Analysis
-
max time kernel
151s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
03-11-2023 09:54
General
-
Target
NEAS.adaa779686aa246a3eca3bb4b8e20270.exe
-
Size
63KB
-
MD5
adaa779686aa246a3eca3bb4b8e20270
-
SHA1
76d1857fdcba027c4427ced6cceb6e34b96dbbff
-
SHA256
99b26456c9ef0edd04f9196895f4c5d47ece3cc528eacdb9e8ddb8ad3dda018d
-
SHA512
110a85c214fc1c37c8e0a0f08b1a3797edd1c55cd7606bde08d5df3a8818fddb352bfde06e8f22882e66989b9319fa84b37700e24c7ef3e043122f3e930018a0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkxk0Dyjm:ymb3NkkiQ3mdBjFIkxk0ym
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 60 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.adaa779686aa246a3eca3bb4b8e20270.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.adaa779686aa246a3eca3bb4b8e20270.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\13898.exec:\13898.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u55sdm.exec:\u55sdm.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x1300.exec:\x1300.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\25h4ro5.exec:\25h4ro5.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\264780m.exec:\264780m.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w5e101.exec:\w5e101.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48j111.exec:\48j111.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6710h7.exec:\6710h7.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8ej16s.exec:\8ej16s.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\33c9ii.exec:\33c9ii.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\00137.exec:\00137.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5b59f.exec:\5b59f.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\69ooaw.exec:\69ooaw.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0v3g9.exec:\0v3g9.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jp6ako.exec:\jp6ako.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2942qt.exec:\2942qt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b83cl.exec:\b83cl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kc33sw7.exec:\kc33sw7.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g6lgk.exec:\g6lgk.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\05ip77.exec:\05ip77.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6q8ex9.exec:\6q8ex9.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g1ww5bl.exec:\g1ww5bl.exe23⤵
- Executes dropped EXE
-
\??\c:\ootup.exec:\ootup.exe24⤵
- Executes dropped EXE
-
\??\c:\7v404.exec:\7v404.exe25⤵
- Executes dropped EXE
-
\??\c:\3263mtf.exec:\3263mtf.exe26⤵
- Executes dropped EXE
-
\??\c:\092n6.exec:\092n6.exe27⤵
- Executes dropped EXE
-
\??\c:\3nh80.exec:\3nh80.exe28⤵
- Executes dropped EXE
-
\??\c:\ncmq17.exec:\ncmq17.exe29⤵
- Executes dropped EXE
-
\??\c:\t1257.exec:\t1257.exe30⤵
-
\??\c:\ga0m0.exec:\ga0m0.exe31⤵
- Executes dropped EXE
-
\??\c:\k5t0p6l.exec:\k5t0p6l.exe32⤵
- Executes dropped EXE
-
\??\c:\79953j9.exec:\79953j9.exe33⤵
- Executes dropped EXE
-
\??\c:\8d2p8.exec:\8d2p8.exe34⤵
- Executes dropped EXE
-
\??\c:\519194q.exec:\519194q.exe35⤵
- Executes dropped EXE
-
\??\c:\nni2s.exec:\nni2s.exe36⤵
- Executes dropped EXE
-
\??\c:\12t4m.exec:\12t4m.exe37⤵
- Executes dropped EXE
-
\??\c:\0llms.exec:\0llms.exe38⤵
- Executes dropped EXE
-
\??\c:\nco3a.exec:\nco3a.exe39⤵
- Executes dropped EXE
-
\??\c:\uaa35h.exec:\uaa35h.exe40⤵
- Executes dropped EXE
-
\??\c:\52xja.exec:\52xja.exe41⤵
- Executes dropped EXE
-
\??\c:\2jqh79l.exec:\2jqh79l.exe42⤵
