Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231025-en -
resource tags
-
submitted
15/11/2023, 02:30
General
-
Target
NEAS.aaccb7a8e8f4731337ad4f8eb704e0c0.exe
-
Size
150KB
-
MD5
aaccb7a8e8f4731337ad4f8eb704e0c0
-
SHA1
8b2b8fb953a68c82d626af6f52ed809e37f95941
-
SHA256
09ff8754853bf04a761e93622630a16f59cc1d02923a41c645883340a3d0c5dd
-
SHA512
592bf3d77d8c0c7278f3e4bfeaa6052a25dea7298692715e8330972691cf3cd5277a64d69b2889993d3c30fbdebb7a83ad3523a7a9588961499f24ba7c762f5c
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp9gBEpBSlrseOwXm:n3C9BRo7tvnJ9oEzq7bW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 60 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.aaccb7a8e8f4731337ad4f8eb704e0c0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.aaccb7a8e8f4731337ad4f8eb704e0c0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\61m7w3e.exec:\61m7w3e.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5r01h7.exec:\5r01h7.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\irkop77.exec:\irkop77.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c2n81.exec:\c2n81.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pip5msp.exec:\pip5msp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\35339.exec:\35339.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\93ow1.exec:\93ow1.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0qg1un6.exec:\0qg1un6.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0od107.exec:\0od107.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\97nvue8.exec:\97nvue8.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\93q7rrd.exec:\93q7rrd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jf9e58.exec:\jf9e58.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l33057f.exec:\l33057f.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\28pex.exec:\28pex.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\614u67p.exec:\614u67p.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpkjf.exec:\jpkjf.exe17⤵
- Executes dropped EXE
-
\??\c:\l3us9uo.exec:\l3us9uo.exe18⤵
- Executes dropped EXE
-
\??\c:\24qie5.exec:\24qie5.exe19⤵
- Executes dropped EXE
-
\??\c:\t187u1i.exec:\t187u1i.exe20⤵
- Executes dropped EXE
-
\??\c:\04v3u.exec:\04v3u.exe21⤵
- Executes dropped EXE
-
\??\c:\0jqv1.exec:\0jqv1.exe22⤵
- Executes dropped EXE
-
\??\c:\is9di.exec:\is9di.exe23⤵
- Executes dropped EXE
-
\??\c:\qasm5.exec:\qasm5.exe24⤵
- Executes dropped EXE
-
\??\c:\05oxm5.exec:\05oxm5.exe25⤵
- Executes dropped EXE
-
\??\c:\xe9u97.exec:\xe9u97.exe26⤵
- Executes dropped EXE
-
\??\c:\d636g5w.exec:\d636g5w.exe27⤵
- Executes dropped EXE
-
\??\c:\4emj4pj.exec:\4emj4pj.exe28⤵
- Executes dropped EXE
-
\??\c:\61pm9.exec:\61pm9.exe29⤵
- Executes dropped EXE
-
\??\c:\q4ew3.exec:\q4ew3.exe30⤵
- Executes dropped EXE
-
\??\c:\s59p9r.exec:\s59p9r.exe31⤵
- Executes dropped EXE
-
\??\c:\4isk7.exec:\4isk7.exe32⤵
- Executes dropped EXE
-
\??\c:\xib7c.exec:\xib7c.exe33⤵
- Executes dropped EXE
-
\??\c:\1oo50u.exec:\1oo50u.exe34⤵
-
\??\c:\roka4s.exec:\roka4s.exe35⤵
- Executes dropped EXE
-
\??\c:\rof16o.exec:\rof16o.exe36⤵
- Executes dropped EXE
-
\??\c:\e6r76.exec:\e6r76.exe37⤵
- Executes dropped EXE
-
\??\c:\01neoqc.exec:\01neoqc.exe38⤵
- Executes dropped EXE
-
\??\c:\5f1g71p.exec:\5f1g71p.exe39⤵
- Executes dropped EXE
-
\??\c:\9frn853.exec:\9frn853.exe40⤵
- Executes dropped EXE
-
\??\c:\212ck7w.exec:\212ck7w.exe41⤵
- Executes dropped EXE
-
\??\c:\fp0u4d.exec:\fp0u4d.exe42⤵
- Executes dropped EXE
-
