Analysis
-
max time kernel
53s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
18/11/2023, 06:25
General
-
Target
NEAS.27111862c4c5fe584fc81a2ef1123f60.exe
-
Size
75KB
-
MD5
27111862c4c5fe584fc81a2ef1123f60
-
SHA1
7bed732463e37b49447cab16e59e6b489e8b3a7d
-
SHA256
d84ec3b87e63adc4b935dd1d3657df31e484e1b2457a01b061b17a9302f429ea
-
SHA512
9013ab60edc9ae3a74d38f28bc9371cc0032659db90af8a30e97078e8d8043f83ef446eb9fdea12573430984442fde1907a757c525c2fd85a80daf70c030779f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73yqKH/Klyv:ymb3NkkiQ3mdBjFo73yXDv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 60 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.27111862c4c5fe584fc81a2ef1123f60.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.27111862c4c5fe584fc81a2ef1123f60.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tf041.exec:\tf041.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\856gj0.exec:\856gj0.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d23b7.exec:\d23b7.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jeu5uum.exec:\jeu5uum.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rgx5sd9.exec:\rgx5sd9.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vcb4x.exec:\vcb4x.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wq2cic.exec:\wq2cic.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\17o151.exec:\17o151.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9j2qu.exec:\9j2qu.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hd7kd1.exec:\hd7kd1.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bk8hq.exec:\bk8hq.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8cuf7.exec:\8cuf7.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n264w.exec:\n264w.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7g770.exec:\7g770.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m93282g.exec:\m93282g.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3h1k7.exec:\3h1k7.exe17⤵
- Executes dropped EXE
-
\??\c:\c0k5p5e.exec:\c0k5p5e.exe18⤵
- Executes dropped EXE
-
\??\c:\573j196.exec:\573j196.exe19⤵
- Executes dropped EXE
-
\??\c:\72k7ou.exec:\72k7ou.exe20⤵
- Executes dropped EXE
-
\??\c:\3nex1c.exec:\3nex1c.exe21⤵
- Executes dropped EXE
-
\??\c:\5x99g50.exec:\5x99g50.exe22⤵
- Executes dropped EXE
-
\??\c:\5b4n5.exec:\5b4n5.exe23⤵
- Executes dropped EXE
-
\??\c:\kewssck.exec:\kewssck.exe24⤵
- Executes dropped EXE
-
\??\c:\5q9wfun.exec:\5q9wfun.exe25⤵
- Executes dropped EXE
-
\??\c:\18957h.exec:\18957h.exe26⤵
- Executes dropped EXE
-
\??\c:\5g1k1.exec:\5g1k1.exe27⤵
- Executes dropped EXE
-
\??\c:\ce32a60.exec:\ce32a60.exe28⤵
- Executes dropped EXE
-
\??\c:\46optm2.exec:\46optm2.exe29⤵
- Executes dropped EXE
-
\??\c:\59c1g.exec:\59c1g.exe30⤵
- Executes dropped EXE
-
\??\c:\5a3o17k.exec:\5a3o17k.exe31⤵
- Executes dropped EXE
-
\??\c:\20hg6b5.exec:\20hg6b5.exe32⤵
- Executes dropped EXE
-
\??\c:\5j3e1.exec:\5j3e1.exe33⤵
- Executes dropped EXE
-
\??\c:\288j36.exec:\288j36.exe34⤵
- Executes dropped EXE
-
\??\c:\217453.exec:\217453.exe35⤵
- Executes dropped EXE
-
\??\c:\3l1pn.exec:\3l1pn.exe36⤵
- Executes dropped EXE
-
\??\c:\c424824.exec:\c424824.exe37⤵
- Executes dropped EXE
-
\??\c:\us9cf1c.exec:\us9cf1c.exe38⤵
- Executes dropped EXE
-
\??\c:\45im36.exec:\45im36.exe39⤵
- Executes dropped EXE
-
\??\c:\kkt9ub.exec:\kkt9ub.exe40⤵
- Executes dropped EXE
-
\??\c:\51i7lg.exec:\51i7lg.exe41⤵
- Executes dropped EXE
-
\??\c:\l6sai.exec:\l6sai.exe42⤵
