Analysis
-
max time kernel
100s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
21/10/2023, 21:18
General
-
Target
NEAS.3f0a03fe0d55a6bdf083022993a0cda0.exe
-
Size
60KB
-
MD5
3f0a03fe0d55a6bdf083022993a0cda0
-
SHA1
e206a29d94a93a40996089549b8b88a65a0be1a2
-
SHA256
59b9adbc6c44b07126f5339364111c787d1940af5149b98806db8be7eae2de15
-
SHA512
7e0d1af709864950214e379807835078ea6c9cb0e4b17940b011abc9ca509b14b3886e8faa8aa928db4c8479708e284e5f14c6cca8427a8696736f39e07f7f2e
-
SSDEEP
1536:AvQBeOGtrYS3srx93UBWfwC6Ggnouy8c/5k5ZKwOnT:AhOmTsF93UYfwC6GIoutcRk5Zfi
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.3f0a03fe0d55a6bdf083022993a0cda0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.3f0a03fe0d55a6bdf083022993a0cda0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\765wrc.exec:\765wrc.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i6fq3.exec:\i6fq3.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hi5px.exec:\3hi5px.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\me4k5.exec:\me4k5.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\25l709q.exec:\25l709q.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\cs0e6av.exec:\cs0e6av.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jwmwb.exec:\jwmwb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxo76.exec:\hxo76.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f1qe4n3.exec:\f1qe4n3.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\11iom5.exec:\11iom5.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i323lr.exec:\i323lr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\77e57.exec:\77e57.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxpxl.exec:\lxpxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9gpj46.exec:\9gpj46.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4cm9vc.exec:\4cm9vc.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3876fa.exec:\3876fa.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h284b.exec:\h284b.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qs8m7e1.exec:\qs8m7e1.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7aranfr.exec:\7aranfr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lb6f8fw.exec:\lb6f8fw.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9478139.exec:\9478139.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a31aj.exec:\a31aj.exe23⤵
- Executes dropped EXE
-
\??\c:\oeb5d.exec:\oeb5d.exe24⤵
- Executes dropped EXE
-
\??\c:\366d42h.exec:\366d42h.exe25⤵
- Executes dropped EXE
-
\??\c:\0b1uj8o.exec:\0b1uj8o.exe26⤵
- Executes dropped EXE
-
\??\c:\1479vmx.exec:\1479vmx.exe27⤵
- Executes dropped EXE
-
\??\c:\t9ph5.exec:\t9ph5.exe28⤵
- Executes dropped EXE
-
\??\c:\3f365.exec:\3f365.exe29⤵
- Executes dropped EXE
-
\??\c:\5453j.exec:\5453j.exe30⤵
- Executes dropped EXE
-
\??\c:\11t35x.exec:\11t35x.exe31⤵
- Executes dropped EXE
-
\??\c:\95nkf.exec:\95nkf.exe32⤵
- Executes dropped EXE
-
\??\c:\s60vfxd.exec:\s60vfxd.exe33⤵
- Executes dropped EXE
-
\??\c:\v0n3f.exec:\v0n3f.exe34⤵
- Executes dropped EXE
-
\??\c:\g870b.exec:\g870b.exe35⤵
- Executes dropped EXE
-
\??\c:\221a8.exec:\221a8.exe36⤵
- Executes dropped EXE
-
\??\c:\g7309.exec:\g7309.exe37⤵
- Executes dropped EXE
-
\??\c:\uiu6f3.exec:\uiu6f3.exe38⤵
- Executes dropped EXE
-
\??\c:\xxb13dj.exec:\xxb13dj.exe39⤵
- Executes dropped EXE
-
\??\c:\f9ir35.exec:\f9ir35.exe40⤵
- Executes dropped EXE
-
\??\c:\0j3jah0.exec:\0j3jah0.exe41⤵
- Executes dropped EXE
-
\??\c:\s2wrx31.exec:\s2wrx31.exe42⤵
