Analysis
-
max time kernel
159s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
01/11/2023, 13:54
General
-
Target
NEAS.1f1f1e6e088f02502ac4efb70527c900.exe
-
Size
60KB
-
MD5
1f1f1e6e088f02502ac4efb70527c900
-
SHA1
610fbd19602d1c3b3af91ae6b083cc08075bb1b8
-
SHA256
ad5e89dc04c0ae91a3850aa572b59e5b8365096213b0c8d16c0cab991777a7f0
-
SHA512
bb8d8af77996cff56c3cc0c6824d6a1afb999a57bd6244e8bcc51255c690cc5d191be537600e8da51b338f50c8a747a23ce459252f557be6f06d00a160668df4
-
SSDEEP
1536:kvQBeOGtrYS3srx93UBWfwC6Ggnouy8p5yAXNlIQkPvtoci:khOmTsF93UYfwC6GIoutpYcvwi
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.1f1f1e6e088f02502ac4efb70527c900.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.1f1f1e6e088f02502ac4efb70527c900.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\l8mu4o.exec:\l8mu4o.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\sw53o2.exec:\sw53o2.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qqc9rgq.exec:\qqc9rgq.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v53b5.exec:\v53b5.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qo7ix.exec:\qo7ix.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r6tc1.exec:\r6tc1.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\skcu764.exec:\skcu764.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qm2eg.exec:\qm2eg.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8f3848.exec:\8f3848.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bv9jn27.exec:\bv9jn27.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\31500b.exec:\31500b.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\68n2mb6.exec:\68n2mb6.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3h79h8.exec:\3h79h8.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j1vi52.exec:\j1vi52.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\be22v.exec:\be22v.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qcigek.exec:\qcigek.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0u2ucag.exec:\0u2ucag.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v17d970.exec:\v17d970.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kqc9en3.exec:\kqc9en3.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3mn898x.exec:\3mn898x.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a2fj0fi.exec:\a2fj0fi.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\289e7.exec:\289e7.exe23⤵
- Executes dropped EXE
-
\??\c:\300usk.exec:\300usk.exe24⤵
- Executes dropped EXE
-
\??\c:\q2b9a.exec:\q2b9a.exe25⤵
- Executes dropped EXE
-
\??\c:\4ma10.exec:\4ma10.exe26⤵
- Executes dropped EXE
-
\??\c:\6510hu5.exec:\6510hu5.exe27⤵
- Executes dropped EXE
-
\??\c:\u58q4d0.exec:\u58q4d0.exe28⤵
- Executes dropped EXE
-
\??\c:\s17xu0.exec:\s17xu0.exe29⤵
- Executes dropped EXE
-
\??\c:\b56k01.exec:\b56k01.exe30⤵
- Executes dropped EXE
-
\??\c:\19e782v.exec:\19e782v.exe31⤵
- Executes dropped EXE
-
\??\c:\x77c8g.exec:\x77c8g.exe32⤵
- Executes dropped EXE
-
\??\c:\bem3934.exec:\bem3934.exe33⤵
- Executes dropped EXE
-
\??\c:\fjghi9a.exec:\fjghi9a.exe34⤵
- Executes dropped EXE
-
\??\c:\85u10u.exec:\85u10u.exe35⤵
- Executes dropped EXE
-
\??\c:\i0s4c3.exec:\i0s4c3.exe36⤵
- Executes dropped EXE
-
\??\c:\7cdtj4.exec:\7cdtj4.exe37⤵
- Executes dropped EXE
-
\??\c:\xea3i3.exec:\xea3i3.exe38⤵
- Executes dropped EXE
-
\??\c:\2e15i.exec:\2e15i.exe39⤵
- Executes dropped EXE
-
\??\c:\qf72v.exec:\qf72v.exe40⤵
- Executes dropped EXE
-
\??\c:\q1s3b.exec:\q1s3b.exe41⤵
- Executes dropped EXE
-
\??\c:\11rs60d.exec:\11rs60d.exe42⤵
