Analysis
-
max time kernel
164s -
max time network
182s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
07/11/2023, 19:33
General
-
Target
NEAS.7b68b6d2988fbd6352a084550e7601a0.exe
-
Size
381KB
-
MD5
7b68b6d2988fbd6352a084550e7601a0
-
SHA1
740392844242a08a19772d84601bcf49e4f11cdc
-
SHA256
915c079aa7984d2d202f6a4d48bfecd43df81f5d5572e7af9d0a6f7834d242b3
-
SHA512
d859d7948b36fadfcd59b3860f0d857ce0e1d9895d95097461f93c62770b32199f2d06f22ba2889157c93f7bd36328c651062dbeec2262bc38f60e72a91c7bf1
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31QOhsJ4BCW6tQ9zHjlYF:n3C9BRo7MlrWKo+lB0ute
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 46 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 63 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.7b68b6d2988fbd6352a084550e7601a0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.7b68b6d2988fbd6352a084550e7601a0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\s0eql4.exec:\s0eql4.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l2k1i.exec:\l2k1i.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5avq3.exec:\5avq3.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3u85b.exec:\3u85b.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\43ps739.exec:\43ps739.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mmto05.exec:\mmto05.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x3hq08.exec:\x3hq08.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1v5c2w.exec:\1v5c2w.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8lgc3b.exec:\8lgc3b.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1v18t9.exec:\1v18t9.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\62ol71e.exec:\62ol71e.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xpt7c7.exec:\xpt7c7.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h9t5d4v.exec:\h9t5d4v.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m3oo31.exec:\m3oo31.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\65r92.exec:\65r92.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\365ldj.exec:\365ldj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9wb2s7.exec:\9wb2s7.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\05h1c4.exec:\05h1c4.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h6h2wcc.exec:\h6h2wcc.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\26ocm1.exec:\26ocm1.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\676w2s.exec:\676w2s.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w35v9.exec:\w35v9.exe23⤵
- Executes dropped EXE
-
\??\c:\6rg38.exec:\6rg38.exe24⤵
- Executes dropped EXE
-
\??\c:\18urpj.exec:\18urpj.exe25⤵
- Executes dropped EXE
-
\??\c:\v7779.exec:\v7779.exe26⤵
- Executes dropped EXE
-
\??\c:\0671416.exec:\0671416.exe27⤵
- Executes dropped EXE
-
\??\c:\f6577e.exec:\f6577e.exe28⤵
- Executes dropped EXE
-
\??\c:\s5c3m.exec:\s5c3m.exe29⤵
- Executes dropped EXE
-
\??\c:\q736a57.exec:\q736a57.exe30⤵
- Executes dropped EXE
-
\??\c:\0boh1.exec:\0boh1.exe31⤵
- Executes dropped EXE
-
\??\c:\l9hec8.exec:\l9hec8.exe32⤵
- Executes dropped EXE
-
\??\c:\lkx416s.exec:\lkx416s.exe33⤵
- Executes dropped EXE
-
\??\c:\ggen5.exec:\ggen5.exe34⤵
- Executes dropped EXE
-
\??\c:\649m0h.exec:\649m0h.exe35⤵
- Executes dropped EXE
-
\??\c:\8nnl0a.exec:\8nnl0a.exe36⤵
- Executes dropped EXE
-
\??\c:\662cim.exec:\662cim.exe37⤵
- Executes dropped EXE
-
\??\c:\035dd5.exec:\035dd5.exe38⤵
- Executes dropped EXE
-
\??\c:\aq8t1.exec:\aq8t1.exe39⤵
- Executes dropped EXE
-
\??\c:\c6oc9i.exec:\c6oc9i.exe40⤵
- Executes dropped EXE
-
