Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
28/10/2023, 19:54
General
-
Target
NEAS.5d405ae7075ba90cf2636c0a143bbf60.exe
-
Size
61KB
-
MD5
5d405ae7075ba90cf2636c0a143bbf60
-
SHA1
1ff5a2772411cf0cbbc9068069892f49318e060e
-
SHA256
3819d79750d6b1280e85e163b5defae6b530b29952446bc70e54c39ae494c11e
-
SHA512
930cea2510150a7cdd7fd2a0060c1a89b89ac741e5e80f370027ee969bd8ce8d5abcd1944bda8f161415e16a502cf214457935afafec2c6ec093eb5e2ced095d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI7Zt:ymb3NkkiQ3mdBjFI7Zt
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.5d405ae7075ba90cf2636c0a143bbf60.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.5d405ae7075ba90cf2636c0a143bbf60.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\6vv897.exec:\6vv897.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\57juaaa.exec:\57juaaa.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\uxs8md1.exec:\uxs8md1.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\19cq0.exec:\19cq0.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\14ku9.exec:\14ku9.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jm27ffi.exec:\jm27ffi.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6k16w9.exec:\6k16w9.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ocd9m79.exec:\ocd9m79.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\97697.exec:\97697.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mjk85.exec:\mjk85.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i5o7ov3.exec:\i5o7ov3.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h442x.exec:\h442x.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wfo51dv.exec:\wfo51dv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btlqm5k.exec:\btlqm5k.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\iq2c92.exec:\iq2c92.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\778n01.exec:\778n01.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bq8vg.exec:\bq8vg.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q8425.exec:\q8425.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2747f.exec:\2747f.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l8n7wg1.exec:\l8n7wg1.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dj0ov.exec:\dj0ov.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ja06.exec:\3ja06.exe23⤵
- Executes dropped EXE
-
\??\c:\0fo4wom.exec:\0fo4wom.exe24⤵
- Executes dropped EXE
-
\??\c:\t9513.exec:\t9513.exe25⤵
- Executes dropped EXE
-
\??\c:\cscssu1.exec:\cscssu1.exe26⤵
- Executes dropped EXE
-
\??\c:\7twi20.exec:\7twi20.exe27⤵
- Executes dropped EXE
-
\??\c:\u39sj.exec:\u39sj.exe28⤵
- Executes dropped EXE
-
\??\c:\vg399.exec:\vg399.exe29⤵
- Executes dropped EXE
-
\??\c:\eu5wh8.exec:\eu5wh8.exe30⤵
- Executes dropped EXE
-
\??\c:\ckc26.exec:\ckc26.exe31⤵
- Executes dropped EXE
-
\??\c:\rc6mwo9.exec:\rc6mwo9.exe32⤵
- Executes dropped EXE
-
\??\c:\03ucaea.exec:\03ucaea.exe33⤵
- Executes dropped EXE
-
\??\c:\614sj54.exec:\614sj54.exe34⤵
- Executes dropped EXE
-
\??\c:\79okvau.exec:\79okvau.exe35⤵
- Executes dropped EXE
-
\??\c:\f4t5f.exec:\f4t5f.exe36⤵
- Executes dropped EXE
-
\??\c:\l76j78i.exec:\l76j78i.exe37⤵
- Executes dropped EXE
-
\??\c:\kguci.exec:\kguci.exe38⤵
- Executes dropped EXE
-
\??\c:\ew58c.exec:\ew58c.exe39⤵
- Executes dropped EXE
-
\??\c:\559r0.exec:\559r0.exe40⤵
- Executes dropped EXE
-
\??\c:\md78m.exec:\md78m.exe41⤵
- Executes dropped EXE
-
\??\c:\69m72g.exec:\69m72g.exe42⤵
- Executes dropped EXE
