Analysis
-
max time kernel
148s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
02/11/2023, 12:26
General
-
Target
NEAS.1b9c61567c357a0f35c186e904a17de0.exe
-
Size
58KB
-
MD5
1b9c61567c357a0f35c186e904a17de0
-
SHA1
25976020ef237dd0e3fb657f3f7b3f2ef11468be
-
SHA256
ec7459f3533825aea77815ad495c95259e5b8ff8f041d48ef21bb04c6be7f9fb
-
SHA512
9f1e1dd18075dba4efd7c8be1653deb97016a787a1cefd49077154917fd8d9413679b37e1f93d11888e8c51861dea18da8e3b3888619f207b5fdd545bf58246d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIxCV4nJbDb:ymb3NkkiQ3mdBjFIxHJbDb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.1b9c61567c357a0f35c186e904a17de0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.1b9c61567c357a0f35c186e904a17de0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\s3xr231.exec:\s3xr231.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\occ620.exec:\occ620.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s6cwce.exec:\s6cwce.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5h4q3.exec:\5h4q3.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i1x75n6.exec:\i1x75n6.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\43kk3.exec:\43kk3.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3s1619.exec:\3s1619.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5n88g.exec:\5n88g.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\930k3e3.exec:\930k3e3.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o3mu90k.exec:\o3mu90k.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3k30j71.exec:\3k30j71.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ou20i8.exec:\ou20i8.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vsl0wt.exec:\9vsl0wt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\upp307.exec:\upp307.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\toq5ks7.exec:\toq5ks7.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n90888.exec:\n90888.exe17⤵
- Executes dropped EXE
-
\??\c:\o1ge58.exec:\o1ge58.exe18⤵
- Executes dropped EXE
-
\??\c:\c082wuj.exec:\c082wuj.exe19⤵
- Executes dropped EXE
-
\??\c:\3117i.exec:\3117i.exe20⤵
- Executes dropped EXE
-
\??\c:\4w332af.exec:\4w332af.exe21⤵
- Executes dropped EXE
-
\??\c:\19r9oc9.exec:\19r9oc9.exe22⤵
- Executes dropped EXE
-
\??\c:\i6qqu7.exec:\i6qqu7.exe23⤵
- Executes dropped EXE
-
\??\c:\5517a.exec:\5517a.exe24⤵
- Executes dropped EXE
-
\??\c:\j396227.exec:\j396227.exe25⤵
- Executes dropped EXE
-
\??\c:\36773.exec:\36773.exe26⤵
- Executes dropped EXE
-
\??\c:\3m5837.exec:\3m5837.exe27⤵
- Executes dropped EXE
-
\??\c:\dfa79v.exec:\dfa79v.exe28⤵
- Executes dropped EXE
-
\??\c:\j9e04.exec:\j9e04.exe29⤵
- Executes dropped EXE
-
\??\c:\s2k963.exec:\s2k963.exe30⤵
- Executes dropped EXE
-
\??\c:\1p9j3on.exec:\1p9j3on.exe31⤵
- Executes dropped EXE
-
\??\c:\511761.exec:\511761.exe32⤵
- Executes dropped EXE
-
\??\c:\1p55gw3.exec:\1p55gw3.exe33⤵
- Executes dropped EXE
-
\??\c:\79p5h30.exec:\79p5h30.exe34⤵
- Executes dropped EXE
-
\??\c:\o58ri5c.exec:\o58ri5c.exe35⤵
- Executes dropped EXE
-
\??\c:\83q3cx.exec:\83q3cx.exe36⤵
- Executes dropped EXE
-
\??\c:\f5h1af.exec:\f5h1af.exe37⤵
- Executes dropped EXE
-
\??\c:\p35a9u.exec:\p35a9u.exe38⤵
- Executes dropped EXE
-
\??\c:\lm55ob3.exec:\lm55ob3.exe39⤵
- Executes dropped EXE
-
\??\c:\0jc66.exec:\0jc66.exe40⤵
- Executes dropped EXE
-
\??\c:\dvin4g.exec:\dvin4g.exe41⤵
- Executes dropped EXE
-
\??\c:\8ek7a0.exec:\8ek7a0.exe42⤵
- Executes dropped EXE
-
