Analysis
-
max time kernel
109s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
16/10/2023, 18:30
General
-
Target
NEAS.9cf3421fee5725bbdd8d0b9cb699dce0.exe
-
Size
116KB
-
MD5
9cf3421fee5725bbdd8d0b9cb699dce0
-
SHA1
a2d0f31a8b7dd2b2d1af5a5b8e781aa7209b0106
-
SHA256
4cad7cd0900cc28c16f716aade26ddefd60eb295d72ce483d2aeffa2d0209754
-
SHA512
126890ef868ce52bffb4db8b9a5e0f16d96556bc20237950415e63206ce7f6a9a9bd71bc1d9a5fc097b47d7b41245517faaa1a5fcaeea68abd1203af1a2b70fa
-
SSDEEP
3072:ymb3NkkiQ3mdBjFodt2zEUDBEX6w0U8wq:n3C9BRoOzEsEXJ0r
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.9cf3421fee5725bbdd8d0b9cb699dce0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.9cf3421fee5725bbdd8d0b9cb699dce0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\h43a5.exec:\h43a5.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\87t7k1k.exec:\87t7k1k.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\27egp85.exec:\27egp85.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lw76n7.exec:\lw76n7.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\71ew58k.exec:\71ew58k.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x959p5.exec:\x959p5.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tig7og5.exec:\tig7og5.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v7533w1.exec:\v7533w1.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bm37l.exec:\bm37l.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hj9ja8.exec:\1hj9ja8.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fat50q7.exec:\fat50q7.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hemgqg.exec:\hemgqg.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6i42vja.exec:\6i42vja.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbv65b.exec:\tbv65b.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9f01q.exec:\9f01q.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vk9q15.exec:\vk9q15.exe17⤵
- Executes dropped EXE
-
\??\c:\x7k1q.exec:\x7k1q.exe18⤵
- Executes dropped EXE
-
\??\c:\8u45iw.exec:\8u45iw.exe19⤵
- Executes dropped EXE
-
\??\c:\e515il7.exec:\e515il7.exe20⤵
- Executes dropped EXE
-
\??\c:\gec8fp5.exec:\gec8fp5.exe21⤵
- Executes dropped EXE
-
\??\c:\h9r124.exec:\h9r124.exe22⤵
- Executes dropped EXE
-
\??\c:\8a3vrf.exec:\8a3vrf.exe23⤵
- Executes dropped EXE
-
\??\c:\88t02.exec:\88t02.exe24⤵
- Executes dropped EXE
-
\??\c:\2ftglcm.exec:\2ftglcm.exe25⤵
- Executes dropped EXE
-
\??\c:\iim1ac9.exec:\iim1ac9.exe26⤵
- Executes dropped EXE
-
\??\c:\e39tcp9.exec:\e39tcp9.exe27⤵
- Executes dropped EXE
-
\??\c:\6q3ij.exec:\6q3ij.exe28⤵
- Executes dropped EXE
-
\??\c:\j96e109.exec:\j96e109.exe29⤵
- Executes dropped EXE
-
\??\c:\8epuom.exec:\8epuom.exe30⤵
- Executes dropped EXE
-
\??\c:\ru4k5.exec:\ru4k5.exe31⤵
- Executes dropped EXE
-
\??\c:\n1p9q5.exec:\n1p9q5.exe32⤵
- Executes dropped EXE
-
\??\c:\67gi7ac.exec:\67gi7ac.exe33⤵
- Executes dropped EXE
-
\??\c:\19pto42.exec:\19pto42.exe34⤵
- Executes dropped EXE
-
\??\c:\a9w87.exec:\a9w87.exe35⤵
- Executes dropped EXE
-
\??\c:\84a76o3.exec:\84a76o3.exe36⤵
- Executes dropped EXE
-
\??\c:\t1qcv1i.exec:\t1qcv1i.exe37⤵
- Executes dropped EXE
-
\??\c:\3au1aq.exec:\3au1aq.exe38⤵
- Executes dropped EXE
-
\??\c:\854e303.exec:\854e303.exe39⤵
- Executes dropped EXE
-
\??\c:\t9g981.exec:\t9g981.exe40⤵
- Executes dropped EXE
-
\??\c:\p9ubhe.exec:\p9ubhe.exe41⤵
- Executes dropped EXE
-
\??\c:\gk8jo.exec:\gk8jo.exe42⤵
- Executes dropped EXE
-
\??\c:\c513a7.exec:\c513a7.exe43⤵
