Analysis
-
max time kernel
102s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
13/11/2023, 00:22
General
-
Target
NEAS.56a86819aaf309f18c3f940f867202c0.exe
-
Size
100KB
-
MD5
56a86819aaf309f18c3f940f867202c0
-
SHA1
7f37427a8d0ea518c9627174eab65170ba96b7dc
-
SHA256
632aa25d8d1d6e1dd141b91be5de3e7a7a2377cd70cefb37ed5e211c8a2fff6d
-
SHA512
8e436917ec193eb141cff66c8e7ad1225416eb282add8b641135c3e1557c99903d109d65e6d9fc9333df6bc00c27be3509f60240454a6fe99165cb98f14e88d0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7xCkTsIwtOa2dY36izroQZvZ:ymb3NkkiQ3mdBjFo7LAIb+LM+vZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 33 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 61 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.56a86819aaf309f18c3f940f867202c0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.56a86819aaf309f18c3f940f867202c0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bwj7kd9.exec:\bwj7kd9.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4e3oq.exec:\4e3oq.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m2e9kq.exec:\m2e9kq.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\klp6pp3.exec:\klp6pp3.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a38e9ud.exec:\a38e9ud.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2d13t.exec:\2d13t.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\93g50.exec:\93g50.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3048615.exec:\3048615.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g9197.exec:\g9197.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\82nj6j.exec:\82nj6j.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\va7uf.exec:\va7uf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\55xos22.exec:\55xos22.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3t33p.exec:\3t33p.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ko0b47g.exec:\ko0b47g.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1p3k2v.exec:\1p3k2v.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u7im921.exec:\u7im921.exe17⤵
- Executes dropped EXE
-
\??\c:\0hb3w.exec:\0hb3w.exe18⤵
- Executes dropped EXE
-
\??\c:\228803t.exec:\228803t.exe19⤵
- Executes dropped EXE
-
\??\c:\j4065.exec:\j4065.exe20⤵
- Executes dropped EXE
-
\??\c:\097su9.exec:\097su9.exe21⤵
- Executes dropped EXE
-
\??\c:\92o8q72.exec:\92o8q72.exe22⤵
- Executes dropped EXE
-
\??\c:\rl5171s.exec:\rl5171s.exe23⤵
- Executes dropped EXE
-
\??\c:\jgwu0a9.exec:\jgwu0a9.exe24⤵
- Executes dropped EXE
-
\??\c:\2bs9589.exec:\2bs9589.exe25⤵
- Executes dropped EXE
-
\??\c:\aax14e.exec:\aax14e.exe26⤵
- Executes dropped EXE
-
\??\c:\496ew.exec:\496ew.exe27⤵
- Executes dropped EXE
-
\??\c:\1h0k09.exec:\1h0k09.exe28⤵
- Executes dropped EXE
-
\??\c:\94v9n9u.exec:\94v9n9u.exe29⤵
- Executes dropped EXE
-
\??\c:\ot7k5.exec:\ot7k5.exe30⤵
- Executes dropped EXE
-
\??\c:\bsj6l.exec:\bsj6l.exe31⤵
- Executes dropped EXE
-
\??\c:\gc8k0u.exec:\gc8k0u.exe32⤵
- Executes dropped EXE
-
\??\c:\s2c16kx.exec:\s2c16kx.exe33⤵
- Executes dropped EXE
-
\??\c:\25wckc3.exec:\25wckc3.exe34⤵
- Executes dropped EXE
-
\??\c:\742t086.exec:\742t086.exe35⤵
- Executes dropped EXE
-
\??\c:\k0m74u9.exec:\k0m74u9.exe36⤵
- Executes dropped EXE
-
\??\c:\91geq.exec:\91geq.exe37⤵
- Executes dropped EXE
-
\??\c:\hchd0aq.exec:\hchd0aq.exe38⤵
- Executes dropped EXE
-
\??\c:\bx36sx.exec:\bx36sx.exe39⤵
- Executes dropped EXE
-
\??\c:\21gbv1.exec:\21gbv1.exe40⤵
- Executes dropped EXE
-
\??\c:\t77pm40.exec:\t77pm40.exe41⤵
- Executes dropped EXE
-
