Analysis
-
max time kernel
146s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231025-en -
resource tags
-
submitted
07/11/2023, 20:58
General
-
Target
NEAS.0a11c5b0ab564db946e3e6432da5d930.exe
-
Size
73KB
-
MD5
0a11c5b0ab564db946e3e6432da5d930
-
SHA1
0a9fb3592109d557fcaf9bcc418b6155226fda41
-
SHA256
76c98ce5ea57d729f04d8cca108ea3a221beb0bc0fb8cd38f752edc4c13918a8
-
SHA512
2b911a7255222bf90d6ac27a49880d27d1247bb1174b108dd91424d14477783c1ca24eac9dfd2fa1923d103c47f9e716ce3e12cfc9235d82ca23e5279f9556c0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIpzOl:ymb3NkkiQ3mdBjFIx8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.0a11c5b0ab564db946e3e6432da5d930.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.0a11c5b0ab564db946e3e6432da5d930.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\758wn.exec:\758wn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\69813.exec:\69813.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n2fa2bk.exec:\n2fa2bk.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\aks96.exec:\aks96.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l4x22n.exec:\l4x22n.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\eak404g.exec:\eak404g.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\188l5.exec:\188l5.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4d687.exec:\4d687.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\97313eq.exec:\97313eq.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d37779.exec:\d37779.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ir9e9.exec:\ir9e9.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0655590.exec:\0655590.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ja59e.exec:\ja59e.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d4em56h.exec:\d4em56h.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\72a51.exec:\72a51.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rgns3.exec:\rgns3.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q78n7.exec:\q78n7.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dqss5ux.exec:\dqss5ux.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q93953x.exec:\q93953x.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0a8v7.exec:\0a8v7.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xeo4.exec:\5xeo4.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rc040.exec:\rc040.exe23⤵
- Executes dropped EXE
-
\??\c:\71xu4.exec:\71xu4.exe24⤵
- Executes dropped EXE
-
\??\c:\xq2o8j6.exec:\xq2o8j6.exe25⤵
- Executes dropped EXE
-
\??\c:\q00hle.exec:\q00hle.exe26⤵
- Executes dropped EXE
-
\??\c:\99hd0.exec:\99hd0.exe27⤵
- Executes dropped EXE
-
\??\c:\63x6h9.exec:\63x6h9.exe28⤵
- Executes dropped EXE
-
\??\c:\9ueh5.exec:\9ueh5.exe29⤵
- Executes dropped EXE
-
\??\c:\1439a.exec:\1439a.exe30⤵
- Executes dropped EXE
-
\??\c:\r0j6s10.exec:\r0j6s10.exe31⤵
-
\??\c:\97uwi.exec:\97uwi.exe32⤵
- Executes dropped EXE
-
\??\c:\t6q59gh.exec:\t6q59gh.exe33⤵
- Executes dropped EXE
-
\??\c:\ue3863.exec:\ue3863.exe34⤵
- Executes dropped EXE
-
\??\c:\67pf02.exec:\67pf02.exe35⤵
- Executes dropped EXE
-
\??\c:\wu80r.exec:\wu80r.exe36⤵
- Executes dropped EXE
-
\??\c:\x188v.exec:\x188v.exe37⤵
- Executes dropped EXE
-
\??\c:\lnf4j.exec:\lnf4j.exe38⤵
- Executes dropped EXE
-
\??\c:\b0h54.exec:\b0h54.exe39⤵
- Executes dropped EXE
-
\??\c:\6k73f77.exec:\6k73f77.exe40⤵
- Executes dropped EXE
-
\??\c:\jrxi5.exec:\jrxi5.exe41⤵
- Executes dropped EXE
-
\??\c:\54293u.exec:\54293u.exe42⤵
- Executes dropped EXE
