Analysis
-
max time kernel
143s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
01-11-2023 03:02
General
-
Target
NEAS.004a57780d3eb477784aae7c7ea8d5c0.exe
-
Size
76KB
-
MD5
004a57780d3eb477784aae7c7ea8d5c0
-
SHA1
84c94216f23815198b36dd1af3d18ffad632b83b
-
SHA256
bb2d590b13d59c8182ee1a9f0b1e2a8905a2923076dbf95cabfea8a752fc12cd
-
SHA512
6186dbb08a4b828493a87dffdfce9bb471387b22074208b4a1f808bc505632f888e1c325ae69b9d93b4957198d1869cb2bd92271e39cd159b5a9966582321a6c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7xCkTsIwtOa2dE8E:ymb3NkkiQ3mdBjFo7LAIbFE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 60 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.004a57780d3eb477784aae7c7ea8d5c0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.004a57780d3eb477784aae7c7ea8d5c0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\6vmett8.exec:\6vmett8.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3j3ck7d.exec:\3j3ck7d.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o3x55o.exec:\o3x55o.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\13k17q.exec:\13k17q.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q4mqg5s.exec:\q4mqg5s.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\77w3q.exec:\77w3q.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\396w5o3.exec:\396w5o3.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vm7qm.exec:\vm7qm.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\aguo9.exec:\aguo9.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\umwm1e.exec:\umwm1e.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\idsh1e.exec:\idsh1e.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u0gu5o.exec:\u0gu5o.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\54n94b.exec:\54n94b.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\01qfm.exec:\01qfm.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h6a1l6.exec:\h6a1l6.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g5cut.exec:\g5cut.exe17⤵
- Executes dropped EXE
-
\??\c:\99uu10b.exec:\99uu10b.exe18⤵
- Executes dropped EXE
-
\??\c:\1m74k.exec:\1m74k.exe19⤵
- Executes dropped EXE
-
\??\c:\i14s0.exec:\i14s0.exe20⤵
- Executes dropped EXE
-
\??\c:\ja9ag38.exec:\ja9ag38.exe21⤵
- Executes dropped EXE
-
\??\c:\2xm3c.exec:\2xm3c.exe22⤵
- Executes dropped EXE
-
\??\c:\g4i5i.exec:\g4i5i.exe23⤵
- Executes dropped EXE
-
\??\c:\aokoks.exec:\aokoks.exe24⤵
- Executes dropped EXE
-
\??\c:\46c156e.exec:\46c156e.exe25⤵
- Executes dropped EXE
-
\??\c:\702l9i3.exec:\702l9i3.exe26⤵
- Executes dropped EXE
-
\??\c:\09wb4la.exec:\09wb4la.exe27⤵
- Executes dropped EXE
-
\??\c:\g3q5ep1.exec:\g3q5ep1.exe28⤵
- Executes dropped EXE
-
\??\c:\r79bv04.exec:\r79bv04.exe29⤵
- Executes dropped EXE
-
\??\c:\c3316.exec:\c3316.exe30⤵
- Executes dropped EXE
-
\??\c:\nxe7n4.exec:\nxe7n4.exe31⤵
- Executes dropped EXE
-
\??\c:\gpgl2q.exec:\gpgl2q.exe32⤵
- Executes dropped EXE
-
\??\c:\g2ha5.exec:\g2ha5.exe33⤵
- Executes dropped EXE
-
\??\c:\95ea3i.exec:\95ea3i.exe34⤵
- Executes dropped EXE
-
\??\c:\939g9oa.exec:\939g9oa.exe35⤵
- Executes dropped EXE
-
\??\c:\7p2r14.exec:\7p2r14.exe36⤵
- Executes dropped EXE
-
\??\c:\3d7q58.exec:\3d7q58.exe37⤵
- Executes dropped EXE
-
\??\c:\5o9q57.exec:\5o9q57.exe38⤵
- Executes dropped EXE
-
\??\c:\49l72e.exec:\49l72e.exe39⤵
- Executes dropped EXE
-
\??\c:\cowws3e.exec:\cowws3e.exe40⤵
- Executes dropped EXE
-
\??\c:\c6g74g3.exec:\c6g74g3.exe41⤵
- Executes dropped EXE
-
\??\c:\hmqaw7.exec:\hmqaw7.exe42⤵
