Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231025-en -
resource tags
-
submitted
03/11/2023, 16:15
General
-
Target
NEAS.bf357da56ec4997dcfd80c9d12a2e760.exe
-
Size
126KB
-
MD5
bf357da56ec4997dcfd80c9d12a2e760
-
SHA1
45a8eb619174cfe9061a6c22dd086628290ceb3c
-
SHA256
f72bf91a867f3bf5b6214bcbc6dc74d03721dc59348fc598494a15c79fd6db97
-
SHA512
cd00ade79155ab04de54cbc3a29826ba4caa06a33073b0f81a3ef3ecb9c0e861e34f4d864612abdea572df424c5f0ba27dd22ff56c9f7b2a529413fcfb8057c7
-
SSDEEP
3072:khOmTsF93UYfwC6GIoutpYcvrqrE66kropO6BWlPFH4F:kcm4FmowdHoSphraHcpOFltH4F
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.bf357da56ec4997dcfd80c9d12a2e760.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.bf357da56ec4997dcfd80c9d12a2e760.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\h515l19.exec:\h515l19.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9u12d.exec:\9u12d.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
\??\c:\vmk973.exec:\vmk973.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gkb70u.exec:\gkb70u.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2q11el3.exec:\2q11el3.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
\??\c:\651j7n.exec:\651j7n.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9b3u58a.exec:\9b3u58a.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kogec.exec:\kogec.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gaim1k.exec:\gaim1k.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xc78iv.exec:\xc78iv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8co5il.exec:\8co5il.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2io5u7g.exec:\2io5u7g.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n66mwlr.exec:\n66mwlr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\96997.exec:\96997.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b3779g.exec:\b3779g.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e6d1277.exec:\e6d1277.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t4q7717.exec:\t4q7717.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\56c2uv5.exec:\56c2uv5.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4bkscuc.exec:\4bkscuc.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qp9890t.exec:\qp9890t.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\big0s.exec:\big0s.exe16⤵
- Executes dropped EXE
-
\??\c:\0gowkk.exec:\0gowkk.exe17⤵
- Executes dropped EXE
-
\??\c:\s7515.exec:\s7515.exe18⤵
- Executes dropped EXE
-
\??\c:\a3cim.exec:\a3cim.exe19⤵
- Executes dropped EXE
-
\??\c:\h469xc8.exec:\h469xc8.exe20⤵
- Executes dropped EXE
-
\??\c:\emwi9.exec:\emwi9.exe21⤵
- Executes dropped EXE
-