\??\c:\3w73c.exec:\3w73c.exe43⤵
- Executes dropped EXE
-
\??\c:\5vsmv4.exec:\5vsmv4.exe44⤵
- Executes dropped EXE
-
\??\c:\sk9677.exec:\sk9677.exe45⤵
- Executes dropped EXE
-
\??\c:\31oe3.exec:\31oe3.exe46⤵
- Executes dropped EXE
-
\??\c:\788t86.exec:\788t86.exe47⤵
- Executes dropped EXE
-
\??\c:\cs31wd.exec:\cs31wd.exe48⤵
- Executes dropped EXE
-
\??\c:\m7x093.exec:\m7x093.exe49⤵
- Executes dropped EXE
-
\??\c:\0b2i7.exec:\0b2i7.exe50⤵
- Executes dropped EXE
-
\??\c:\rmsx8.exec:\rmsx8.exe51⤵
- Executes dropped EXE
-
\??\c:\nuws9g.exec:\nuws9g.exe52⤵
- Executes dropped EXE
-
\??\c:\28ps172.exec:\28ps172.exe53⤵
- Executes dropped EXE
-
\??\c:\474w17.exec:\474w17.exe54⤵
- Executes dropped EXE
-
\??\c:\o4cg6s.exec:\o4cg6s.exe55⤵
- Executes dropped EXE
-
\??\c:\e2a5s.exec:\e2a5s.exe56⤵
- Executes dropped EXE
-
\??\c:\qks92.exec:\qks92.exe57⤵
- Executes dropped EXE
-
\??\c:\q2ql5m.exec:\q2ql5m.exe58⤵
- Executes dropped EXE
-
\??\c:\278jc.exec:\278jc.exe59⤵
- Executes dropped EXE
-
\??\c:\h1lvv.exec:\h1lvv.exe60⤵
- Executes dropped EXE
-
\??\c:\33l99p.exec:\33l99p.exe61⤵
- Executes dropped EXE
-
\??\c:\3391e.exec:\3391e.exe62⤵
- Executes dropped EXE
-
\??\c:\a8k56.exec:\a8k56.exe63⤵
- Executes dropped EXE
-
\??\c:\7e5gl6.exec:\7e5gl6.exe64⤵
- Executes dropped EXE
-
\??\c:\399k4s.exec:\399k4s.exe65⤵
- Executes dropped EXE
-
\??\c:\fgal7g.exec:\fgal7g.exe66⤵
-
\??\c:\1x8ux2.exec:\1x8ux2.exe67⤵
-
\??\c:\e8w3gv.exec:\e8w3gv.exe68⤵
-
\??\c:\728u5u.exec:\728u5u.exe69⤵
-
\??\c:\fsf9k52.exec:\fsf9k52.exe70⤵
-
\??\c:\g0097l0.exec:\g0097l0.exe71⤵
-
\??\c:\bib07.exec:\bib07.exe72⤵
-
\??\c:\c7oj7c5.exec:\c7oj7c5.exe73⤵
-
\??\c:\dq9e9sh.exec:\dq9e9sh.exe74⤵
-
\??\c:\p7lxp.exec:\p7lxp.exe75⤵
-
\??\c:\91373.exec:\91373.exe76⤵
-
\??\c:\2s7h9u9.exec:\2s7h9u9.exe77⤵
-
\??\c:\5d9sp3m.exec:\5d9sp3m.exe78⤵
-
\??\c:\js7g3.exec:\js7g3.exe79⤵
-
\??\c:\21x499u.exec:\21x499u.exe80⤵
-
\??\c:\g9ww38.exec:\g9ww38.exe81⤵
-
\??\c:\p64um.exec:\p64um.exe82⤵
-
\??\c:\31e54.exec:\31e54.exe83⤵
-
\??\c:\33kq5ax.exec:\33kq5ax.exe84⤵
-
\??\c:\1b9co.exec:\1b9co.exe85⤵
-
\??\c:\f9d510.exec:\f9d510.exe86⤵
-
\??\c:\t5c1u2w.exec:\t5c1u2w.exe87⤵
-
\??\c:\foi1o.exec:\foi1o.exe88⤵
-
\??\c:\swm1qb0.exec:\swm1qb0.exe89⤵
-
\??\c:\7n3oi.exec:\7n3oi.exe90⤵
-
\??\c:\51n3s.exec:\51n3s.exe91⤵
-
\??\c:\133m15s.exec:\133m15s.exe92⤵
-
\??\c:\81548.exec:\81548.exe93⤵
-
\??\c:\67i1vm2.exec:\67i1vm2.exe94⤵
-
\??\c:\qm34s.exec:\qm34s.exe95⤵
-
\??\c:\9xxsw.exec:\9xxsw.exe96⤵
-
\??\c:\919k9m.exec:\919k9m.exe97⤵
-
\??\c:\80et4.exec:\80et4.exe98⤵
-
\??\c:\4937ii7.exec:\4937ii7.exe99⤵
-
\??\c:\01r1cs7.exec:\01r1cs7.exe100⤵
-
\??\c:\ccov5.exec:\ccov5.exe101⤵
-
\??\c:\78457.exec:\78457.exe102⤵
-
\??\c:\pt12rhe.exec:\pt12rhe.exe103⤵
-
\??\c:\3a5u0.exec:\3a5u0.exe104⤵
-
\??\c:\71b31.exec:\71b31.exe105⤵
-
\??\c:\0w9xw20.exec:\0w9xw20.exe106⤵
-
\??\c:\1jwiio5.exec:\1jwiio5.exe107⤵
-
\??\c:\76cxuoi.exec:\76cxuoi.exe108⤵
-
\??\c:\09o81mt.exec:\09o81mt.exe109⤵
-
\??\c:\3q5ko7.exec:\3q5ko7.exe110⤵
-
\??\c:\691m7.exec:\691m7.exe111⤵
-
\??\c:\go9h9g9.exec:\go9h9g9.exe112⤵
-
\??\c:\0udb0m3.exec:\0udb0m3.exe113⤵
-
\??\c:\06uua0i.exec:\06uua0i.exe114⤵
-
\??\c:\79095a4.exec:\79095a4.exe115⤵
-
\??\c:\bps74w5.exec:\bps74w5.exe116⤵
-
\??\c:\5h72k9.exec:\5h72k9.exe117⤵
-
\??\c:\s8mm74.exec:\s8mm74.exe118⤵
-
\??\c:\ok63a71.exec:\ok63a71.exe119⤵
-
\??\c:\i9m7n7c.exec:\i9m7n7c.exe120⤵
-
\??\c:\7p94ml3.exec:\7p94ml3.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-