Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
13/10/2023, 20:13 UTC
General
-
Target
NEAS.4196128e88ad066007745de05225c7a0.exe
-
Size
124KB
-
MD5
4196128e88ad066007745de05225c7a0
-
SHA1
210727666fcfbf8d6e5419667cb4121f421ebfb3
-
SHA256
edc0f1f9feacd5c214ec670a9232e31499e3765ed2323b6ca2a32ad4cd7e0a1e
-
SHA512
5f2a6d23b5e457dfb41d7a41b00007069c7db8349f020e7b8fb0dd07c37bd5cadeb4f2b248aa5fd84163f6c68810372ce6018bef9d4d7316c3e73628c195932a
-
SSDEEP
3072:chOmTsF93UYfwC6GIout5pi8rY9AABa1YRMxDIRMc0HZ:ccm4FmowdHoS5ddWhRgImLHZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.4196128e88ad066007745de05225c7a0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.4196128e88ad066007745de05225c7a0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\4wf3c.exec:\4wf3c.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n10g95.exec:\n10g95.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t7kiq.exec:\t7kiq.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k3533g5.exec:\k3533g5.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w9159.exec:\w9159.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fmb1kso.exec:\fmb1kso.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xw57l3.exec:\xw57l3.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bv1hr70.exec:\bv1hr70.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\05jq2a.exec:\05jq2a.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l539d6h.exec:\l539d6h.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6ur8c3.exec:\6ur8c3.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6w9mvsf.exec:\6w9mvsf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8l4eg.exec:\8l4eg.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\996p3oc.exec:\996p3oc.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m4e5uv1.exec:\m4e5uv1.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s7153.exec:\s7153.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\sg9599.exec:\sg9599.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gg7sn8.exec:\gg7sn8.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1793197.exec:\1793197.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0q34pm7.exec:\0q34pm7.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\767bx.exec:\767bx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f68bd1.exec:\f68bd1.exe23⤵
- Executes dropped EXE
-
\??\c:\07399u.exec:\07399u.exe24⤵
- Executes dropped EXE
-
\??\c:\w0w7as.exec:\w0w7as.exe25⤵
- Executes dropped EXE
-
\??\c:\ae5xu3.exec:\ae5xu3.exe26⤵
- Executes dropped EXE
-
\??\c:\sq3ii.exec:\sq3ii.exe27⤵
- Executes dropped EXE
-
\??\c:\61sb9w.exec:\61sb9w.exe28⤵
- Executes dropped EXE
-
\??\c:\9ge9a.exec:\9ge9a.exe29⤵
- Executes dropped EXE
-
\??\c:\4vj46.exec:\4vj46.exe30⤵
- Executes dropped EXE
-
\??\c:\ag99st.exec:\ag99st.exe31⤵
- Executes dropped EXE
-
\??\c:\31g98t5.exec:\31g98t5.exe32⤵
- Executes dropped EXE
-
\??\c:\b302nc4.exec:\b302nc4.exe33⤵
- Executes dropped EXE
-
\??\c:\j2i70um.exec:\j2i70um.exe34⤵
- Executes dropped EXE
-
\??\c:\3579i7m.exec:\3579i7m.exe35⤵
- Executes dropped EXE
-
\??\c:\mi7333.exec:\mi7333.exe36⤵
- Executes dropped EXE
-
\??\c:\08dv66.exec:\08dv66.exe37⤵
- Executes dropped EXE
-
\??\c:\qgwqgm.exec:\qgwqgm.exe38⤵
- Executes dropped EXE
-
\??\c:\ta5503.exec:\ta5503.exe39⤵
- Executes dropped EXE
-
\??\c:\10n60.exec:\10n60.exe40⤵
- Executes dropped EXE
-
\??\c:\b3k92s.exec:\b3k92s.exe41⤵
- Executes dropped EXE
-
\??\c:\3qcd0.exec:\3qcd0.exe42⤵
- Executes dropped EXE
