Analysis
-
max time kernel
151s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
16/10/2023, 18:24
General
-
Target
NEAS.6e763983afd6298809398bbb60bb17a0.exe
-
Size
106KB
-
MD5
6e763983afd6298809398bbb60bb17a0
-
SHA1
214b29e6c1ae28c3938688df0c3c10a0b7c4d741
-
SHA256
f3ec2d4d70b91421d999f66a94ee92b737ee6d1a04e1e8c18c0b6d855d8164af
-
SHA512
4fb4d21ae586e5618fae2420174f2bbe47922edf9b2339ef329272bc9c8bdefc1f98a58d8ddff073ffc344915bb9693c6bc835eb42e50f6bb3ba68dc80e721b7
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7NANydEiFBl0+Ct7VYL+5HiW0d:ymb3NkkiQ3mdBjFo7NVdEizCh2+piXdJ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 34 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 60 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.6e763983afd6298809398bbb60bb17a0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.6e763983afd6298809398bbb60bb17a0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rdc62.exec:\rdc62.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddhpld.exec:\ddhpld.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h9s7o.exec:\h9s7o.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k5190s.exec:\k5190s.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xb5a1.exec:\xb5a1.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r9dwt1.exec:\r9dwt1.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rmmvh.exec:\rmmvh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x437t.exec:\x437t.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kvo5s.exec:\kvo5s.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\59ocv.exec:\59ocv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\271798k.exec:\271798k.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u124ouh.exec:\u124ouh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\te8x74w.exec:\te8x74w.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e4oo0m.exec:\e4oo0m.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\962hd.exec:\962hd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f7acw.exec:\f7acw.exe17⤵
- Executes dropped EXE
-
\??\c:\64bbxl9.exec:\64bbxl9.exe18⤵
- Executes dropped EXE
-
\??\c:\ivh274.exec:\ivh274.exe19⤵
- Executes dropped EXE
-
\??\c:\3b8t0.exec:\3b8t0.exe20⤵
- Executes dropped EXE
-
\??\c:\u09893.exec:\u09893.exe21⤵
- Executes dropped EXE
-
\??\c:\jckb0.exec:\jckb0.exe22⤵
- Executes dropped EXE
-
\??\c:\vxe7b8.exec:\vxe7b8.exe23⤵
- Executes dropped EXE
-
\??\c:\n0m452.exec:\n0m452.exe24⤵
- Executes dropped EXE
-
\??\c:\21j1ao.exec:\21j1ao.exe25⤵
- Executes dropped EXE
-
\??\c:\5422t3.exec:\5422t3.exe26⤵
- Executes dropped EXE
-
\??\c:\591xc.exec:\591xc.exe27⤵
- Executes dropped EXE
-
\??\c:\g1gjb.exec:\g1gjb.exe28⤵
- Executes dropped EXE
-
\??\c:\wjp80.exec:\wjp80.exe29⤵
- Executes dropped EXE
-
\??\c:\j3085w.exec:\j3085w.exe30⤵
- Executes dropped EXE
-
\??\c:\p3q0b08.exec:\p3q0b08.exe31⤵
- Executes dropped EXE
-
\??\c:\l8u8c46.exec:\l8u8c46.exe32⤵
- Executes dropped EXE
-
\??\c:\s84612.exec:\s84612.exe33⤵
- Executes dropped EXE
-
\??\c:\72o1x.exec:\72o1x.exe34⤵
- Executes dropped EXE
-
\??\c:\88n4fs.exec:\88n4fs.exe35⤵
- Executes dropped EXE
-
\??\c:\03r6q.exec:\03r6q.exe36⤵
- Executes dropped EXE
-
\??\c:\k4681.exec:\k4681.exe37⤵
- Executes dropped EXE
-
\??\c:\rb2538.exec:\rb2538.exe38⤵
- Executes dropped EXE
-
\??\c:\t94p7q.exec:\t94p7q.exe39⤵
- Executes dropped EXE
-
\??\c:\t85kd.exec:\t85kd.exe40⤵
- Executes dropped EXE
-
\??\c:\d0elv.exec:\d0elv.exe41⤵
- Executes dropped EXE
-
\??\c:\fq6run4.exec:\fq6run4.exe42⤵
