Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
18/11/2023, 00:23
General
-
Target
NEAS.7823444380cad68ac97f0c442ed65830.exe
-
Size
70KB
-
MD5
7823444380cad68ac97f0c442ed65830
-
SHA1
5af8e0998a04e5f92ba885a4444128fda0ca5060
-
SHA256
3c3235da0d2ab99034d73821a73dbcf775f67a0bc0c72572e821eaecb9cc94e5
-
SHA512
e1bdc55a47cae8ef1cab2502c984db8bfa73d3de233dbbda33ec96afcf55a458c1355681f963fd456d640e2b8227770385e22a6d72e20a337d68000d6e3761ac
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP4GY++t:ymb3NkkiQ3mdBjFIj+qJY+O
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 43 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 57 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.7823444380cad68ac97f0c442ed65830.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.7823444380cad68ac97f0c442ed65830.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\80w128a.exec:\80w128a.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jt31v1.exec:\jt31v1.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m90682.exec:\m90682.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ivm54.exec:\3ivm54.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v9pod6x.exec:\v9pod6x.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m1244q.exec:\m1244q.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c2d0i.exec:\c2d0i.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4nbni.exec:\4nbni.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\44646.exec:\44646.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bxadpl.exec:\5bxadpl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dqe95.exec:\dqe95.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w5t99r.exec:\w5t99r.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6149j5c.exec:\6149j5c.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2733t5.exec:\2733t5.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3gk8shm.exec:\3gk8shm.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\an857.exec:\an857.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22gqc1x.exec:\22gqc1x.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c928r.exec:\c928r.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1q343h.exec:\1q343h.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\325v7.exec:\325v7.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\45l995.exec:\45l995.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\08420.exec:\08420.exe23⤵
- Executes dropped EXE
-
\??\c:\w54g9eh.exec:\w54g9eh.exe24⤵
- Executes dropped EXE
-
\??\c:\u2k38r.exec:\u2k38r.exe25⤵
- Executes dropped EXE
-
\??\c:\653v4.exec:\653v4.exe26⤵
- Executes dropped EXE
-
\??\c:\04454f.exec:\04454f.exe27⤵
- Executes dropped EXE
-
\??\c:\7f4iii.exec:\7f4iii.exe28⤵
- Executes dropped EXE
-
\??\c:\xtg5x.exec:\xtg5x.exe29⤵
- Executes dropped EXE
-
\??\c:\f0wu39.exec:\f0wu39.exe30⤵
- Executes dropped EXE
-
\??\c:\vbeom.exec:\vbeom.exe31⤵
- Executes dropped EXE
-
\??\c:\406hg21.exec:\406hg21.exe32⤵
- Executes dropped EXE
-
\??\c:\9149q.exec:\9149q.exe33⤵
- Executes dropped EXE
-
\??\c:\d03s8h.exec:\d03s8h.exe34⤵
- Executes dropped EXE
-
\??\c:\380mh3.exec:\380mh3.exe35⤵
- Executes dropped EXE
-
\??\c:\99q2m3.exec:\99q2m3.exe36⤵
- Executes dropped EXE
-
\??\c:\271ghs.exec:\271ghs.exe37⤵
- Executes dropped EXE
-
\??\c:\457f42.exec:\457f42.exe38⤵
- Executes dropped EXE
-
\??\c:\fl018s.exec:\fl018s.exe39⤵
- Executes dropped EXE
-
\??\c:\921880.exec:\921880.exe40⤵
- Executes dropped EXE
-
\??\c:\gug6cv.exec:\gug6cv.exe41⤵
