Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
154s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
14/10/2023, 08:24
General
-
Target
NEAS.fe851dcdf34d7b08b56d31db7e7ed980.exe
-
Size
252KB
-
MD5
fe851dcdf34d7b08b56d31db7e7ed980
-
SHA1
10a669621afd3f0b61ae494115717cb5fcc19ca1
-
SHA256
3e035d940e65d44dcccab027ffd07ff515036ff5ae8b9b4d2521e4854cdb87ae
-
SHA512
3b120354f09a8364b0e272cdcee4a0d83f6ba30557298ae003c930dc0130961ffbbc7d91a929a34a070ee55e4d9dd11149d3895d9bd6ffe1796e5f80159f6e4c
-
SSDEEP
6144:kcm4FmowdHoSphraH+W0+9JGW594s2jULIDNc0Hu+MC8Z:y4wFHoS3eeWR9JGW594tjU6pu+MvZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.fe851dcdf34d7b08b56d31db7e7ed980.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.fe851dcdf34d7b08b56d31db7e7ed980.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\01aosu.exec:\01aosu.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\95139gp.exec:\95139gp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\eueew98.exec:\eueew98.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\736it7.exec:\736it7.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5x98m9.exec:\5x98m9.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b70f1c.exec:\b70f1c.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ea51a.exec:\ea51a.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3p18u5.exec:\3p18u5.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5170a.exec:\5170a.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ek3e2.exec:\ek3e2.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\as78k33.exec:\as78k33.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c2c4f76.exec:\c2c4f76.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a4mp4c.exec:\a4mp4c.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2l7b9.exec:\2l7b9.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r38u755.exec:\r38u755.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t50rqf.exec:\t50rqf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\x75o31f.exec:\x75o31f.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\us51t11.exec:\us51t11.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\29u5e.exec:\29u5e.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pq38p3.exec:\pq38p3.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k0w90.exec:\k0w90.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wxh380.exec:\wxh380.exe6⤵
- Executes dropped EXE
-
\??\c:\o39of3.exec:\o39of3.exe7⤵
- Executes dropped EXE
-
\??\c:\39ct50k.exec:\39ct50k.exe8⤵
- Executes dropped EXE
-
\??\c:\hjoc4a.exec:\hjoc4a.exe9⤵
- Executes dropped EXE
-
\??\c:\0ik3k1.exec:\0ik3k1.exe10⤵
- Executes dropped EXE
-
\??\c:\8wqjp.exec:\8wqjp.exe11⤵
- Executes dropped EXE
-
\??\c:\6n5gj.exec:\6n5gj.exe12⤵
- Executes dropped EXE
-
\??\c:\cx36a5a.exec:\cx36a5a.exe13⤵
- Executes dropped EXE
-
\??\c:\bev2a.exec:\bev2a.exe14⤵
- Executes dropped EXE
-
\??\c:\o218p0.exec:\o218p0.exe15⤵
- Executes dropped EXE
-
\??\c:\cq153.exec:\cq153.exe16⤵
- Executes dropped EXE
-
\??\c:\2l1j2.exec:\2l1j2.exe17⤵
- Executes dropped EXE
-
\??\c:\296m5.exec:\296m5.exe18⤵
- Executes dropped EXE
-
\??\c:\5ds0uk.exec:\5ds0uk.exe19⤵
- Executes dropped EXE
-
\??\c:\iro093e.exec:\iro093e.exe20⤵
