Analysis
-
max time kernel
157s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
28/10/2023, 19:53
General
-
Target
NEAS.4a607a6d3d374e1fa78c695d4ca0e470.exe
-
Size
356KB
-
MD5
4a607a6d3d374e1fa78c695d4ca0e470
-
SHA1
8ffd25ef66c5979bd97bd23794c591b88e594db0
-
SHA256
b66c02dd7a32a323230df42ab6408e9c4162c19b18560f44eefe300123c7c2bf
-
SHA512
e21a82d9e7fc28847196e19faba6db6f89a58eb1b6d848c03a9c8927dfdb9ea567fd5e45375af0ecadbf7d51b9523762523082f8dca53b093e5b9af1b9257d79
-
SSDEEP
6144:n3C9BRo7tvnJ9oH0IRgZvjD8296gnzeZhBZ:n3C9ytvngQj429nnzeZhBZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 43 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 60 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.4a607a6d3d374e1fa78c695d4ca0e470.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.4a607a6d3d374e1fa78c695d4ca0e470.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\2u6xl3x.exec:\2u6xl3x.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8fc6u1.exec:\8fc6u1.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v959i.exec:\v959i.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\14m5q7.exec:\14m5q7.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\96775o5.exec:\96775o5.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3935q.exec:\3935q.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0x4qp.exec:\0x4qp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\298m4.exec:\298m4.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gcc2sh.exec:\gcc2sh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\37n75l.exec:\37n75l.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1i31v2.exec:\1i31v2.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a29h9.exec:\a29h9.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j078n.exec:\j078n.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\aakom2s.exec:\aakom2s.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i5drsv.exec:\i5drsv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6h5oca.exec:\6h5oca.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m55121.exec:\m55121.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v64q41u.exec:\v64q41u.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e21ms5q.exec:\e21ms5q.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9heiswu.exec:\9heiswu.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s2i38q.exec:\s2i38q.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e0c698.exec:\e0c698.exe23⤵
- Executes dropped EXE
-
\??\c:\0polk39.exec:\0polk39.exe24⤵
- Executes dropped EXE
-
\??\c:\2v77r.exec:\2v77r.exe25⤵
- Executes dropped EXE
-
\??\c:\64cs7.exec:\64cs7.exe26⤵
- Executes dropped EXE
-
\??\c:\4e5hi2r.exec:\4e5hi2r.exe27⤵
- Executes dropped EXE
-
\??\c:\ic7m1k.exec:\ic7m1k.exe28⤵
- Executes dropped EXE
-
\??\c:\f5ga3.exec:\f5ga3.exe29⤵
- Executes dropped EXE
-
\??\c:\un1jxl3.exec:\un1jxl3.exe30⤵
- Executes dropped EXE
-
\??\c:\6h0x59.exec:\6h0x59.exe31⤵
- Executes dropped EXE
-
\??\c:\u0h62.exec:\u0h62.exe32⤵
- Executes dropped EXE
-
\??\c:\d6b18.exec:\d6b18.exe33⤵
- Executes dropped EXE
-
\??\c:\0k65sjq.exec:\0k65sjq.exe34⤵
- Executes dropped EXE
-
\??\c:\6cur7xl.exec:\6cur7xl.exe35⤵
- Executes dropped EXE
-
\??\c:\4lu7i.exec:\4lu7i.exe36⤵
- Executes dropped EXE
-
\??\c:\23lbg.exec:\23lbg.exe37⤵
- Executes dropped EXE
-
\??\c:\2lpvn.exec:\2lpvn.exe38⤵
- Executes dropped EXE
-
\??\c:\n3c967j.exec:\n3c967j.exe39⤵
- Executes dropped EXE
-
\??\c:\37826xc.exec:\37826xc.exe40⤵
- Executes dropped EXE
-
\??\c:\kfd9p.exec:\kfd9p.exe41⤵
