Analysis
-
max time kernel
159s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
17/11/2023, 02:42
General
-
Target
NEAS.5e5e800e02fe3485fc950171b65c7c90.exe
-
Size
92KB
-
MD5
5e5e800e02fe3485fc950171b65c7c90
-
SHA1
c69217ee83cdd847468135285e96936e337f8ac3
-
SHA256
3a935c340daf9811e262aa08114d74b920c3ce56da76ff32372ca499f3919f46
-
SHA512
46693e93c92d1e45e4f2b05714689b428058fb48048b9562fd46e4881129d95f35c0ad3d04ba9a2e053015bab93a1ad2c11bfc512713513888432fd8d329587a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIpm7:ymb3NkkiQ3mdBjFIk7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 44 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 62 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.5e5e800e02fe3485fc950171b65c7c90.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.5e5e800e02fe3485fc950171b65c7c90.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\8or190.exec:\8or190.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9s8qt.exec:\9s8qt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k0u9e.exec:\k0u9e.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\47u59f.exec:\47u59f.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\37i9ah1.exec:\37i9ah1.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ajgqu3m.exec:\ajgqu3m.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bkx5s.exec:\bkx5s.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ba5w7c.exec:\ba5w7c.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t3oig.exec:\t3oig.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\28dm3.exec:\28dm3.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\91w80h7.exec:\91w80h7.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fn1t.exec:\1fn1t.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2g68f8w.exec:\2g68f8w.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\41hqc.exec:\41hqc.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jw22677.exec:\jw22677.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\64wu4s.exec:\64wu4s.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\59bg0.exec:\59bg0.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0kug81.exec:\0kug81.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\187wkt.exec:\187wkt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\79mu392.exec:\79mu392.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s7num6.exec:\s7num6.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ilbu9.exec:\ilbu9.exe23⤵
- Executes dropped EXE
-
\??\c:\wr7347.exec:\wr7347.exe24⤵
- Executes dropped EXE
-
\??\c:\6kn47.exec:\6kn47.exe25⤵
- Executes dropped EXE
-
\??\c:\f15711.exec:\f15711.exe26⤵
- Executes dropped EXE
-
\??\c:\2pt71xv.exec:\2pt71xv.exe27⤵
- Executes dropped EXE
-
\??\c:\lo2sj.exec:\lo2sj.exe28⤵
- Executes dropped EXE
-
\??\c:\2j4749.exec:\2j4749.exe29⤵
- Executes dropped EXE
-
\??\c:\g3qbe.exec:\g3qbe.exe30⤵
- Executes dropped EXE
-
\??\c:\74q3c5.exec:\74q3c5.exe31⤵
- Executes dropped EXE
-
\??\c:\4xr464m.exec:\4xr464m.exe32⤵
- Executes dropped EXE
-
\??\c:\51026vp.exec:\51026vp.exe33⤵
- Executes dropped EXE
-
\??\c:\s5bk40q.exec:\s5bk40q.exe34⤵
- Executes dropped EXE
-
\??\c:\oo8h6.exec:\oo8h6.exe35⤵
- Executes dropped EXE
-
\??\c:\4nq60r.exec:\4nq60r.exe36⤵
- Executes dropped EXE
-
\??\c:\655m4.exec:\655m4.exe37⤵
- Executes dropped EXE
-
\??\c:\6ab8po.exec:\6ab8po.exe38⤵
- Executes dropped EXE
-
\??\c:\6hk4agd.exec:\6hk4agd.exe39⤵
- Executes dropped EXE
-
\??\c:\70ci1.exec:\70ci1.exe40⤵
- Executes dropped EXE
-
\??\c:\v5u819.exec:\v5u819.exe41⤵
