Analysis
-
max time kernel
160s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231025-en -
resource tags
-
submitted
16/11/2023, 21:58
General
-
Target
NEAS.ae7a46d987525281b15714cc12509150.exe
-
Size
122KB
-
MD5
ae7a46d987525281b15714cc12509150
-
SHA1
38ff83371b7280420e05d540f93eb881323b1e53
-
SHA256
fbb9a205a5e0d08506ff20504f9d3e0bbfc13a570f4aa1e6099eb7fcb1ea2500
-
SHA512
e3dd9659236957c9f411b72d5f5ea9ec1e0fe56942e9422f16f9217af7cdb63c556872e0915a490cd065002717361a30a41947292d9eb94b5e9aa039b4e82163
-
SSDEEP
3072:khOmTsF93UYfwC6GIoutpYcvrqrE66kropO6BfN3XcHd:kcm4FmowdHoSphraHcpOmi
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 60 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.ae7a46d987525281b15714cc12509150.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.ae7a46d987525281b15714cc12509150.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7ied3.exec:\7ied3.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\68nb8s.exec:\68nb8s.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\owlufc.exec:\owlufc.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4i826w.exec:\4i826w.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\95676.exec:\95676.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i226f8.exec:\i226f8.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u8du2n.exec:\u8du2n.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gdn848.exec:\gdn848.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h20655.exec:\h20655.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjrq45h.exec:\tjrq45h.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\juqmki0.exec:\juqmki0.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\35qll4.exec:\35qll4.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wiw433.exec:\wiw433.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d3p4f2a.exec:\d3p4f2a.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0f84lv.exec:\0f84lv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\iw64xh.exec:\iw64xh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\13hh4r6.exec:\13hh4r6.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c08tt22.exec:\c08tt22.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fo4v0.exec:\fo4v0.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\61lv2.exec:\61lv2.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m2w6jc2.exec:\m2w6jc2.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\oo8l9.exec:\oo8l9.exe23⤵
- Executes dropped EXE
-
\??\c:\f526r.exec:\f526r.exe24⤵
- Executes dropped EXE
-
\??\c:\24h8667.exec:\24h8667.exe25⤵
- Executes dropped EXE
-
\??\c:\k82i3u.exec:\k82i3u.exe26⤵
- Executes dropped EXE
-
\??\c:\g84r9.exec:\g84r9.exe27⤵
- Executes dropped EXE
-
\??\c:\1lnws.exec:\1lnws.exe28⤵
- Executes dropped EXE
-
\??\c:\870dp.exec:\870dp.exe29⤵
- Executes dropped EXE
-
\??\c:\m04tsci.exec:\m04tsci.exe30⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\n0ni308.exec:\n0ni308.exe2⤵
-
\??\c:\p487om.exec:\p487om.exe3⤵
-
\??\c:\h543nkc.exec:\h543nkc.exe4⤵
-
\??\c:\p80oll.exec:\p80oll.exe5⤵
-
