exe40⤵
- Executes dropped EXE
-
\??\c:\2whx0.exec:\2whx0.exe41⤵
- Executes dropped EXE
-
\??\c:\k6j2471.exec:\k6j2471.exe42⤵
- Executes dropped EXE
-
\??\c:\40ltt.exec:\40ltt.exe43⤵
- Executes dropped EXE
-
\??\c:\c4a565.exec:\c4a565.exe44⤵
- Executes dropped EXE
-
\??\c:\3fqfxt2.exec:\3fqfxt2.exe45⤵
- Executes dropped EXE
-
\??\c:\0875u.exec:\0875u.exe46⤵
- Executes dropped EXE
-
\??\c:\1f5538.exec:\1f5538.exe47⤵
- Executes dropped EXE
-
\??\c:\84dhu21.exec:\84dhu21.exe48⤵
- Executes dropped EXE
-
\??\c:\hwqn8b3.exec:\hwqn8b3.exe49⤵
- Executes dropped EXE
-
\??\c:\h4px7o.exec:\h4px7o.exe50⤵
- Executes dropped EXE
-
\??\c:\9f3xi6.exec:\9f3xi6.exe51⤵
- Executes dropped EXE
-
\??\c:\tnco7n2.exec:\tnco7n2.exe52⤵
- Executes dropped EXE
-
\??\c:\gke3v.exec:\gke3v.exe53⤵
- Executes dropped EXE
-
\??\c:\lhobxh3.exec:\lhobxh3.exe54⤵
- Executes dropped EXE
-
\??\c:\143363.exec:\143363.exe55⤵
- Executes dropped EXE
-
\??\c:\84pec1.exec:\84pec1.exe56⤵
- Executes dropped EXE
-
\??\c:\deekc5g.exec:\deekc5g.exe57⤵
- Executes dropped EXE
-
\??\c:\6gtc3e.exec:\6gtc3e.exe58⤵
- Executes dropped EXE
-
\??\c:\3olu5.exec:\3olu5.exe59⤵
- Executes dropped EXE
-
\??\c:\21xs616.exec:\21xs616.exe60⤵
- Executes dropped EXE
-
\??\c:\23b8822.exec:\23b8822.exe61⤵
- Executes dropped EXE
-
\??\c:\9t1649.exec:\9t1649.exe62⤵
- Executes dropped EXE
-
\??\c:\ng67n7.exec:\ng67n7.exe63⤵
- Executes dropped EXE
-
\??\c:\fkwkht3.exec:\fkwkht3.exe64⤵
- Executes dropped EXE
-
\??\c:\018h4m.exec:\018h4m.exe65⤵
- Executes dropped EXE
-
\??\c:\4qef8cd.exec:\4qef8cd.exe66⤵
- Executes dropped EXE
-
\??\c:\85711.exec:\85711.exe67⤵
-
\??\c:\106o0wd.exec:\106o0wd.exe68⤵
-
\??\c:\3kx7c.exec:\3kx7c.exe69⤵
-
\??\c:\xqbdt8m.exec:\xqbdt8m.exe70⤵
-
\??\c:\qmv14ql.exec:\qmv14ql.exe71⤵
-
\??\c:\ea8e3o1.exec:\ea8e3o1.exe72⤵
-
\??\c:\5kcpn7.exec:\5kcpn7.exe73⤵
-
\??\c:\8fq070.exec:\8fq070.exe74⤵
-
\??\c:\sm63267.exec:\sm63267.exe75⤵
-
\??\c:\15qt8q9.exec:\15qt8q9.exe76⤵
-
\??\c:\9p631i8.exec:\9p631i8.exe77⤵
-
\??\c:\7kwxsw.exec:\7kwxsw.exe78⤵
-
\??\c:\4qosh92.exec:\4qosh92.exe79⤵
-
\??\c:\mmr8ab9.exec:\mmr8ab9.exe80⤵
-
\??\c:\3705cwh.exec:\3705cwh.exe81⤵
-
\??\c:\u637o00.exec:\u637o00.exe82⤵
-
\??\c:\44820.exec:\44820.exe83⤵
-
\??\c:\595158.exec:\595158.exe84⤵
-
\??\c:\36m3sn.exec:\36m3sn.exe85⤵
-
\??\c:\8u92ca2.exec:\8u92ca2.exe86⤵
-
\??\c:\93xxpo6.exec:\93xxpo6.exe87⤵
-
\??\c:\mamdk32.exec:\mamdk32.exe88⤵
-
\??\c:\v3fn6.exec:\v3fn6.exe89⤵
-
\??\c:\mtho5.exec:\mtho5.exe90⤵
-
\??\c:\4s99n1.exec:\4s99n1.exe91⤵
-
\??\c:\82466.exec:\82466.exe92⤵
-
\??\c:\g8w9n.exec:\g8w9n.exe93⤵
-
\??\c:\35uijs9.exec:\35uijs9.exe94⤵
-
\??\c:\190qf.exec:\190qf.exe95⤵
-
\??\c:\c8o5rdi.exec:\c8o5rdi.exe96⤵
-
\??\c:\35gt711.exec:\35gt711.exe97⤵
-
\??\c:\2oa361.exec:\2oa361.exe98⤵
-
\??\c:\w59k1s.exec:\w59k1s.exe99⤵
-
\??\c:\01r5oa6.exec:\01r5oa6.exe100⤵
-
\??\c:\i6qcsab.exec:\i6qcsab.exe101⤵
-
\??\c:\abe8i4.exec:\abe8i4.exe102⤵
-
\??\c:\k90035.exec:\k90035.exe103⤵
-
\??\c:\7f6x8g.exec:\7f6x8g.exe104⤵
-
\??\c:\a74jqwm.exec:\a74jqwm.exe105⤵
-
\??\c:\h3klk.exec:\h3klk.exe106⤵
-
\??\c:\t1xsid.exec:\t1xsid.exe107⤵
-
\??\c:\jmgior.exec:\jmgior.exe108⤵
-
\??\c:\046913.exec:\046913.exe109⤵
-
\??\c:\l93kk02.exec:\l93kk02.exe110⤵
-
\??\c:\fn6191r.exec:\fn6191r.exe111⤵
-
\??\c:\li320.exec:\li320.exe112⤵
-
\??\c:\g80d0.exec:\g80d0.exe113⤵
-
\??\c:\2hu37h.exec:\2hu37h.exe114⤵
-
\??\c:\u04w1.exec:\u04w1.exe115⤵
-
\??\c:\b310f7q.exec:\b310f7q.exe116⤵
-
\??\c:\6eht3.exec:\6eht3.exe117⤵
-
\??\c:\b3umq1.exec:\b3umq1.exe118⤵
-
\??\c:\444l22c.exec:\444l22c.exe119⤵
-
\??\c:\91h69.exec:\91h69.exe120⤵
-
\??\c:\422uc.exec:\422uc.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-