Analysis
-
max time kernel
154s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
07/11/2023, 06:00
General
-
Target
NEAS.986222bccc714e6abaa7279ae44ef2d0.exe
-
Size
50KB
-
MD5
986222bccc714e6abaa7279ae44ef2d0
-
SHA1
88e0f6ed40322bfdf00aecea2deb5de3efdd561f
-
SHA256
23a657b74c720b37223e9268ec0ce88ee881d0bf5bb4d7a5f3cb9d174082629c
-
SHA512
e3bc66b1f7c91f4b25b8113b8fc35137303d472c0bdc993f3406d4157d85d77361c45ac5592f2806c4c54711418c90bb4588f16efe6ad96f120bffd9aabe417d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDCg:ymb3NkkiQ3mdBjFCg
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 35 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 59 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.986222bccc714e6abaa7279ae44ef2d0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.986222bccc714e6abaa7279ae44ef2d0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3653b7.exec:\3653b7.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ctq58o.exec:\9ctq58o.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2ljp3.exec:\2ljp3.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\id730.exec:\id730.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\96ttu6.exec:\96ttu6.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\sbet6.exec:\sbet6.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i9b545.exec:\i9b545.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7l329.exec:\7l329.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9mn1e.exec:\9mn1e.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2w5rui.exec:\2w5rui.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8j81t95.exec:\8j81t95.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i2mae.exec:\i2mae.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k8430gx.exec:\k8430gx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2o6gg.exec:\2o6gg.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8l97rf.exec:\8l97rf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dn4u93.exec:\dn4u93.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2wm2m2.exec:\2wm2m2.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\40rcx21.exec:\40rcx21.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mk4r4.exec:\mk4r4.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i47dmke.exec:\i47dmke.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h0r66e.exec:\h0r66e.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4lla9.exec:\4lla9.exe23⤵
- Executes dropped EXE
-
\??\c:\n7954.exec:\n7954.exe24⤵
- Executes dropped EXE
-
\??\c:\85338.exec:\85338.exe25⤵
- Executes dropped EXE
-
\??\c:\3eb25.exec:\3eb25.exe26⤵
- Executes dropped EXE
-
\??\c:\fu3i8.exec:\fu3i8.exe27⤵
- Executes dropped EXE
-
\??\c:\41597.exec:\41597.exe28⤵
- Executes dropped EXE
-
\??\c:\6g9a3t5.exec:\6g9a3t5.exe29⤵
- Executes dropped EXE
-
\??\c:\9w65of.exec:\9w65of.exe30⤵
- Executes dropped EXE
-
\??\c:\5xxni39.exec:\5xxni39.exe31⤵
- Executes dropped EXE
-
\??\c:\85ah07.exec:\85ah07.exe32⤵
- Executes dropped EXE
-
\??\c:\w4365.exec:\w4365.exe33⤵
- Executes dropped EXE
-
\??\c:\91etqi.exec:\91etqi.exe34⤵
- Executes dropped EXE
-
\??\c:\9lb73r.exec:\9lb73r.exe35⤵
- Executes dropped EXE
-
\??\c:\xa3sdq.exec:\xa3sdq.exe36⤵
- Executes dropped EXE
-
\??\c:\5pg5w1.exec:\5pg5w1.exe37⤵
- Executes dropped EXE
-
\??\c:\0t5u7q1.exec:\0t5u7q1.exe38⤵
- Executes dropped EXE
-
\??\c:\q5c2794.exec:\q5c2794.exe39⤵
- Executes dropped EXE
-
\??\c:\u5upeo6.exec:\u5upeo6.exe40⤵
- Executes dropped EXE
-
\??\c:\xd05h0i.exec:\xd05h0i.exe41⤵
- Executes dropped EXE