\??\c:\93677.exec:\93677.exe42⤵
- Executes dropped EXE
-
\??\c:\iodck.exec:\iodck.exe43⤵
- Executes dropped EXE
-
\??\c:\mx10ab.exec:\mx10ab.exe44⤵
- Executes dropped EXE
-
\??\c:\81md0.exec:\81md0.exe45⤵
- Executes dropped EXE
-
\??\c:\xe6skf6.exec:\xe6skf6.exe46⤵
- Executes dropped EXE
-
\??\c:\i65ga.exec:\i65ga.exe47⤵
- Executes dropped EXE
-
\??\c:\n85611.exec:\n85611.exe48⤵
- Executes dropped EXE
-
\??\c:\kks56k.exec:\kks56k.exe49⤵
- Executes dropped EXE
-
\??\c:\87ki9av.exec:\87ki9av.exe50⤵
- Executes dropped EXE
-
\??\c:\03u5q1i.exec:\03u5q1i.exe51⤵
- Executes dropped EXE
-
\??\c:\q9j5c95.exec:\q9j5c95.exe52⤵
- Executes dropped EXE
-
\??\c:\44r7cq.exec:\44r7cq.exe53⤵
- Executes dropped EXE
-
\??\c:\35i9qh.exec:\35i9qh.exe54⤵
- Executes dropped EXE
-
\??\c:\fs37a.exec:\fs37a.exe55⤵
- Executes dropped EXE
-
\??\c:\1uoe7oo.exec:\1uoe7oo.exe56⤵
- Executes dropped EXE
-
\??\c:\v0dc7.exec:\v0dc7.exe57⤵
- Executes dropped EXE
-
\??\c:\vwl54s.exec:\vwl54s.exe58⤵
- Executes dropped EXE
-
\??\c:\7v34a.exec:\7v34a.exe59⤵
- Executes dropped EXE
-
\??\c:\80ji39s.exec:\80ji39s.exe60⤵
- Executes dropped EXE
-
\??\c:\8k307f.exec:\8k307f.exe61⤵
- Executes dropped EXE
-
\??\c:\m8k3q.exec:\m8k3q.exe62⤵
- Executes dropped EXE
-
\??\c:\556m9e.exec:\556m9e.exe63⤵
- Executes dropped EXE
-
\??\c:\2p31i.exec:\2p31i.exe64⤵
- Executes dropped EXE
-
\??\c:\uce9op.exec:\uce9op.exe65⤵
- Executes dropped EXE
-
\??\c:\qxh5ga.exec:\qxh5ga.exe66⤵
-
\??\c:\352ovi3.exec:\352ovi3.exe67⤵
-
\??\c:\9ui54.exec:\9ui54.exe68⤵
-
\??\c:\q72xar3.exec:\q72xar3.exe69⤵
-
\??\c:\xuf5m7e.exec:\xuf5m7e.exe70⤵
-
\??\c:\27q7o.exec:\27q7o.exe71⤵
-
\??\c:\tos039.exec:\tos039.exe72⤵
-
\??\c:\d9nl7.exec:\d9nl7.exe73⤵
-
\??\c:\832ja1w.exec:\832ja1w.exe74⤵
-
\??\c:\0aj4k90.exec:\0aj4k90.exe75⤵
-
\??\c:\5v57i.exec:\5v57i.exe76⤵
-
\??\c:\4jq69l2.exec:\4jq69l2.exe77⤵
-
\??\c:\77ku8i.exec:\77ku8i.exe78⤵
-
\??\c:\b4lt0.exec:\b4lt0.exe79⤵
-
\??\c:\6j4a70b.exec:\6j4a70b.exe80⤵
-
\??\c:\26icl.exec:\26icl.exe81⤵
-
\??\c:\9512f11.exec:\9512f11.exe82⤵
-
\??\c:\3q6m56a.exec:\3q6m56a.exe83⤵
-
\??\c:\6xtaw1.exec:\6xtaw1.exe84⤵
-
\??\c:\193nrhk.exec:\193nrhk.exe85⤵
-
\??\c:\1g8w7.exec:\1g8w7.exe86⤵
-
\??\c:\ephno8.exec:\ephno8.exe87⤵
-
\??\c:\1d9sn9.exec:\1d9sn9.exe88⤵
-
\??\c:\h7s97nl.exec:\h7s97nl.exe89⤵
-
\??\c:\r91fs3.exec:\r91fs3.exe90⤵
-
\??\c:\k92li57.exec:\k92li57.exe91⤵
-
\??\c:\nr4uv9s.exec:\nr4uv9s.exe92⤵
-
\??\c:\79371.exec:\79371.exe93⤵
-
\??\c:\85qp8.exec:\85qp8.exe94⤵
-
\??\c:\474l5.exec:\474l5.exe95⤵
-
\??\c:\jwox9.exec:\jwox9.exe96⤵
-
\??\c:\1n0i1w.exec:\1n0i1w.exe97⤵
-
\??\c:\sc76ua9.exec:\sc76ua9.exe98⤵
-
\??\c:\xn7g17.exec:\xn7g17.exe99⤵
-
\??\c:\i4ieo3.exec:\i4ieo3.exe100⤵
-
\??\c:\j23715i.exec:\j23715i.exe101⤵
-
\??\c:\qkbakas.exec:\qkbakas.exe102⤵
-
\??\c:\eg6cmx.exec:\eg6cmx.exe103⤵
-
\??\c:\r7m18.exec:\r7m18.exe104⤵
-
\??\c:\ib7oh6f.exec:\ib7oh6f.exe105⤵
-
\??\c:\6h9sd50.exec:\6h9sd50.exe106⤵
-
\??\c:\33rv7.exec:\33rv7.exe107⤵
-
\??\c:\031gq7e.exec:\031gq7e.exe108⤵
-
\??\c:\26a55wu.exec:\26a55wu.exe109⤵
-
\??\c:\rt95e9.exec:\rt95e9.exe110⤵
-
\??\c:\l9g1w.exec:\l9g1w.exe111⤵
-
\??\c:\978rab4.exec:\978rab4.exe112⤵
-
\??\c:\70jk2.exec:\70jk2.exe113⤵
-
\??\c:\i4s57e7.exec:\i4s57e7.exe114⤵
-
\??\c:\g0w918.exec:\g0w918.exe115⤵
-
\??\c:\ie18a4.exec:\ie18a4.exe116⤵
-
\??\c:\9717m.exec:\9717m.exe117⤵
-
\??\c:\vn311d.exec:\vn311d.exe118⤵
-
\??\c:\w5km11q.exec:\w5km11q.exe119⤵
-
\??\c:\k0353.exec:\k0353.exe120⤵
-
\??\c:\6x9p78.exec:\6x9p78.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-