\??\c:\2w74039.exec:\2w74039.exe6⤵
-
\??\c:\180fv02.exec:\180fv02.exe7⤵
-
\??\c:\81pp82p.exec:\81pp82p.exe8⤵
-
\??\c:\i93q9.exec:\i93q9.exe9⤵
-
\??\c:\20jbc0.exec:\20jbc0.exe10⤵
-
\??\c:\pefgla8.exec:\pefgla8.exe11⤵
-
\??\c:\w5481.exec:\w5481.exe12⤵
-
\??\c:\8bdpka.exec:\8bdpka.exe13⤵
-
\??\c:\u3e4m.exec:\u3e4m.exe14⤵
-
\??\c:\v270o80.exec:\v270o80.exe15⤵
-
\??\c:\00d51dt.exec:\00d51dt.exe16⤵
-
\??\c:\xu8fqf6.exec:\xu8fqf6.exe17⤵
-
\??\c:\37d5av8.exec:\37d5av8.exe18⤵
-
\??\c:\mup939l.exec:\mup939l.exe19⤵
-
\??\c:\09s8w3.exec:\09s8w3.exe20⤵
-
\??\c:\s46a9i.exec:\s46a9i.exe21⤵
-
\??\c:\t51xdul.exec:\t51xdul.exe22⤵
-
\??\c:\50dx09r.exec:\50dx09r.exe23⤵
-
\??\c:\5le6o8.exec:\5le6o8.exe24⤵
-
\??\c:\2qt0xpm.exec:\2qt0xpm.exe25⤵
-
\??\c:\tjpq2t.exec:\tjpq2t.exe26⤵
-
\??\c:\7but69c.exec:\7but69c.exe27⤵
-
\??\c:\9ffgfp8.exec:\9ffgfp8.exe28⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\7xwm7m.exec:\7xwm7m.exe1⤵
- Executes dropped EXE
-
\??\c:\8f5ul8.exec:\8f5ul8.exe2⤵
- Executes dropped EXE
-
\??\c:\gfb607.exec:\gfb607.exe3⤵
- Executes dropped EXE
-
\??\c:\0im80.exec:\0im80.exe4⤵
- Executes dropped EXE
-
\??\c:\w9709.exec:\w9709.exe5⤵
- Executes dropped EXE
-
\??\c:\6bbe5xr.exec:\6bbe5xr.exe6⤵
- Executes dropped EXE
-
\??\c:\o1hn21l.exec:\o1hn21l.exe7⤵
- Executes dropped EXE
-
\??\c:\40s0d7u.exec:\40s0d7u.exe8⤵
- Executes dropped EXE
-
\??\c:\xb06j82.exec:\xb06j82.exe9⤵
- Executes dropped EXE
-
\??\c:\nw5vrw1.exec:\nw5vrw1.exe10⤵
- Executes dropped EXE
-
\??\c:\481d41.exec:\481d41.exe11⤵
- Executes dropped EXE
-
\??\c:\54ubev8.exec:\54ubev8.exe12⤵
- Executes dropped EXE
-
\??\c:\6s54v5v.exec:\6s54v5v.exe13⤵
- Executes dropped EXE
-
\??\c:\1065htx.exec:\1065htx.exe14⤵
- Executes dropped EXE
-
\??\c:\60080t.exec:\60080t.exe15⤵
- Executes dropped EXE
-
\??\c:\j65fbux.exec:\j65fbux.exe16⤵
- Executes dropped EXE
-
\??\c:\726t0.exec:\726t0.exe17⤵
- Executes dropped EXE
-
\??\c:\ce735n.exec:\ce735n.exe18⤵
- Executes dropped EXE
-
\??\c:\eqb6n58.exec:\eqb6n58.exe19⤵
- Executes dropped EXE
-
\??\c:\b2xbt4p.exec:\b2xbt4p.exe20⤵
- Executes dropped EXE
-
\??\c:\l52j2.exec:\l52j2.exe21⤵
- Executes dropped EXE
-
\??\c:\d22m1.exec:\d22m1.exe22⤵
- Executes dropped EXE
-
\??\c:\dg03nj.exec:\dg03nj.exe23⤵
- Executes dropped EXE
-
\??\c:\7njo435.exec:\7njo435.exe24⤵
- Executes dropped EXE
-
\??\c:\pj303.exec:\pj303.exe25⤵
- Executes dropped EXE
-
\??\c:\3xrq62x.exec:\3xrq62x.exe26⤵
- Executes dropped EXE
-
\??\c:\k0t83.exec:\k0t83.exe27⤵
- Executes dropped EXE
-
\??\c:\u2rk6r1.exec:\u2rk6r1.exe28⤵
- Executes dropped EXE
-
\??\c:\8620ql.exec:\8620ql.exe29⤵
- Executes dropped EXE
-
\??\c:\05u11.exec:\05u11.exe30⤵
- Executes dropped EXE
-
\??\c:\mfv0un.exec:\mfv0un.exe31⤵
- Executes dropped EXE
-
\??\c:\r1xtv.exec:\r1xtv.exe32⤵
- Executes dropped EXE
-
\??\c:\nnx040.exec:\nnx040.exe33⤵
- Executes dropped EXE
-
\??\c:\u0j846.exec:\u0j846.exe34⤵
- Executes dropped EXE
-
\??\c:\5g4u7h.exec:\5g4u7h.exe35⤵
- Executes dropped EXE
-
\??\c:\2jc95f0.exec:\2jc95f0.exe36⤵
-
\??\c:\12r4wj.exec:\12r4wj.exe37⤵
-
\??\c:\t62fwo.exec:\t62fwo.exe38⤵
