Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231025-en -
resource tags
-
submitted
01/11/2023, 05:32
General
-
Target
NEAS.739713a1e8d6da93c6c46b75e71571b0.exe
-
Size
175KB
-
MD5
739713a1e8d6da93c6c46b75e71571b0
-
SHA1
2e63d88089fb23547372c504029584d8b682cae1
-
SHA256
6f8b9d668e6109ad8da05cd5b79d9ceb84c292b3a083668f34b0b37d8bab5bb3
-
SHA512
f65a6a3dd49650dbbe6fc8783eec07731c1c1c0fafa4f2319b023bcbca8f45887deb0e71eb391051219b2c3db4577a05c4b1aff678f37c9ebe147ca89e09b93a
-
SSDEEP
3072:9hOmTsF93UYfwC6GIoutz5yLpcgDE4JjKzO0Y9Pe/j+a1yienFZK:9cm4FmowdHoS4WzO7BuqJiD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.739713a1e8d6da93c6c46b75e71571b0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.739713a1e8d6da93c6c46b75e71571b0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5532ov1.exec:\5532ov1.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t0e8af5.exec:\t0e8af5.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\aj31ov7.exec:\aj31ov7.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l8e34o.exec:\l8e34o.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6v1g94.exec:\6v1g94.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\997d9i.exec:\997d9i.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jw33et5.exec:\jw33et5.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kfbdup.exec:\kfbdup.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0k4m5.exec:\0k4m5.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ct8oi36.exec:\ct8oi36.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\997575m.exec:\997575m.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3wb6g4d.exec:\3wb6g4d.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v9ai1qe.exec:\v9ai1qe.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k47h6g.exec:\k47h6g.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\604895.exec:\604895.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n5579.exec:\n5579.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j20487.exec:\j20487.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\whj45s.exec:\whj45s.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\77wemq.exec:\77wemq.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\iqskoma.exec:\iqskoma.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9se7a.exec:\9se7a.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4e3193.exec:\4e3193.exe23⤵
- Executes dropped EXE
-
\??\c:\lm9qu15.exec:\lm9qu15.exe24⤵
- Executes dropped EXE
-
\??\c:\59gwsm.exec:\59gwsm.exe25⤵
- Executes dropped EXE
-
\??\c:\v9ul67.exec:\v9ul67.exe26⤵
- Executes dropped EXE
-
\??\c:\d72b8v.exec:\d72b8v.exe27⤵
- Executes dropped EXE
-
\??\c:\kaawwm.exec:\kaawwm.exe28⤵
- Executes dropped EXE
-
\??\c:\2x6sr.exec:\2x6sr.exe29⤵
- Executes dropped EXE
-
\??\c:\90770n.exec:\90770n.exe30⤵
- Executes dropped EXE
-
\??\c:\n6l7e1.exec:\n6l7e1.exe31⤵
- Executes dropped EXE
-
\??\c:\12o2fsr.exec:\12o2fsr.exe32⤵
- Executes dropped EXE
-
\??\c:\753ur6.exec:\753ur6.exe33⤵
- Executes dropped EXE
-
\??\c:\h4n1f.exec:\h4n1f.exe34⤵
- Executes dropped EXE
-
\??\c:\8up8s.exec:\8up8s.exe35⤵
- Executes dropped EXE
-
\??\c:\09m3677.exec:\09m3677.exe36⤵
- Executes dropped EXE
-
\??\c:\l98x54.exec:\l98x54.exe37⤵
- Executes dropped EXE
-
\??\c:\333q10o.exec:\333q10o.exe38⤵
- Executes dropped EXE
-
\??\c:\28gfqw.exec:\28gfqw.exe39⤵
- Executes dropped EXE
-
\??\c:\71il94.exec:\71il94.exe40⤵
- Executes dropped EXE
-
\??\c:\p9d54v.exec:\p9d54v.exe41⤵
- Executes dropped EXE
-
\??\c:\wvf5qv1.exec:\wvf5qv1.exe42⤵