- Executes dropped EXE
-
\??\c:\wu0u2.exec:\wu0u2.exe43⤵
- Executes dropped EXE
-
\??\c:\609e1.exec:\609e1.exe44⤵
- Executes dropped EXE
-
\??\c:\7b7w3.exec:\7b7w3.exe45⤵
- Executes dropped EXE
-
\??\c:\ank9u.exec:\ank9u.exe46⤵
- Executes dropped EXE
-
\??\c:\cmgjtu4.exec:\cmgjtu4.exe47⤵
- Executes dropped EXE
-
\??\c:\ia5ca53.exec:\ia5ca53.exe48⤵
- Executes dropped EXE
-
\??\c:\7qr832.exec:\7qr832.exe49⤵
- Executes dropped EXE
-
\??\c:\wif300.exec:\wif300.exe50⤵
- Executes dropped EXE
-
\??\c:\e12ai.exec:\e12ai.exe51⤵
- Executes dropped EXE
-
\??\c:\vdfmvb.exec:\vdfmvb.exe52⤵
- Executes dropped EXE
-
\??\c:\2ccw5w.exec:\2ccw5w.exe53⤵
- Executes dropped EXE
-
\??\c:\e01e23.exec:\e01e23.exe54⤵
- Executes dropped EXE
-
\??\c:\2o5pmf6.exec:\2o5pmf6.exe55⤵
- Executes dropped EXE
-
\??\c:\t61us.exec:\t61us.exe56⤵
- Executes dropped EXE
-
\??\c:\0drg9x.exec:\0drg9x.exe57⤵
- Executes dropped EXE
-
\??\c:\3w1957r.exec:\3w1957r.exe58⤵
- Executes dropped EXE
-
\??\c:\2rg93q.exec:\2rg93q.exe59⤵
- Executes dropped EXE
-
\??\c:\2eivq2.exec:\2eivq2.exe60⤵
- Executes dropped EXE
-
\??\c:\30s9m5j.exec:\30s9m5j.exe61⤵
- Executes dropped EXE
-
\??\c:\qx5ux75.exec:\qx5ux75.exe62⤵
- Executes dropped EXE
-
\??\c:\169dj.exec:\169dj.exe63⤵
- Executes dropped EXE
-
\??\c:\hpdth.exec:\hpdth.exe64⤵
- Executes dropped EXE
-
\??\c:\ito7c.exec:\ito7c.exe65⤵
- Executes dropped EXE
-
\??\c:\2750x.exec:\2750x.exe66⤵
-
\??\c:\h7793o1.exec:\h7793o1.exe67⤵
-
\??\c:\xk88k1c.exec:\xk88k1c.exe68⤵
-
\??\c:\lswi1.exec:\lswi1.exe69⤵
-
\??\c:\v2n51.exec:\v2n51.exe70⤵
-
\??\c:\75sp86.exec:\75sp86.exe71⤵
-
\??\c:\0ks18f.exec:\0ks18f.exe72⤵
-
\??\c:\bm6x2l8.exec:\bm6x2l8.exe73⤵
-
\??\c:\6i3jmj.exec:\6i3jmj.exe74⤵
-
\??\c:\lxlppt.exec:\lxlppt.exe75⤵
-
\??\c:\m9267.exec:\m9267.exe76⤵
-
\??\c:\73k15.exec:\73k15.exe77⤵
-
\??\c:\mg9a535.exec:\mg9a535.exe78⤵
-
\??\c:\2u0frk.exec:\2u0frk.exe79⤵
-
\??\c:\l4rkr.exec:\l4rkr.exe80⤵
-
\??\c:\46j0b.exec:\46j0b.exe81⤵
-
\??\c:\3c13u77.exec:\3c13u77.exe82⤵
-
\??\c:\bel3e10.exec:\bel3e10.exe83⤵
-
\??\c:\8h1t78x.exec:\8h1t78x.exe84⤵
-
\??\c:\gd9395.exec:\gd9395.exe85⤵
-
\??\c:\c6e13.exec:\c6e13.exe86⤵
-
\??\c:\xipx75.exec:\xipx75.exe87⤵
-
\??\c:\xrkf93.exec:\xrkf93.exe88⤵
-
\??\c:\gkwcg.exec:\gkwcg.exe89⤵
-
\??\c:\071geu.exec:\071geu.exe90⤵
-
\??\c:\smj8io2.exec:\smj8io2.exe91⤵
-
\??\c:\k7o61j.exec:\k7o61j.exe92⤵
-
\??\c:\r3r13s.exec:\r3r13s.exe93⤵
-
\??\c:\cdl3f7.exec:\cdl3f7.exe94⤵
-
\??\c:\0ncss8.exec:\0ncss8.exe95⤵
-
\??\c:\m9wqq9n.exec:\m9wqq9n.exe96⤵
-
\??\c:\9i7pa.exec:\9i7pa.exe97⤵
-
\??\c:\d1159.exec:\d1159.exe98⤵
-
\??\c:\w4wxo.exec:\w4wxo.exe99⤵
-
\??\c:\u1etou6.exec:\u1etou6.exe100⤵
-
\??\c:\emoogc9.exec:\emoogc9.exe101⤵
-
\??\c:\nt3h1o.exec:\nt3h1o.exe102⤵
-
\??\c:\1a5fgv8.exec:\1a5fgv8.exe103⤵
-
\??\c:\3i6mg7o.exec:\3i6mg7o.exe104⤵
-
\??\c:\mo9r878.exec:\mo9r878.exe105⤵
-
\??\c:\q331kn.exec:\q331kn.exe106⤵
-
\??\c:\81t7c.exec:\81t7c.exe107⤵
-
\??\c:\6k71g5.exec:\6k71g5.exe108⤵
-
\??\c:\l56ofbl.exec:\l56ofbl.exe109⤵
-
\??\c:\3h52o.exec:\3h52o.exe110⤵
-
\??\c:\4s53gvk.exec:\4s53gvk.exe111⤵
-
\??\c:\tcrd4um.exec:\tcrd4um.exe112⤵
-
\??\c:\co6s5nl.exec:\co6s5nl.exe113⤵
-
\??\c:\3558317.exec:\3558317.exe114⤵
-
\??\c:\p75o7.exec:\p75o7.exe115⤵
-
\??\c:\b50o00.exec:\b50o00.exe116⤵
-
\??\c:\n3tt940.exec:\n3tt940.exe117⤵
-
\??\c:\po353e3.exec:\po353e3.exe118⤵
-
\??\c:\tp1g8.exec:\tp1g8.exe119⤵
-
\??\c:\c49056q.exec:\c49056q.exe120⤵
-
\??\c:\8k9f1.exec:\8k9f1.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-