Analysis
-
max time kernel
107s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
17-11-2023 21:37
General
-
Target
NEAS.4167df7c1ff6f9926cf69bb3271f45d0.exe
-
Size
130KB
-
MD5
4167df7c1ff6f9926cf69bb3271f45d0
-
SHA1
1d81961b5110e72db98abdc525dca6475c050cc9
-
SHA256
eb7dea5e8da3df04b4187eb747422181f32d7dc3781174770ab3df4f91911718
-
SHA512
25de0011b72a2b289b6d48a9c1841de7371be9c1e5ccb17d6e00107a78f197aa8fd7878f51e273352dd347e33538c296835f283d1d520ca055068c9257743b30
-
SSDEEP
3072:9hOmTsF93UYfwC6GIoutz5yLQS7ByFqAxTOo5+GUmz:9cm4FmowdHoSdSyEAxyyz
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.4167df7c1ff6f9926cf69bb3271f45d0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.4167df7c1ff6f9926cf69bb3271f45d0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\r779m4.exec:\r779m4.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5l196.exec:\5l196.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nw2q3.exec:\nw2q3.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d63di.exec:\d63di.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\uigx576.exec:\uigx576.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j7mvs.exec:\j7mvs.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\79hkw5k.exec:\79hkw5k.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\txa8mvq.exec:\txa8mvq.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rjsni9f.exec:\rjsni9f.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2unx3ts.exec:\2unx3ts.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h5e250v.exec:\h5e250v.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j7ke2.exec:\j7ke2.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d17r94.exec:\d17r94.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mpbj5nd.exec:\mpbj5nd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9579t38.exec:\9579t38.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3an96.exec:\3an96.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jmakolv.exec:\jmakolv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b2f9q3g.exec:\b2f9q3g.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ibb6eq.exec:\ibb6eq.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\oml76.exec:\oml76.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8cm964.exec:\8cm964.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jfg3q.exec:\3jfg3q.exe23⤵
- Executes dropped EXE
-
\??\c:\cvp14.exec:\cvp14.exe24⤵
- Executes dropped EXE
-
\??\c:\1cv9j.exec:\1cv9j.exe25⤵
- Executes dropped EXE
-
\??\c:\wune6.exec:\wune6.exe26⤵
- Executes dropped EXE
-
\??\c:\3duc3h4.exec:\3duc3h4.exe27⤵
- Executes dropped EXE
-
\??\c:\mj5ag6.exec:\mj5ag6.exe28⤵
- Executes dropped EXE
-
\??\c:\h5di81n.exec:\h5di81n.exe29⤵
- Executes dropped EXE
-
\??\c:\5pww6oi.exec:\5pww6oi.exe30⤵
- Executes dropped EXE
-
\??\c:\0b11a.exec:\0b11a.exe31⤵
- Executes dropped EXE
-
\??\c:\x3r9e.exec:\x3r9e.exe32⤵
- Executes dropped EXE
-
\??\c:\6tk53l.exec:\6tk53l.exe33⤵
- Executes dropped EXE
-
\??\c:\fse558.exec:\fse558.exe34⤵
- Executes dropped EXE
-
\??\c:\m0h5frr.exec:\m0h5frr.exe35⤵
- Executes dropped EXE
-
\??\c:\2fi65.exec:\2fi65.exe36⤵
- Executes dropped EXE
-
\??\c:\j81gm3.exec:\j81gm3.exe37⤵
- Executes dropped EXE
-
\??\c:\0se5n.exec:\0se5n.exe38⤵
- Executes dropped EXE
-
\??\c:\louma.exec:\louma.exe39⤵
- Executes dropped EXE
-
\??\c:\wu1ic.exec:\wu1ic.exe40⤵
- Executes dropped EXE
-
\??\c:\ha92s.exec:\ha92s.exe41⤵
- Executes dropped EXE
-
\??\c:\9q3929.exec:\9q3929.exe42⤵
