Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
18/11/2023, 02:47
General
-
Target
NEAS.7b819d7d684fbc02dfde7ef1bdbb7550.exe
-
Size
89KB
-
MD5
7b819d7d684fbc02dfde7ef1bdbb7550
-
SHA1
a04f1abac3666cf6ef337e97d627da96481c75d6
-
SHA256
643aca1d8bb25612d9aa7db60fcb5d72ef581d79f17096da43c0526a933c6c53
-
SHA512
aa24e9e0e8e60fc52abd49c1580d9b9f479a46112304eee684e8f4962c5a60824922412587ed6455af6c05e798079b2824be70418e08383e8ad7a2bed8bb46b2
-
SSDEEP
1536:cvQBeOGtrYS3srx93UBWfwC6Ggnouy8vzVQQ/fF2V8rY9gcxePABa1oMEEQ7u:chOmTsF93UYfwC6GIout5pi8rY9AABa1
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.7b819d7d684fbc02dfde7ef1bdbb7550.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.7b819d7d684fbc02dfde7ef1bdbb7550.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\qak0i.exec:\qak0i.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\91375er.exec:\91375er.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\573cd1m.exec:\573cd1m.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mmf791.exec:\mmf791.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\61v72.exec:\61v72.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2sh5s1p.exec:\2sh5s1p.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t1l99u.exec:\t1l99u.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t70k52.exec:\t70k52.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gqmqwe.exec:\gqmqwe.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3shck.exec:\3shck.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3t91u.exec:\3t91u.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o228xd.exec:\o228xd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\23c1p.exec:\23c1p.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22vbj.exec:\22vbj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8wg12u.exec:\8wg12u.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2b3wq.exec:\2b3wq.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2ems53.exec:\2ems53.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0v9p34.exec:\0v9p34.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ac599.exec:\ac599.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r9m7ib5.exec:\r9m7ib5.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ds7e38.exec:\ds7e38.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gkcocso.exec:\gkcocso.exe23⤵
- Executes dropped EXE
-
\??\c:\3uf0d.exec:\3uf0d.exe24⤵
- Executes dropped EXE
-
\??\c:\g2sl5.exec:\g2sl5.exe25⤵
- Executes dropped EXE
-
\??\c:\ea9a50.exec:\ea9a50.exe26⤵
- Executes dropped EXE
-
\??\c:\2c5mo.exec:\2c5mo.exe27⤵
- Executes dropped EXE
-
\??\c:\2n72j.exec:\2n72j.exe28⤵
- Executes dropped EXE
-
\??\c:\55aqc.exec:\55aqc.exe29⤵
- Executes dropped EXE
-
\??\c:\j56q5.exec:\j56q5.exe30⤵
- Executes dropped EXE
-
\??\c:\21wr1.exec:\21wr1.exe31⤵
- Executes dropped EXE
-
\??\c:\05qsu.exec:\05qsu.exe32⤵
- Executes dropped EXE
-
\??\c:\n5s33.exec:\n5s33.exe33⤵
- Executes dropped EXE
-
\??\c:\676ws.exec:\676ws.exe34⤵
- Executes dropped EXE
-
\??\c:\scc18e.exec:\scc18e.exe35⤵
- Executes dropped EXE
-
\??\c:\t8prxvf.exec:\t8prxvf.exe36⤵
- Executes dropped EXE
-
\??\c:\l163q3w.exec:\l163q3w.exe37⤵
- Executes dropped EXE
-
\??\c:\de9wx9.exec:\de9wx9.exe38⤵
- Executes dropped EXE
-
\??\c:\ecqos38.exec:\ecqos38.exe39⤵
- Executes dropped EXE
-
\??\c:\3pg4j.exec:\3pg4j.exe40⤵
- Executes dropped EXE
-
\??\c:\55csq.exec:\55csq.exe41⤵
- Executes dropped EXE
-
\??\c:\5t9e64.exec:\5t9e64.exe42⤵
- Executes dropped EXE