- Executes dropped EXE
-
\??\c:\2f530i.exec:\2f530i.exe44⤵
- Executes dropped EXE
-
\??\c:\e9ig4.exec:\e9ig4.exe45⤵
- Executes dropped EXE
-
\??\c:\81qrgao.exec:\81qrgao.exe46⤵
- Executes dropped EXE
-
\??\c:\2075hb1.exec:\2075hb1.exe47⤵
- Executes dropped EXE
-
\??\c:\d7us8sx.exec:\d7us8sx.exe48⤵
- Executes dropped EXE
-
\??\c:\5l7s9m.exec:\5l7s9m.exe49⤵
- Executes dropped EXE
-
\??\c:\2q5670.exec:\2q5670.exe50⤵
- Executes dropped EXE
-
\??\c:\l8i2xn.exec:\l8i2xn.exe51⤵
- Executes dropped EXE
-
\??\c:\252kx0.exec:\252kx0.exe52⤵
- Executes dropped EXE
-
\??\c:\g5771.exec:\g5771.exe53⤵
- Executes dropped EXE
-
\??\c:\85j9e.exec:\85j9e.exe54⤵
- Executes dropped EXE
-
\??\c:\xi94c7.exec:\xi94c7.exe55⤵
- Executes dropped EXE
-
\??\c:\w6ab6.exec:\w6ab6.exe56⤵
- Executes dropped EXE
-
\??\c:\nm9eb.exec:\nm9eb.exe57⤵
- Executes dropped EXE
-
\??\c:\2k3as.exec:\2k3as.exe58⤵
- Executes dropped EXE
-
\??\c:\i9opm.exec:\i9opm.exe59⤵
- Executes dropped EXE
-
\??\c:\6kt44o4.exec:\6kt44o4.exe60⤵
- Executes dropped EXE
-
\??\c:\26vh6.exec:\26vh6.exe61⤵
- Executes dropped EXE
-
\??\c:\84b0t3q.exec:\84b0t3q.exe62⤵
- Executes dropped EXE
-
\??\c:\lwu9tb.exec:\lwu9tb.exe63⤵
- Executes dropped EXE
-
\??\c:\4kp7qg7.exec:\4kp7qg7.exe64⤵
- Executes dropped EXE
-
\??\c:\oqi7e4.exec:\oqi7e4.exe65⤵
- Executes dropped EXE
-
\??\c:\2xlq43.exec:\2xlq43.exe66⤵
-
\??\c:\2um9o.exec:\2um9o.exe67⤵
-
\??\c:\xm8ai.exec:\xm8ai.exe68⤵
-
\??\c:\pw12p.exec:\pw12p.exe69⤵
-
\??\c:\ubqm4nw.exec:\ubqm4nw.exe70⤵
-
\??\c:\6o15d.exec:\6o15d.exe71⤵
-
\??\c:\39f8u.exec:\39f8u.exe72⤵
-
\??\c:\29s03.exec:\29s03.exe73⤵
-
\??\c:\q5721.exec:\q5721.exe74⤵
-
\??\c:\a5516.exec:\a5516.exe75⤵
-
\??\c:\d9tp4jr.exec:\d9tp4jr.exe76⤵
-
\??\c:\8a97i3u.exec:\8a97i3u.exe77⤵
-
\??\c:\07ajeua.exec:\07ajeua.exe78⤵
-
\??\c:\kck92m.exec:\kck92m.exe79⤵
-
\??\c:\82bvdl.exec:\82bvdl.exe80⤵
-
\??\c:\a1mb8k4.exec:\a1mb8k4.exe81⤵
-
\??\c:\x3391.exec:\x3391.exe82⤵
-
\??\c:\08mla1e.exec:\08mla1e.exe83⤵
-
\??\c:\35939m9.exec:\35939m9.exe84⤵
-
\??\c:\2qc5q1s.exec:\2qc5q1s.exe85⤵
-
\??\c:\jc3338.exec:\jc3338.exe86⤵
-
\??\c:\u9m35mr.exec:\u9m35mr.exe87⤵
-
\??\c:\nbo9k.exec:\nbo9k.exe88⤵
-
\??\c:\85mm2.exec:\85mm2.exe89⤵
-
\??\c:\h8eff.exec:\h8eff.exe90⤵
-
\??\c:\03ql6.exec:\03ql6.exe91⤵
-
\??\c:\1cl3kj9.exec:\1cl3kj9.exe92⤵
-
\??\c:\j00500b.exec:\j00500b.exe93⤵
-
\??\c:\216paa1.exec:\216paa1.exe94⤵
-
\??\c:\icq3w.exec:\icq3w.exe95⤵
-
\??\c:\41e90.exec:\41e90.exe96⤵
-
\??\c:\l9iu9e5.exec:\l9iu9e5.exe97⤵
-
\??\c:\li0o4s.exec:\li0o4s.exe98⤵
-
\??\c:\hq17g.exec:\hq17g.exe99⤵
-
\??\c:\s09scqe.exec:\s09scqe.exe100⤵
-
\??\c:\879a38p.exec:\879a38p.exe101⤵
-
\??\c:\1i51o75.exec:\1i51o75.exe102⤵
-
\??\c:\3h43057.exec:\3h43057.exe103⤵
-
\??\c:\h3e31v.exec:\h3e31v.exe104⤵
-
\??\c:\5iv874w.exec:\5iv874w.exe105⤵
-
\??\c:\5a5cqq.exec:\5a5cqq.exe106⤵
-
\??\c:\na5ie.exec:\na5ie.exe107⤵
-
\??\c:\9sk04.exec:\9sk04.exe108⤵
-
\??\c:\vuj457o.exec:\vuj457o.exe109⤵
-
\??\c:\fd5qf10.exec:\fd5qf10.exe110⤵
-
\??\c:\6b4i1.exec:\6b4i1.exe111⤵
-
\??\c:\k59csi2.exec:\k59csi2.exe112⤵
-
\??\c:\8f12j7.exec:\8f12j7.exe113⤵
-
\??\c:\913107.exec:\913107.exe114⤵
-
\??\c:\0lj4wcj.exec:\0lj4wcj.exe115⤵
-
\??\c:\99c3g2w.exec:\99c3g2w.exe116⤵
-
\??\c:\2s565m.exec:\2s565m.exe117⤵
-
\??\c:\7qt5m3.exec:\7qt5m3.exe118⤵
-
\??\c:\ba3k2s5.exec:\ba3k2s5.exe119⤵
-
\??\c:\13jjsjc.exec:\13jjsjc.exe120⤵
-
\??\c:\58wq3ul.exec:\58wq3ul.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-