Analysis
-
max time kernel
153s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
17/11/2023, 23:00
General
-
Target
NEAS.a6eb6d1e44685f0d10a00b340cae3a70.exe
-
Size
70KB
-
MD5
a6eb6d1e44685f0d10a00b340cae3a70
-
SHA1
c07481b229ede13dec488e287f9cc7e4a6f6257c
-
SHA256
5e2a71193d575663735ac164d3f405a0a126ddb6bfffed37e8fe6e25edf56843
-
SHA512
f52bcd0a2e18bae2d0450e16e38a3b86fd3f1b0fecc0e1d5f5cc44b6372d2bccfcc35406f1a55b19ff8c41b09aab5524ce75bfb7caa502254d415748ce587b30
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1gxIx/3:ymb3NkkiQ3mdBjFoLkmE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 47 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 58 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.a6eb6d1e44685f0d10a00b340cae3a70.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.a6eb6d1e44685f0d10a00b340cae3a70.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\swb8u.exec:\swb8u.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v2ni2h.exec:\v2ni2h.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\090j3mb.exec:\090j3mb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\57kw2q.exec:\57kw2q.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\62cv9.exec:\62cv9.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jthcg.exec:\1jthcg.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l7c3422.exec:\l7c3422.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mwq1cx.exec:\mwq1cx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\014642.exec:\014642.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9i481ps.exec:\9i481ps.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5r5k52.exec:\5r5k52.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t4e1a.exec:\t4e1a.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dv32u.exec:\3dv32u.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u2fo6.exec:\u2fo6.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l3ad625.exec:\l3ad625.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1v1gev2.exec:\1v1gev2.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vosq7.exec:\7vosq7.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8cr1jv.exec:\8cr1jv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\58vj1.exec:\58vj1.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\504nbco.exec:\504nbco.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1r1n5f.exec:\1r1n5f.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2075g2.exec:\2075g2.exe23⤵
- Executes dropped EXE
-
\??\c:\4jp9m3.exec:\4jp9m3.exe24⤵
- Executes dropped EXE
-
\??\c:\ter59.exec:\ter59.exe25⤵
- Executes dropped EXE
-
\??\c:\rur9273.exec:\rur9273.exe26⤵
- Executes dropped EXE
-
\??\c:\2m3113.exec:\2m3113.exe27⤵
- Executes dropped EXE
-
\??\c:\wc91c.exec:\wc91c.exe28⤵
- Executes dropped EXE
-
\??\c:\f8ew8c.exec:\f8ew8c.exe29⤵
- Executes dropped EXE
-
\??\c:\00u3ad.exec:\00u3ad.exe30⤵
- Executes dropped EXE
-
\??\c:\8499l.exec:\8499l.exe31⤵
- Executes dropped EXE
-
\??\c:\t1s3e.exec:\t1s3e.exe32⤵
- Executes dropped EXE
-
\??\c:\ihbla2.exec:\ihbla2.exe33⤵
- Executes dropped EXE
-
\??\c:\t7i75u.exec:\t7i75u.exe34⤵
- Executes dropped EXE
-
\??\c:\qrmk7.exec:\qrmk7.exe35⤵
- Executes dropped EXE
-
\??\c:\4qn7m.exec:\4qn7m.exe36⤵
- Executes dropped EXE
-
\??\c:\g25wk8.exec:\g25wk8.exe37⤵
- Executes dropped EXE
-
\??\c:\4923v0d.exec:\4923v0d.exe38⤵
- Executes dropped EXE
-
\??\c:\jw3l9v.exec:\jw3l9v.exe39⤵
- Executes dropped EXE
-
\??\c:\nx1li9.exec:\nx1li9.exe40⤵
- Executes dropped EXE
-
\??\c:\848c9q.exec:\848c9q.exe41⤵
