Resubmissions
15-11-2023 00:56
231115-bam2taag91 10Analysis
-
max time kernel
110s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
15-11-2023 00:56
General
-
Target
NEAS.acc36e4f9273aef9d917c78d35244d00.exe
-
Size
96KB
-
MD5
acc36e4f9273aef9d917c78d35244d00
-
SHA1
0b39cb4548113492f5bca3fd719c135842b70916
-
SHA256
c6d1828a9e34326bea3b1de503adbae206c22b8050eab2d3964dc4f1f425bbdc
-
SHA512
d7b814c10fb136879b2982ba1e56bc8e25671574c4ece03f916990664e43defea0690ca200cf9ba0bd3307e5c1d2d46e37de521d5ab65f02891822db1d426c23
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afodnmm9Ao98hd:n3C9BRW0j/tmm9nwd
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 58 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.acc36e4f9273aef9d917c78d35244d00.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.acc36e4f9273aef9d917c78d35244d00.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dp349j.exec:\dp349j.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j6x746h.exec:\j6x746h.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c2ox0cj.exec:\c2ox0cj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nf6k9.exec:\nf6k9.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ien7f.exec:\ien7f.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j72wc3m.exec:\j72wc3m.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
\??\c:\o6t4j.exec:\o6t4j.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k8owu.exec:\k8owu.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\058o51.exec:\058o51.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\akkj0.exec:\akkj0.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qua38c7.exec:\qua38c7.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i6bn54k.exec:\i6bn54k.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\44l5c.exec:\44l5c.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\516m8ip.exec:\516m8ip.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3d96q.exec:\3d96q.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\08k1ib.exec:\08k1ib.exe10⤵
- Executes dropped EXE
-
\??\c:\vf8qn3.exec:\vf8qn3.exe11⤵
- Executes dropped EXE
-
\??\c:\eua2ek.exec:\eua2ek.exe12⤵
- Executes dropped EXE
-
\??\c:\7lwagme.exec:\7lwagme.exe13⤵
- Executes dropped EXE
-
\??\c:\bcf5ei2.exec:\bcf5ei2.exe14⤵
- Executes dropped EXE
-
\??\c:\46d9n9.exec:\46d9n9.exe15⤵
- Executes dropped EXE
-
\??\c:\1p2c9.exec:\1p2c9.exe16⤵
- Executes dropped EXE
-
\??\c:\06w3ghu.exec:\06w3ghu.exe17⤵
- Executes dropped EXE
-
\??\c:\67t7um.exec:\67t7um.exe18⤵
- Executes dropped EXE
-
\??\c:\7m7b7.exec:\7m7b7.exe19⤵
- Executes dropped EXE
-
\??\c:\wmg5q7q.exec:\wmg5q7q.exe20⤵
- Executes dropped EXE
-
\??\c:\ru704.exec:\ru704.exe21⤵
- Executes dropped EXE
-
\??\c:\v85o88.exec:\v85o88.exe22⤵
- Executes dropped EXE
-
\??\c:\wcj37k.exec:\wcj37k.exe23⤵
- Executes dropped EXE
-
\??\c:\uu5sv.exec:\uu5sv.exe24⤵
- Executes dropped EXE
-
\??\c:\u0c5uo.exec:\u0c5uo.exe25⤵
- Executes dropped EXE
-
\??\c:\716u71m.exec:\716u71m.exe26⤵
- Executes dropped EXE
-
\??\c:\xb78x7a.exec:\xb78x7a.exe27⤵
- Executes dropped EXE
-
\??\c:\67e7me.exec:\67e7me.exe28⤵
- Executes dropped EXE
-
\??\c:\s4lx6s.exec:\s4lx6s.exe29⤵
- Executes dropped EXE
-
\??\c:\woeiv.exec:\woeiv.exe30⤵
- Executes dropped EXE
-
\??\c:\l957k9q.exec:\l957k9q.exe31⤵
- Executes dropped EXE
-
\??\c:\ng1oo1u.exec:\ng1oo1u.exe32⤵
- Executes dropped EXE
-
\??\c:\i7m3cm.exec:\i7m3cm.exe33⤵
- Executes dropped EXE
-
\??\c:\328823.exec:\328823.exe34⤵
- Executes dropped EXE
-
\??\c:\536od7i.exec:\536od7i.exe35⤵
- Executes dropped EXE
-
\??\c:\w2m5cd6.exec:\w2m5cd6.exe36⤵
- Executes dropped EXE
-