- Executes dropped EXE
-
\??\c:\82amj4.exec:\82amj4.exe43⤵
- Executes dropped EXE
-
\??\c:\i53a1u.exec:\i53a1u.exe44⤵
- Executes dropped EXE
-
\??\c:\8pt4sub.exec:\8pt4sub.exe45⤵
- Executes dropped EXE
-
\??\c:\3kefl4u.exec:\3kefl4u.exe46⤵
- Executes dropped EXE
-
\??\c:\rufpu4o.exec:\rufpu4o.exe47⤵
- Executes dropped EXE
-
\??\c:\1ev32d.exec:\1ev32d.exe48⤵
- Executes dropped EXE
-
\??\c:\34mj3.exec:\34mj3.exe49⤵
- Executes dropped EXE
-
\??\c:\6r572.exec:\6r572.exe50⤵
- Executes dropped EXE
-
\??\c:\0d0uq14.exec:\0d0uq14.exe51⤵
- Executes dropped EXE
-
\??\c:\i8ci5g.exec:\i8ci5g.exe52⤵
- Executes dropped EXE
-
\??\c:\m89t7.exec:\m89t7.exe53⤵
- Executes dropped EXE
-
\??\c:\3rsk5r.exec:\3rsk5r.exe54⤵
- Executes dropped EXE
-
\??\c:\69os7.exec:\69os7.exe55⤵
- Executes dropped EXE
-
\??\c:\67s93.exec:\67s93.exe56⤵
- Executes dropped EXE
-
\??\c:\l6v8d.exec:\l6v8d.exe57⤵
- Executes dropped EXE
-
\??\c:\qk99d.exec:\qk99d.exe58⤵
- Executes dropped EXE
-
\??\c:\799qwt4.exec:\799qwt4.exe59⤵
- Executes dropped EXE
-
\??\c:\3qv634x.exec:\3qv634x.exe60⤵
- Executes dropped EXE
-
\??\c:\gl7u193.exec:\gl7u193.exe61⤵
- Executes dropped EXE
-
\??\c:\51q88c.exec:\51q88c.exe62⤵
- Executes dropped EXE
-
\??\c:\qix8u37.exec:\qix8u37.exe63⤵
- Executes dropped EXE
-
\??\c:\mb9iic7.exec:\mb9iic7.exe64⤵
- Executes dropped EXE
-
\??\c:\fa94la6.exec:\fa94la6.exe65⤵
- Executes dropped EXE
-
\??\c:\u59v70.exec:\u59v70.exe66⤵
-
\??\c:\ofwxv3.exec:\ofwxv3.exe67⤵
-
\??\c:\x7m087.exec:\x7m087.exe68⤵
-
\??\c:\df276co.exec:\df276co.exe69⤵
-
\??\c:\622d4s6.exec:\622d4s6.exe70⤵
-
\??\c:\65hhcq.exec:\65hhcq.exe71⤵
-
\??\c:\m0nhv8e.exec:\m0nhv8e.exe72⤵
-
\??\c:\p818ln1.exec:\p818ln1.exe73⤵
-
\??\c:\g74q3.exec:\g74q3.exe74⤵
-
\??\c:\6rewg7.exec:\6rewg7.exe75⤵
-
\??\c:\d6119.exec:\d6119.exe76⤵
-
\??\c:\i9qak1.exec:\i9qak1.exe77⤵
-
\??\c:\29o38.exec:\29o38.exe78⤵
-
\??\c:\1sfox86.exec:\1sfox86.exe79⤵
-
\??\c:\0nqwlm1.exec:\0nqwlm1.exe80⤵
-
\??\c:\a7c91.exec:\a7c91.exe81⤵
-
\??\c:\w6smkfa.exec:\w6smkfa.exe82⤵
-
\??\c:\td3aaln.exec:\td3aaln.exe83⤵
-
\??\c:\3w81t3.exec:\3w81t3.exe84⤵
-
\??\c:\5nqf7.exec:\5nqf7.exe85⤵
-
\??\c:\naw2c13.exec:\naw2c13.exe86⤵
-
\??\c:\96fl6v.exec:\96fl6v.exe87⤵
-
\??\c:\0whj4.exec:\0whj4.exe88⤵
-
\??\c:\maj57s4.exec:\maj57s4.exe89⤵
-
\??\c:\12l4j2.exec:\12l4j2.exe90⤵
-
\??\c:\790a0e0.exec:\790a0e0.exe91⤵
-
\??\c:\690g4.exec:\690g4.exe92⤵
-
\??\c:\3i7848.exec:\3i7848.exe93⤵
-
\??\c:\oc31h1c.exec:\oc31h1c.exe94⤵
-
\??\c:\w7r36i.exec:\w7r36i.exe95⤵
-
\??\c:\xol1m.exec:\xol1m.exe96⤵
-
\??\c:\956184e.exec:\956184e.exe97⤵
-
\??\c:\sae7607.exec:\sae7607.exe98⤵
-
\??\c:\vbkx552.exec:\vbkx552.exe99⤵
-
\??\c:\4fofsp.exec:\4fofsp.exe100⤵
-
\??\c:\7x6830.exec:\7x6830.exe101⤵
-
\??\c:\17uc17u.exec:\17uc17u.exe102⤵
-
\??\c:\j60cd7.exec:\j60cd7.exe103⤵
-
\??\c:\31wcp0.exec:\31wcp0.exe104⤵
-
\??\c:\4qh8587.exec:\4qh8587.exe105⤵
-
\??\c:\6k0ff3.exec:\6k0ff3.exe106⤵
-
\??\c:\l88u88n.exec:\l88u88n.exe107⤵
-
\??\c:\i95p1.exec:\i95p1.exe108⤵
-
\??\c:\ej357xp.exec:\ej357xp.exe109⤵
-
\??\c:\dv2kawi.exec:\dv2kawi.exe110⤵
-
\??\c:\1spe3.exec:\1spe3.exe111⤵
-
\??\c:\80869j.exec:\80869j.exe112⤵
-
\??\c:\1wh1i05.exec:\1wh1i05.exe113⤵
-
\??\c:\334q31m.exec:\334q31m.exe114⤵
-
\??\c:\0165f6m.exec:\0165f6m.exe115⤵
-
\??\c:\b88sm.exec:\b88sm.exe116⤵
-
\??\c:\58bn8.exec:\58bn8.exe117⤵
-
\??\c:\50x3u.exec:\50x3u.exe118⤵
-
\??\c:\5s6ge.exec:\5s6ge.exe119⤵
-
\??\c:\509x9e.exec:\509x9e.exe120⤵
-
\??\c:\00hfm.exec:\00hfm.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-