Analysis
-
max time kernel
149s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
03-11-2023 13:39
General
-
Target
NEAS.a1c963ce1103f9a0b3690a35cd322f00.exe
-
Size
226KB
-
MD5
a1c963ce1103f9a0b3690a35cd322f00
-
SHA1
7f934362b8f539ebd86707bd7dcf7db782a1713d
-
SHA256
798a9d49d7263a813d85e4ee5f5a08255dd0c81289e219c0245f808acb17fc03
-
SHA512
8b9acdbfa98fd430a7d8d2b630b4376e775d4839e6e5c8987e301ecf5e6b0857484f960518b9ef38b56d56b1a4d2ee89646fd6ef1e9ac168361127fa0d2922cb
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31QOhsJ4p:n3C9BRo7MlrWKo+lp
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 60 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.a1c963ce1103f9a0b3690a35cd322f00.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.a1c963ce1103f9a0b3690a35cd322f00.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\c136f9.exec:\c136f9.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4r32c.exec:\4r32c.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\85et9.exec:\85et9.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h33g1.exec:\h33g1.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r73mx1m.exec:\r73mx1m.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8e1a5q9.exec:\8e1a5q9.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9753e1.exec:\9753e1.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\93jvr.exec:\93jvr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vm39kp3.exec:\vm39kp3.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i555o.exec:\i555o.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v9j5r5.exec:\v9j5r5.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\47jpj.exec:\47jpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rc7k415.exec:\rc7k415.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\na35tg.exec:\na35tg.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v30c105.exec:\v30c105.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\65cf8m9.exec:\65cf8m9.exe17⤵
- Executes dropped EXE
-
\??\c:\1v7g2e.exec:\1v7g2e.exe18⤵
- Executes dropped EXE
-
\??\c:\775bu3o.exec:\775bu3o.exe19⤵
- Executes dropped EXE
-
\??\c:\lf9ii5.exec:\lf9ii5.exe20⤵
- Executes dropped EXE
-
\??\c:\xq5xrmm.exec:\xq5xrmm.exe21⤵
- Executes dropped EXE
-
\??\c:\7aw1q.exec:\7aw1q.exe22⤵
- Executes dropped EXE
-
\??\c:\jcce9si.exec:\jcce9si.exe23⤵
- Executes dropped EXE
-
\??\c:\r14q72.exec:\r14q72.exe24⤵
- Executes dropped EXE
-
\??\c:\i8a30.exec:\i8a30.exe25⤵
- Executes dropped EXE
-
\??\c:\q6g1u.exec:\q6g1u.exe26⤵
- Executes dropped EXE
-
\??\c:\3o33p.exec:\3o33p.exe27⤵
- Executes dropped EXE
-
\??\c:\uei069l.exec:\uei069l.exe28⤵
- Executes dropped EXE
-
\??\c:\6wa03.exec:\6wa03.exe29⤵
- Executes dropped EXE
-
\??\c:\1ri32.exec:\1ri32.exe30⤵
- Executes dropped EXE
-
\??\c:\9s3s7ud.exec:\9s3s7ud.exe31⤵
- Executes dropped EXE
-
\??\c:\b13qg.exec:\b13qg.exe32⤵
- Executes dropped EXE
-
\??\c:\xc97uc9.exec:\xc97uc9.exe33⤵
- Executes dropped EXE
-
\??\c:\7x3110o.exec:\7x3110o.exe34⤵
- Executes dropped EXE
-
\??\c:\e4mv3.exec:\e4mv3.exe35⤵
- Executes dropped EXE
-
\??\c:\ho55o.exec:\ho55o.exe36⤵
- Executes dropped EXE
-
\??\c:\u7r0mpc.exec:\u7r0mpc.exe37⤵
- Executes dropped EXE
-
\??\c:\76wfl.exec:\76wfl.exe38⤵
- Executes dropped EXE
-
\??\c:\x179x.exec:\x179x.exe39⤵
- Executes dropped EXE
-
\??\c:\p9p5cbe.exec:\p9p5cbe.exe40⤵
- Executes dropped EXE
-
\??\c:\85c6155.exec:\85c6155.exe41⤵
- Executes dropped EXE
-
\??\c:\fr6h0.exec:\fr6h0.exe42⤵
- Executes dropped EXE
