Analysis
-
max time kernel
151s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
16/11/2023, 23:56
General
-
Target
NEAS.b504299add452e1ce4c6b2a2cf569570.exe
-
Size
56KB
-
MD5
b504299add452e1ce4c6b2a2cf569570
-
SHA1
387ff46ef94cda266763ec70ea2442721c3f07d8
-
SHA256
a35b0efa9404a3e142bd15aeb445f65f2816bf4df8ed167b377b226040058ef2
-
SHA512
fb9a8073d15e90b84a05e31a791708139415a8d744aa24213a41efc9e216602bb5fa48012cc375db3d797c422cded3b546012db9812a29345f8a65b1f3a806d7
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIs5tUG:ymb3NkkiQ3mdBjFIs5tUG
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 45 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 56 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.b504299add452e1ce4c6b2a2cf569570.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.b504299add452e1ce4c6b2a2cf569570.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dv74b9.exec:\dv74b9.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d53qeu5.exec:\d53qeu5.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\sm7m9.exec:\sm7m9.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l63bh77.exec:\l63bh77.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3x694p.exec:\3x694p.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\065ebe.exec:\065ebe.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\441l9.exec:\441l9.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t2ic9.exec:\t2ic9.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\56e7f6.exec:\56e7f6.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s2hn4.exec:\s2hn4.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c9dvwe.exec:\c9dvwe.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v849t8.exec:\v849t8.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j6771eb.exec:\j6771eb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\63dhil8.exec:\63dhil8.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0wwcg.exec:\0wwcg.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t67mkku.exec:\t67mkku.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jaahw7.exec:\jaahw7.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2hhiape.exec:\2hhiape.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lmme5b.exec:\3lmme5b.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f1175c9.exec:\f1175c9.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\89p3w.exec:\89p3w.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p5i0a9k.exec:\p5i0a9k.exe23⤵
- Executes dropped EXE
-
\??\c:\6fp8s46.exec:\6fp8s46.exe24⤵
- Executes dropped EXE
-
\??\c:\gj1sv.exec:\gj1sv.exe25⤵
- Executes dropped EXE
-
\??\c:\4hhua.exec:\4hhua.exe26⤵
- Executes dropped EXE
-
\??\c:\sm52t34.exec:\sm52t34.exe27⤵
- Executes dropped EXE
-
\??\c:\r53ss.exec:\r53ss.exe28⤵
- Executes dropped EXE
-
\??\c:\83x8p2w.exec:\83x8p2w.exe29⤵
- Executes dropped EXE
-
\??\c:\761u75l.exec:\761u75l.exe30⤵
- Executes dropped EXE
-
\??\c:\as1n1l.exec:\as1n1l.exe31⤵
- Executes dropped EXE
-
\??\c:\nhwe1cg.exec:\nhwe1cg.exe32⤵
- Executes dropped EXE
-
\??\c:\4535t2.exec:\4535t2.exe33⤵
- Executes dropped EXE
-
\??\c:\131uk8c.exec:\131uk8c.exe34⤵
- Executes dropped EXE
-
\??\c:\cf9p9c.exec:\cf9p9c.exe35⤵
- Executes dropped EXE
-
\??\c:\27ag3.exec:\27ag3.exe36⤵
- Executes dropped EXE
-
\??\c:\dpk8ul.exec:\dpk8ul.exe37⤵
- Executes dropped EXE
-
\??\c:\gms93f.exec:\gms93f.exe38⤵
- Executes dropped EXE
-
\??\c:\h7sno.exec:\h7sno.exe39⤵
- Executes dropped EXE
-
\??\c:\3k2e72.exec:\3k2e72.exe40⤵
- Executes dropped EXE
-
\??\c:\o671r9.exec:\o671r9.exe41⤵