-
\??\c:\6151wk.exec:\6151wk.exe43⤵
- Executes dropped EXE
-
\??\c:\pufti69.exec:\pufti69.exe44⤵
- Executes dropped EXE
-
\??\c:\ou7apc.exec:\ou7apc.exe45⤵
- Executes dropped EXE
-
\??\c:\2secm.exec:\2secm.exe46⤵
- Executes dropped EXE
-
\??\c:\7cge0.exec:\7cge0.exe47⤵
- Executes dropped EXE
-
\??\c:\2i1su5.exec:\2i1su5.exe48⤵
- Executes dropped EXE
-
\??\c:\g3m5kx.exec:\g3m5kx.exe49⤵
- Executes dropped EXE
-
\??\c:\e6xn28.exec:\e6xn28.exe50⤵
- Executes dropped EXE
-
\??\c:\nm2jre.exec:\nm2jre.exe51⤵
- Executes dropped EXE
-
\??\c:\mk9337.exec:\mk9337.exe52⤵
- Executes dropped EXE
-
\??\c:\w1739.exec:\w1739.exe53⤵
- Executes dropped EXE
-
\??\c:\0mu11.exec:\0mu11.exe54⤵
- Executes dropped EXE
-
\??\c:\0qucmi.exec:\0qucmi.exe55⤵
- Executes dropped EXE
-
\??\c:\990awk3.exec:\990awk3.exe56⤵
- Executes dropped EXE
-
\??\c:\2777l.exec:\2777l.exe57⤵
- Executes dropped EXE
-
\??\c:\58sassq.exec:\58sassq.exe58⤵
- Executes dropped EXE
-
\??\c:\qs518ji.exec:\qs518ji.exe59⤵
- Executes dropped EXE
-
\??\c:\v2hi1.exec:\v2hi1.exe60⤵
- Executes dropped EXE
-
\??\c:\n39753.exec:\n39753.exe61⤵
- Executes dropped EXE
-
\??\c:\3339791.exec:\3339791.exe62⤵
- Executes dropped EXE
-
\??\c:\295h37g.exec:\295h37g.exe63⤵
- Executes dropped EXE
-
\??\c:\wuf0x15.exec:\wuf0x15.exe64⤵
- Executes dropped EXE
-
\??\c:\wuqqi.exec:\wuqqi.exe65⤵
- Executes dropped EXE
-
\??\c:\qhm86p.exec:\qhm86p.exe66⤵
-
\??\c:\f5ux14.exec:\f5ux14.exe67⤵
-
\??\c:\7737il5.exec:\7737il5.exe68⤵
-
\??\c:\ixue1.exec:\ixue1.exe69⤵
-
\??\c:\l3osg5.exec:\l3osg5.exe70⤵
-
\??\c:\h11779h.exec:\h11779h.exe71⤵
-
\??\c:\r79ss94.exec:\r79ss94.exe72⤵
-
\??\c:\m48ik5.exec:\m48ik5.exe73⤵
-
\??\c:\uucwq52.exec:\uucwq52.exe74⤵
-
\??\c:\2mr7q31.exec:\2mr7q31.exe75⤵
-
\??\c:\sa1gp.exec:\sa1gp.exe76⤵
-
\??\c:\aq14u0.exec:\aq14u0.exe77⤵
-
\??\c:\esr16.exec:\esr16.exe78⤵
-
\??\c:\6m1mc.exec:\6m1mc.exe79⤵
-
\??\c:\t7axkcu.exec:\t7axkcu.exe80⤵
-
\??\c:\6asf9.exec:\6asf9.exe81⤵
-
\??\c:\qag5ur3.exec:\qag5ur3.exe82⤵
-
\??\c:\sk42x.exec:\sk42x.exe83⤵
-
\??\c:\r9wuc6.exec:\r9wuc6.exe84⤵
-
\??\c:\v93aw.exec:\v93aw.exe85⤵
-
\??\c:\kq34a3.exec:\kq34a3.exe86⤵
-
\??\c:\t53197.exec:\t53197.exe87⤵
-
\??\c:\a1ddc4.exec:\a1ddc4.exe88⤵
-
\??\c:\k46j522.exec:\k46j522.exe89⤵
-
\??\c:\g2023.exec:\g2023.exe90⤵
-
\??\c:\8mj72.exec:\8mj72.exe91⤵
-
\??\c:\gm5ke74.exec:\gm5ke74.exe92⤵
-
\??\c:\bpe3i0p.exec:\bpe3i0p.exe93⤵
-
\??\c:\tde4u03.exec:\tde4u03.exe94⤵
-
\??\c:\2g597.exec:\2g597.exe95⤵
-
\??\c:\4h56m.exec:\4h56m.exe96⤵
-
\??\c:\5meka.exec:\5meka.exe97⤵
-
\??\c:\b5b14o.exec:\b5b14o.exe98⤵
-
\??\c:\av6mrcs.exec:\av6mrcs.exe99⤵
-
\??\c:\d7ax72.exec:\d7ax72.exe100⤵
-
\??\c:\osse0.exec:\osse0.exe101⤵
-
\??\c:\5146cgq.exec:\5146cgq.exe102⤵
-
\??\c:\3v5gm5.exec:\3v5gm5.exe103⤵
-
\??\c:\8igp1.exec:\8igp1.exe104⤵
-
\??\c:\j7u32.exec:\j7u32.exe105⤵
-
\??\c:\2g170aj.exec:\2g170aj.exe106⤵
-
\??\c:\0r5i7.exec:\0r5i7.exe107⤵
-
\??\c:\2w77715.exec:\2w77715.exe108⤵
-
\??\c:\932b97.exec:\932b97.exe109⤵
-
\??\c:\57imcuu.exec:\57imcuu.exe110⤵
-
\??\c:\04mqf0.exec:\04mqf0.exe111⤵
-
\??\c:\p7iq96k.exec:\p7iq96k.exe112⤵
-
\??\c:\2wfsv4.exec:\2wfsv4.exe113⤵
-
\??\c:\95150.exec:\95150.exe114⤵
-
\??\c:\d2m72m.exec:\d2m72m.exe115⤵
-
\??\c:\3115h5s.exec:\3115h5s.exe116⤵
-
\??\c:\xjpma11.exec:\xjpma11.exe117⤵
-
\??\c:\3937593.exec:\3937593.exe118⤵
-
\??\c:\u4gp92a.exec:\u4gp92a.exe119⤵
-
\??\c:\6i0os.exec:\6i0os.exe120⤵
-
\??\c:\1313117.exec:\1313117.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-