Analysis
-
max time kernel
151s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
16-10-2023 18:33
General
-
Target
NEAS.afe579405f395fa98c58f745b7453b90.exe
-
Size
217KB
-
MD5
afe579405f395fa98c58f745b7453b90
-
SHA1
d7c5c8c76ecfefafecce8546257b0b2f10cc80cd
-
SHA256
e43f9f4e4957dd00af705a73cb500ccd6d8145cffdd529f809681f5613fb34a3
-
SHA512
65d404f893ed9795c9a5e607775a03763fecd88544fe92163da551f2de6ed259d91cc450a59755d40a1ff6644faa1f168837d882168c9a7c5788ef5479c5f4fe
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31z8z:n3C9BRo7MlrWKo+lI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.afe579405f395fa98c58f745b7453b90.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.afe579405f395fa98c58f745b7453b90.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\esjbc.exec:\esjbc.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xmglt.exec:\xmglt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ncteow5.exec:\ncteow5.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6bi61c.exec:\6bi61c.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a0s633.exec:\a0s633.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\js5ujec.exec:\js5ujec.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u4jwi82.exec:\u4jwi82.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mdv2w.exec:\mdv2w.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fn8n4.exec:\fn8n4.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3cw0s.exec:\3cw0s.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h4joa.exec:\h4joa.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\874cks.exec:\874cks.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kst05.exec:\kst05.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\eudv6.exec:\eudv6.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s4838.exec:\s4838.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q926p.exec:\q926p.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6wm7q.exec:\6wm7q.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\15i9rq2.exec:\15i9rq2.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6667b.exec:\6667b.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\obm7l7.exec:\obm7l7.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mpls6k4.exec:\mpls6k4.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0ns00.exec:\0ns00.exe23⤵
- Executes dropped EXE
-
\??\c:\4x98s.exec:\4x98s.exe24⤵
- Executes dropped EXE
-
\??\c:\l16n6a.exec:\l16n6a.exe25⤵
- Executes dropped EXE
-
\??\c:\wl3g3a.exec:\wl3g3a.exe26⤵
- Executes dropped EXE
-
\??\c:\r6q629.exec:\r6q629.exe27⤵
- Executes dropped EXE
-
\??\c:\3t9br.exec:\3t9br.exe28⤵
- Executes dropped EXE
-
\??\c:\0w7a30t.exec:\0w7a30t.exe29⤵
- Executes dropped EXE
-
\??\c:\50819p.exec:\50819p.exe30⤵
- Executes dropped EXE
-
\??\c:\ilb59c.exec:\ilb59c.exe31⤵
- Executes dropped EXE
-
\??\c:\d4fs5e3.exec:\d4fs5e3.exe32⤵
- Executes dropped EXE
-
\??\c:\75b25p.exec:\75b25p.exe33⤵
- Executes dropped EXE
-
\??\c:\63a16.exec:\63a16.exe34⤵
- Executes dropped EXE
-
\??\c:\6f277t3.exec:\6f277t3.exe35⤵
- Executes dropped EXE
-
\??\c:\11hr6.exec:\11hr6.exe36⤵
- Executes dropped EXE
-
\??\c:\9rtr780.exec:\9rtr780.exe37⤵
- Executes dropped EXE
-
\??\c:\ukkaa2.exec:\ukkaa2.exe38⤵
- Executes dropped EXE
-
\??\c:\k601w.exec:\k601w.exe39⤵
- Executes dropped EXE
-
\??\c:\xo58f9.exec:\xo58f9.exe40⤵
- Executes dropped EXE
-
\??\c:\1179cf7.exec:\1179cf7.exe41⤵
- Executes dropped EXE
-
\??\c:\su649.exec:\su649.exe42⤵
