Analysis
-
max time kernel
84s -
max time network
45s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
14-10-2023 19:17
General
-
Target
NEAS.df2664c4557845d73d3e8b379733a260.exe
-
Size
66KB
-
MD5
df2664c4557845d73d3e8b379733a260
-
SHA1
f29a59fa98bfbd043821b2a5b3a370dc2c2895aa
-
SHA256
998277ea27c2f3491127c6fa0a4a001690e9d49f67ae9551a66e3e0f502cc8b1
-
SHA512
dda74c040354d7ed7a196b4b4d50ffeebfb714b2170867e10bab67f8f49170b91b0e24de98ed9ef2014e424f5ce0ccd58660fbf6af57e53a698565364d59c140
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1gV0:ymb3NkkiQ3mdBjFoLkI0
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 58 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.df2664c4557845d73d3e8b379733a260.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.df2664c4557845d73d3e8b379733a260.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\qxu4x.exec:\qxu4x.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8v1sqd.exec:\8v1sqd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b0k71e9.exec:\b0k71e9.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9h953d.exec:\9h953d.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6pocqg.exec:\6pocqg.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s6dlt5v.exec:\s6dlt5v.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8x9ow7.exec:\8x9ow7.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kk3ptwq.exec:\kk3ptwq.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\733uwc.exec:\733uwc.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\88xp2.exec:\88xp2.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\asw72.exec:\asw72.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qha2uo.exec:\qha2uo.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\45654rw.exec:\45654rw.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p8qg9q3.exec:\p8qg9q3.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x7s1qp.exec:\x7s1qp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0q9m5.exec:\0q9m5.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\uei9ib8.exec:\uei9ib8.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4wv58a.exec:\4wv58a.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4409f8.exec:\4409f8.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xggac.exec:\xggac.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\151v959.exec:\151v959.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\31kga.exec:\31kga.exe23⤵
- Executes dropped EXE
-
\??\c:\f3q594.exec:\f3q594.exe24⤵
- Executes dropped EXE
-
\??\c:\l1m195.exec:\l1m195.exe25⤵
- Executes dropped EXE
-
\??\c:\den37o1.exec:\den37o1.exe26⤵
- Executes dropped EXE
-
\??\c:\75hc132.exec:\75hc132.exe27⤵
- Executes dropped EXE
-
\??\c:\6eame.exec:\6eame.exe28⤵
- Executes dropped EXE
-
\??\c:\35it54r.exec:\35it54r.exe29⤵
- Executes dropped EXE
-
\??\c:\3913173.exec:\3913173.exe30⤵
- Executes dropped EXE
-
\??\c:\7co57w.exec:\7co57w.exe31⤵
- Executes dropped EXE
-
\??\c:\2wtm621.exec:\2wtm621.exe32⤵
- Executes dropped EXE
-
\??\c:\b4ihs5.exec:\b4ihs5.exe33⤵
- Executes dropped EXE
-
\??\c:\9f439.exec:\9f439.exe34⤵
- Executes dropped EXE
-
\??\c:\93cew.exec:\93cew.exe35⤵
- Executes dropped EXE
-
\??\c:\bp453.exec:\bp453.exe36⤵
- Executes dropped EXE
-
\??\c:\n2m36r.exec:\n2m36r.exe37⤵
- Executes dropped EXE
-
\??\c:\93h6o.exec:\93h6o.exe38⤵
- Executes dropped EXE
-
\??\c:\ifi1gn6.exec:\ifi1gn6.exe39⤵
- Executes dropped EXE
-
\??\c:\uw38d9m.exec:\uw38d9m.exe40⤵
- Executes dropped EXE
-
\??\c:\xfc92v5.exec:\xfc92v5.exe41⤵
- Executes dropped EXE
-