\??\c:\53q1c0.exec:\53q1c0.exe43⤵
- Executes dropped EXE
-
\??\c:\5cj0q.exec:\5cj0q.exe44⤵
- Executes dropped EXE
-
\??\c:\a59w18.exec:\a59w18.exe45⤵
- Executes dropped EXE
-
\??\c:\u9s7qdf.exec:\u9s7qdf.exe46⤵
- Executes dropped EXE
-
\??\c:\t76i9s9.exec:\t76i9s9.exe47⤵
- Executes dropped EXE
-
\??\c:\273n7.exec:\273n7.exe48⤵
- Executes dropped EXE
-
\??\c:\67593.exec:\67593.exe49⤵
- Executes dropped EXE
-
\??\c:\pi10t5.exec:\pi10t5.exe50⤵
- Executes dropped EXE
-
\??\c:\424rc2.exec:\424rc2.exe51⤵
- Executes dropped EXE
-
\??\c:\569ts6.exec:\569ts6.exe52⤵
- Executes dropped EXE
-
\??\c:\23j9w.exec:\23j9w.exe53⤵
- Executes dropped EXE
-
\??\c:\29a35.exec:\29a35.exe54⤵
- Executes dropped EXE
-
\??\c:\762ws4f.exec:\762ws4f.exe55⤵
- Executes dropped EXE
-
\??\c:\j9l9h9.exec:\j9l9h9.exe56⤵
- Executes dropped EXE
-
\??\c:\ae6p9.exec:\ae6p9.exe57⤵
- Executes dropped EXE
-
\??\c:\692e7.exec:\692e7.exe58⤵
- Executes dropped EXE
-
\??\c:\qa3rl.exec:\qa3rl.exe59⤵
- Executes dropped EXE
-
\??\c:\25q76x.exec:\25q76x.exe60⤵
- Executes dropped EXE
-
\??\c:\mmqkukb.exec:\mmqkukb.exe61⤵
- Executes dropped EXE
-
\??\c:\fqxh7.exec:\fqxh7.exe62⤵
- Executes dropped EXE
-
\??\c:\7qgn6.exec:\7qgn6.exe63⤵
- Executes dropped EXE
-
\??\c:\68w1iie.exec:\68w1iie.exe64⤵
- Executes dropped EXE
-
\??\c:\832k79.exec:\832k79.exe65⤵
- Executes dropped EXE
-
\??\c:\f1f46.exec:\f1f46.exe66⤵
- Executes dropped EXE
-
\??\c:\92f87i.exec:\92f87i.exe67⤵
-
\??\c:\01ws52.exec:\01ws52.exe68⤵
-
\??\c:\6q3735.exec:\6q3735.exe69⤵
-
\??\c:\p55mp7.exec:\p55mp7.exe70⤵
-
\??\c:\4s29k.exec:\4s29k.exe71⤵
-
\??\c:\trunc.exec:\trunc.exe72⤵
-
\??\c:\n93757s.exec:\n93757s.exe73⤵
-
\??\c:\7q5qsv.exec:\7q5qsv.exe74⤵
-
\??\c:\213g1.exec:\213g1.exe75⤵
-
\??\c:\84e9k7x.exec:\84e9k7x.exe76⤵
-
\??\c:\1222q94.exec:\1222q94.exe77⤵
-
\??\c:\ex2ec8.exec:\ex2ec8.exe78⤵
-
\??\c:\7sal0s.exec:\7sal0s.exe79⤵
-
\??\c:\39172x.exec:\39172x.exe80⤵
-
\??\c:\f7130f.exec:\f7130f.exe81⤵
-
\??\c:\36f78.exec:\36f78.exe82⤵
-
\??\c:\l12k9o.exec:\l12k9o.exe83⤵
-
\??\c:\v52fp.exec:\v52fp.exe84⤵
-
\??\c:\rk16cm.exec:\rk16cm.exe85⤵
-
\??\c:\b1gs749.exec:\b1gs749.exe86⤵
-
\??\c:\ag9hg.exec:\ag9hg.exe87⤵
-
\??\c:\ptic2ku.exec:\ptic2ku.exe88⤵
-
\??\c:\u0c9f3.exec:\u0c9f3.exe89⤵
-
\??\c:\t714m.exec:\t714m.exe90⤵
-
\??\c:\02iw9u5.exec:\02iw9u5.exe91⤵
-
\??\c:\6pdevg0.exec:\6pdevg0.exe92⤵
-
\??\c:\k32xhh4.exec:\k32xhh4.exe93⤵
-
\??\c:\b70wh.exec:\b70wh.exe94⤵
-
\??\c:\x558007.exec:\x558007.exe95⤵
-
\??\c:\43uu7g.exec:\43uu7g.exe96⤵
-
\??\c:\m58o77e.exec:\m58o77e.exe97⤵
-
\??\c:\2451s.exec:\2451s.exe98⤵
-
\??\c:\188trv.exec:\188trv.exe99⤵
-
\??\c:\f2xo1vn.exec:\f2xo1vn.exe100⤵
-
\??\c:\8d2h5.exec:\8d2h5.exe101⤵
-
\??\c:\7j9i71f.exec:\7j9i71f.exe102⤵
-
\??\c:\56ah9pn.exec:\56ah9pn.exe103⤵
-
\??\c:\87am6q.exec:\87am6q.exe104⤵
-
\??\c:\650g54.exec:\650g54.exe105⤵
-
\??\c:\415w62.exec:\415w62.exe106⤵
-
\??\c:\fr18l91.exec:\fr18l91.exe107⤵
-
\??\c:\s7wlmk.exec:\s7wlmk.exe108⤵
-
\??\c:\44qi10.exec:\44qi10.exe109⤵
-
\??\c:\j5i18c3.exec:\j5i18c3.exe110⤵
-
\??\c:\pxh2l9k.exec:\pxh2l9k.exe111⤵
-
\??\c:\jg5o19.exec:\jg5o19.exe112⤵
-
\??\c:\9se0u.exec:\9se0u.exe113⤵
-
\??\c:\3v77i.exec:\3v77i.exe114⤵
-
\??\c:\5asqqv.exec:\5asqqv.exe115⤵
-
\??\c:\5cgb7q.exec:\5cgb7q.exe116⤵
-
\??\c:\27mc9.exec:\27mc9.exe117⤵
-
\??\c:\676gh3c.exec:\676gh3c.exe118⤵
-
\??\c:\7h1u93a.exec:\7h1u93a.exe119⤵
-
\??\c:\172x5p.exec:\172x5p.exe120⤵
-
\??\c:\834gv9m.exec:\834gv9m.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-