\??\c:\f3dqi95.exec:\f3dqi95.exe22⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\2u5ic5.exec:\2u5ic5.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d9ml1i.exec:\d9ml1i.exe1⤵
- Executes dropped EXE
-
\??\c:\9t433.exec:\9t433.exe2⤵
- Executes dropped EXE
-
\??\c:\rh9xa.exec:\rh9xa.exe3⤵
- Executes dropped EXE
-
\??\c:\p3ot58.exec:\p3ot58.exe4⤵
- Executes dropped EXE
-
\??\c:\9f12s.exec:\9f12s.exe5⤵
- Executes dropped EXE
-
\??\c:\1595773.exec:\1595773.exe6⤵
- Executes dropped EXE
-
\??\c:\f7p62.exec:\f7p62.exe7⤵
- Executes dropped EXE
-
\??\c:\u331759.exec:\u331759.exe8⤵
- Executes dropped EXE
-
\??\c:\imskk.exec:\imskk.exe9⤵
- Executes dropped EXE
-
\??\c:\kef24kn.exec:\kef24kn.exe10⤵
- Executes dropped EXE
-
\??\c:\kc1c1n.exec:\kc1c1n.exe11⤵
- Executes dropped EXE
-
\??\c:\scikgq.exec:\scikgq.exe12⤵
- Executes dropped EXE
-
\??\c:\516i3.exec:\516i3.exe13⤵
- Executes dropped EXE
-
\??\c:\31tnf.exec:\31tnf.exe14⤵
- Executes dropped EXE
-
\??\c:\r9173.exec:\r9173.exe15⤵
- Executes dropped EXE
-
\??\c:\3ul237.exec:\3ul237.exe16⤵
- Executes dropped EXE
-
\??\c:\wk55111.exec:\wk55111.exe17⤵
- Executes dropped EXE
-
\??\c:\6k54o.exec:\6k54o.exe18⤵
- Executes dropped EXE
-
\??\c:\8l6vig.exec:\8l6vig.exe19⤵
- Executes dropped EXE
-
\??\c:\65mu91.exec:\65mu91.exe20⤵
- Executes dropped EXE
-
\??\c:\2a5e3k.exec:\2a5e3k.exe21⤵
- Executes dropped EXE
-
\??\c:\h0xl0j8.exec:\h0xl0j8.exe22⤵
-
\??\c:\wjbm185.exec:\wjbm185.exe23⤵
- Executes dropped EXE
-
\??\c:\r9s71ed.exec:\r9s71ed.exe24⤵
- Executes dropped EXE
-
\??\c:\5xldv.exec:\5xldv.exe25⤵
- Executes dropped EXE
-
\??\c:\v79q38.exec:\v79q38.exe26⤵
- Executes dropped EXE
-
\??\c:\1t53jp.exec:\1t53jp.exe27⤵
- Executes dropped EXE
-
\??\c:\0wd3a.exec:\0wd3a.exe28⤵
- Executes dropped EXE
-
\??\c:\almacme.exec:\almacme.exe29⤵
- Executes dropped EXE
-
\??\c:\6x743m.exec:\6x743m.exe30⤵
- Executes dropped EXE
-
\??\c:\4d3cgi.exec:\4d3cgi.exe31⤵
- Executes dropped EXE
-
\??\c:\19w71.exec:\19w71.exe32⤵
- Executes dropped EXE
-
\??\c:\t7i975.exec:\t7i975.exe33⤵
- Executes dropped EXE
-
\??\c:\0k7ge.exec:\0k7ge.exe34⤵
- Executes dropped EXE
-
\??\c:\kpown89.exec:\kpown89.exe35⤵
- Executes dropped EXE
-
\??\c:\9lo7p5.exec:\9lo7p5.exe36⤵
- Executes dropped EXE
-
\??\c:\buqua.exec:\buqua.exe37⤵
-
\??\c:\39c5515.exec:\39c5515.exe38⤵
-
\??\c:\tmm9ai.exec:\tmm9ai.exe39⤵
-
\??\c:\87wsd.exec:\87wsd.exe40⤵
-
\??\c:\t1i07wh.exec:\t1i07wh.exe41⤵
-
\??\c:\p1m95t.exec:\p1m95t.exe42⤵
-
\??\c:\87a1w.exec:\87a1w.exe43⤵
-
\??\c:\8n5v9.exec:\8n5v9.exe44⤵
-
\??\c:\9173xk.exec:\9173xk.exe45⤵
-
\??\c:\aih1sx1.exec:\aih1sx1.exe46⤵
-
\??\c:\oa516.exec:\oa516.exe47⤵
-
\??\c:\t2ot7.exec:\t2ot7.exe48⤵
-
\??\c:\59293j.exec:\59293j.exe49⤵
-