-
\??\c:\8003l.exec:\8003l.exe39⤵
-
\??\c:\1v7755.exec:\1v7755.exe40⤵
-
\??\c:\rp9w3e.exec:\rp9w3e.exe41⤵
-
\??\c:\t2w88ma.exec:\t2w88ma.exe42⤵
-
\??\c:\9v6qb84.exec:\9v6qb84.exe43⤵
-
\??\c:\w6x8d.exec:\w6x8d.exe44⤵
-
\??\c:\w88pr0.exec:\w88pr0.exe45⤵
-
\??\c:\9sbp54b.exec:\9sbp54b.exe46⤵
-
\??\c:\3j2sb2.exec:\3j2sb2.exe47⤵
-
\??\c:\qr85r8a.exec:\qr85r8a.exe48⤵
-
\??\c:\o5s5u4.exec:\o5s5u4.exe49⤵
-
\??\c:\e0e31.exec:\e0e31.exe50⤵
-
\??\c:\52v78.exec:\52v78.exe51⤵
-
\??\c:\e8p18g.exec:\e8p18g.exe52⤵
-
\??\c:\fi9ip.exec:\fi9ip.exe53⤵
-
\??\c:\25gk21u.exec:\25gk21u.exe54⤵
-
\??\c:\r86gdi7.exec:\r86gdi7.exe55⤵
-
\??\c:\4j597.exec:\4j597.exe56⤵
-
\??\c:\c54et.exec:\c54et.exe57⤵
-
\??\c:\4ls80.exec:\4ls80.exe58⤵
-
\??\c:\581rp.exec:\581rp.exe59⤵
-
\??\c:\f9tgs.exec:\f9tgs.exe60⤵
-
\??\c:\hcq45l5.exec:\hcq45l5.exe61⤵
-
\??\c:\8brs6.exec:\8brs6.exe62⤵
-
\??\c:\6d3vjk4.exec:\6d3vjk4.exe63⤵
-
\??\c:\4x583.exec:\4x583.exe64⤵
-
\??\c:\g269q6.exec:\g269q6.exe65⤵
-
\??\c:\mat0f2.exec:\mat0f2.exe66⤵
-
\??\c:\ev1c9e.exec:\ev1c9e.exe67⤵
-
\??\c:\04j8arp.exec:\04j8arp.exe68⤵
-
\??\c:\m498m.exec:\m498m.exe69⤵
-
\??\c:\wp337.exec:\wp337.exe70⤵
-
\??\c:\u285hr0.exec:\u285hr0.exe71⤵
-
\??\c:\5hmam.exec:\5hmam.exe72⤵
-
\??\c:\d91rdg.exec:\d91rdg.exe73⤵
-
\??\c:\6t7288.exec:\6t7288.exe74⤵
-
\??\c:\ku46n8t.exec:\ku46n8t.exe75⤵
-
\??\c:\3b779.exec:\3b779.exe76⤵
-
\??\c:\71398.exec:\71398.exe77⤵
-
\??\c:\944bpv.exec:\944bpv.exe78⤵
-
\??\c:\83179d6.exec:\83179d6.exe79⤵
-
\??\c:\h229n.exec:\h229n.exe80⤵
-
\??\c:\jteg0.exec:\jteg0.exe81⤵
-
\??\c:\1i8we.exec:\1i8we.exe82⤵
-
\??\c:\2gwq940.exec:\2gwq940.exe83⤵
-
\??\c:\p39h06.exec:\p39h06.exe84⤵
-
\??\c:\rm8xe6.exec:\rm8xe6.exe85⤵
-
\??\c:\82916.exec:\82916.exe86⤵
-
\??\c:\8v78cdw.exec:\8v78cdw.exe87⤵
-
\??\c:\clf0k.exec:\clf0k.exe88⤵
-
\??\c:\o2228h.exec:\o2228h.exe89⤵
-
\??\c:\c28lb.exec:\c28lb.exe90⤵
-
\??\c:\e8pt86.exec:\e8pt86.exe91⤵
-
\??\c:\qf2j4.exec:\qf2j4.exe92⤵
-
\??\c:\97wlc.exec:\97wlc.exe93⤵
-
\??\c:\lkvoui.exec:\lkvoui.exe94⤵
-
\??\c:\42lh8.exec:\42lh8.exe95⤵
-
\??\c:\6eam8.exec:\6eam8.exe96⤵
-
\??\c:\e28p6k8.exec:\e28p6k8.exe97⤵
-
\??\c:\0dh8135.exec:\0dh8135.exe98⤵
-
\??\c:\c29ox.exec:\c29ox.exe99⤵
-
\??\c:\vn6e9kb.exec:\vn6e9kb.exe100⤵
-
\??\c:\ukn91po.exec:\ukn91po.exe101⤵
-
\??\c:\402n9.exec:\402n9.exe102⤵
-
\??\c:\4alhse4.exec:\4alhse4.exe103⤵
-
\??\c:\8n0t3cp.exec:\8n0t3cp.exe104⤵
-
\??\c:\mak7073.exec:\mak7073.exe105⤵
-
\??\c:\72jl02l.exec:\72jl02l.exe106⤵
-
\??\c:\2th4o8.exec:\2th4o8.exe107⤵
-
\??\c:\74664.exec:\74664.exe108⤵
-
\??\c:\3tx66.exec:\3tx66.exe109⤵
-
\??\c:\l88xt0.exec:\l88xt0.exe110⤵
-
\??\c:\8jpn405.exec:\8jpn405.exe111⤵
-
\??\c:\lx4g1c1.exec:\lx4g1c1.exe112⤵
-
\??\c:\8o3p5r.exec:\8o3p5r.exe113⤵
-
\??\c:\crh130d.exec:\crh130d.exe114⤵
-
\??\c:\8jx6k80.exec:\8jx6k80.exe115⤵
-
\??\c:\7b22l.exec:\7b22l.exe116⤵
-
\??\c:\er537.exec:\er537.exe117⤵
-
\??\c:\3948n.exec:\3948n.exe118⤵
-
\??\c:\uuqows.exec:\uuqows.exe119⤵
-
\??\c:\r7257.exec:\r7257.exe120⤵
-
\??\c:\26833w.exec:\26833w.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-