- Executes dropped EXE
-
\??\c:\734ra.exec:\734ra.exe42⤵
- Executes dropped EXE
-
\??\c:\bf573lx.exec:\bf573lx.exe43⤵
- Executes dropped EXE
-
\??\c:\4l7197i.exec:\4l7197i.exe44⤵
- Executes dropped EXE
-
\??\c:\0ib76.exec:\0ib76.exe45⤵
- Executes dropped EXE
-
\??\c:\70jmww3.exec:\70jmww3.exe46⤵
- Executes dropped EXE
-
\??\c:\g2f7i.exec:\g2f7i.exe47⤵
- Executes dropped EXE
-
\??\c:\xcxmb.exec:\xcxmb.exe48⤵
- Executes dropped EXE
-
\??\c:\n92bb.exec:\n92bb.exe49⤵
- Executes dropped EXE
-
\??\c:\9952i.exec:\9952i.exe50⤵
- Executes dropped EXE
-
\??\c:\371m0.exec:\371m0.exe51⤵
- Executes dropped EXE
-
\??\c:\8064598.exec:\8064598.exe52⤵
- Executes dropped EXE
-
\??\c:\lfl7qc9.exec:\lfl7qc9.exe53⤵
- Executes dropped EXE
-
\??\c:\7n726q.exec:\7n726q.exe54⤵
- Executes dropped EXE
-
\??\c:\2w2n9.exec:\2w2n9.exe55⤵
- Executes dropped EXE
-
\??\c:\qbqo526.exec:\qbqo526.exe56⤵
- Executes dropped EXE
-
\??\c:\27wk43.exec:\27wk43.exe57⤵
- Executes dropped EXE
-
\??\c:\66iet7u.exec:\66iet7u.exe58⤵
- Executes dropped EXE
-
\??\c:\5rg39.exec:\5rg39.exe59⤵
- Executes dropped EXE
-
\??\c:\1oo1if1.exec:\1oo1if1.exe60⤵
- Executes dropped EXE
-
\??\c:\lp5h30v.exec:\lp5h30v.exe61⤵
- Executes dropped EXE
-
\??\c:\471ae.exec:\471ae.exe62⤵
- Executes dropped EXE
-
\??\c:\626x9.exec:\626x9.exe63⤵
- Executes dropped EXE
-
\??\c:\45lcpku.exec:\45lcpku.exe64⤵
- Executes dropped EXE
-
\??\c:\7d575.exec:\7d575.exe65⤵
- Executes dropped EXE
-
\??\c:\fv39n3.exec:\fv39n3.exe66⤵
-
\??\c:\smgn96.exec:\smgn96.exe67⤵
-
\??\c:\ir51a9k.exec:\ir51a9k.exe68⤵
-
\??\c:\11frd3.exec:\11frd3.exe69⤵
-
\??\c:\ulm5at.exec:\ulm5at.exe70⤵
-
\??\c:\h6xa5sk.exec:\h6xa5sk.exe71⤵
-
\??\c:\j03xdv.exec:\j03xdv.exe72⤵
-
\??\c:\1o79f.exec:\1o79f.exe73⤵
-
\??\c:\st5947.exec:\st5947.exe74⤵
-
\??\c:\9rh58.exec:\9rh58.exe75⤵
-
\??\c:\8e8o3.exec:\8e8o3.exe76⤵
-
\??\c:\xmq8x.exec:\xmq8x.exe77⤵
-
\??\c:\v55w3i.exec:\v55w3i.exe78⤵
-
\??\c:\0wuxjw.exec:\0wuxjw.exe79⤵
-
\??\c:\krxje4.exec:\krxje4.exe80⤵
-
\??\c:\9g74w9.exec:\9g74w9.exe81⤵
-
\??\c:\nx12x.exec:\nx12x.exe82⤵
-
\??\c:\6nt1ss7.exec:\6nt1ss7.exe83⤵
-
\??\c:\3a8d9u.exec:\3a8d9u.exe84⤵
-
\??\c:\7at0i3.exec:\7at0i3.exe85⤵
-
\??\c:\i2lx6m.exec:\i2lx6m.exe86⤵
-
\??\c:\a2i5vdk.exec:\a2i5vdk.exe87⤵
-
\??\c:\0o141aj.exec:\0o141aj.exe88⤵
-
\??\c:\d5h67n.exec:\d5h67n.exe89⤵
-
\??\c:\x7a19.exec:\x7a19.exe90⤵
-
\??\c:\71x59.exec:\71x59.exe91⤵
-
\??\c:\whxs00l.exec:\whxs00l.exe92⤵
-
\??\c:\7mm7n.exec:\7mm7n.exe93⤵
-
\??\c:\e10719.exec:\e10719.exe94⤵
-
\??\c:\95en5.exec:\95en5.exe95⤵
-
\??\c:\93u29.exec:\93u29.exe96⤵
-
\??\c:\016r3.exec:\016r3.exe97⤵
-
\??\c:\9m30a2.exec:\9m30a2.exe98⤵
-
\??\c:\269orc.exec:\269orc.exe99⤵
-
\??\c:\t05q2.exec:\t05q2.exe100⤵
-
\??\c:\p1289w.exec:\p1289w.exe101⤵
-
\??\c:\t921f18.exec:\t921f18.exe102⤵
-
\??\c:\976il33.exec:\976il33.exe103⤵
-
\??\c:\r1x2j51.exec:\r1x2j51.exe104⤵
-
\??\c:\n9xd74.exec:\n9xd74.exe105⤵
-
\??\c:\394r7.exec:\394r7.exe106⤵
-
\??\c:\im3j9.exec:\im3j9.exe107⤵
-
\??\c:\aix7gd.exec:\aix7gd.exe108⤵
-
\??\c:\a99ikdb.exec:\a99ikdb.exe109⤵
-
\??\c:\l0ux72.exec:\l0ux72.exe110⤵
-
\??\c:\j65alaq.exec:\j65alaq.exe111⤵
-
\??\c:\691ogdn.exec:\691ogdn.exe112⤵
-
\??\c:\6r1c4q.exec:\6r1c4q.exe113⤵
-
\??\c:\53nv2r2.exec:\53nv2r2.exe114⤵
-
\??\c:\q99af77.exec:\q99af77.exe115⤵
-
\??\c:\5awcd.exec:\5awcd.exe116⤵
-
\??\c:\egj5h.exec:\egj5h.exe117⤵
-
\??\c:\lm75sj.exec:\lm75sj.exe118⤵
-
\??\c:\p5950.exec:\p5950.exe119⤵
-
\??\c:\l8b3m7q.exec:\l8b3m7q.exe120⤵
-
\??\c:\n72s94.exec:\n72s94.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-