Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
160s -
max time network
170s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
13/10/2023, 20:44
General
-
Target
NEAS.d6eb5bb7c4e63dd620eb9fc4d0f35e60.exe
-
Size
74KB
-
MD5
d6eb5bb7c4e63dd620eb9fc4d0f35e60
-
SHA1
6e64137dcb4c0683379247160bbc309e9c2efd98
-
SHA256
1dd8d5b98e260169afecc4b5ad65360aacfcd8df1997b20159daa8bbd6b39c8a
-
SHA512
5195bff6b0aa827eef7f557822048cab8736e1531e0681917647a3dbcb0d933d36d59e5a288bc6f0f014957c79e68d167bfd7497428a251dfcfe25a8f9c4e2fc
-
SSDEEP
1536:0vQBeOGtrYS3srx93UBWfwC6Ggnouy8CUYj7qxXksNfOvRQvQn:0hOmTsF93UYfwC6GIoutXtksNWvR/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.d6eb5bb7c4e63dd620eb9fc4d0f35e60.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.d6eb5bb7c4e63dd620eb9fc4d0f35e60.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\e5223.exec:\e5223.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\oic27.exec:\oic27.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhwwu.exec:\rhwwu.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pq40.exec:\9pq40.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a9w3o0g.exec:\a9w3o0g.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2h6fr32.exec:\2h6fr32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1wi5aa.exec:\1wi5aa.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b38r0m.exec:\b38r0m.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\47021m0.exec:\47021m0.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l26a1q.exec:\l26a1q.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\uc6852.exec:\uc6852.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2jq9c.exec:\2jq9c.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b56he0.exec:\b56he0.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ii1n56q.exec:\ii1n56q.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\eh7m1.exec:\eh7m1.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1wg9g4.exec:\1wg9g4.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\327pd.exec:\327pd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t77ktp.exec:\t77ktp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\16v5ux.exec:\16v5ux.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2o0p7.exec:\2o0p7.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\99eei.exec:\99eei.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4427p.exec:\4427p.exe23⤵
- Executes dropped EXE
-
\??\c:\h5882ht.exec:\h5882ht.exe24⤵
- Executes dropped EXE
-
\??\c:\vd2m5k.exec:\vd2m5k.exe25⤵
- Executes dropped EXE
-
\??\c:\b54b24.exec:\b54b24.exe26⤵
- Executes dropped EXE
-
\??\c:\6c62b.exec:\6c62b.exe27⤵
- Executes dropped EXE
-
\??\c:\630c5w3.exec:\630c5w3.exe28⤵
- Executes dropped EXE
-
\??\c:\0g506t.exec:\0g506t.exe29⤵
- Executes dropped EXE
-
\??\c:\9ss8xr.exec:\9ss8xr.exe30⤵
- Executes dropped EXE
-
\??\c:\hs05k5j.exec:\hs05k5j.exe31⤵
- Executes dropped EXE
-
\??\c:\8m57u.exec:\8m57u.exe32⤵
- Executes dropped EXE
-
\??\c:\p273qig.exec:\p273qig.exe33⤵
- Executes dropped EXE
-
\??\c:\56p58w.exec:\56p58w.exe34⤵
- Executes dropped EXE
-
\??\c:\irp55.exec:\irp55.exe35⤵
- Executes dropped EXE
-
\??\c:\dsee4.exec:\dsee4.exe36⤵
- Executes dropped EXE
-
\??\c:\37n6h.exec:\37n6h.exe37⤵
- Executes dropped EXE
-
\??\c:\u9871.exec:\u9871.exe38⤵
- Executes dropped EXE
-
\??\c:\43r96.exec:\43r96.exe39⤵
- Executes dropped EXE
-
\??\c:\a89w0.exec:\a89w0.exe40⤵
- Executes dropped EXE
-
\??\c:\23254.exec:\23254.exe41⤵
- Executes dropped EXE
-
\??\c:\wr79p9.exec:\wr79p9.exe42⤵
- Executes dropped EXE
-