-
\??\c:\pt8gl63.exec:\pt8gl63.exe43⤵
- Executes dropped EXE
-
\??\c:\60v0a16.exec:\60v0a16.exe44⤵
- Executes dropped EXE
-
\??\c:\p12x9s.exec:\p12x9s.exe45⤵
- Executes dropped EXE
-
\??\c:\po5x3.exec:\po5x3.exe46⤵
- Executes dropped EXE
-
\??\c:\d8113p.exec:\d8113p.exe47⤵
- Executes dropped EXE
-
\??\c:\05t97.exec:\05t97.exe48⤵
- Executes dropped EXE
-
\??\c:\0eu67lu.exec:\0eu67lu.exe49⤵
- Executes dropped EXE
-
\??\c:\0qs11a.exec:\0qs11a.exe50⤵
- Executes dropped EXE
-
\??\c:\79701.exec:\79701.exe51⤵
- Executes dropped EXE
-
\??\c:\410c1.exec:\410c1.exe52⤵
- Executes dropped EXE
-
\??\c:\39sp16.exec:\39sp16.exe53⤵
- Executes dropped EXE
-
\??\c:\n4k68.exec:\n4k68.exe54⤵
- Executes dropped EXE
-
\??\c:\f97c6.exec:\f97c6.exe55⤵
- Executes dropped EXE
-
\??\c:\6i039.exec:\6i039.exe56⤵
- Executes dropped EXE
-
\??\c:\3n7e53.exec:\3n7e53.exe57⤵
- Executes dropped EXE
-
\??\c:\40m74n.exec:\40m74n.exe58⤵
- Executes dropped EXE
-
\??\c:\0w129.exec:\0w129.exe59⤵
- Executes dropped EXE
-
\??\c:\s9t7ia8.exec:\s9t7ia8.exe60⤵
- Executes dropped EXE
-
\??\c:\w7b7gg3.exec:\w7b7gg3.exe61⤵
- Executes dropped EXE
-
\??\c:\8q94f.exec:\8q94f.exe62⤵
- Executes dropped EXE
-
\??\c:\0e332k.exec:\0e332k.exe63⤵
- Executes dropped EXE
-
\??\c:\05am7.exec:\05am7.exe64⤵
- Executes dropped EXE
-
\??\c:\78al167.exec:\78al167.exe65⤵
- Executes dropped EXE
-
\??\c:\0woo4k9.exec:\0woo4k9.exe66⤵
-
\??\c:\89lpcw5.exec:\89lpcw5.exe67⤵
-
\??\c:\r9333c.exec:\r9333c.exe68⤵
-
\??\c:\j0n55.exec:\j0n55.exe69⤵
-
\??\c:\biw2c42.exec:\biw2c42.exe70⤵
-
\??\c:\23958p.exec:\23958p.exe71⤵
-
\??\c:\6u7wd8.exec:\6u7wd8.exe72⤵
-
\??\c:\4g195.exec:\4g195.exe73⤵
-
\??\c:\039o90w.exec:\039o90w.exe74⤵
-
\??\c:\j1aiu.exec:\j1aiu.exe75⤵
-
\??\c:\7n3473i.exec:\7n3473i.exe76⤵
-
\??\c:\hlc68.exec:\hlc68.exe77⤵
-
\??\c:\8mx9sl3.exec:\8mx9sl3.exe78⤵
-
\??\c:\25olm4.exec:\25olm4.exe79⤵
-
\??\c:\r3395h.exec:\r3395h.exe80⤵
-
\??\c:\f39s781.exec:\f39s781.exe81⤵
-
\??\c:\050c50u.exec:\050c50u.exe82⤵
-
\??\c:\098o9.exec:\098o9.exe83⤵
-
\??\c:\6wsm5.exec:\6wsm5.exe84⤵
-
\??\c:\8u10w1o.exec:\8u10w1o.exe85⤵
-
\??\c:\i3ss34.exec:\i3ss34.exe86⤵
-
\??\c:\075jf9.exec:\075jf9.exe87⤵
-
\??\c:\6ub23.exec:\6ub23.exe88⤵
-
\??\c:\bw3511.exec:\bw3511.exe89⤵
-
\??\c:\8c3ivw7.exec:\8c3ivw7.exe90⤵
-
\??\c:\4hbbrk.exec:\4hbbrk.exe91⤵
-
\??\c:\fme9cu5.exec:\fme9cu5.exe92⤵
-
\??\c:\3t4et.exec:\3t4et.exe93⤵
-
\??\c:\5w9d1.exec:\5w9d1.exe94⤵
-
\??\c:\4w50e.exec:\4w50e.exe95⤵
-
\??\c:\20ag97o.exec:\20ag97o.exe96⤵
-
\??\c:\2k39e9m.exec:\2k39e9m.exe97⤵
-
\??\c:\nce6mu7.exec:\nce6mu7.exe98⤵
-
\??\c:\r05qrt.exec:\r05qrt.exe99⤵
-
\??\c:\3q5e75f.exec:\3q5e75f.exe100⤵
-
\??\c:\t76wx53.exec:\t76wx53.exe101⤵
-
\??\c:\932ogg.exec:\932ogg.exe102⤵
-
\??\c:\6up4g5.exec:\6up4g5.exe103⤵
-
\??\c:\95kh2k.exec:\95kh2k.exe104⤵
-
\??\c:\47ap2.exec:\47ap2.exe105⤵
-
\??\c:\rlqabm.exec:\rlqabm.exe106⤵
-
\??\c:\9p78wd.exec:\9p78wd.exe107⤵
-
\??\c:\07752.exec:\07752.exe108⤵
-
\??\c:\t7xo861.exec:\t7xo861.exe109⤵
-
\??\c:\n482ah.exec:\n482ah.exe110⤵
-
\??\c:\v95c51.exec:\v95c51.exe111⤵
-
\??\c:\h32s31.exec:\h32s31.exe112⤵
-
\??\c:\3cwo7s.exec:\3cwo7s.exe113⤵
-
\??\c:\0wia56v.exec:\0wia56v.exe114⤵
-
\??\c:\01qo6es.exec:\01qo6es.exe115⤵
-
\??\c:\0eb20i.exec:\0eb20i.exe116⤵
-
\??\c:\67atc.exec:\67atc.exe117⤵
-
\??\c:\vib1ab1.exec:\vib1ab1.exe118⤵
-
\??\c:\je2m3.exec:\je2m3.exe119⤵
-
\??\c:\daow6u.exec:\daow6u.exe120⤵
-
\??\c:\s6186.exec:\s6186.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-