-
\??\c:\vqq87n5.exec:\vqq87n5.exe42⤵
- Executes dropped EXE
-
\??\c:\l9n55.exec:\l9n55.exe43⤵
- Executes dropped EXE
-
\??\c:\5dth8l.exec:\5dth8l.exe44⤵
- Executes dropped EXE
-
\??\c:\01c4a1.exec:\01c4a1.exe45⤵
- Executes dropped EXE
-
\??\c:\tnbuse6.exec:\tnbuse6.exe46⤵
- Executes dropped EXE
-
\??\c:\2k06h.exec:\2k06h.exe47⤵
- Executes dropped EXE
-
\??\c:\056lr.exec:\056lr.exe48⤵
- Executes dropped EXE
-
\??\c:\05l851.exec:\05l851.exe49⤵
- Executes dropped EXE
-
\??\c:\tw7xrr.exec:\tw7xrr.exe50⤵
- Executes dropped EXE
-
\??\c:\ja55e.exec:\ja55e.exe51⤵
- Executes dropped EXE
-
\??\c:\qhq4r.exec:\qhq4r.exe52⤵
- Executes dropped EXE
-
\??\c:\mm9ux.exec:\mm9ux.exe53⤵
- Executes dropped EXE
-
\??\c:\783as5s.exec:\783as5s.exe54⤵
- Executes dropped EXE
-
\??\c:\5xrm3e5.exec:\5xrm3e5.exe55⤵
- Executes dropped EXE
-
\??\c:\h2iqf9.exec:\h2iqf9.exe56⤵
- Executes dropped EXE
-
\??\c:\qi807.exec:\qi807.exe57⤵
- Executes dropped EXE
-
\??\c:\4rf71c3.exec:\4rf71c3.exe58⤵
- Executes dropped EXE
-
\??\c:\7463ie1.exec:\7463ie1.exe59⤵
- Executes dropped EXE
-
\??\c:\66u712.exec:\66u712.exe60⤵
- Executes dropped EXE
-
\??\c:\ekq3uo.exec:\ekq3uo.exe61⤵
- Executes dropped EXE
-
\??\c:\1ng6cp.exec:\1ng6cp.exe62⤵
- Executes dropped EXE
-
\??\c:\98c876.exec:\98c876.exe63⤵
- Executes dropped EXE
-
\??\c:\0xu9j5.exec:\0xu9j5.exe64⤵
- Executes dropped EXE
-
\??\c:\2q2nno.exec:\2q2nno.exe65⤵
- Executes dropped EXE
-
\??\c:\nut4o.exec:\nut4o.exe66⤵
-
\??\c:\5eb8t.exec:\5eb8t.exe67⤵
-
\??\c:\4j12f8.exec:\4j12f8.exe68⤵
-
\??\c:\dbb4s13.exec:\dbb4s13.exe69⤵
-
\??\c:\eh3of9g.exec:\eh3of9g.exe70⤵
-
\??\c:\7u8ra16.exec:\7u8ra16.exe71⤵
-
\??\c:\0j778.exec:\0j778.exe72⤵
-
\??\c:\k56fo6x.exec:\k56fo6x.exe73⤵
-
\??\c:\1b31p3.exec:\1b31p3.exe74⤵
-
\??\c:\i15jq.exec:\i15jq.exe75⤵
-
\??\c:\42a01.exec:\42a01.exe76⤵
-
\??\c:\9rlsw.exec:\9rlsw.exe77⤵
-
\??\c:\558vix3.exec:\558vix3.exe78⤵
-
\??\c:\1d3v3g.exec:\1d3v3g.exe79⤵
-
\??\c:\gtc0eu5.exec:\gtc0eu5.exe80⤵
-
\??\c:\t4liovb.exec:\t4liovb.exe81⤵
-
\??\c:\x557k.exec:\x557k.exe82⤵
-
\??\c:\d9535a.exec:\d9535a.exe83⤵
-
\??\c:\i3a38.exec:\i3a38.exe84⤵
-
\??\c:\o2l574j.exec:\o2l574j.exe85⤵
-
\??\c:\dken3nf.exec:\dken3nf.exe86⤵
-
\??\c:\97a7o.exec:\97a7o.exe87⤵
-
\??\c:\960pj.exec:\960pj.exe88⤵
-
\??\c:\j18x63a.exec:\j18x63a.exe89⤵
-
\??\c:\3nc13m.exec:\3nc13m.exe90⤵
-
\??\c:\txi60.exec:\txi60.exe91⤵
-
\??\c:\9jm84h.exec:\9jm84h.exe92⤵
-
\??\c:\35n6f.exec:\35n6f.exe93⤵
-
\??\c:\wc11dg7.exec:\wc11dg7.exe94⤵
-
\??\c:\e1bolm.exec:\e1bolm.exe95⤵
-
\??\c:\5f456s.exec:\5f456s.exe96⤵
-
\??\c:\479i29j.exec:\479i29j.exe97⤵
-
\??\c:\r1p32j7.exec:\r1p32j7.exe98⤵
-
\??\c:\02uv2ie.exec:\02uv2ie.exe99⤵
-
\??\c:\qcr217.exec:\qcr217.exe100⤵
-
\??\c:\25i9ol.exec:\25i9ol.exe101⤵
-
\??\c:\1m8691.exec:\1m8691.exe102⤵
-
\??\c:\am6p5t.exec:\am6p5t.exe103⤵
-
\??\c:\4h5k05u.exec:\4h5k05u.exe104⤵
-
\??\c:\3j04t0.exec:\3j04t0.exe105⤵
-
\??\c:\30jqi.exec:\30jqi.exe106⤵
-
\??\c:\7h6o47i.exec:\7h6o47i.exe107⤵
-
\??\c:\570jdq.exec:\570jdq.exe108⤵
-
\??\c:\31475.exec:\31475.exe109⤵
-
\??\c:\ak936v.exec:\ak936v.exe110⤵
-
\??\c:\u7rv1.exec:\u7rv1.exe111⤵
-
\??\c:\07lx694.exec:\07lx694.exe112⤵
-
\??\c:\w21l19.exec:\w21l19.exe113⤵
-
\??\c:\n4m5xw8.exec:\n4m5xw8.exe114⤵
-
\??\c:\4293rj.exec:\4293rj.exe115⤵
-
\??\c:\36a6693.exec:\36a6693.exe116⤵
-
\??\c:\goi5x95.exec:\goi5x95.exe117⤵
-
\??\c:\4wtfjs.exec:\4wtfjs.exe118⤵
-
\??\c:\0v8x059.exec:\0v8x059.exe119⤵
-
\??\c:\ero3q1.exec:\ero3q1.exe120⤵
-
\??\c:\5x1671.exec:\5x1671.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-