\??\c:\b4k35.exec:\b4k35.exe50⤵
-
\??\c:\a13jmcb.exec:\a13jmcb.exe51⤵
-
\??\c:\qg7796.exec:\qg7796.exe52⤵
-
\??\c:\q0tmm.exec:\q0tmm.exe53⤵
-
\??\c:\4w1mc.exec:\4w1mc.exe54⤵
-
\??\c:\h691531.exec:\h691531.exe55⤵
-
\??\c:\5773b31.exec:\5773b31.exe56⤵
-
\??\c:\g76q9.exec:\g76q9.exe57⤵
-
\??\c:\pxew48.exec:\pxew48.exe58⤵
-
\??\c:\33399gc.exec:\33399gc.exe59⤵
-
\??\c:\49583hh.exec:\49583hh.exe60⤵
-
\??\c:\to0c4b.exec:\to0c4b.exe61⤵
-
\??\c:\713k3.exec:\713k3.exe62⤵
- Executes dropped EXE
-
\??\c:\q31bouf.exec:\q31bouf.exe63⤵
-
\??\c:\99957.exec:\99957.exe64⤵
-
\??\c:\kg1hc.exec:\kg1hc.exe65⤵
-
\??\c:\15731h7.exec:\15731h7.exe66⤵
-
\??\c:\uq39imu.exec:\uq39imu.exe67⤵
-
\??\c:\j2e5qv.exec:\j2e5qv.exe68⤵
-
\??\c:\571it.exec:\571it.exe69⤵
-
\??\c:\4cgwmw.exec:\4cgwmw.exe70⤵
-
\??\c:\ot517.exec:\ot517.exe71⤵
-
\??\c:\8l18s79.exec:\8l18s79.exe72⤵
-
\??\c:\bauuk.exec:\bauuk.exe73⤵
-
\??\c:\mmi5w.exec:\mmi5w.exe74⤵
-
\??\c:\5b383.exec:\5b383.exe75⤵
-
\??\c:\r92ee.exec:\r92ee.exe76⤵
-
\??\c:\551es5.exec:\551es5.exe77⤵
-
\??\c:\6x6vk.exec:\6x6vk.exe78⤵
-
\??\c:\2k74io.exec:\2k74io.exe79⤵
-
\??\c:\cd576u5.exec:\cd576u5.exe80⤵
-
\??\c:\vxpm20r.exec:\vxpm20r.exe81⤵
-
\??\c:\8275x6.exec:\8275x6.exe82⤵
-
\??\c:\134um.exec:\134um.exe83⤵
-
\??\c:\oc733.exec:\oc733.exe84⤵
-
\??\c:\9um94.exec:\9um94.exe85⤵
-
\??\c:\u2k54c7.exec:\u2k54c7.exe86⤵
-
\??\c:\p78c3.exec:\p78c3.exe87⤵
-
\??\c:\0cw7w7.exec:\0cw7w7.exe88⤵
-
\??\c:\r1goc.exec:\r1goc.exe89⤵
-
\??\c:\1f5033.exec:\1f5033.exe90⤵
-
\??\c:\8gk3un5.exec:\8gk3un5.exe91⤵
-
\??\c:\216a7.exec:\216a7.exe92⤵
-
\??\c:\6b19x1.exec:\6b19x1.exe93⤵
-
\??\c:\0j8amo.exec:\0j8amo.exe94⤵
-
\??\c:\57kfbi.exec:\57kfbi.exe95⤵
-
\??\c:\4kr23v6.exec:\4kr23v6.exe96⤵
-
\??\c:\11771w.exec:\11771w.exe97⤵
-
\??\c:\4wi14b.exec:\4wi14b.exe98⤵
-
\??\c:\pgt9ih.exec:\pgt9ih.exe99⤵
-
\??\c:\b72aou.exec:\b72aou.exe100⤵
-
\??\c:\8877939.exec:\8877939.exe101⤵
-
\??\c:\wkg3531.exec:\wkg3531.exe102⤵
-
\??\c:\0w3uogo.exec:\0w3uogo.exe103⤵
-
\??\c:\b8v5g.exec:\b8v5g.exe104⤵
-
\??\c:\4oiqsaw.exec:\4oiqsaw.exe105⤵
-
\??\c:\0w1wv32.exec:\0w1wv32.exe106⤵
-
\??\c:\d0og12.exec:\d0og12.exe107⤵
-
\??\c:\159539t.exec:\159539t.exe108⤵
-
\??\c:\x1gt3.exec:\x1gt3.exe109⤵
-
\??\c:\l6i7hq.exec:\l6i7hq.exe110⤵
-
\??\c:\5ab3e.exec:\5ab3e.exe111⤵
-
\??\c:\iec3739.exec:\iec3739.exe112⤵
-
\??\c:\2wdwa.exec:\2wdwa.exe113⤵
-
\??\c:\g5uc3qj.exec:\g5uc3qj.exe114⤵
-
\??\c:\3vc8sk3.exec:\3vc8sk3.exe115⤵
-
\??\c:\796h16.exec:\796h16.exe116⤵
-
\??\c:\l17ce.exec:\l17ce.exe117⤵
-
\??\c:\6q561.exec:\6q561.exe118⤵
-
\??\c:\osh10.exec:\osh10.exe119⤵
-
\??\c:\ek30h52.exec:\ek30h52.exe120⤵
-
\??\c:\67st7.exec:\67st7.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-