-
\??\c:\w6933cg.exec:\w6933cg.exe43⤵
- Executes dropped EXE
-
\??\c:\a1793.exec:\a1793.exe44⤵
- Executes dropped EXE
-
\??\c:\dggwmg.exec:\dggwmg.exe45⤵
- Executes dropped EXE
-
\??\c:\4h6ad.exec:\4h6ad.exe46⤵
- Executes dropped EXE
-
\??\c:\b2117.exec:\b2117.exe47⤵
- Executes dropped EXE
-
\??\c:\31xa15l.exec:\31xa15l.exe48⤵
- Executes dropped EXE
-
\??\c:\gi98l3.exec:\gi98l3.exe49⤵
- Executes dropped EXE
-
\??\c:\xgn9uck.exec:\xgn9uck.exe50⤵
- Executes dropped EXE
-
\??\c:\qcm33u3.exec:\qcm33u3.exe51⤵
- Executes dropped EXE
-
\??\c:\97955.exec:\97955.exe52⤵
- Executes dropped EXE
-
\??\c:\x6uf4.exec:\x6uf4.exe53⤵
- Executes dropped EXE
-
\??\c:\13ege94.exec:\13ege94.exe54⤵
- Executes dropped EXE
-
\??\c:\ta9371.exec:\ta9371.exe55⤵
- Executes dropped EXE
-
\??\c:\micommu.exec:\micommu.exe56⤵
- Executes dropped EXE
-
\??\c:\59q58.exec:\59q58.exe57⤵
- Executes dropped EXE
-
\??\c:\sot8imk.exec:\sot8imk.exe58⤵
- Executes dropped EXE
-
\??\c:\153953.exec:\153953.exe59⤵
- Executes dropped EXE
-
\??\c:\aq2cw.exec:\aq2cw.exe60⤵
- Executes dropped EXE
-
\??\c:\x1v16gf.exec:\x1v16gf.exe61⤵
- Executes dropped EXE
-
\??\c:\h78i9ui.exec:\h78i9ui.exe62⤵
- Executes dropped EXE
-
\??\c:\60x4qv.exec:\60x4qv.exe63⤵
- Executes dropped EXE
-
\??\c:\x3357.exec:\x3357.exe64⤵
- Executes dropped EXE
-
\??\c:\ei753g.exec:\ei753g.exe65⤵
- Executes dropped EXE
-
\??\c:\fn979.exec:\fn979.exe66⤵
-
\??\c:\q98o125.exec:\q98o125.exe67⤵
-
\??\c:\qmul7.exec:\qmul7.exe68⤵
-
\??\c:\3074n0.exec:\3074n0.exe69⤵
-
\??\c:\0k94f9.exec:\0k94f9.exe70⤵
-
\??\c:\lw997.exec:\lw997.exe71⤵
-
\??\c:\j9ow9g.exec:\j9ow9g.exe72⤵
-
\??\c:\g8qba9k.exec:\g8qba9k.exe73⤵
-
\??\c:\11377.exec:\11377.exe74⤵
-
\??\c:\19973.exec:\19973.exe75⤵
-
\??\c:\ka4i1qp.exec:\ka4i1qp.exe76⤵
-
\??\c:\1ucg303.exec:\1ucg303.exe77⤵
-
\??\c:\7536s7.exec:\7536s7.exe78⤵
-
\??\c:\gd34j33.exec:\gd34j33.exe79⤵
-
\??\c:\655795.exec:\655795.exe80⤵
-
\??\c:\xd1s5.exec:\xd1s5.exe81⤵
-
\??\c:\8ogae.exec:\8ogae.exe82⤵
-
\??\c:\770sp7e.exec:\770sp7e.exe83⤵
-
\??\c:\d3917.exec:\d3917.exe84⤵
-
\??\c:\2aw7sg.exec:\2aw7sg.exe85⤵
-
\??\c:\wmj12.exec:\wmj12.exe86⤵
-
\??\c:\256a37.exec:\256a37.exe87⤵
-
\??\c:\ccqa117.exec:\ccqa117.exe88⤵
-
\??\c:\kf6l975.exec:\kf6l975.exe89⤵
-
\??\c:\t715555.exec:\t715555.exe90⤵
-
\??\c:\9ki1c.exec:\9ki1c.exe91⤵
-
\??\c:\36w59iu.exec:\36w59iu.exe92⤵
-
\??\c:\932h8q.exec:\932h8q.exe93⤵
-
\??\c:\i77m7eq.exec:\i77m7eq.exe94⤵
-
\??\c:\95csi.exec:\95csi.exe95⤵
-
\??\c:\31ur32t.exec:\31ur32t.exe96⤵
-
\??\c:\54e35.exec:\54e35.exe97⤵
-
\??\c:\h5aa77.exec:\h5aa77.exe98⤵
-
\??\c:\bu99539.exec:\bu99539.exe99⤵
-
\??\c:\km90it5.exec:\km90it5.exe100⤵
-
\??\c:\fc9tj16.exec:\fc9tj16.exe101⤵
-
\??\c:\l24h7.exec:\l24h7.exe102⤵
-
\??\c:\313j3.exec:\313j3.exe103⤵
-
\??\c:\8r5oj.exec:\8r5oj.exe104⤵
-
\??\c:\91519e.exec:\91519e.exe105⤵
-
\??\c:\lj17i.exec:\lj17i.exe106⤵
-
\??\c:\ac78q.exec:\ac78q.exe107⤵
-
\??\c:\5ch3cr.exec:\5ch3cr.exe108⤵
-
\??\c:\u76a9.exec:\u76a9.exe109⤵
-
\??\c:\kamos.exec:\kamos.exe110⤵
-
\??\c:\8okgi.exec:\8okgi.exe111⤵
-
\??\c:\8b19151.exec:\8b19151.exe112⤵
-
\??\c:\q1397.exec:\q1397.exe113⤵
-
\??\c:\sj3s9ah.exec:\sj3s9ah.exe114⤵
-
\??\c:\l4wam.exec:\l4wam.exe115⤵
-
\??\c:\2ep7gg.exec:\2ep7gg.exe116⤵
-
\??\c:\97ieqkk.exec:\97ieqkk.exe117⤵
-
\??\c:\hp597.exec:\hp597.exe118⤵
-
\??\c:\71mj12.exec:\71mj12.exe119⤵
-
\??\c:\716m58i.exec:\716m58i.exe120⤵
-
\??\c:\aj39g.exec:\aj39g.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-