Analysis
-
max time kernel
156s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
01/11/2023, 14:14
General
-
Target
NEAS.89724cc558b8294d73bf0164abe90b00.exe
-
Size
163KB
-
MD5
89724cc558b8294d73bf0164abe90b00
-
SHA1
0f9cc321a3833ffa35353e74484e74d1b074504a
-
SHA256
1bba9745789b8080be387dd863bf83476b54b982e80a69bab81e03fb85231b0e
-
SHA512
6ff599240620776855235c00a40533ae5f1ea48e39c3d2462531ab91f1d000e30c61677f600da01ae39eb951a122379b19d487165ee62a770e402b9b6b5b5a88
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp9gZm7b2wERydEpe8SmEZW9r9sNl3iIxSpfLE:n3C9BRo7tvnJ9P7b/i6ERSlpP0fo
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 34 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 58 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.89724cc558b8294d73bf0164abe90b00.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.89724cc558b8294d73bf0164abe90b00.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1pd1g.exec:\1pd1g.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j9g65.exec:\j9g65.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i9tp89.exec:\i9tp89.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u39dwu.exec:\u39dwu.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\07t5sv.exec:\07t5sv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntijq00.exec:\ntijq00.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f282e.exec:\f282e.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tu8q0.exec:\tu8q0.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gva5735.exec:\gva5735.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9sg6m4.exec:\9sg6m4.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5v1a24.exec:\5v1a24.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\47f743f.exec:\47f743f.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gg6wqe.exec:\gg6wqe.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f41m222.exec:\f41m222.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6u9955.exec:\6u9955.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ecu66.exec:\ecu66.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v4s1c.exec:\v4s1c.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p3k37.exec:\p3k37.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\963o1k3.exec:\963o1k3.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btexd.exec:\btexd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\la133.exec:\la133.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5r455c.exec:\5r455c.exe23⤵
- Executes dropped EXE
-
\??\c:\s2g1q7.exec:\s2g1q7.exe24⤵
- Executes dropped EXE
-
\??\c:\no50cl3.exec:\no50cl3.exe25⤵
- Executes dropped EXE
-
\??\c:\1j6gm2.exec:\1j6gm2.exe26⤵
- Executes dropped EXE
-
\??\c:\0orxd3.exec:\0orxd3.exe27⤵
- Executes dropped EXE
-
\??\c:\3n3n8g7.exec:\3n3n8g7.exe28⤵
- Executes dropped EXE
-
\??\c:\r5cf52.exec:\r5cf52.exe29⤵
- Executes dropped EXE
-
\??\c:\e5lr8x.exec:\e5lr8x.exe30⤵
- Executes dropped EXE
-
\??\c:\p0qtn.exec:\p0qtn.exe31⤵
- Executes dropped EXE
-
\??\c:\u1ane5r.exec:\u1ane5r.exe32⤵
- Executes dropped EXE
-
\??\c:\9q8uk83.exec:\9q8uk83.exe33⤵
- Executes dropped EXE
-
\??\c:\rdpeo39.exec:\rdpeo39.exe34⤵
- Executes dropped EXE
-
\??\c:\hc3fa9.exec:\hc3fa9.exe35⤵
- Executes dropped EXE
-
\??\c:\8llmk.exec:\8llmk.exe36⤵
- Executes dropped EXE
-
\??\c:\b85061.exec:\b85061.exe37⤵
- Executes dropped EXE
-
\??\c:\a9j6b.exec:\a9j6b.exe38⤵
- Executes dropped EXE
-
\??\c:\c7m5cc1.exec:\c7m5cc1.exe39⤵
- Executes dropped EXE
-
\??\c:\1qhso9.exec:\1qhso9.exe40⤵
- Executes dropped EXE
-
\??\c:\6j777sp.exec:\6j777sp.exe41⤵