- Executes dropped EXE
-
\??\c:\u7u0g7w.exec:\u7u0g7w.exe42⤵
- Executes dropped EXE
-
\??\c:\410393.exec:\410393.exe43⤵
- Executes dropped EXE
-
\??\c:\2el6a16.exec:\2el6a16.exe44⤵
- Executes dropped EXE
-
\??\c:\55bgk7h.exec:\55bgk7h.exe45⤵
- Executes dropped EXE
-
\??\c:\mp2q9ke.exec:\mp2q9ke.exe46⤵
- Executes dropped EXE
-
\??\c:\m176l3.exec:\m176l3.exe47⤵
- Executes dropped EXE
-
\??\c:\hvec3.exec:\hvec3.exe48⤵
- Executes dropped EXE
-
\??\c:\n853799.exec:\n853799.exe49⤵
- Executes dropped EXE
-
\??\c:\7p05pd8.exec:\7p05pd8.exe50⤵
- Executes dropped EXE
-
\??\c:\h7385a4.exec:\h7385a4.exe51⤵
- Executes dropped EXE
-
\??\c:\rf45mp5.exec:\rf45mp5.exe52⤵
- Executes dropped EXE
-
\??\c:\8h1oi.exec:\8h1oi.exe53⤵
- Executes dropped EXE
-
\??\c:\dgs7n6.exec:\dgs7n6.exe54⤵
- Executes dropped EXE
-
\??\c:\cju06d.exec:\cju06d.exe55⤵
- Executes dropped EXE
-
\??\c:\00sv3.exec:\00sv3.exe56⤵
- Executes dropped EXE
-
\??\c:\29b22.exec:\29b22.exe57⤵
- Executes dropped EXE
-
\??\c:\139m1e.exec:\139m1e.exe58⤵
- Executes dropped EXE
-
\??\c:\6nwfvs.exec:\6nwfvs.exe59⤵
- Executes dropped EXE
-
\??\c:\43g3b.exec:\43g3b.exe60⤵
- Executes dropped EXE
-
\??\c:\kxc8j3w.exec:\kxc8j3w.exe61⤵
- Executes dropped EXE
-
\??\c:\nfxa3.exec:\nfxa3.exe62⤵
-
\??\c:\8lm1n1.exec:\8lm1n1.exe63⤵
- Executes dropped EXE
-
\??\c:\wnbxsf.exec:\wnbxsf.exe64⤵
- Executes dropped EXE
-
\??\c:\390r9p9.exec:\390r9p9.exe65⤵
- Executes dropped EXE
-
\??\c:\dd39b.exec:\dd39b.exe66⤵
- Executes dropped EXE
-
\??\c:\3l7m7k2.exec:\3l7m7k2.exe67⤵
-
\??\c:\jle1x6.exec:\jle1x6.exe68⤵
-
\??\c:\7d7qe.exec:\7d7qe.exe69⤵
-
\??\c:\7o123.exec:\7o123.exe70⤵
-
\??\c:\b5v89ko.exec:\b5v89ko.exe71⤵
-
\??\c:\1wcjk1.exec:\1wcjk1.exe72⤵
-
\??\c:\x71if.exec:\x71if.exe73⤵
-
\??\c:\0ir5196.exec:\0ir5196.exe74⤵
-
\??\c:\x9s00.exec:\x9s00.exe75⤵
-
\??\c:\n769i7.exec:\n769i7.exe76⤵
-
\??\c:\221ds1s.exec:\221ds1s.exe77⤵
-
\??\c:\19b50.exec:\19b50.exe78⤵
-
\??\c:\oa2bh.exec:\oa2bh.exe79⤵
-
\??\c:\sw9375a.exec:\sw9375a.exe80⤵
-
\??\c:\n451mpc.exec:\n451mpc.exe81⤵
-
\??\c:\4kt3a7.exec:\4kt3a7.exe82⤵
-
\??\c:\8189s3.exec:\8189s3.exe83⤵
-
\??\c:\xgdg3h.exec:\xgdg3h.exe84⤵
-
\??\c:\88f93.exec:\88f93.exe85⤵
-
\??\c:\5pm5b9x.exec:\5pm5b9x.exe86⤵
-
\??\c:\928sj.exec:\928sj.exe87⤵
-
\??\c:\2jdw4d.exec:\2jdw4d.exe88⤵
-
\??\c:\3vnxg7.exec:\3vnxg7.exe89⤵
-
\??\c:\92l6179.exec:\92l6179.exe90⤵
-
\??\c:\io2898h.exec:\io2898h.exe91⤵
-
\??\c:\lx6h5vq.exec:\lx6h5vq.exe92⤵
-
\??\c:\w0977n.exec:\w0977n.exe93⤵
-
\??\c:\m10ils.exec:\m10ils.exe94⤵
-
\??\c:\03rug.exec:\03rug.exe95⤵
-
\??\c:\64ut42n.exec:\64ut42n.exe96⤵
-
\??\c:\8b9co.exec:\8b9co.exe97⤵
-
\??\c:\02848.exec:\02848.exe98⤵
-
\??\c:\vna1t.exec:\vna1t.exe99⤵
-
\??\c:\w6oxh.exec:\w6oxh.exe100⤵
-
\??\c:\i97i9a7.exec:\i97i9a7.exe101⤵
-
\??\c:\f77d1.exec:\f77d1.exe102⤵
-
\??\c:\27o50.exec:\27o50.exe103⤵
-
\??\c:\ppxp8q.exec:\ppxp8q.exe104⤵
-
\??\c:\09se8.exec:\09se8.exe105⤵
-
\??\c:\wq0s475.exec:\wq0s475.exe106⤵
-
\??\c:\3bc21x.exec:\3bc21x.exe107⤵
-
\??\c:\n5gl1.exec:\n5gl1.exe108⤵
-
\??\c:\i71e28.exec:\i71e28.exe109⤵
-
\??\c:\8t53f.exec:\8t53f.exe110⤵
-
\??\c:\0lo6l.exec:\0lo6l.exe111⤵
-
\??\c:\m9243i.exec:\m9243i.exe112⤵
-
\??\c:\3v5r8a.exec:\3v5r8a.exe113⤵
-
\??\c:\oj289.exec:\oj289.exe114⤵
-
\??\c:\05q14.exec:\05q14.exe115⤵
-
\??\c:\0x1d5w.exec:\0x1d5w.exe116⤵
-
\??\c:\l1s9b1.exec:\l1s9b1.exe117⤵
-
\??\c:\67971.exec:\67971.exe118⤵
-
\??\c:\37527.exec:\37527.exe119⤵
-
\??\c:\57ija.exec:\57ija.exe120⤵
-
\??\c:\8f3879.exec:\8f3879.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-