- Executes dropped EXE
-
\??\c:\3k2353.exec:\3k2353.exe42⤵
- Executes dropped EXE
-
\??\c:\01k4wa2.exec:\01k4wa2.exe43⤵
- Executes dropped EXE
-
\??\c:\hcgv114.exec:\hcgv114.exe44⤵
- Executes dropped EXE
-
\??\c:\k3a077v.exec:\k3a077v.exe45⤵
- Executes dropped EXE
-
\??\c:\9sw5r72.exec:\9sw5r72.exe46⤵
- Executes dropped EXE
-
\??\c:\691c46.exec:\691c46.exe47⤵
- Executes dropped EXE
-
\??\c:\v9fv1b3.exec:\v9fv1b3.exe48⤵
- Executes dropped EXE
-
\??\c:\842kk.exec:\842kk.exe49⤵
- Executes dropped EXE
-
\??\c:\06816.exec:\06816.exe50⤵
- Executes dropped EXE
-
\??\c:\42fv94.exec:\42fv94.exe51⤵
- Executes dropped EXE
-
\??\c:\k47fo.exec:\k47fo.exe52⤵
- Executes dropped EXE
-
\??\c:\lu0n82.exec:\lu0n82.exe53⤵
- Executes dropped EXE
-
\??\c:\u1e631.exec:\u1e631.exe54⤵
- Executes dropped EXE
-
\??\c:\9eq64.exec:\9eq64.exe55⤵
- Executes dropped EXE
-
\??\c:\6toa1.exec:\6toa1.exe56⤵
- Executes dropped EXE
-
\??\c:\1fo08.exec:\1fo08.exe57⤵
- Executes dropped EXE
-
\??\c:\c8u59pm.exec:\c8u59pm.exe58⤵
- Executes dropped EXE
-
\??\c:\4rr7q1.exec:\4rr7q1.exe59⤵
- Executes dropped EXE
-
\??\c:\1k13a.exec:\1k13a.exe60⤵
- Executes dropped EXE
-
\??\c:\5m8j12.exec:\5m8j12.exe61⤵
- Executes dropped EXE
-
\??\c:\s2r1p87.exec:\s2r1p87.exe62⤵
- Executes dropped EXE
-
\??\c:\n6017s.exec:\n6017s.exe63⤵
- Executes dropped EXE
-
\??\c:\f9r80.exec:\f9r80.exe64⤵
- Executes dropped EXE
-
\??\c:\bhu2um.exec:\bhu2um.exe65⤵
- Executes dropped EXE
-
\??\c:\6n5d4o1.exec:\6n5d4o1.exe66⤵
-
\??\c:\ajrm3.exec:\ajrm3.exe67⤵
-
\??\c:\361qt.exec:\361qt.exe68⤵
-
\??\c:\rri32.exec:\rri32.exe69⤵
-
\??\c:\o6g7e8.exec:\o6g7e8.exe70⤵
-
\??\c:\3hjh5.exec:\3hjh5.exe71⤵
-
\??\c:\b8pomt9.exec:\b8pomt9.exe72⤵
-
\??\c:\i618k6.exec:\i618k6.exe73⤵
-
\??\c:\kqjsp7.exec:\kqjsp7.exe74⤵
-
\??\c:\t72l9.exec:\t72l9.exe75⤵
-
\??\c:\aj9021.exec:\aj9021.exe76⤵
-
\??\c:\b8r6w0.exec:\b8r6w0.exe77⤵
-
\??\c:\c9a6535.exec:\c9a6535.exe78⤵
-
\??\c:\02e1gw.exec:\02e1gw.exe79⤵
-
\??\c:\1b2f60g.exec:\1b2f60g.exe80⤵
-
\??\c:\8b67iof.exec:\8b67iof.exe81⤵
-
\??\c:\k4a7q14.exec:\k4a7q14.exe82⤵
-
\??\c:\i53k0.exec:\i53k0.exe83⤵
-
\??\c:\d0pr14.exec:\d0pr14.exe84⤵
-
\??\c:\a4m435.exec:\a4m435.exe85⤵
-
\??\c:\2e23x.exec:\2e23x.exe86⤵
-
\??\c:\272ugb.exec:\272ugb.exe87⤵
-
\??\c:\snt0654.exec:\snt0654.exe88⤵
-
\??\c:\8893c7.exec:\8893c7.exe89⤵
-
\??\c:\1ggvkk5.exec:\1ggvkk5.exe90⤵
-
\??\c:\4530w4q.exec:\4530w4q.exe91⤵
-
\??\c:\dsq30o.exec:\dsq30o.exe92⤵
-
\??\c:\399q7wq.exec:\399q7wq.exe93⤵
-
\??\c:\2qw2o0.exec:\2qw2o0.exe94⤵
-
\??\c:\lkevb6e.exec:\lkevb6e.exe95⤵
-
\??\c:\8ms3d35.exec:\8ms3d35.exe96⤵
-
\??\c:\0d13eq.exec:\0d13eq.exe97⤵
-
\??\c:\3r5n5.exec:\3r5n5.exe98⤵
-
\??\c:\mp343.exec:\mp343.exe99⤵
-
\??\c:\518arp.exec:\518arp.exe100⤵
-
\??\c:\qi19j.exec:\qi19j.exe101⤵
-
\??\c:\1d296.exec:\1d296.exe102⤵
-
\??\c:\183c99.exec:\183c99.exe103⤵
-
\??\c:\52hk8.exec:\52hk8.exe104⤵
-
\??\c:\737ea8.exec:\737ea8.exe105⤵
-
\??\c:\0717d.exec:\0717d.exe106⤵
-
\??\c:\6c1q9.exec:\6c1q9.exe107⤵
-
\??\c:\qw71p9.exec:\qw71p9.exe108⤵
-
\??\c:\r8965l7.exec:\r8965l7.exe109⤵
-
\??\c:\2v58xb.exec:\2v58xb.exe110⤵
-
\??\c:\2xknx.exec:\2xknx.exe111⤵
-
\??\c:\49eri.exec:\49eri.exe112⤵
-
\??\c:\07kuq48.exec:\07kuq48.exe113⤵
-
\??\c:\frx7s1.exec:\frx7s1.exe114⤵
-
\??\c:\847n4.exec:\847n4.exe115⤵
-
\??\c:\g8vskq.exec:\g8vskq.exe116⤵
-
\??\c:\p23033.exec:\p23033.exe117⤵
-
\??\c:\111l9ir.exec:\111l9ir.exe118⤵
-
\??\c:\25mme.exec:\25mme.exe119⤵
-
\??\c:\8q7a7.exec:\8q7a7.exe120⤵
-
\??\c:\d0gm2.exec:\d0gm2.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-