- Executes dropped EXE
-
\??\c:\00s6dhu.exec:\00s6dhu.exe42⤵
- Executes dropped EXE
-
\??\c:\8i54ee.exec:\8i54ee.exe43⤵
- Executes dropped EXE
-
\??\c:\ib32o49.exec:\ib32o49.exe44⤵
- Executes dropped EXE
-
\??\c:\765vaqo.exec:\765vaqo.exe45⤵
- Executes dropped EXE
-
\??\c:\tdqtx75.exec:\tdqtx75.exe46⤵
- Executes dropped EXE
-
\??\c:\00vwe.exec:\00vwe.exe47⤵
- Executes dropped EXE
-
\??\c:\nrgve.exec:\nrgve.exe48⤵
- Executes dropped EXE
-
\??\c:\t7lxom3.exec:\t7lxom3.exe49⤵
- Executes dropped EXE
-
\??\c:\2w3cx62.exec:\2w3cx62.exe50⤵
- Executes dropped EXE
-
\??\c:\is883i1.exec:\is883i1.exe51⤵
- Executes dropped EXE
-
\??\c:\fee0541.exec:\fee0541.exe52⤵
- Executes dropped EXE
-
\??\c:\3330577.exec:\3330577.exe53⤵
- Executes dropped EXE
-
\??\c:\t45ofg3.exec:\t45ofg3.exe54⤵
- Executes dropped EXE
-
\??\c:\0l43900.exec:\0l43900.exe55⤵
- Executes dropped EXE
-
\??\c:\cfdki.exec:\cfdki.exe56⤵
- Executes dropped EXE
-
\??\c:\1sx279h.exec:\1sx279h.exe57⤵
- Executes dropped EXE
-
\??\c:\70ab07m.exec:\70ab07m.exe58⤵
- Executes dropped EXE
-
\??\c:\72391f.exec:\72391f.exe59⤵
- Executes dropped EXE
-
\??\c:\a05sd.exec:\a05sd.exe60⤵
- Executes dropped EXE
-
\??\c:\l72p13t.exec:\l72p13t.exe61⤵
- Executes dropped EXE
-
\??\c:\20r88.exec:\20r88.exe62⤵
- Executes dropped EXE
-
\??\c:\roc6m.exec:\roc6m.exe63⤵
- Executes dropped EXE
-
\??\c:\v9393r7.exec:\v9393r7.exe64⤵
- Executes dropped EXE
-
\??\c:\7je0i9.exec:\7je0i9.exe65⤵
- Executes dropped EXE
-
\??\c:\eb84s3j.exec:\eb84s3j.exe66⤵
-
\??\c:\dqh2i.exec:\dqh2i.exe67⤵
-
\??\c:\mk7ew.exec:\mk7ew.exe68⤵
-
\??\c:\r4372d5.exec:\r4372d5.exe69⤵
-
\??\c:\0851672.exec:\0851672.exe70⤵
-
\??\c:\8ur44.exec:\8ur44.exe71⤵
-
\??\c:\ur4f67r.exec:\ur4f67r.exe72⤵
-
\??\c:\0405l.exec:\0405l.exe73⤵
-
\??\c:\m35ge4.exec:\m35ge4.exe74⤵
-
\??\c:\xx64s.exec:\xx64s.exe75⤵
-
\??\c:\91361.exec:\91361.exe76⤵
-
\??\c:\2l505kc.exec:\2l505kc.exe77⤵
-
\??\c:\uo4973.exec:\uo4973.exe78⤵
-
\??\c:\2526606.exec:\2526606.exe79⤵
-
\??\c:\08p975.exec:\08p975.exe80⤵
-
\??\c:\c5k2fx.exec:\c5k2fx.exe81⤵
-
\??\c:\sdiv50.exec:\sdiv50.exe82⤵
-
\??\c:\nbwn0o.exec:\nbwn0o.exe83⤵
-
\??\c:\r81m63.exec:\r81m63.exe84⤵
-
\??\c:\68itg.exec:\68itg.exe85⤵
-
\??\c:\2b1r369.exec:\2b1r369.exe86⤵
-
\??\c:\07peo.exec:\07peo.exe87⤵
-
\??\c:\1dsq7.exec:\1dsq7.exe88⤵
-
\??\c:\k28s7.exec:\k28s7.exe89⤵
-
\??\c:\gadwf89.exec:\gadwf89.exe90⤵
-
\??\c:\1774dm.exec:\1774dm.exe91⤵
-
\??\c:\02de89.exec:\02de89.exe92⤵
-
\??\c:\l64q2.exec:\l64q2.exe93⤵
-
\??\c:\n93f5d.exec:\n93f5d.exe94⤵
-
\??\c:\o5n8971.exec:\o5n8971.exe95⤵
-
\??\c:\l4mvw.exec:\l4mvw.exe96⤵
-
\??\c:\9i885ha.exec:\9i885ha.exe97⤵
-
\??\c:\8p22c.exec:\8p22c.exe98⤵
-
\??\c:\8f723gd.exec:\8f723gd.exe99⤵
-
\??\c:\033a7v.exec:\033a7v.exe100⤵
-
\??\c:\ni43pu.exec:\ni43pu.exe101⤵
-
\??\c:\ud5b9.exec:\ud5b9.exe102⤵
-
\??\c:\ica91.exec:\ica91.exe103⤵
-
\??\c:\9g29s54.exec:\9g29s54.exe104⤵
-
\??\c:\lid7c3p.exec:\lid7c3p.exe105⤵
-
\??\c:\l197mu.exec:\l197mu.exe106⤵
-
\??\c:\57f9vjq.exec:\57f9vjq.exe107⤵
-
\??\c:\293f5.exec:\293f5.exe108⤵
-
\??\c:\ixa03.exec:\ixa03.exe109⤵
-
\??\c:\m5r7c.exec:\m5r7c.exe110⤵
-
\??\c:\g2s2a.exec:\g2s2a.exe111⤵
-
\??\c:\o1t8q.exec:\o1t8q.exe112⤵
-
\??\c:\f7m25t.exec:\f7m25t.exe113⤵
-
\??\c:\io866ox.exec:\io866ox.exe114⤵
-
\??\c:\nqcp2kb.exec:\nqcp2kb.exe115⤵
-
\??\c:\k6u3ma.exec:\k6u3ma.exe116⤵
-
\??\c:\n8fva.exec:\n8fva.exe117⤵
-
\??\c:\408k9.exec:\408k9.exe118⤵
-
\??\c:\o3a3k3.exec:\o3a3k3.exe119⤵
-
\??\c:\f5288.exec:\f5288.exe120⤵
-
\??\c:\j660q2.exec:\j660q2.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-