- Executes dropped EXE
-
\??\c:\4cnh3.exec:\4cnh3.exe43⤵
- Executes dropped EXE
-
\??\c:\o7w9rv.exec:\o7w9rv.exe44⤵
- Executes dropped EXE
-
\??\c:\h0jvk.exec:\h0jvk.exe45⤵
- Executes dropped EXE
-
\??\c:\232imt.exec:\232imt.exe46⤵
- Executes dropped EXE
-
\??\c:\95sjt0.exec:\95sjt0.exe47⤵
- Executes dropped EXE
-
\??\c:\gf3j2x6.exec:\gf3j2x6.exe48⤵
- Executes dropped EXE
-
\??\c:\55wg2.exec:\55wg2.exe49⤵
- Executes dropped EXE
-
\??\c:\466pv.exec:\466pv.exe50⤵
- Executes dropped EXE
-
\??\c:\h361e17.exec:\h361e17.exe51⤵
- Executes dropped EXE
-
\??\c:\cfsx7w.exec:\cfsx7w.exe52⤵
- Executes dropped EXE
-
\??\c:\063bv4.exec:\063bv4.exe53⤵
- Executes dropped EXE
-
\??\c:\1025r.exec:\1025r.exe54⤵
- Executes dropped EXE
-
\??\c:\qj4q5a1.exec:\qj4q5a1.exe55⤵
- Executes dropped EXE
-
\??\c:\p88nh5.exec:\p88nh5.exe56⤵
- Executes dropped EXE
-
\??\c:\dw62c2.exec:\dw62c2.exe57⤵
- Executes dropped EXE
-
\??\c:\70a69.exec:\70a69.exe58⤵
- Executes dropped EXE
-
\??\c:\599bsn4.exec:\599bsn4.exe59⤵
- Executes dropped EXE
-
\??\c:\xk349.exec:\xk349.exe60⤵
- Executes dropped EXE
-
\??\c:\j2jiw59.exec:\j2jiw59.exe61⤵
- Executes dropped EXE
-
\??\c:\s2igr0.exec:\s2igr0.exe62⤵
- Executes dropped EXE
-
\??\c:\8bcehk.exec:\8bcehk.exe63⤵
- Executes dropped EXE
-
\??\c:\apq771.exec:\apq771.exe64⤵
- Executes dropped EXE
-
\??\c:\6nx3lj.exec:\6nx3lj.exe65⤵
- Executes dropped EXE
-
\??\c:\64n25.exec:\64n25.exe66⤵
-
\??\c:\4d0ah8.exec:\4d0ah8.exe67⤵
-
\??\c:\wmed4j.exec:\wmed4j.exe68⤵
-
\??\c:\3639bw.exec:\3639bw.exe69⤵
-
\??\c:\8t14pxf.exec:\8t14pxf.exe70⤵
-
\??\c:\r4d2p3n.exec:\r4d2p3n.exe71⤵
-
\??\c:\snr55.exec:\snr55.exe72⤵
-
\??\c:\8x4sm3.exec:\8x4sm3.exe73⤵
-
\??\c:\m3r641.exec:\m3r641.exe74⤵
-
\??\c:\ok8p18x.exec:\ok8p18x.exe75⤵
-
\??\c:\wq32970.exec:\wq32970.exe76⤵
-
\??\c:\h8a13ke.exec:\h8a13ke.exe77⤵
-
\??\c:\7r4hm.exec:\7r4hm.exe78⤵
-
\??\c:\i6366n.exec:\i6366n.exe79⤵
-
\??\c:\65xl7mk.exec:\65xl7mk.exe80⤵
-
\??\c:\f0k2g99.exec:\f0k2g99.exe81⤵
-
\??\c:\d2x95c.exec:\d2x95c.exe82⤵
-
\??\c:\c8jw620.exec:\c8jw620.exe83⤵
-
\??\c:\m3r0e.exec:\m3r0e.exe84⤵
-
\??\c:\gb8o7av.exec:\gb8o7av.exe85⤵
-
\??\c:\1j94th.exec:\1j94th.exe86⤵
-
\??\c:\82j12v5.exec:\82j12v5.exe87⤵
-
\??\c:\95apv.exec:\95apv.exe88⤵
-
\??\c:\b4cx03.exec:\b4cx03.exe89⤵
-
\??\c:\9lrovg.exec:\9lrovg.exe90⤵
-
\??\c:\685r9x.exec:\685r9x.exe91⤵
-
\??\c:\t9dwrv6.exec:\t9dwrv6.exe92⤵
-
\??\c:\8akwfu.exec:\8akwfu.exe93⤵
-
\??\c:\h321o.exec:\h321o.exe94⤵
-
\??\c:\ni633.exec:\ni633.exe95⤵
-
\??\c:\iv78ega.exec:\iv78ega.exe96⤵
-
\??\c:\dp0lsv.exec:\dp0lsv.exe97⤵
-
\??\c:\7vwusce.exec:\7vwusce.exe98⤵
-
\??\c:\ke58wk.exec:\ke58wk.exe99⤵
-
\??\c:\gl4r0w.exec:\gl4r0w.exe100⤵
-
\??\c:\g2hqd9.exec:\g2hqd9.exe101⤵
-
\??\c:\tu7n5.exec:\tu7n5.exe102⤵
-
\??\c:\i2l6f.exec:\i2l6f.exe103⤵
-
\??\c:\310v32.exec:\310v32.exe104⤵
-
\??\c:\tn7ra87.exec:\tn7ra87.exe105⤵
-
\??\c:\9t3il46.exec:\9t3il46.exe106⤵
-
\??\c:\tc2hh.exec:\tc2hh.exe107⤵
-
\??\c:\ho78n57.exec:\ho78n57.exe108⤵
-
\??\c:\8br9k5.exec:\8br9k5.exe109⤵
-
\??\c:\gdl13.exec:\gdl13.exe110⤵
-
\??\c:\l54qt7.exec:\l54qt7.exe111⤵
-
\??\c:\3c0nu.exec:\3c0nu.exe112⤵
-
\??\c:\g60ds.exec:\g60ds.exe113⤵
-
\??\c:\2b4pv6n.exec:\2b4pv6n.exe114⤵
-
\??\c:\cugdk.exec:\cugdk.exe115⤵
-
\??\c:\qn48gw6.exec:\qn48gw6.exe116⤵
-
\??\c:\tl1rxv.exec:\tl1rxv.exe117⤵
-
\??\c:\6246r.exec:\6246r.exe118⤵
-
\??\c:\j46t2.exec:\j46t2.exe119⤵
-
\??\c:\435sb55.exec:\435sb55.exe120⤵
-
\??\c:\pw121.exec:\pw121.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-