-
\??\c:\6t3e1.exec:\6t3e1.exe43⤵
- Executes dropped EXE
-
\??\c:\qn9v7.exec:\qn9v7.exe44⤵
- Executes dropped EXE
-
\??\c:\97579.exec:\97579.exe45⤵
- Executes dropped EXE
-
\??\c:\d8xx041.exec:\d8xx041.exe46⤵
- Executes dropped EXE
-
\??\c:\4r8dis.exec:\4r8dis.exe47⤵
- Executes dropped EXE
-
\??\c:\6a5d6fo.exec:\6a5d6fo.exe48⤵
- Executes dropped EXE
-
\??\c:\6o4q94.exec:\6o4q94.exe49⤵
- Executes dropped EXE
-
\??\c:\beb4w36.exec:\beb4w36.exe50⤵
- Executes dropped EXE
-
\??\c:\m75p10p.exec:\m75p10p.exe51⤵
- Executes dropped EXE
-
\??\c:\9u3f9.exec:\9u3f9.exe52⤵
- Executes dropped EXE
-
\??\c:\sxr8eb.exec:\sxr8eb.exe53⤵
- Executes dropped EXE
-
\??\c:\n68rjf.exec:\n68rjf.exe54⤵
- Executes dropped EXE
-
\??\c:\2qc9a7.exec:\2qc9a7.exe55⤵
- Executes dropped EXE
-
\??\c:\r3397k1.exec:\r3397k1.exe56⤵
- Executes dropped EXE
-
\??\c:\j3w96.exec:\j3w96.exe57⤵
- Executes dropped EXE
-
\??\c:\8g1k32.exec:\8g1k32.exe58⤵
- Executes dropped EXE
-
\??\c:\e87o9.exec:\e87o9.exe59⤵
- Executes dropped EXE
-
\??\c:\uo92w9.exec:\uo92w9.exe60⤵
- Executes dropped EXE
-
\??\c:\lkh1c.exec:\lkh1c.exe61⤵
- Executes dropped EXE
-
\??\c:\mccu03.exec:\mccu03.exe62⤵
- Executes dropped EXE
-
\??\c:\73ub8c.exec:\73ub8c.exe63⤵
- Executes dropped EXE
-
\??\c:\d59k5.exec:\d59k5.exe64⤵
- Executes dropped EXE
-
\??\c:\6l57od5.exec:\6l57od5.exe65⤵
- Executes dropped EXE
-
\??\c:\i60jg0.exec:\i60jg0.exe66⤵
- Executes dropped EXE
-
\??\c:\kwso18.exec:\kwso18.exe67⤵
-
\??\c:\n16k52.exec:\n16k52.exe68⤵
-
\??\c:\2b0uk36.exec:\2b0uk36.exe69⤵
-
\??\c:\sk56n7.exec:\sk56n7.exe70⤵
-
\??\c:\7s9mv32.exec:\7s9mv32.exe71⤵
-
\??\c:\t7qua.exec:\t7qua.exe72⤵
-
\??\c:\1emqgwg.exec:\1emqgwg.exe73⤵
-
\??\c:\2saqe56.exec:\2saqe56.exe74⤵
-
\??\c:\cq1ca.exec:\cq1ca.exe75⤵
-
\??\c:\31emo.exec:\31emo.exe76⤵
-
\??\c:\qt52d99.exec:\qt52d99.exe77⤵
-
\??\c:\l7lgw.exec:\l7lgw.exe78⤵
-
\??\c:\b6s385.exec:\b6s385.exe79⤵
-
\??\c:\tuk1ut1.exec:\tuk1ut1.exe80⤵
-
\??\c:\336o70m.exec:\336o70m.exe81⤵
-
\??\c:\1b8vbp3.exec:\1b8vbp3.exe82⤵
-
\??\c:\7h96k37.exec:\7h96k37.exe83⤵
-
\??\c:\v52i36h.exec:\v52i36h.exe84⤵
-
\??\c:\8lm1w.exec:\8lm1w.exe85⤵
-
\??\c:\x889uk.exec:\x889uk.exe86⤵
-
\??\c:\754qo.exec:\754qo.exe87⤵
-
\??\c:\41ul2c.exec:\41ul2c.exe88⤵
-
\??\c:\j499uk.exec:\j499uk.exe89⤵
-
\??\c:\2u7mx5.exec:\2u7mx5.exe90⤵
-
\??\c:\j18j203.exec:\j18j203.exe91⤵
-
\??\c:\u02fvh.exec:\u02fvh.exe92⤵
-
\??\c:\f3s1oi2.exec:\f3s1oi2.exe93⤵
-
\??\c:\xuqr9w.exec:\xuqr9w.exe94⤵
-
\??\c:\6o7917.exec:\6o7917.exe95⤵
-
\??\c:\55q34.exec:\55q34.exe96⤵
-
\??\c:\309u57k.exec:\309u57k.exe97⤵
-
\??\c:\7l18w7.exec:\7l18w7.exe98⤵
-
\??\c:\lwget77.exec:\lwget77.exe99⤵
-
\??\c:\qk551u.exec:\qk551u.exe100⤵
-
\??\c:\n8a36mb.exec:\n8a36mb.exe101⤵
-
\??\c:\45ui5.exec:\45ui5.exe102⤵
-
\??\c:\372x6k7.exec:\372x6k7.exe103⤵
-
\??\c:\72983.exec:\72983.exe104⤵
-
\??\c:\ggtnco.exec:\ggtnco.exe105⤵
-
\??\c:\95b5s.exec:\95b5s.exe106⤵
-
\??\c:\5up9e7.exec:\5up9e7.exe107⤵
-
\??\c:\t8k94r.exec:\t8k94r.exe108⤵
-
\??\c:\n3wp4w.exec:\n3wp4w.exe109⤵
-
\??\c:\hr8109j.exec:\hr8109j.exe110⤵
-
\??\c:\b50m65u.exec:\b50m65u.exe111⤵
-
\??\c:\798e5.exec:\798e5.exe112⤵
-
\??\c:\0cweg.exec:\0cweg.exe113⤵
-
\??\c:\s59ip6r.exec:\s59ip6r.exe114⤵
-
\??\c:\o9crm.exec:\o9crm.exe115⤵
-
\??\c:\mkoq1.exec:\mkoq1.exe116⤵
-
\??\c:\mo0wt.exec:\mo0wt.exe117⤵
-
\??\c:\6e5co3.exec:\6e5co3.exe118⤵
-
\??\c:\134k9.exec:\134k9.exe119⤵
-
\??\c:\ug511mh.exec:\ug511mh.exe120⤵
-
\??\c:\od7u1.exec:\od7u1.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-