- Executes dropped EXE
-
\??\c:\286v2s.exec:\286v2s.exe43⤵
- Executes dropped EXE
-
\??\c:\n1o99.exec:\n1o99.exe44⤵
- Executes dropped EXE
-
\??\c:\8qi16.exec:\8qi16.exe45⤵
- Executes dropped EXE
-
\??\c:\j2mmqco.exec:\j2mmqco.exe46⤵
- Executes dropped EXE
-
\??\c:\l2wgw3.exec:\l2wgw3.exe47⤵
- Executes dropped EXE
-
\??\c:\i75e1q.exec:\i75e1q.exe48⤵
- Executes dropped EXE
-
\??\c:\298l40.exec:\298l40.exe49⤵
- Executes dropped EXE
-
\??\c:\732f0en.exec:\732f0en.exe50⤵
- Executes dropped EXE
-
\??\c:\ea8ew84.exec:\ea8ew84.exe51⤵
- Executes dropped EXE
-
\??\c:\wx3sdgm.exec:\wx3sdgm.exe52⤵
- Executes dropped EXE
-
\??\c:\7s40g5.exec:\7s40g5.exe53⤵
- Executes dropped EXE
-
\??\c:\2uumqe.exec:\2uumqe.exe54⤵
- Executes dropped EXE
-
\??\c:\1cn55c.exec:\1cn55c.exe55⤵
- Executes dropped EXE
-
\??\c:\0am0q9.exec:\0am0q9.exe56⤵
- Executes dropped EXE
-
\??\c:\mu97x.exec:\mu97x.exe57⤵
- Executes dropped EXE
-
\??\c:\1suasms.exec:\1suasms.exe58⤵
- Executes dropped EXE
-
\??\c:\9hjps6g.exec:\9hjps6g.exe59⤵
- Executes dropped EXE
-
\??\c:\6imsi1c.exec:\6imsi1c.exe60⤵
- Executes dropped EXE
-
\??\c:\j150u52.exec:\j150u52.exe61⤵
- Executes dropped EXE
-
\??\c:\05mq6ex.exec:\05mq6ex.exe62⤵
- Executes dropped EXE
-
\??\c:\87o135.exec:\87o135.exe63⤵
- Executes dropped EXE
-
\??\c:\18v1c.exec:\18v1c.exe64⤵
- Executes dropped EXE
-
\??\c:\u2wpqmq.exec:\u2wpqmq.exe65⤵
- Executes dropped EXE
-
\??\c:\3pbku.exec:\3pbku.exe66⤵
-
\??\c:\ou7sv.exec:\ou7sv.exe67⤵
-
\??\c:\4ox3w.exec:\4ox3w.exe68⤵
-
\??\c:\q7c84.exec:\q7c84.exe69⤵
-
\??\c:\0q12wn1.exec:\0q12wn1.exe70⤵
-
\??\c:\c7r7h.exec:\c7r7h.exe71⤵
-
\??\c:\59ass.exec:\59ass.exe72⤵
-
\??\c:\4ws75.exec:\4ws75.exe73⤵
-
\??\c:\2d9b58v.exec:\2d9b58v.exe74⤵
-
\??\c:\sk79m.exec:\sk79m.exe75⤵
-
\??\c:\g27179.exec:\g27179.exe76⤵
-
\??\c:\1539757.exec:\1539757.exe77⤵
-
\??\c:\951m313.exec:\951m313.exe78⤵
-
\??\c:\55soe.exec:\55soe.exe79⤵
-
\??\c:\8qiud7.exec:\8qiud7.exe80⤵
-
\??\c:\8ed9ene.exec:\8ed9ene.exe81⤵
-
\??\c:\11mgp.exec:\11mgp.exe82⤵
-
\??\c:\93gu74d.exec:\93gu74d.exe83⤵
-
\??\c:\5muuj.exec:\5muuj.exe84⤵
-
\??\c:\8k6cu8m.exec:\8k6cu8m.exe85⤵
-
\??\c:\eeiau.exec:\eeiau.exe86⤵
-
\??\c:\3p739.exec:\3p739.exe87⤵
-
\??\c:\uh99x9.exec:\uh99x9.exe88⤵
-
\??\c:\a4e31.exec:\a4e31.exe89⤵
-
\??\c:\q17w615.exec:\q17w615.exe90⤵
-
\??\c:\35ik60.exec:\35ik60.exe91⤵
-
\??\c:\l02s3.exec:\l02s3.exe92⤵
-
\??\c:\2k96ff7.exec:\2k96ff7.exe93⤵
-
\??\c:\a5u78gt.exec:\a5u78gt.exe94⤵
-
\??\c:\g6qr5of.exec:\g6qr5of.exe95⤵
-
\??\c:\x9e54.exec:\x9e54.exe96⤵
-
\??\c:\b32b9.exec:\b32b9.exe97⤵
-
\??\c:\7j711f0.exec:\7j711f0.exe98⤵
-
\??\c:\v90k1.exec:\v90k1.exe99⤵
-
\??\c:\f6w97i3.exec:\f6w97i3.exe100⤵
-
\??\c:\49oaivm.exec:\49oaivm.exe101⤵
-
\??\c:\d3j773.exec:\d3j773.exe102⤵
-
\??\c:\72pqoi.exec:\72pqoi.exe103⤵
-
\??\c:\owo91fm.exec:\owo91fm.exe104⤵
-
\??\c:\ka1eo.exec:\ka1eo.exe105⤵
-
\??\c:\8k1us.exec:\8k1us.exe106⤵
-
\??\c:\kk157c.exec:\kk157c.exe107⤵
-
\??\c:\qof36.exec:\qof36.exe108⤵
-
\??\c:\j18253.exec:\j18253.exe109⤵
-
\??\c:\393158.exec:\393158.exe110⤵
-
\??\c:\17ke3m.exec:\17ke3m.exe111⤵
-
\??\c:\uk36l3.exec:\uk36l3.exe112⤵
-
\??\c:\2gwoaca.exec:\2gwoaca.exe113⤵
-
\??\c:\cawmo8.exec:\cawmo8.exe114⤵
-
\??\c:\r7aa3.exec:\r7aa3.exe115⤵
-
\??\c:\08j5k5.exec:\08j5k5.exe116⤵
-
\??\c:\k7auu12.exec:\k7auu12.exe117⤵
-
\??\c:\2bs4ceo.exec:\2bs4ceo.exe118⤵
-
\??\c:\x6k15.exec:\x6k15.exe119⤵
-
\??\c:\6o679r.exec:\6o679r.exe120⤵
-
\??\c:\62rh78.exec:\62rh78.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-