Analysis
-
max time kernel
146s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
02/11/2023, 12:26
General
-
Target
NEAS.1b9c61567c357a0f35c186e904a17de0.exe
-
Size
58KB
-
MD5
1b9c61567c357a0f35c186e904a17de0
-
SHA1
25976020ef237dd0e3fb657f3f7b3f2ef11468be
-
SHA256
ec7459f3533825aea77815ad495c95259e5b8ff8f041d48ef21bb04c6be7f9fb
-
SHA512
9f1e1dd18075dba4efd7c8be1653deb97016a787a1cefd49077154917fd8d9413679b37e1f93d11888e8c51861dea18da8e3b3888619f207b5fdd545bf58246d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIxCV4nJbDb:ymb3NkkiQ3mdBjFIxHJbDb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 63 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.1b9c61567c357a0f35c186e904a17de0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.1b9c61567c357a0f35c186e904a17de0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\qtk25.exec:\qtk25.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbf192.exec:\tbf192.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j959a2.exec:\j959a2.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\481p1ou.exec:\481p1ou.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ewov3.exec:\9ewov3.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ap3kw.exec:\1ap3kw.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3344vq.exec:\3344vq.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w9vsaw6.exec:\w9vsaw6.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wb2ntx.exec:\wb2ntx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5f15vdw.exec:\5f15vdw.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\830ef5.exec:\830ef5.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ale45r.exec:\ale45r.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvm241h.exec:\xvm241h.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f158w68.exec:\f158w68.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gm6nw.exec:\gm6nw.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j6313vl.exec:\j6313vl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u13n3f0.exec:\u13n3f0.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5q7u347.exec:\5q7u347.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v0dtk7.exec:\v0dtk7.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9gtc9ip.exec:\9gtc9ip.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9h1789.exec:\9h1789.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\98gur5.exec:\98gur5.exe23⤵
- Executes dropped EXE
-
\??\c:\s1d58.exec:\s1d58.exe24⤵
- Executes dropped EXE
-
\??\c:\99weu.exec:\99weu.exe25⤵
- Executes dropped EXE
-
\??\c:\db94p3.exec:\db94p3.exe26⤵
- Executes dropped EXE
-
\??\c:\jw35635.exec:\jw35635.exe27⤵
- Executes dropped EXE
-
\??\c:\1b729x5.exec:\1b729x5.exe28⤵
- Executes dropped EXE
-
\??\c:\wb5nrl4.exec:\wb5nrl4.exe29⤵
- Executes dropped EXE
-
\??\c:\fj1nl.exec:\fj1nl.exe30⤵
- Executes dropped EXE
-
\??\c:\k8vsp3.exec:\k8vsp3.exe31⤵
- Executes dropped EXE
-
\??\c:\wq2197.exec:\wq2197.exe32⤵
- Executes dropped EXE
-
\??\c:\wrot95.exec:\wrot95.exe33⤵
- Executes dropped EXE
-
\??\c:\7ge9aa7.exec:\7ge9aa7.exe34⤵
- Executes dropped EXE
-
\??\c:\9gm8wh.exec:\9gm8wh.exe35⤵
- Executes dropped EXE
-
\??\c:\0b993s.exec:\0b993s.exe36⤵
- Executes dropped EXE
-
\??\c:\0c55g2.exec:\0c55g2.exe37⤵
- Executes dropped EXE
-
\??\c:\0a3vj5.exec:\0a3vj5.exe38⤵
- Executes dropped EXE
-
\??\c:\cpe3t7r.exec:\cpe3t7r.exe39⤵
- Executes dropped EXE
-
\??\c:\s5bik9.exec:\s5bik9.exe40⤵
- Executes dropped EXE
-
\??\c:\aew47.exec:\aew47.exe41⤵
- Executes dropped EXE