\??\c:\23hc6s7.exec:\23hc6s7.exe41⤵
- Executes dropped EXE
-
\??\c:\x8h54.exec:\x8h54.exe42⤵
- Executes dropped EXE
-
\??\c:\p273149.exec:\p273149.exe43⤵
- Executes dropped EXE
-
\??\c:\c6m1q.exec:\c6m1q.exe44⤵
- Executes dropped EXE
-
\??\c:\ki3vk.exec:\ki3vk.exe45⤵
- Executes dropped EXE
-
\??\c:\6b219r.exec:\6b219r.exe46⤵
- Executes dropped EXE
-
\??\c:\u7k1i3p.exec:\u7k1i3p.exe47⤵
- Executes dropped EXE
-
\??\c:\5190u.exec:\5190u.exe48⤵
- Executes dropped EXE
-
\??\c:\965n89.exec:\965n89.exe49⤵
- Executes dropped EXE
-
\??\c:\37hhei.exec:\37hhei.exe50⤵
- Executes dropped EXE
-
\??\c:\6a9g51.exec:\6a9g51.exe51⤵
- Executes dropped EXE
-
\??\c:\8l4m0.exec:\8l4m0.exe52⤵
- Executes dropped EXE
-
\??\c:\71u1j.exec:\71u1j.exe53⤵
- Executes dropped EXE
-
\??\c:\1kj00.exec:\1kj00.exe54⤵
- Executes dropped EXE
-
\??\c:\7i4d45.exec:\7i4d45.exe55⤵
- Executes dropped EXE
-
\??\c:\f4sqo.exec:\f4sqo.exe56⤵
- Executes dropped EXE
-
\??\c:\o5e339.exec:\o5e339.exe57⤵
- Executes dropped EXE
-
\??\c:\se13m.exec:\se13m.exe58⤵
- Executes dropped EXE
-
\??\c:\27kc3.exec:\27kc3.exe59⤵
- Executes dropped EXE
-
\??\c:\1l946.exec:\1l946.exe60⤵
- Executes dropped EXE
-
\??\c:\11r0i.exec:\11r0i.exe61⤵
- Executes dropped EXE
-
\??\c:\wu0b7p.exec:\wu0b7p.exe62⤵
- Executes dropped EXE
-
\??\c:\5g20v2.exec:\5g20v2.exe63⤵
- Executes dropped EXE
-
\??\c:\1gounlm.exec:\1gounlm.exe64⤵
- Executes dropped EXE
-
\??\c:\94f7g.exec:\94f7g.exe65⤵
- Executes dropped EXE
-
\??\c:\32pa57.exec:\32pa57.exe66⤵
-
\??\c:\qhk952.exec:\qhk952.exe67⤵
-
\??\c:\s9u7evv.exec:\s9u7evv.exe68⤵
-
\??\c:\173thw.exec:\173thw.exe69⤵
-
\??\c:\r9t6580.exec:\r9t6580.exe70⤵
-
\??\c:\whj45l.exec:\whj45l.exe71⤵
-
\??\c:\q0ua9d.exec:\q0ua9d.exe72⤵
-
\??\c:\c6p9qq8.exec:\c6p9qq8.exe73⤵
-
\??\c:\c9m1e75.exec:\c9m1e75.exe74⤵
-
\??\c:\eeu383.exec:\eeu383.exe75⤵
-
\??\c:\r7fh8.exec:\r7fh8.exe76⤵
-
\??\c:\h54hd6.exec:\h54hd6.exe77⤵
-
\??\c:\p8hb7.exec:\p8hb7.exe78⤵
-
\??\c:\2961x6.exec:\2961x6.exe79⤵
-
\??\c:\9q2p6.exec:\9q2p6.exe80⤵
-
\??\c:\78dns.exec:\78dns.exe81⤵
-
\??\c:\27q68dn.exec:\27q68dn.exe82⤵
-
\??\c:\cok94g.exec:\cok94g.exe83⤵
-
\??\c:\1x907x5.exec:\1x907x5.exe84⤵
-
\??\c:\rj5au.exec:\rj5au.exe85⤵
-
\??\c:\u1d386.exec:\u1d386.exe86⤵
-
\??\c:\6apwh84.exec:\6apwh84.exe87⤵
-
\??\c:\o5a22v1.exec:\o5a22v1.exe88⤵
-
\??\c:\1a9v9h3.exec:\1a9v9h3.exe89⤵
-
\??\c:\t71930.exec:\t71930.exe90⤵
-
\??\c:\66kn2l2.exec:\66kn2l2.exe91⤵
-
\??\c:\dmq2ab.exec:\dmq2ab.exe92⤵
-
\??\c:\27cua2n.exec:\27cua2n.exe93⤵
-
\??\c:\f15kwu1.exec:\f15kwu1.exe94⤵
-
\??\c:\6r41ha.exec:\6r41ha.exe95⤵
-
\??\c:\a5tid.exec:\a5tid.exe96⤵
-
\??\c:\3g1xs.exec:\3g1xs.exe97⤵
-
\??\c:\3sv731p.exec:\3sv731p.exe98⤵
-
\??\c:\tj7krs.exec:\tj7krs.exe99⤵
-
\??\c:\nwcc1.exec:\nwcc1.exe100⤵
-
\??\c:\xm994uk.exec:\xm994uk.exe101⤵
-
\??\c:\vs5m3k7.exec:\vs5m3k7.exe102⤵
-
\??\c:\9m8pv.exec:\9m8pv.exe103⤵
-
\??\c:\106u1.exec:\106u1.exe104⤵
-
\??\c:\ewmku.exec:\ewmku.exe105⤵
-
\??\c:\oa1q22o.exec:\oa1q22o.exe106⤵
-
\??\c:\9q9k8u.exec:\9q9k8u.exe107⤵
-
\??\c:\3lt52sj.exec:\3lt52sj.exe108⤵
-
\??\c:\akux2.exec:\akux2.exe109⤵
-
\??\c:\9pg9w.exec:\9pg9w.exe110⤵
-
\??\c:\369w2.exec:\369w2.exe111⤵
-
\??\c:\c23r1dt.exec:\c23r1dt.exe112⤵
-
\??\c:\b55qlm.exec:\b55qlm.exe113⤵
-
\??\c:\6fmwxip.exec:\6fmwxip.exe114⤵
-
\??\c:\g4l24v9.exec:\g4l24v9.exe115⤵
-
\??\c:\4nkc4.exec:\4nkc4.exe116⤵
-
\??\c:\9x07d3.exec:\9x07d3.exe117⤵
-
\??\c:\cha1w.exec:\cha1w.exe118⤵
-
\??\c:\xde0l.exec:\xde0l.exe119⤵
-
\??\c:\11gb5.exec:\11gb5.exe120⤵
-
\??\c:\2gsko.exec:\2gsko.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-