- Executes dropped EXE
-
\??\c:\042g6n.exec:\042g6n.exe42⤵
- Executes dropped EXE
-
\??\c:\ga2223s.exec:\ga2223s.exe43⤵
- Executes dropped EXE
-
\??\c:\74jl43n.exec:\74jl43n.exe44⤵
- Executes dropped EXE
-
\??\c:\lg87d.exec:\lg87d.exe45⤵
- Executes dropped EXE
-
\??\c:\ru9kwum.exec:\ru9kwum.exe46⤵
- Executes dropped EXE
-
\??\c:\rawcm.exec:\rawcm.exe47⤵
- Executes dropped EXE
-
\??\c:\s5u7e9.exec:\s5u7e9.exe48⤵
- Executes dropped EXE
-
\??\c:\w74ds2.exec:\w74ds2.exe49⤵
- Executes dropped EXE
-
\??\c:\0n4084.exec:\0n4084.exe50⤵
- Executes dropped EXE
-
\??\c:\5ij2u1a.exec:\5ij2u1a.exe51⤵
- Executes dropped EXE
-
\??\c:\4427r.exec:\4427r.exe52⤵
- Executes dropped EXE
-
\??\c:\56c5q4.exec:\56c5q4.exe53⤵
- Executes dropped EXE
-
\??\c:\4480840.exec:\4480840.exe54⤵
- Executes dropped EXE
-
\??\c:\wh2220.exec:\wh2220.exe55⤵
- Executes dropped EXE
-
\??\c:\g8bq9u0.exec:\g8bq9u0.exe56⤵
- Executes dropped EXE
-
\??\c:\c35h6.exec:\c35h6.exe57⤵
- Executes dropped EXE
-
\??\c:\n4wo4.exec:\n4wo4.exe58⤵
- Executes dropped EXE
-
\??\c:\90n463i.exec:\90n463i.exe59⤵
- Executes dropped EXE
-
\??\c:\39xhcp.exec:\39xhcp.exe60⤵
- Executes dropped EXE
-
\??\c:\26n2g.exec:\26n2g.exe61⤵
- Executes dropped EXE
-
\??\c:\s5kiv.exec:\s5kiv.exe62⤵
- Executes dropped EXE
-
\??\c:\18xc1.exec:\18xc1.exe63⤵
- Executes dropped EXE
-
\??\c:\8jx9t5.exec:\8jx9t5.exe64⤵
- Executes dropped EXE
-
\??\c:\08cfsia.exec:\08cfsia.exe65⤵
- Executes dropped EXE
-
\??\c:\92gmqi.exec:\92gmqi.exe66⤵
-
\??\c:\633gj3.exec:\633gj3.exe67⤵
-
\??\c:\777ee.exec:\777ee.exe68⤵
-
\??\c:\c1nf65.exec:\c1nf65.exe69⤵
-
\??\c:\gr7211i.exec:\gr7211i.exe70⤵
-
\??\c:\w1g93.exec:\w1g93.exe71⤵
-
\??\c:\6an0c.exec:\6an0c.exe72⤵
-
\??\c:\tm4se7.exec:\tm4se7.exe73⤵
-
\??\c:\3e5j2.exec:\3e5j2.exe74⤵
-
\??\c:\m102cu.exec:\m102cu.exe75⤵
-
\??\c:\kde7r.exec:\kde7r.exe76⤵
-
\??\c:\mq1swx.exec:\mq1swx.exe77⤵
-
\??\c:\12p34f3.exec:\12p34f3.exe78⤵
-
\??\c:\p27044f.exec:\p27044f.exe79⤵
-
\??\c:\4408822.exec:\4408822.exe80⤵
-
\??\c:\u93mwra.exec:\u93mwra.exe81⤵
-
\??\c:\lv00o.exec:\lv00o.exe82⤵
-
\??\c:\oi9o34m.exec:\oi9o34m.exe83⤵
-
\??\c:\52el3.exec:\52el3.exe84⤵
-
\??\c:\ca977.exec:\ca977.exe85⤵
-
\??\c:\71i18wx.exec:\71i18wx.exe86⤵
-
\??\c:\10osh0.exec:\10osh0.exe87⤵
-
\??\c:\i27k2.exec:\i27k2.exe88⤵
-
\??\c:\2drn6n.exec:\2drn6n.exe89⤵
-
\??\c:\ml796.exec:\ml796.exe90⤵
-
\??\c:\h3bd0.exec:\h3bd0.exe91⤵
-
\??\c:\mu94i.exec:\mu94i.exe92⤵
-
\??\c:\ck778e4.exec:\ck778e4.exe93⤵
-
\??\c:\v51004.exec:\v51004.exe94⤵
-
\??\c:\4qpn8.exec:\4qpn8.exe95⤵
-
\??\c:\bx68f.exec:\bx68f.exe96⤵
-
\??\c:\t5x18.exec:\t5x18.exe97⤵
-
\??\c:\e4sql10.exec:\e4sql10.exe98⤵
-
\??\c:\3g37xib.exec:\3g37xib.exe99⤵
-
\??\c:\fm1w3.exec:\fm1w3.exe100⤵
-
\??\c:\4i99fi.exec:\4i99fi.exe101⤵
-
\??\c:\45x97.exec:\45x97.exe102⤵
-
\??\c:\2igaq8.exec:\2igaq8.exe103⤵
-
\??\c:\6i6t32.exec:\6i6t32.exe104⤵
-
\??\c:\3s3u7n.exec:\3s3u7n.exe105⤵
-
\??\c:\8e1ah.exec:\8e1ah.exe106⤵
-
\??\c:\44t5l.exec:\44t5l.exe107⤵
-
\??\c:\5vmk8.exec:\5vmk8.exe108⤵
-
\??\c:\r0g91m8.exec:\r0g91m8.exe109⤵
-
\??\c:\koocqm.exec:\koocqm.exe110⤵
-
\??\c:\h81ojf.exec:\h81ojf.exe111⤵
-
\??\c:\620424.exec:\620424.exe112⤵
-
\??\c:\3771o.exec:\3771o.exe113⤵
-
\??\c:\uu7575m.exec:\uu7575m.exe114⤵
-
\??\c:\n65g5h.exec:\n65g5h.exe115⤵
-
\??\c:\l039bq.exec:\l039bq.exe116⤵
-
\??\c:\d832ouq.exec:\d832ouq.exe117⤵
-
\??\c:\560864.exec:\560864.exe118⤵
-
\??\c:\paop8.exec:\paop8.exe119⤵
-
\??\c:\ki548.exec:\ki548.exe120⤵
-
\??\c:\945j20.exec:\945j20.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-