\??\c:\a3j0h.exec:\a3j0h.exe42⤵
- Executes dropped EXE
-
\??\c:\259f51v.exec:\259f51v.exe43⤵
- Executes dropped EXE
-
\??\c:\oo7955.exec:\oo7955.exe44⤵
- Executes dropped EXE
-
\??\c:\brdwcu.exec:\brdwcu.exe45⤵
- Executes dropped EXE
-
\??\c:\f6f3iio.exec:\f6f3iio.exe46⤵
- Executes dropped EXE
-
\??\c:\85c1oio.exec:\85c1oio.exe47⤵
- Executes dropped EXE
-
\??\c:\6e1c52.exec:\6e1c52.exe48⤵
- Executes dropped EXE
-
\??\c:\ni6ubu8.exec:\ni6ubu8.exe49⤵
- Executes dropped EXE
-
\??\c:\1e17mv.exec:\1e17mv.exe50⤵
- Executes dropped EXE
-
\??\c:\av0v3.exec:\av0v3.exe51⤵
- Executes dropped EXE
-
\??\c:\871235.exec:\871235.exe52⤵
- Executes dropped EXE
-
\??\c:\19cchq.exec:\19cchq.exe53⤵
- Executes dropped EXE
-
\??\c:\2ldru4i.exec:\2ldru4i.exe54⤵
- Executes dropped EXE
-
\??\c:\a84ji.exec:\a84ji.exe55⤵
- Executes dropped EXE
-
\??\c:\7q1uhw5.exec:\7q1uhw5.exe56⤵
- Executes dropped EXE
-
\??\c:\j99x7er.exec:\j99x7er.exe57⤵
- Executes dropped EXE
-
\??\c:\2kqqmcu.exec:\2kqqmcu.exe58⤵
- Executes dropped EXE
-
\??\c:\jwl53.exec:\jwl53.exe59⤵
- Executes dropped EXE
-
\??\c:\87g54d.exec:\87g54d.exe60⤵
- Executes dropped EXE
-
\??\c:\4pnuo.exec:\4pnuo.exe61⤵
- Executes dropped EXE
-
\??\c:\074b0f.exec:\074b0f.exe62⤵
- Executes dropped EXE
-
\??\c:\xx1fe8.exec:\xx1fe8.exe63⤵
- Executes dropped EXE
-
\??\c:\r92o1.exec:\r92o1.exe64⤵
- Executes dropped EXE
-
\??\c:\qk351cl.exec:\qk351cl.exe65⤵
- Executes dropped EXE
-
\??\c:\fk355i.exec:\fk355i.exe66⤵
-
\??\c:\h7u3k39.exec:\h7u3k39.exe67⤵
-
\??\c:\0p4d3kk.exec:\0p4d3kk.exe68⤵
-
\??\c:\t5qss6u.exec:\t5qss6u.exe69⤵
-
\??\c:\loki4.exec:\loki4.exe70⤵
-
\??\c:\ow037.exec:\ow037.exe71⤵
-
\??\c:\19t4c.exec:\19t4c.exe72⤵
-
\??\c:\43977f5.exec:\43977f5.exe73⤵
-
\??\c:\2u74s5k.exec:\2u74s5k.exe74⤵
-
\??\c:\lag63kr.exec:\lag63kr.exe75⤵
-
\??\c:\93c5475.exec:\93c5475.exe76⤵
-
\??\c:\5e7qwk.exec:\5e7qwk.exe77⤵
-
\??\c:\q277v.exec:\q277v.exe78⤵
-
\??\c:\388dfk4.exec:\388dfk4.exe79⤵
-
\??\c:\va62x9.exec:\va62x9.exe80⤵
-
\??\c:\2tw76.exec:\2tw76.exe81⤵
-
\??\c:\6s2d3a7.exec:\6s2d3a7.exe82⤵
-
\??\c:\h0f40u.exec:\h0f40u.exe83⤵
-
\??\c:\7939913.exec:\7939913.exe84⤵
-
\??\c:\iew517b.exec:\iew517b.exe85⤵
-
\??\c:\915r1.exec:\915r1.exe86⤵
-
\??\c:\ld821.exec:\ld821.exe87⤵
-
\??\c:\je92f5q.exec:\je92f5q.exe88⤵
-
\??\c:\09wsg53.exec:\09wsg53.exe89⤵
-
\??\c:\734j53.exec:\734j53.exe90⤵
-
\??\c:\61wlo0r.exec:\61wlo0r.exe91⤵
-
\??\c:\29p313.exec:\29p313.exe92⤵
-
\??\c:\joi41.exec:\joi41.exe93⤵
-
\??\c:\j39g3gj.exec:\j39g3gj.exe94⤵
-
\??\c:\0o1q78.exec:\0o1q78.exe95⤵
-
\??\c:\97c4iha.exec:\97c4iha.exe96⤵
-
\??\c:\1592m.exec:\1592m.exe97⤵
-
\??\c:\69v76f9.exec:\69v76f9.exe98⤵
-
\??\c:\27h9vvx.exec:\27h9vvx.exe99⤵
-
\??\c:\uxc0h4.exec:\uxc0h4.exe100⤵
-
\??\c:\w8ohai.exec:\w8ohai.exe101⤵
-
\??\c:\3o1wl2.exec:\3o1wl2.exe102⤵
-
\??\c:\67oi5i1.exec:\67oi5i1.exe103⤵
-
\??\c:\2435v57.exec:\2435v57.exe104⤵
-
\??\c:\kq38h9.exec:\kq38h9.exe105⤵
-
\??\c:\ec1oe9.exec:\ec1oe9.exe106⤵
-
\??\c:\frh9eh0.exec:\frh9eh0.exe107⤵
-
\??\c:\0p18m50.exec:\0p18m50.exe108⤵
-
\??\c:\sdh809.exec:\sdh809.exe109⤵
-
\??\c:\8eg57.exec:\8eg57.exe110⤵
-
\??\c:\n1ep0a7.exec:\n1ep0a7.exe111⤵
-
\??\c:\wmu6hb.exec:\wmu6hb.exe112⤵
-
\??\c:\q39ld6.exec:\q39ld6.exe113⤵
-
\??\c:\wr9ej3.exec:\wr9ej3.exe114⤵
-
\??\c:\onwx7kb.exec:\onwx7kb.exe115⤵
-
\??\c:\2016xk.exec:\2016xk.exe116⤵
-
\??\c:\31h70.exec:\31h70.exe117⤵
-
\??\c:\6e5g36u.exec:\6e5g36u.exe118⤵
-
\??\c:\7trw0.exec:\7trw0.exe119⤵
-
\??\c:\gn514j.exec:\gn514j.exe120⤵
-
\??\c:\9i5uh3i.exec:\9i5uh3i.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-