- Executes dropped EXE
-
\??\c:\g8hpvvg.exec:\g8hpvvg.exe42⤵
- Executes dropped EXE
-
\??\c:\77188o.exec:\77188o.exe43⤵
- Executes dropped EXE
-
\??\c:\4sv44.exec:\4sv44.exe44⤵
- Executes dropped EXE
-
\??\c:\s8u85j.exec:\s8u85j.exe45⤵
- Executes dropped EXE
-
\??\c:\79dko.exec:\79dko.exe46⤵
- Executes dropped EXE
-
\??\c:\hp5g5k.exec:\hp5g5k.exe47⤵
- Executes dropped EXE
-
\??\c:\qqqo51.exec:\qqqo51.exe48⤵
- Executes dropped EXE
-
\??\c:\w393v.exec:\w393v.exe49⤵
- Executes dropped EXE
-
\??\c:\thlmbd5.exec:\thlmbd5.exe50⤵
- Executes dropped EXE
-
\??\c:\6s5hg.exec:\6s5hg.exe51⤵
- Executes dropped EXE
-
\??\c:\8f7n4d3.exec:\8f7n4d3.exe52⤵
- Executes dropped EXE
-
\??\c:\w8537k9.exec:\w8537k9.exe53⤵
- Executes dropped EXE
-
\??\c:\cdgwx.exec:\cdgwx.exe54⤵
- Executes dropped EXE
-
\??\c:\638qwk4.exec:\638qwk4.exe55⤵
- Executes dropped EXE
-
\??\c:\d4nok.exec:\d4nok.exe56⤵
- Executes dropped EXE
-
\??\c:\1ttx69o.exec:\1ttx69o.exe57⤵
- Executes dropped EXE
-
\??\c:\0awo2o.exec:\0awo2o.exe58⤵
- Executes dropped EXE
-
\??\c:\f153w07.exec:\f153w07.exe59⤵
- Executes dropped EXE
-
\??\c:\f3e72h.exec:\f3e72h.exe60⤵
- Executes dropped EXE
-
\??\c:\58wua42.exec:\58wua42.exe61⤵
- Executes dropped EXE
-
\??\c:\2554x0k.exec:\2554x0k.exe62⤵
- Executes dropped EXE
-
\??\c:\b7a8g1.exec:\b7a8g1.exe63⤵
- Executes dropped EXE
-
\??\c:\3r31577.exec:\3r31577.exe64⤵
- Executes dropped EXE
-
\??\c:\jm5jo.exec:\jm5jo.exe65⤵
- Executes dropped EXE
-
\??\c:\962mq.exec:\962mq.exe66⤵
-
\??\c:\44871c6.exec:\44871c6.exe67⤵
-
\??\c:\dt33ie.exec:\dt33ie.exe68⤵
-
\??\c:\lvmkr.exec:\lvmkr.exe69⤵
-
\??\c:\5i93q05.exec:\5i93q05.exe70⤵
-
\??\c:\2u339.exec:\2u339.exe71⤵
-
\??\c:\m01p1k9.exec:\m01p1k9.exe72⤵
-
\??\c:\rr49kw7.exec:\rr49kw7.exe73⤵
-
\??\c:\a61ja7.exec:\a61ja7.exe74⤵
-
\??\c:\48nku.exec:\48nku.exe75⤵
-
\??\c:\71cx755.exec:\71cx755.exe76⤵
-
\??\c:\4b9xb14.exec:\4b9xb14.exe77⤵
-
\??\c:\nek15.exec:\nek15.exe78⤵
-
\??\c:\i5bl9i.exec:\i5bl9i.exe79⤵
-
\??\c:\80qke.exec:\80qke.exe80⤵
-
\??\c:\92k82.exec:\92k82.exe81⤵
-
\??\c:\6g010.exec:\6g010.exe82⤵
-
\??\c:\7bxn046.exec:\7bxn046.exe83⤵
-
\??\c:\ff3xf.exec:\ff3xf.exe84⤵
-
\??\c:\vum309.exec:\vum309.exe85⤵
-
\??\c:\va1q9.exec:\va1q9.exe86⤵
-
\??\c:\91300x.exec:\91300x.exe87⤵
-
\??\c:\72hds00.exec:\72hds00.exe88⤵
-
\??\c:\qp00o.exec:\qp00o.exe89⤵
-
\??\c:\390ru.exec:\390ru.exe90⤵
-
\??\c:\6o1li7.exec:\6o1li7.exe91⤵
-
\??\c:\m69105g.exec:\m69105g.exe92⤵
-
\??\c:\750of.exec:\750of.exe93⤵
-
\??\c:\311r58.exec:\311r58.exe94⤵
-
\??\c:\i0v997.exec:\i0v997.exe95⤵
-
\??\c:\r8dsq4k.exec:\r8dsq4k.exe96⤵
-
\??\c:\1g55t1.exec:\1g55t1.exe97⤵
-
\??\c:\0hr3gmj.exec:\0hr3gmj.exe98⤵
-
\??\c:\99j72uc.exec:\99j72uc.exe99⤵
-
\??\c:\2x48b.exec:\2x48b.exe100⤵
-
\??\c:\lb06dva.exec:\lb06dva.exe101⤵
-
\??\c:\oeq5xa.exec:\oeq5xa.exe102⤵
-
\??\c:\05335ox.exec:\05335ox.exe103⤵
-
\??\c:\wb3t09.exec:\wb3t09.exe104⤵
-
\??\c:\as2h9.exec:\as2h9.exe105⤵
-
\??\c:\edd51pa.exec:\edd51pa.exe106⤵
-
\??\c:\kk7f1.exec:\kk7f1.exe107⤵
-
\??\c:\vp1h13w.exec:\vp1h13w.exe108⤵
-
\??\c:\g423e.exec:\g423e.exe109⤵
-
\??\c:\l0f5r2.exec:\l0f5r2.exe110⤵
-
\??\c:\1dt5qt9.exec:\1dt5qt9.exe111⤵
-
\??\c:\l1md4aw.exec:\l1md4aw.exe112⤵
-
\??\c:\4j7jk.exec:\4j7jk.exe113⤵
-
\??\c:\75i1s35.exec:\75i1s35.exe114⤵
-
\??\c:\aej0h.exec:\aej0h.exe115⤵
-
\??\c:\dkcjw.exec:\dkcjw.exe116⤵
-
\??\c:\8f2cs.exec:\8f2cs.exe117⤵
-
\??\c:\vvu6g.exec:\vvu6g.exe118⤵
-
\??\c:\812l1.exec:\812l1.exe119⤵
-
\??\c:\d2hkq.exec:\d2hkq.exe120⤵
-
\??\c:\r35k1x.exec:\r35k1x.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-