- Executes dropped EXE
-
\??\c:\7537g50.exec:\7537g50.exe43⤵
- Executes dropped EXE
-
\??\c:\847o3.exec:\847o3.exe44⤵
- Executes dropped EXE
-
\??\c:\m8hx2.exec:\m8hx2.exe45⤵
- Executes dropped EXE
-
\??\c:\06a10.exec:\06a10.exe46⤵
- Executes dropped EXE
-
\??\c:\7x782rs.exec:\7x782rs.exe47⤵
- Executes dropped EXE
-
\??\c:\336u51q.exec:\336u51q.exe48⤵
- Executes dropped EXE
-
\??\c:\8p8c2p.exec:\8p8c2p.exe49⤵
- Executes dropped EXE
-
\??\c:\cq95h7m.exec:\cq95h7m.exe50⤵
- Executes dropped EXE
-
\??\c:\wgq7ui.exec:\wgq7ui.exe51⤵
- Executes dropped EXE
-
\??\c:\m833m.exec:\m833m.exe52⤵
- Executes dropped EXE
-
\??\c:\jgm2bo3.exec:\jgm2bo3.exe53⤵
- Executes dropped EXE
-
\??\c:\p97b47.exec:\p97b47.exe54⤵
- Executes dropped EXE
-
\??\c:\517593o.exec:\517593o.exe55⤵
- Executes dropped EXE
-
\??\c:\42n7cec.exec:\42n7cec.exe56⤵
- Executes dropped EXE
-
\??\c:\vxuh5.exec:\vxuh5.exe57⤵
- Executes dropped EXE
-
\??\c:\1k559m.exec:\1k559m.exe58⤵
- Executes dropped EXE
-
\??\c:\k6cqk.exec:\k6cqk.exe59⤵
- Executes dropped EXE
-
\??\c:\g9iku.exec:\g9iku.exe60⤵
- Executes dropped EXE
-
\??\c:\856g1.exec:\856g1.exe61⤵
- Executes dropped EXE
-
\??\c:\cq5uf.exec:\cq5uf.exe62⤵
- Executes dropped EXE
-
\??\c:\375el.exec:\375el.exe63⤵
- Executes dropped EXE
-
\??\c:\kmcm36.exec:\kmcm36.exe64⤵
- Executes dropped EXE
-
\??\c:\651si1.exec:\651si1.exe65⤵
- Executes dropped EXE
-
\??\c:\061m2c3.exec:\061m2c3.exe66⤵
-
\??\c:\77e31n9.exec:\77e31n9.exe67⤵
-
\??\c:\ea371.exec:\ea371.exe68⤵
-
\??\c:\g14m35o.exec:\g14m35o.exe69⤵
-
\??\c:\13iw12.exec:\13iw12.exe70⤵
-
\??\c:\e8ub40p.exec:\e8ub40p.exe71⤵
-
\??\c:\09kt31.exec:\09kt31.exe72⤵
-
\??\c:\n0kmrlx.exec:\n0kmrlx.exe73⤵
-
\??\c:\7q7k1.exec:\7q7k1.exe74⤵
-
\??\c:\e9dak.exec:\e9dak.exe75⤵
-
\??\c:\28hoa2k.exec:\28hoa2k.exe76⤵
-
\??\c:\iq2mc3q.exec:\iq2mc3q.exe77⤵
-
\??\c:\6gop2.exec:\6gop2.exe78⤵
-
\??\c:\qu6i3.exec:\qu6i3.exe79⤵
-
\??\c:\71khlu.exec:\71khlu.exe80⤵
-
\??\c:\23gxg6.exec:\23gxg6.exe81⤵
-
\??\c:\namc1.exec:\namc1.exe82⤵
-
\??\c:\v106501.exec:\v106501.exe83⤵
-
\??\c:\tlmko3.exec:\tlmko3.exe84⤵
-
\??\c:\7u991.exec:\7u991.exe85⤵
-
\??\c:\xkws1.exec:\xkws1.exe86⤵
-
\??\c:\bsb12.exec:\bsb12.exe87⤵
-
\??\c:\1295i3.exec:\1295i3.exe88⤵
-
\??\c:\792mw12.exec:\792mw12.exe89⤵
-
\??\c:\cxxnl.exec:\cxxnl.exe90⤵
-
\??\c:\05ud55.exec:\05ud55.exe91⤵
-
\??\c:\e214n0.exec:\e214n0.exe92⤵
-
\??\c:\61b0o5l.exec:\61b0o5l.exe93⤵
-
\??\c:\3f5cm.exec:\3f5cm.exe94⤵
-
\??\c:\89if9u.exec:\89if9u.exe95⤵
-
\??\c:\f706vj.exec:\f706vj.exe96⤵
-
\??\c:\1i79i.exec:\1i79i.exe97⤵
-
\??\c:\miqmw.exec:\miqmw.exe98⤵
-
\??\c:\wies5mj.exec:\wies5mj.exe99⤵
-
\??\c:\bif4o.exec:\bif4o.exe100⤵
-
\??\c:\pafes4.exec:\pafes4.exe101⤵
-
\??\c:\ai3av3k.exec:\ai3av3k.exe102⤵
-
\??\c:\jjfk660.exec:\jjfk660.exe103⤵
-
\??\c:\573g59a.exec:\573g59a.exe104⤵
-
\??\c:\60w5c.exec:\60w5c.exe105⤵
-
\??\c:\0mn3e.exec:\0mn3e.exe106⤵
-
\??\c:\6ghle6n.exec:\6ghle6n.exe107⤵
-
\??\c:\517w351.exec:\517w351.exe108⤵
-
\??\c:\fxegt6.exec:\fxegt6.exe109⤵
-
\??\c:\81579k1.exec:\81579k1.exe110⤵
-
\??\c:\43h1q19.exec:\43h1q19.exe111⤵
-
\??\c:\5t9g731.exec:\5t9g731.exe112⤵
-
\??\c:\5o17e.exec:\5o17e.exe113⤵
-
\??\c:\scwg7q.exec:\scwg7q.exe114⤵
-
\??\c:\u8mdedw.exec:\u8mdedw.exe115⤵
-
\??\c:\ka97o.exec:\ka97o.exe116⤵
-
\??\c:\vf9a19j.exec:\vf9a19j.exe117⤵
-
\??\c:\1c5w118.exec:\1c5w118.exe118⤵
-
\??\c:\8lqq3.exec:\8lqq3.exe119⤵
-
\??\c:\i2aivqr.exec:\i2aivqr.exe120⤵
-
\??\c:\jwjequ.exec:\jwjequ.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-