\??\c:\ds365.exec:\ds365.exe37⤵
- Executes dropped EXE
-
\??\c:\95j6k4.exec:\95j6k4.exe38⤵
- Executes dropped EXE
-
\??\c:\a0o1cw7.exec:\a0o1cw7.exe39⤵
- Executes dropped EXE
-
\??\c:\08rh1.exec:\08rh1.exe40⤵
- Executes dropped EXE
-
\??\c:\5s8q79.exec:\5s8q79.exe41⤵
- Executes dropped EXE
-
\??\c:\98ugt0.exec:\98ugt0.exe42⤵
- Executes dropped EXE
-
\??\c:\jv31o.exec:\jv31o.exe43⤵
- Executes dropped EXE
-
\??\c:\45so5.exec:\45so5.exe44⤵
- Executes dropped EXE
-
\??\c:\4kxo0.exec:\4kxo0.exe45⤵
- Executes dropped EXE
-
\??\c:\cm34g.exec:\cm34g.exe46⤵
- Executes dropped EXE
-
\??\c:\916du5.exec:\916du5.exe47⤵
- Executes dropped EXE
-
\??\c:\640971w.exec:\640971w.exe48⤵
- Executes dropped EXE
-
\??\c:\634vis.exec:\634vis.exe49⤵
- Executes dropped EXE
-
\??\c:\sgpr61g.exec:\sgpr61g.exe50⤵
- Executes dropped EXE
-
\??\c:\08e246.exec:\08e246.exe51⤵
- Executes dropped EXE
-
\??\c:\09ef39.exec:\09ef39.exe52⤵
- Executes dropped EXE
-
\??\c:\x7795.exec:\x7795.exe53⤵
- Executes dropped EXE
-
\??\c:\6q61x.exec:\6q61x.exe54⤵
- Executes dropped EXE
-
\??\c:\l92uf.exec:\l92uf.exe55⤵
- Executes dropped EXE
-
\??\c:\1f8dg.exec:\1f8dg.exe56⤵
- Executes dropped EXE
-
\??\c:\7a51o7.exec:\7a51o7.exe57⤵
- Executes dropped EXE
-
\??\c:\02p2n.exec:\02p2n.exe58⤵
- Executes dropped EXE
-
\??\c:\i0wuh.exec:\i0wuh.exe59⤵
-
\??\c:\65ep56.exec:\65ep56.exe60⤵
-
\??\c:\1h985m.exec:\1h985m.exe61⤵
-
\??\c:\bh8wx0j.exec:\bh8wx0j.exe62⤵
-
\??\c:\29an6.exec:\29an6.exe63⤵
-
\??\c:\0wb6w.exec:\0wb6w.exe64⤵
-
\??\c:\dgr3c.exec:\dgr3c.exe65⤵
-
\??\c:\pr72w78.exec:\pr72w78.exe66⤵
-
\??\c:\65l51.exec:\65l51.exe67⤵
-
\??\c:\5fb22n.exec:\5fb22n.exe68⤵
-
\??\c:\5q9on5.exec:\5q9on5.exe69⤵
-
\??\c:\1i34p9.exec:\1i34p9.exe70⤵
-
\??\c:\977w7.exec:\977w7.exe71⤵
-
\??\c:\v60k8.exec:\v60k8.exe72⤵
-
\??\c:\o8w9gx.exec:\o8w9gx.exe73⤵
-
\??\c:\qwm1cb.exec:\qwm1cb.exe74⤵
-
\??\c:\233726.exec:\233726.exe75⤵
-
\??\c:\33sv6.exec:\33sv6.exe76⤵
-
\??\c:\m58b3.exec:\m58b3.exe77⤵
-
\??\c:\85gtkm.exec:\85gtkm.exe78⤵
-
\??\c:\5g871.exec:\5g871.exe79⤵
-
\??\c:\kkt91w.exec:\kkt91w.exe80⤵
-
\??\c:\qo8o9q.exec:\qo8o9q.exe81⤵
-
\??\c:\v4t2l.exec:\v4t2l.exe82⤵
-
\??\c:\ckw71.exec:\ckw71.exe83⤵
-
\??\c:\45m751.exec:\45m751.exe84⤵
-
\??\c:\m02eu15.exec:\m02eu15.exe85⤵
-
\??\c:\d39768.exec:\d39768.exe86⤵
-
\??\c:\lc9s5.exec:\lc9s5.exe87⤵
-
\??\c:\9533u33.exec:\9533u33.exe88⤵
-
\??\c:\q32o76a.exec:\q32o76a.exe89⤵
-
\??\c:\5i945.exec:\5i945.exe90⤵
-
\??\c:\r23vfo5.exec:\r23vfo5.exe91⤵
-
\??\c:\830k558.exec:\830k558.exe92⤵
-
\??\c:\ui16ix.exec:\ui16ix.exe93⤵
-
\??\c:\k4c36o7.exec:\k4c36o7.exe94⤵
-
\??\c:\3t98a.exec:\3t98a.exe95⤵
-
\??\c:\k6l1ij.exec:\k6l1ij.exe96⤵
-
\??\c:\cup77.exec:\cup77.exe97⤵
-
\??\c:\e70qi1.exec:\e70qi1.exe98⤵
-
\??\c:\3112k.exec:\3112k.exe99⤵
-
\??\c:\mh8x68m.exec:\mh8x68m.exe100⤵
-
\??\c:\a0u27gi.exec:\a0u27gi.exe101⤵
-
\??\c:\ssi3cb.exec:\ssi3cb.exe102⤵
-
\??\c:\heamc3e.exec:\heamc3e.exe103⤵
-
\??\c:\8pqcs.exec:\8pqcs.exe104⤵
-
\??\c:\9v14c.exec:\9v14c.exe105⤵
-
\??\c:\29ew7.exec:\29ew7.exe106⤵
-
\??\c:\401q235.exec:\401q235.exe107⤵
-
\??\c:\b871vx2.exec:\b871vx2.exe108⤵
-
\??\c:\ccgw2.exec:\ccgw2.exe109⤵
-
\??\c:\37gr2k4.exec:\37gr2k4.exe110⤵
-
\??\c:\1d54h16.exec:\1d54h16.exe111⤵
-
\??\c:\31ei9.exec:\31ei9.exe112⤵
-
\??\c:\331wv1.exec:\331wv1.exe113⤵
-
\??\c:\49v7ee.exec:\49v7ee.exe114⤵
-
\??\c:\457v71.exec:\457v71.exe115⤵
-
\??\c:\l1dsw2.exec:\l1dsw2.exe116⤵
-
\??\c:\3q13mg.exec:\3q13mg.exe117⤵
-
\??\c:\ekso5p.exec:\ekso5p.exe118⤵
-
\??\c:\254w7.exec:\254w7.exe119⤵
-
\??\c:\o2q1c.exec:\o2q1c.exe120⤵
-
\??\c:\fsd5q.exec:\fsd5q.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-