- Executes dropped EXE
-
\??\c:\j4fmv.exec:\j4fmv.exe43⤵
- Executes dropped EXE
-
\??\c:\jkwu7w0.exec:\jkwu7w0.exe44⤵
- Executes dropped EXE
-
\??\c:\mqecpa1.exec:\mqecpa1.exe45⤵
- Executes dropped EXE
-
\??\c:\ai754.exec:\ai754.exe46⤵
- Executes dropped EXE
-
\??\c:\7magw.exec:\7magw.exe47⤵
- Executes dropped EXE
-
\??\c:\188e1.exec:\188e1.exe48⤵
- Executes dropped EXE
-
\??\c:\j8fu1.exec:\j8fu1.exe49⤵
- Executes dropped EXE
-
\??\c:\b6tq63.exec:\b6tq63.exe50⤵
- Executes dropped EXE
-
\??\c:\d8a2e.exec:\d8a2e.exe51⤵
- Executes dropped EXE
-
\??\c:\53rof2i.exec:\53rof2i.exe52⤵
- Executes dropped EXE
-
\??\c:\42vk1.exec:\42vk1.exe53⤵
- Executes dropped EXE
-
\??\c:\b49mg5.exec:\b49mg5.exe54⤵
- Executes dropped EXE
-
\??\c:\ocas9s5.exec:\ocas9s5.exe55⤵
- Executes dropped EXE
-
\??\c:\v9qt0.exec:\v9qt0.exe56⤵
- Executes dropped EXE
-
\??\c:\irto7.exec:\irto7.exe57⤵
- Executes dropped EXE
-
\??\c:\31vq3.exec:\31vq3.exe58⤵
- Executes dropped EXE
-
\??\c:\q7gu5d5.exec:\q7gu5d5.exe59⤵
- Executes dropped EXE
-
\??\c:\x659ca.exec:\x659ca.exe60⤵
- Executes dropped EXE
-
\??\c:\48ktu.exec:\48ktu.exe61⤵
- Executes dropped EXE
-
\??\c:\pw6h1m.exec:\pw6h1m.exe62⤵
- Executes dropped EXE
-
\??\c:\29g0xc.exec:\29g0xc.exe63⤵
- Executes dropped EXE
-
\??\c:\b7kkb.exec:\b7kkb.exe64⤵
- Executes dropped EXE
-
\??\c:\5mrw91.exec:\5mrw91.exe65⤵
- Executes dropped EXE
-
\??\c:\9f9l8x.exec:\9f9l8x.exe66⤵
- Executes dropped EXE
-
\??\c:\531n5pj.exec:\531n5pj.exe67⤵
-
\??\c:\0ap7w.exec:\0ap7w.exe68⤵
-
\??\c:\ho303.exec:\ho303.exe69⤵
-
\??\c:\36ea2.exec:\36ea2.exe70⤵
-
\??\c:\c1865u4.exec:\c1865u4.exe71⤵
-
\??\c:\v2h25w4.exec:\v2h25w4.exe72⤵
-
\??\c:\68co3mb.exec:\68co3mb.exe73⤵
-
\??\c:\ge6o0s.exec:\ge6o0s.exe74⤵
-
\??\c:\2v9n202.exec:\2v9n202.exe75⤵
-
\??\c:\ide542.exec:\ide542.exe76⤵
-
\??\c:\vbj22b.exec:\vbj22b.exe77⤵
-
\??\c:\92072j.exec:\92072j.exe78⤵
-
\??\c:\a9191b.exec:\a9191b.exe79⤵
-
\??\c:\l36856.exec:\l36856.exe80⤵
-
\??\c:\lp83u.exec:\lp83u.exe81⤵
-
\??\c:\389c2b.exec:\389c2b.exe82⤵
-
\??\c:\9jo7h90.exec:\9jo7h90.exe83⤵
-
\??\c:\idi86.exec:\idi86.exe84⤵
-
\??\c:\r07drf.exec:\r07drf.exe85⤵
-
\??\c:\93t7o.exec:\93t7o.exe86⤵
-
\??\c:\3q0co8d.exec:\3q0co8d.exe87⤵
-
\??\c:\8o9p4c2.exec:\8o9p4c2.exe88⤵
-
\??\c:\92rgb53.exec:\92rgb53.exe89⤵
-
\??\c:\8a81kw.exec:\8a81kw.exe90⤵
-
\??\c:\x2une0.exec:\x2une0.exe91⤵
-
\??\c:\j0w64.exec:\j0w64.exe92⤵
-
\??\c:\l6iop.exec:\l6iop.exe93⤵
-
\??\c:\xi3vs.exec:\xi3vs.exe94⤵
-
\??\c:\o303r05.exec:\o303r05.exe95⤵
-
\??\c:\mb1957.exec:\mb1957.exe96⤵
-
\??\c:\lueoa1.exec:\lueoa1.exe97⤵
-
\??\c:\122il6.exec:\122il6.exe98⤵
-
\??\c:\bk4883t.exec:\bk4883t.exe99⤵
-
\??\c:\2e01q.exec:\2e01q.exe100⤵
-
\??\c:\p0ht5c2.exec:\p0ht5c2.exe101⤵
-
\??\c:\u064i0.exec:\u064i0.exe102⤵
-
\??\c:\d91267n.exec:\d91267n.exe103⤵
-
\??\c:\rm05c9.exec:\rm05c9.exe104⤵
-
\??\c:\kn2w79.exec:\kn2w79.exe105⤵
-
\??\c:\lg53t.exec:\lg53t.exe106⤵
-
\??\c:\9mn8o7x.exec:\9mn8o7x.exe107⤵
-
\??\c:\38451a7.exec:\38451a7.exe108⤵
-
\??\c:\2gs4cw5.exec:\2gs4cw5.exe109⤵
-
\??\c:\0t23ga.exec:\0t23ga.exe110⤵
-
\??\c:\iaap9ww.exec:\iaap9ww.exe111⤵
-
\??\c:\w297w0.exec:\w297w0.exe112⤵
-
\??\c:\h6d3of9.exec:\h6d3of9.exe113⤵
-
\??\c:\cxpm7e.exec:\cxpm7e.exe114⤵
-
\??\c:\6t24v6e.exec:\6t24v6e.exe115⤵
-
\??\c:\2lc88x.exec:\2lc88x.exe116⤵
-
\??\c:\0l793.exec:\0l793.exe117⤵
-
\??\c:\61ec079.exec:\61ec079.exe118⤵
-
\??\c:\0xugkt.exec:\0xugkt.exe119⤵
-
\??\c:\40vpee.exec:\40vpee.exe120⤵
-
\??\c:\c7c9h98.exec:\c7c9h98.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-