- Executes dropped EXE
-
\??\c:\k05ol3s.exec:\k05ol3s.exe43⤵
- Executes dropped EXE
-
\??\c:\m4ummw.exec:\m4ummw.exe44⤵
- Executes dropped EXE
-
\??\c:\67sc39.exec:\67sc39.exe45⤵
- Executes dropped EXE
-
\??\c:\mcwr0.exec:\mcwr0.exe46⤵
- Executes dropped EXE
-
\??\c:\0f99k4.exec:\0f99k4.exe47⤵
- Executes dropped EXE
-
\??\c:\dvc456.exec:\dvc456.exe48⤵
- Executes dropped EXE
-
\??\c:\1eim5i4.exec:\1eim5i4.exe49⤵
- Executes dropped EXE
-
\??\c:\5pfr1.exec:\5pfr1.exe50⤵
- Executes dropped EXE
-
\??\c:\5vbbgw.exec:\5vbbgw.exe51⤵
- Executes dropped EXE
-
\??\c:\7931r5.exec:\7931r5.exe52⤵
- Executes dropped EXE
-
\??\c:\3797k.exec:\3797k.exe53⤵
- Executes dropped EXE
-
\??\c:\ajj3g.exec:\ajj3g.exe54⤵
- Executes dropped EXE
-
\??\c:\0sg8js.exec:\0sg8js.exe55⤵
- Executes dropped EXE
-
\??\c:\joisgn.exec:\joisgn.exe56⤵
- Executes dropped EXE
-
\??\c:\1m54d.exec:\1m54d.exe57⤵
- Executes dropped EXE
-
\??\c:\k8u7m.exec:\k8u7m.exe58⤵
- Executes dropped EXE
-
\??\c:\lws273s.exec:\lws273s.exe59⤵
- Executes dropped EXE
-
\??\c:\7i79951.exec:\7i79951.exe60⤵
- Executes dropped EXE
-
\??\c:\k14m790.exec:\k14m790.exe61⤵
- Executes dropped EXE
-
\??\c:\62jbx.exec:\62jbx.exe62⤵
- Executes dropped EXE
-
\??\c:\dvo91rk.exec:\dvo91rk.exe63⤵
- Executes dropped EXE
-
\??\c:\3gm7979.exec:\3gm7979.exe64⤵
- Executes dropped EXE
-
\??\c:\99ec5.exec:\99ec5.exe65⤵
- Executes dropped EXE
-
\??\c:\bsawwq5.exec:\bsawwq5.exe66⤵
-
\??\c:\cii1q.exec:\cii1q.exe67⤵
-
\??\c:\5t799.exec:\5t799.exe68⤵
-
\??\c:\ni8919.exec:\ni8919.exe69⤵
-
\??\c:\9h19k.exec:\9h19k.exe70⤵
-
\??\c:\xcc331.exec:\xcc331.exe71⤵
-
\??\c:\m9794qe.exec:\m9794qe.exe72⤵
-
\??\c:\lqh53.exec:\lqh53.exe73⤵
-
\??\c:\tauj0.exec:\tauj0.exe74⤵
-
\??\c:\s70g59.exec:\s70g59.exe75⤵
-
\??\c:\4xj5030.exec:\4xj5030.exe76⤵
-
\??\c:\6171mu.exec:\6171mu.exe77⤵
-
\??\c:\sd5d29.exec:\sd5d29.exe78⤵
-
\??\c:\d4ea13.exec:\d4ea13.exe79⤵
-
\??\c:\5kqtaa.exec:\5kqtaa.exe80⤵
-
\??\c:\38q80h.exec:\38q80h.exe81⤵
-
\??\c:\d8h4j89.exec:\d8h4j89.exe82⤵
-
\??\c:\c8f754k.exec:\c8f754k.exe83⤵
-
\??\c:\gpo1oxs.exec:\gpo1oxs.exe84⤵
-
\??\c:\1cnb7.exec:\1cnb7.exe85⤵
-
\??\c:\976g4.exec:\976g4.exe86⤵
-
\??\c:\kfmgq.exec:\kfmgq.exe87⤵
-
\??\c:\84n15a.exec:\84n15a.exe88⤵
-
\??\c:\5fmu9.exec:\5fmu9.exe89⤵
-
\??\c:\cg684f.exec:\cg684f.exe90⤵
-
\??\c:\3st56.exec:\3st56.exe91⤵
-
\??\c:\0824427.exec:\0824427.exe92⤵
-
\??\c:\m2h0ms.exec:\m2h0ms.exe93⤵
-
\??\c:\lqueb.exec:\lqueb.exe94⤵
-
\??\c:\3ich45.exec:\3ich45.exe95⤵
-
\??\c:\c99539.exec:\c99539.exe96⤵
-
\??\c:\n49vl9.exec:\n49vl9.exe97⤵
-
\??\c:\5uuv3.exec:\5uuv3.exe98⤵
-
\??\c:\2uaa1.exec:\2uaa1.exe99⤵
-
\??\c:\wbi6w0.exec:\wbi6w0.exe100⤵
-
\??\c:\93948.exec:\93948.exe101⤵
-
\??\c:\655bmk.exec:\655bmk.exe102⤵
-
\??\c:\9bk59.exec:\9bk59.exe103⤵
-
\??\c:\hic36.exec:\hic36.exe104⤵
-
\??\c:\f76ba71.exec:\f76ba71.exe105⤵
-
\??\c:\12909.exec:\12909.exe106⤵
-
\??\c:\rfc12o.exec:\rfc12o.exe107⤵
-
\??\c:\m277qj.exec:\m277qj.exe108⤵
-
\??\c:\9sb55gd.exec:\9sb55gd.exe109⤵
-
\??\c:\jq7wo11.exec:\jq7wo11.exe110⤵
-
\??\c:\1gqigw.exec:\1gqigw.exe111⤵
-
\??\c:\1p15ap.exec:\1p15ap.exe112⤵
-
\??\c:\67718t.exec:\67718t.exe113⤵
-
\??\c:\9k153b5.exec:\9k153b5.exe114⤵
-
\??\c:\si5ig.exec:\si5ig.exe115⤵
-
\??\c:\726b0ix.exec:\726b0ix.exe116⤵
-
\??\c:\oo41xo.exec:\oo41xo.exe117⤵
-
\??\c:\rg8341.exec:\rg8341.exe118⤵
-
\??\c:\7s7344.exec:\7s7344.exe119⤵
-
\??\c:\60ukx1.exec:\60ukx1.exe120⤵
-
\??\c:\rgd0795.exec:\rgd0795.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-