- Executes dropped EXE
-
\??\c:\x9a1o6.exec:\x9a1o6.exe43⤵
- Executes dropped EXE
-
\??\c:\4mka9vn.exec:\4mka9vn.exe44⤵
- Executes dropped EXE
-
\??\c:\lxi771.exec:\lxi771.exe45⤵
- Executes dropped EXE
-
\??\c:\ecs2k3.exec:\ecs2k3.exe46⤵
- Executes dropped EXE
-
\??\c:\95r5p7i.exec:\95r5p7i.exe47⤵
- Executes dropped EXE
-
\??\c:\oumq17.exec:\oumq17.exe48⤵
- Executes dropped EXE
-
\??\c:\cc1a31.exec:\cc1a31.exe49⤵
- Executes dropped EXE
-
\??\c:\8mg52.exec:\8mg52.exe50⤵
- Executes dropped EXE
-
\??\c:\mqeo44m.exec:\mqeo44m.exe51⤵
- Executes dropped EXE
-
\??\c:\8qpw9.exec:\8qpw9.exe52⤵
- Executes dropped EXE
-
\??\c:\agk1v8.exec:\agk1v8.exe53⤵
- Executes dropped EXE
-
\??\c:\wjcdv.exec:\wjcdv.exe54⤵
- Executes dropped EXE
-
\??\c:\8rb6pf9.exec:\8rb6pf9.exe55⤵
- Executes dropped EXE
-
\??\c:\on87x.exec:\on87x.exe56⤵
- Executes dropped EXE
-
\??\c:\023is.exec:\023is.exe57⤵
- Executes dropped EXE
-
\??\c:\1qn3582.exec:\1qn3582.exe58⤵
- Executes dropped EXE
-
\??\c:\750ro.exec:\750ro.exe59⤵
- Executes dropped EXE
-
\??\c:\5u1g3kq.exec:\5u1g3kq.exe60⤵
- Executes dropped EXE
-
\??\c:\9g8bg.exec:\9g8bg.exe61⤵
- Executes dropped EXE
-
\??\c:\30b93k3.exec:\30b93k3.exe62⤵
- Executes dropped EXE
-
\??\c:\v183p00.exec:\v183p00.exe63⤵
- Executes dropped EXE
-
\??\c:\asc2e.exec:\asc2e.exe64⤵
- Executes dropped EXE
-
\??\c:\hw4r9.exec:\hw4r9.exe65⤵
- Executes dropped EXE
-
\??\c:\iru7g.exec:\iru7g.exe66⤵
-
\??\c:\58t38f5.exec:\58t38f5.exe67⤵
-
\??\c:\i8io7.exec:\i8io7.exe68⤵
-
\??\c:\0hh7f10.exec:\0hh7f10.exe69⤵
-
\??\c:\34m3e9.exec:\34m3e9.exe70⤵
-
\??\c:\15sgku.exec:\15sgku.exe71⤵
-
\??\c:\22o5g5.exec:\22o5g5.exe72⤵
-
\??\c:\bcme57.exec:\bcme57.exe73⤵
-
\??\c:\020num.exec:\020num.exe74⤵
-
\??\c:\j2d8770.exec:\j2d8770.exe75⤵
-
\??\c:\e5c5db.exec:\e5c5db.exe76⤵
-
\??\c:\3ehcu.exec:\3ehcu.exe77⤵
-
\??\c:\51t16.exec:\51t16.exe78⤵
-
\??\c:\fi9vb.exec:\fi9vb.exe79⤵
-
\??\c:\qbic1kw.exec:\qbic1kw.exe80⤵
-
\??\c:\n21ul5p.exec:\n21ul5p.exe81⤵
-
\??\c:\04tw3hq.exec:\04tw3hq.exe82⤵
-
\??\c:\d09t8.exec:\d09t8.exe83⤵
-
\??\c:\a655q.exec:\a655q.exe84⤵
-
\??\c:\l9v7b.exec:\l9v7b.exe85⤵
-
\??\c:\m1uig5.exec:\m1uig5.exe86⤵
-
\??\c:\ul17oia.exec:\ul17oia.exe87⤵
-
\??\c:\venb75i.exec:\venb75i.exe88⤵
-
\??\c:\g55970.exec:\g55970.exe89⤵
-
\??\c:\4ue59h.exec:\4ue59h.exe90⤵
-
\??\c:\5dp9a3q.exec:\5dp9a3q.exe91⤵
-
\??\c:\k58u16.exec:\k58u16.exe92⤵
-
\??\c:\saj3ofu.exec:\saj3ofu.exe93⤵
-
\??\c:\9nb9i.exec:\9nb9i.exe94⤵
-
\??\c:\mt9btix.exec:\mt9btix.exe95⤵
-
\??\c:\9f9g8g3.exec:\9f9g8g3.exe96⤵
-
\??\c:\78vnht1.exec:\78vnht1.exe97⤵
-
\??\c:\73pp6b.exec:\73pp6b.exe98⤵
-
\??\c:\l12nqk.exec:\l12nqk.exe99⤵
-
\??\c:\1w75xr.exec:\1w75xr.exe100⤵
-
\??\c:\txfrpkr.exec:\txfrpkr.exe101⤵
-
\??\c:\h5amke4.exec:\h5amke4.exe102⤵
-
\??\c:\li15ap.exec:\li15ap.exe103⤵
-
\??\c:\v537paw.exec:\v537paw.exe104⤵
-
\??\c:\xvij5b1.exec:\xvij5b1.exe105⤵
-
\??\c:\85q4i.exec:\85q4i.exe106⤵
-
\??\c:\8q6q9c.exec:\8q6q9c.exe107⤵
-
\??\c:\e0e7iro.exec:\e0e7iro.exe108⤵
-
\??\c:\liuga.exec:\liuga.exe109⤵
-
\??\c:\x38ht.exec:\x38ht.exe110⤵
-
\??\c:\9tn3qbx.exec:\9tn3qbx.exe111⤵
-
\??\c:\51l15.exec:\51l15.exe112⤵
-
\??\c:\nx6id.exec:\nx6id.exe113⤵
-
\??\c:\2p9g7lt.exec:\2p9g7lt.exe114⤵
-
\??\c:\era81d.exec:\era81d.exe115⤵
-
\??\c:\p5ai8ni.exec:\p5ai8ni.exe116⤵
-
\??\c:\81l6499.exec:\81l6499.exe117⤵
-
\??\c:\e9l1me.exec:\e9l1me.exe118⤵
-
\??\c:\q1t0o8.exec:\q1t0o8.exe119⤵
-
\??\c:\shbn1.exec:\shbn1.exe120⤵
-
\??\c:\1r7orf.exec:\1r7orf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-