- Executes dropped EXE
-
\??\c:\22d2vr4.exec:\22d2vr4.exe43⤵
- Executes dropped EXE
-
\??\c:\1p1d5jb.exec:\1p1d5jb.exe44⤵
- Executes dropped EXE
-
\??\c:\dd617.exec:\dd617.exe45⤵
- Executes dropped EXE
-
\??\c:\w2o6w6.exec:\w2o6w6.exe46⤵
- Executes dropped EXE
-
\??\c:\2q4k34.exec:\2q4k34.exe47⤵
- Executes dropped EXE
-
\??\c:\6u9j1kn.exec:\6u9j1kn.exe48⤵
- Executes dropped EXE
-
\??\c:\81ru2.exec:\81ru2.exe49⤵
- Executes dropped EXE
-
\??\c:\bnb40.exec:\bnb40.exe50⤵
- Executes dropped EXE
-
\??\c:\o4e40i.exec:\o4e40i.exe51⤵
- Executes dropped EXE
-
\??\c:\uq979g7.exec:\uq979g7.exe52⤵
- Executes dropped EXE
-
\??\c:\0ieee31.exec:\0ieee31.exe53⤵
- Executes dropped EXE
-
\??\c:\9lc15a9.exec:\9lc15a9.exe54⤵
- Executes dropped EXE
-
\??\c:\796x7u.exec:\796x7u.exe55⤵
- Executes dropped EXE
-
\??\c:\2n4xs5.exec:\2n4xs5.exe56⤵
- Executes dropped EXE
-
\??\c:\fsv6s3.exec:\fsv6s3.exe57⤵
- Executes dropped EXE
-
\??\c:\wp2d1i.exec:\wp2d1i.exe58⤵
- Executes dropped EXE
-
\??\c:\j1q8w.exec:\j1q8w.exe59⤵
- Executes dropped EXE
-
\??\c:\ljs5ta.exec:\ljs5ta.exe60⤵
- Executes dropped EXE
-
\??\c:\v04tt0o.exec:\v04tt0o.exe61⤵
- Executes dropped EXE
-
\??\c:\9wtqp.exec:\9wtqp.exe62⤵
- Executes dropped EXE
-
\??\c:\g899v.exec:\g899v.exe63⤵
- Executes dropped EXE
-
\??\c:\660ep.exec:\660ep.exe64⤵
- Executes dropped EXE
-
\??\c:\b24v6v.exec:\b24v6v.exe65⤵
- Executes dropped EXE
-
\??\c:\9t5au.exec:\9t5au.exe66⤵
-
\??\c:\f5gdhu.exec:\f5gdhu.exe67⤵
-
\??\c:\96087.exec:\96087.exe68⤵
-
\??\c:\2msow6.exec:\2msow6.exe69⤵
-
\??\c:\892xno.exec:\892xno.exe70⤵
-
\??\c:\47j0p.exec:\47j0p.exe71⤵
-
\??\c:\01iw5.exec:\01iw5.exe72⤵
-
\??\c:\iqm5697.exec:\iqm5697.exe73⤵
-
\??\c:\4jbuir5.exec:\4jbuir5.exe74⤵
-
\??\c:\3sdco1.exec:\3sdco1.exe75⤵
-
\??\c:\99cv6.exec:\99cv6.exe76⤵
-
\??\c:\fe369u.exec:\fe369u.exe77⤵
-
\??\c:\au2o1.exec:\au2o1.exe78⤵
-
\??\c:\g4p26.exec:\g4p26.exe79⤵
-
\??\c:\p0e189.exec:\p0e189.exe80⤵
-
\??\c:\puewo5.exec:\puewo5.exe81⤵
-
\??\c:\50u2e13.exec:\50u2e13.exe82⤵
-
\??\c:\2753v.exec:\2753v.exe83⤵
-
\??\c:\4720prx.exec:\4720prx.exe84⤵
-
\??\c:\719n90.exec:\719n90.exe85⤵
-
\??\c:\3lbrqmf.exec:\3lbrqmf.exe86⤵
-
\??\c:\82ddd.exec:\82ddd.exe87⤵
-
\??\c:\23qs7.exec:\23qs7.exe88⤵
-
\??\c:\xh33hf.exec:\xh33hf.exe89⤵
-
\??\c:\wal23k9.exec:\wal23k9.exe90⤵
-
\??\c:\w6dj9v1.exec:\w6dj9v1.exe91⤵
-
\??\c:\53i5c.exec:\53i5c.exe92⤵
-
\??\c:\jecf6.exec:\jecf6.exe93⤵
-
\??\c:\d6t9j5o.exec:\d6t9j5o.exe94⤵
-
\??\c:\21vs48n.exec:\21vs48n.exe95⤵
-
\??\c:\95qd4a.exec:\95qd4a.exe96⤵
-
\??\c:\f7e7uq7.exec:\f7e7uq7.exe97⤵
-
\??\c:\6csw5.exec:\6csw5.exe98⤵
-
\??\c:\hv6480.exec:\hv6480.exe99⤵
-
\??\c:\554cam.exec:\554cam.exe100⤵
-
\??\c:\3d04421.exec:\3d04421.exe101⤵
-
\??\c:\3wosm34.exec:\3wosm34.exe102⤵
-
\??\c:\l27l53.exec:\l27l53.exe103⤵
-
\??\c:\do51w.exec:\do51w.exe104⤵
-
\??\c:\39ml8.exec:\39ml8.exe105⤵
-
\??\c:\97cag14.exec:\97cag14.exe106⤵
-
\??\c:\l533193.exec:\l533193.exe107⤵
-
\??\c:\ummue.exec:\ummue.exe108⤵
-
\??\c:\3t92g.exec:\3t92g.exe109⤵
-
\??\c:\33ugq.exec:\33ugq.exe110⤵
-
\??\c:\65f15.exec:\65f15.exe111⤵
-
\??\c:\807di8.exec:\807di8.exe112⤵
-
\??\c:\5u9ol.exec:\5u9ol.exe113⤵
-
\??\c:\8aj5w1.exec:\8aj5w1.exe114⤵
-
\??\c:\n09bv.exec:\n09bv.exe115⤵
-
\??\c:\q2m4el.exec:\q2m4el.exe116⤵
-
\??\c:\wg70017.exec:\wg70017.exe117⤵
-
\??\c:\8gb1ul.exec:\8gb1ul.exe118⤵
-
\??\c:\8q93953.exec:\8q93953.exe119⤵
-
\??\c:\skecu72.exec:\skecu72.exe120⤵
-
\??\c:\4dxei6n.exec:\4dxei6n.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-