-
\??\c:\r9w3o.exec:\r9w3o.exe42⤵
- Executes dropped EXE
-
\??\c:\k3mmvw9.exec:\k3mmvw9.exe43⤵
- Executes dropped EXE
-
\??\c:\49hu7.exec:\49hu7.exe44⤵
- Executes dropped EXE
-
\??\c:\cjq55.exec:\cjq55.exe45⤵
- Executes dropped EXE
-
\??\c:\nki1p.exec:\nki1p.exe46⤵
- Executes dropped EXE
-
\??\c:\gq823.exec:\gq823.exe47⤵
- Executes dropped EXE
-
\??\c:\2hn65.exec:\2hn65.exe48⤵
- Executes dropped EXE
-
\??\c:\91d7c8g.exec:\91d7c8g.exe49⤵
- Executes dropped EXE
-
\??\c:\u3m05ui.exec:\u3m05ui.exe50⤵
- Executes dropped EXE
-
\??\c:\678tne4.exec:\678tne4.exe51⤵
- Executes dropped EXE
-
\??\c:\m353v55.exec:\m353v55.exe52⤵
- Executes dropped EXE
-
\??\c:\rio935.exec:\rio935.exe53⤵
- Executes dropped EXE
-
\??\c:\sh2g8.exec:\sh2g8.exe54⤵
- Executes dropped EXE
-
\??\c:\i7o171e.exec:\i7o171e.exe55⤵
- Executes dropped EXE
-
\??\c:\e60r0c.exec:\e60r0c.exe56⤵
- Executes dropped EXE
-
\??\c:\327w9.exec:\327w9.exe57⤵
- Executes dropped EXE
-
\??\c:\gbk9a.exec:\gbk9a.exe58⤵
- Executes dropped EXE
-
\??\c:\e9v33.exec:\e9v33.exe59⤵
- Executes dropped EXE
-
\??\c:\c3s94.exec:\c3s94.exe60⤵
- Executes dropped EXE
-
\??\c:\o0b9w76.exec:\o0b9w76.exe61⤵
-
\??\c:\f591e.exec:\f591e.exe62⤵
- Executes dropped EXE
-
\??\c:\1gm8k7.exec:\1gm8k7.exe63⤵
- Executes dropped EXE
-
\??\c:\hqho61.exec:\hqho61.exe64⤵
- Executes dropped EXE
-
\??\c:\bhki9.exec:\bhki9.exe65⤵
- Executes dropped EXE
-
\??\c:\h6234s.exec:\h6234s.exe66⤵
- Executes dropped EXE
-
\??\c:\7c03j07.exec:\7c03j07.exe67⤵
-
\??\c:\k55s3.exec:\k55s3.exe68⤵
-
\??\c:\9864rc.exec:\9864rc.exe69⤵
-
\??\c:\h09d7kb.exec:\h09d7kb.exe70⤵
-
\??\c:\is77t.exec:\is77t.exe71⤵
-
\??\c:\3nc7d4.exec:\3nc7d4.exe72⤵
-
\??\c:\idmvl.exec:\idmvl.exe73⤵
-
\??\c:\634b7.exec:\634b7.exe74⤵
-
\??\c:\t98605.exec:\t98605.exe75⤵
-
\??\c:\d1io75a.exec:\d1io75a.exe76⤵
-
\??\c:\m31vp.exec:\m31vp.exe77⤵
-
\??\c:\33u60.exec:\33u60.exe78⤵
-
\??\c:\q9q340g.exec:\q9q340g.exe79⤵
-
\??\c:\sjj21nh.exec:\sjj21nh.exe80⤵
-
\??\c:\862kr.exec:\862kr.exe81⤵
-
\??\c:\a3w18.exec:\a3w18.exe82⤵
-
\??\c:\1v1c3q.exec:\1v1c3q.exe83⤵
-
\??\c:\9rog453.exec:\9rog453.exe84⤵
-
\??\c:\1gm5q1f.exec:\1gm5q1f.exe85⤵
-
\??\c:\09d23sg.exec:\09d23sg.exe86⤵
-
\??\c:\64uocp.exec:\64uocp.exe87⤵
-
\??\c:\9col24.exec:\9col24.exe88⤵
-
\??\c:\r1nnc.exec:\r1nnc.exe89⤵
-
\??\c:\18x5a.exec:\18x5a.exe90⤵
-
\??\c:\9qs57.exec:\9qs57.exe91⤵
-
\??\c:\8e26r7.exec:\8e26r7.exe92⤵
-
\??\c:\luua7.exec:\luua7.exe93⤵
-
\??\c:\vooim.exec:\vooim.exe94⤵
-
\??\c:\5913e.exec:\5913e.exe95⤵
-
\??\c:\pa316.exec:\pa316.exe96⤵
-
\??\c:\875w63x.exec:\875w63x.exe97⤵
-
\??\c:\p8ro05.exec:\p8ro05.exe98⤵
-
\??\c:\qtifp7w.exec:\qtifp7w.exe99⤵
-
\??\c:\56p98h.exec:\56p98h.exe100⤵
-
\??\c:\n5i6s31.exec:\n5i6s31.exe101⤵
-
\??\c:\bi9p2.exec:\bi9p2.exe102⤵
-
\??\c:\iq0k52.exec:\iq0k52.exe103⤵
-
\??\c:\281w575.exec:\281w575.exe104⤵
-
\??\c:\22s79l.exec:\22s79l.exe105⤵
-
\??\c:\5crfx7a.exec:\5crfx7a.exe106⤵
-
\??\c:\4pv9v1p.exec:\4pv9v1p.exe107⤵
-
\??\c:\mqi3pg.exec:\mqi3pg.exe108⤵
-
\??\c:\d8hr4r.exec:\d8hr4r.exe109⤵
-
\??\c:\thn8wfq.exec:\thn8wfq.exe110⤵
-
\??\c:\1avhb.exec:\1avhb.exe111⤵
-
\??\c:\398bq4.exec:\398bq4.exe112⤵
-
\??\c:\e56m08.exec:\e56m08.exe113⤵
-
\??\c:\e235l.exec:\e235l.exe114⤵
-
\??\c:\84449lx.exec:\84449lx.exe115⤵
-
\??\c:\96qtw27.exec:\96qtw27.exe116⤵
-
\??\c:\33kok9.exec:\33kok9.exe117⤵
-
\??\c:\8lc1g92.exec:\8lc1g92.exe118⤵
-
\??\c:\340e6e9.exec:\340e6e9.exe119⤵
-
\??\c:\oo15fc.exec:\oo15fc.exe120⤵
-
\??\c:\9mj99.exec:\9mj99.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-