-
\??\c:\km979g.exec:\km979g.exe43⤵
- Executes dropped EXE
-
\??\c:\47957.exec:\47957.exe44⤵
- Executes dropped EXE
-
\??\c:\l6l9217.exec:\l6l9217.exe45⤵
- Executes dropped EXE
-
\??\c:\n69n42r.exec:\n69n42r.exe46⤵
- Executes dropped EXE
-
\??\c:\t5i9777.exec:\t5i9777.exe47⤵
- Executes dropped EXE
-
\??\c:\0cv3mf7.exec:\0cv3mf7.exe48⤵
- Executes dropped EXE
-
\??\c:\92a78l3.exec:\92a78l3.exe49⤵
- Executes dropped EXE
-
\??\c:\numaw7.exec:\numaw7.exe50⤵
- Executes dropped EXE
-
\??\c:\2sa2wm.exec:\2sa2wm.exe51⤵
- Executes dropped EXE
-
\??\c:\g5e13un.exec:\g5e13un.exe52⤵
- Executes dropped EXE
-
\??\c:\ksbr0.exec:\ksbr0.exe53⤵
- Executes dropped EXE
-
\??\c:\047o50.exec:\047o50.exe54⤵
- Executes dropped EXE
-
\??\c:\859697.exec:\859697.exe55⤵
- Executes dropped EXE
-
\??\c:\1ejxdb6.exec:\1ejxdb6.exe56⤵
- Executes dropped EXE
-
\??\c:\l56k16.exec:\l56k16.exe57⤵
- Executes dropped EXE
-
\??\c:\1df41h.exec:\1df41h.exe58⤵
- Executes dropped EXE
-
\??\c:\gaq32f.exec:\gaq32f.exe59⤵
- Executes dropped EXE
-
\??\c:\kmvau.exec:\kmvau.exe60⤵
- Executes dropped EXE
-
\??\c:\31g72q.exec:\31g72q.exe61⤵
- Executes dropped EXE
-
\??\c:\nehfk13.exec:\nehfk13.exe62⤵
- Executes dropped EXE
-
\??\c:\jsk433.exec:\jsk433.exe63⤵
- Executes dropped EXE
-
\??\c:\5lcuq3.exec:\5lcuq3.exe64⤵
- Executes dropped EXE
-
\??\c:\g0ema.exec:\g0ema.exe65⤵
- Executes dropped EXE
-
\??\c:\550j1.exec:\550j1.exe66⤵
-
\??\c:\j1m33s.exec:\j1m33s.exe67⤵
-
\??\c:\88goiw.exec:\88goiw.exe68⤵
-
\??\c:\j8a71.exec:\j8a71.exe69⤵
-
\??\c:\m40ko5k.exec:\m40ko5k.exe70⤵
-
\??\c:\j3st0ce.exec:\j3st0ce.exe71⤵
-
\??\c:\4610j2v.exec:\4610j2v.exe72⤵
-
\??\c:\l74lco.exec:\l74lco.exe73⤵
-
\??\c:\4f2qa9.exec:\4f2qa9.exe74⤵
-
\??\c:\od01pve.exec:\od01pve.exe75⤵
-
\??\c:\ouq70d.exec:\ouq70d.exe76⤵
-
\??\c:\1wd33gt.exec:\1wd33gt.exe77⤵
-
\??\c:\t0s1e.exec:\t0s1e.exe78⤵
-
\??\c:\w18c9a.exec:\w18c9a.exe79⤵
-
\??\c:\31eoue.exec:\31eoue.exe80⤵
-
\??\c:\67ecosw.exec:\67ecosw.exe81⤵
-
\??\c:\cqx16v.exec:\cqx16v.exe82⤵
-
\??\c:\v971957.exec:\v971957.exe83⤵
-
\??\c:\d10c5l7.exec:\d10c5l7.exe84⤵
-
\??\c:\28905ms.exec:\28905ms.exe85⤵
-
\??\c:\l5ln5ej.exec:\l5ln5ej.exe86⤵
-
\??\c:\8c52j8q.exec:\8c52j8q.exe87⤵
-
\??\c:\j2x9q5.exec:\j2x9q5.exe88⤵
-
\??\c:\53of8iq.exec:\53of8iq.exe89⤵
-
\??\c:\kk7437.exec:\kk7437.exe90⤵
-
\??\c:\7j76i7.exec:\7j76i7.exe91⤵
-
\??\c:\msj3i14.exec:\msj3i14.exe92⤵
-
\??\c:\3597t.exec:\3597t.exe93⤵
-
\??\c:\t4j96.exec:\t4j96.exe94⤵
-
\??\c:\ju060ie.exec:\ju060ie.exe95⤵
-
\??\c:\v10c1.exec:\v10c1.exe96⤵
-
\??\c:\971f3c5.exec:\971f3c5.exe97⤵
-
\??\c:\f7c31c.exec:\f7c31c.exe98⤵
-
\??\c:\87qg2.exec:\87qg2.exe99⤵
-
\??\c:\a6s94t.exec:\a6s94t.exe100⤵
-
\??\c:\4n5p6.exec:\4n5p6.exe101⤵
-
\??\c:\38e76j5.exec:\38e76j5.exe102⤵
-
\??\c:\91sh2.exec:\91sh2.exe103⤵
-
\??\c:\2uf0m.exec:\2uf0m.exe104⤵
-
\??\c:\4b1so7.exec:\4b1so7.exe105⤵
-
\??\c:\582o3i.exec:\582o3i.exe106⤵
-
\??\c:\2j91731.exec:\2j91731.exe107⤵
-
\??\c:\kg98q75.exec:\kg98q75.exe108⤵
-
\??\c:\cm4rqsb.exec:\cm4rqsb.exe109⤵
-
\??\c:\qc503.exec:\qc503.exe110⤵
-
\??\c:\e33u5.exec:\e33u5.exe111⤵
-
\??\c:\omeqges.exec:\omeqges.exe112⤵
-
\??\c:\i1331.exec:\i1331.exe113⤵
-
\??\c:\0goem9a.exec:\0goem9a.exe114⤵
-
\??\c:\51774u.exec:\51774u.exe115⤵
-
\??\c:\55q70.exec:\55q70.exe116⤵
-
\??\c:\tel21d.exec:\tel21d.exe117⤵
-
\??\c:\8b9oq.exec:\8b9oq.exe118⤵
-
\??\c:\15h7351.exec:\15h7351.exe119⤵
-
\??\c:\9jq53.exec:\9jq53.exe120⤵
-
\??\c:\im7ua.exec:\im7ua.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-