\??\c:\775c9.exec:\775c9.exe43⤵
- Executes dropped EXE
-
\??\c:\7mg1f3.exec:\7mg1f3.exe44⤵
- Executes dropped EXE
-
\??\c:\264q59w.exec:\264q59w.exe45⤵
- Executes dropped EXE
-
\??\c:\m62l0.exec:\m62l0.exe46⤵
- Executes dropped EXE
-
\??\c:\s5wir.exec:\s5wir.exe47⤵
- Executes dropped EXE
-
\??\c:\9kf2e.exec:\9kf2e.exe48⤵
- Executes dropped EXE
-
\??\c:\e86038.exec:\e86038.exe49⤵
- Executes dropped EXE
-
\??\c:\m4so7r.exec:\m4so7r.exe50⤵
- Executes dropped EXE
-
\??\c:\6nww2w4.exec:\6nww2w4.exe51⤵
- Executes dropped EXE
-
\??\c:\ouc5la6.exec:\ouc5la6.exe52⤵
- Executes dropped EXE
-
\??\c:\4gd5a1e.exec:\4gd5a1e.exe53⤵
- Executes dropped EXE
-
\??\c:\87e6l22.exec:\87e6l22.exe54⤵
- Executes dropped EXE
-
\??\c:\5woxrg8.exec:\5woxrg8.exe55⤵
- Executes dropped EXE
-
\??\c:\3hk6c27.exec:\3hk6c27.exe56⤵
- Executes dropped EXE
-
\??\c:\09e8nk8.exec:\09e8nk8.exe57⤵
- Executes dropped EXE
-
\??\c:\2svl63j.exec:\2svl63j.exe58⤵
- Executes dropped EXE
-
\??\c:\860dpw.exec:\860dpw.exe59⤵
- Executes dropped EXE
-
\??\c:\111h47.exec:\111h47.exe60⤵
- Executes dropped EXE
-
\??\c:\mp83qq.exec:\mp83qq.exe61⤵
- Executes dropped EXE
-
\??\c:\32408f.exec:\32408f.exe62⤵
- Executes dropped EXE
-
\??\c:\e9mge05.exec:\e9mge05.exe63⤵
- Executes dropped EXE
-
\??\c:\8f7xj.exec:\8f7xj.exe64⤵
- Executes dropped EXE
-
\??\c:\6m7ut.exec:\6m7ut.exe65⤵
- Executes dropped EXE
-
\??\c:\029kat8.exec:\029kat8.exe66⤵
-
\??\c:\2a7c5.exec:\2a7c5.exe67⤵
-
\??\c:\0je7k.exec:\0je7k.exe68⤵
-
\??\c:\w4mv70p.exec:\w4mv70p.exe69⤵
-
\??\c:\p4whuc.exec:\p4whuc.exe70⤵
-
\??\c:\7sm68.exec:\7sm68.exe71⤵
-
\??\c:\xdj5qw3.exec:\xdj5qw3.exe72⤵
-
\??\c:\957f9s.exec:\957f9s.exe73⤵
-
\??\c:\dwn6g.exec:\dwn6g.exe74⤵
-
\??\c:\83811.exec:\83811.exe75⤵
-
\??\c:\0md7c.exec:\0md7c.exe76⤵
-
\??\c:\hcd59.exec:\hcd59.exe77⤵
-
\??\c:\4m38q.exec:\4m38q.exe78⤵
-
\??\c:\9hwo5c.exec:\9hwo5c.exe79⤵
-
\??\c:\2p7w5ui.exec:\2p7w5ui.exe80⤵
-
\??\c:\gm796u.exec:\gm796u.exe81⤵
-
\??\c:\v527k.exec:\v527k.exe82⤵
-
\??\c:\79bke.exec:\79bke.exe83⤵
-
\??\c:\069dxa.exec:\069dxa.exe84⤵
-
\??\c:\0sj65f.exec:\0sj65f.exe85⤵
-
\??\c:\8txxsae.exec:\8txxsae.exe86⤵
-
\??\c:\7eb3123.exec:\7eb3123.exe87⤵
-
\??\c:\02l15.exec:\02l15.exe88⤵
-
\??\c:\2k0o9v.exec:\2k0o9v.exe89⤵
-
\??\c:\43alup9.exec:\43alup9.exe90⤵
-
\??\c:\cac99.exec:\cac99.exe91⤵
-
\??\c:\124i5.exec:\124i5.exe92⤵
-
\??\c:\c5839.exec:\c5839.exe93⤵
-
\??\c:\p4l01.exec:\p4l01.exe94⤵
-
\??\c:\gpgve11.exec:\gpgve11.exe95⤵
-
\??\c:\rm3wr.exec:\rm3wr.exe96⤵
-
\??\c:\o1wd7kg.exec:\o1wd7kg.exe97⤵
-
\??\c:\45gxrc.exec:\45gxrc.exe98⤵
-
\??\c:\l35lrup.exec:\l35lrup.exe99⤵
-
\??\c:\9m27rcg.exec:\9m27rcg.exe100⤵
-
\??\c:\madspk.exec:\madspk.exe101⤵
-
\??\c:\mqk33gc.exec:\mqk33gc.exe102⤵
-
\??\c:\7b6mmr1.exec:\7b6mmr1.exe103⤵
-
\??\c:\8221u4.exec:\8221u4.exe104⤵
-
\??\c:\h2w6of.exec:\h2w6of.exe105⤵
-
\??\c:\04f6mc.exec:\04f6mc.exe106⤵
-
\??\c:\57g9egn.exec:\57g9egn.exe107⤵
-
\??\c:\6b0t2d.exec:\6b0t2d.exe108⤵
-
\??\c:\i3fw7.exec:\i3fw7.exe109⤵
-
\??\c:\eon02.exec:\eon02.exe110⤵
-
-
-
-
\??\c:\guii48.exec:\guii48.exe108⤵
-
\??\c:\l7s324q.exec:\l7s324q.exe109⤵
-
\??\c:\v6v71.exec:\v6v71.exe110⤵
-
\??\c:\2x3u04.exec:\2x3u04.exe111⤵
-
\??\c:\91p6r1.exec:\91p6r1.exe112⤵
-
\??\c:\l3e716n.exec:\l3e716n.exe113⤵
-
\??\c:\7h546g8.exec:\7h546g8.exe114⤵
-
\??\c:\uc6wt.exec:\uc6wt.exe115⤵
-
\??\c:\qa857.exec:\qa857.exe116⤵
-
\??\c:\9eu446l.exec:\9eu446l.exe117⤵
-
\??\c:\xa6eeei.exec:\xa6eeei.exe118⤵
-
\??\c:\n331t.exec:\n331t.exe119⤵
-
\??\c:\01724uu.exec:\01724uu.exe120⤵
-
\??\c:\06167.exec:\06167.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-