- Executes dropped EXE
-
\??\c:\418b4ax.exec:\418b4ax.exe21⤵
- Executes dropped EXE
-
\??\c:\8i18v.exec:\8i18v.exe22⤵
- Executes dropped EXE
-
\??\c:\39qf7.exec:\39qf7.exe23⤵
- Executes dropped EXE
-
\??\c:\8scq78.exec:\8scq78.exe24⤵
- Executes dropped EXE
-
\??\c:\18h3aj9.exec:\18h3aj9.exe25⤵
- Executes dropped EXE
-
\??\c:\k1u58l3.exec:\k1u58l3.exe26⤵
- Executes dropped EXE
-
\??\c:\p9254.exec:\p9254.exe27⤵
- Executes dropped EXE
-
\??\c:\1hn86.exec:\1hn86.exe28⤵
- Executes dropped EXE
-
\??\c:\luf7g.exec:\luf7g.exe29⤵
- Executes dropped EXE
-
\??\c:\8qvtk.exec:\8qvtk.exe30⤵
- Executes dropped EXE
-
\??\c:\22j6q.exec:\22j6q.exe31⤵
- Executes dropped EXE
-
\??\c:\635ep.exec:\635ep.exe32⤵
- Executes dropped EXE
-
\??\c:\71bfeq.exec:\71bfeq.exe33⤵
- Executes dropped EXE
-
\??\c:\q85e1r.exec:\q85e1r.exe34⤵
- Executes dropped EXE
-
\??\c:\37x92f.exec:\37x92f.exe35⤵
- Executes dropped EXE
-
\??\c:\jpowq.exec:\jpowq.exe36⤵
- Executes dropped EXE
-
\??\c:\4qjii.exec:\4qjii.exe37⤵
- Executes dropped EXE
-
\??\c:\u5cfbf.exec:\u5cfbf.exe38⤵
- Executes dropped EXE
-
\??\c:\kk8kb9s.exec:\kk8kb9s.exe39⤵
- Executes dropped EXE
-
\??\c:\vx1j7.exec:\vx1j7.exe40⤵
- Executes dropped EXE
-
\??\c:\mcus54.exec:\mcus54.exe41⤵
- Executes dropped EXE
-
\??\c:\53thxe9.exec:\53thxe9.exe42⤵
- Executes dropped EXE
-
\??\c:\k0vep2.exec:\k0vep2.exe43⤵
- Executes dropped EXE
-
\??\c:\v450ne5.exec:\v450ne5.exe44⤵
- Executes dropped EXE
-
\??\c:\dqh30o7.exec:\dqh30o7.exe45⤵
- Executes dropped EXE
-
\??\c:\1v1qfm.exec:\1v1qfm.exe46⤵
- Executes dropped EXE
-
\??\c:\oi3c9.exec:\oi3c9.exe47⤵
- Executes dropped EXE
-
\??\c:\4s1ut.exec:\4s1ut.exe48⤵
- Executes dropped EXE
-
\??\c:\9hkqaq.exec:\9hkqaq.exe49⤵
-
\??\c:\nw0d4.exec:\nw0d4.exe50⤵
-
\??\c:\rwl2c9.exec:\rwl2c9.exe51⤵
-
\??\c:\7mqm01.exec:\7mqm01.exe52⤵
-
\??\c:\n8u87.exec:\n8u87.exe53⤵
-
\??\c:\0xk405.exec:\0xk405.exe54⤵
-
\??\c:\vk58gi9.exec:\vk58gi9.exe55⤵
-
\??\c:\h9cfmwg.exec:\h9cfmwg.exe56⤵
-
\??\c:\ag6if.exec:\ag6if.exe57⤵
-
\??\c:\2dp7o.exec:\2dp7o.exe58⤵
-
\??\c:\3h5ci4.exec:\3h5ci4.exe59⤵
-
\??\c:\1h56uj0.exec:\1h56uj0.exe60⤵
-
\??\c:\o6701s6.exec:\o6701s6.exe61⤵
-
\??\c:\fwl1f.exec:\fwl1f.exe62⤵
-
\??\c:\06c573.exec:\06c573.exe63⤵
-
\??\c:\i5aws.exec:\i5aws.exe64⤵
-
\??\c:\lhvtca.exec:\lhvtca.exe65⤵
-
\??\c:\akwids.exec:\akwids.exe66⤵
-
\??\c:\3795o.exec:\3795o.exe67⤵
-
\??\c:\3qquu.exec:\3qquu.exe68⤵
-
\??\c:\i77g70.exec:\i77g70.exe69⤵
-
\??\c:\259355.exec:\259355.exe70⤵
-
\??\c:\x9see.exec:\x9see.exe71⤵
-
\??\c:\7i56i5.exec:\7i56i5.exe72⤵
-
\??\c:\g1p51.exec:\g1p51.exe73⤵
-
\??\c:\4737i3.exec:\4737i3.exe74⤵
-
\??\c:\39qx93p.exec:\39qx93p.exe75⤵
-
\??\c:\48t4933.exec:\48t4933.exe76⤵
-
\??\c:\7t5kwt.exec:\7t5kwt.exe77⤵
-
\??\c:\2f719x.exec:\2f719x.exe78⤵
-
\??\c:\p12i32.exec:\p12i32.exe79⤵
-
\??\c:\571cp.exec:\571cp.exe80⤵
-
\??\c:\0c62f51.exec:\0c62f51.exe81⤵
-
\??\c:\930a9gh.exec:\930a9gh.exe82⤵
-
\??\c:\8cqua3.exec:\8cqua3.exe83⤵
-
\??\c:\19oic3.exec:\19oic3.exe84⤵
-
\??\c:\juv20.exec:\juv20.exe85⤵
-
\??\c:\6u14s.exec:\6u14s.exe86⤵
-
\??\c:\x9ci94.exec:\x9ci94.exe87⤵
-
\??\c:\73gs50c.exec:\73gs50c.exe88⤵
-
\??\c:\678de4u.exec:\678de4u.exe89⤵
-
\??\c:\5wqw1.exec:\5wqw1.exe90⤵
-
\??\c:\q7575mh.exec:\q7575mh.exe91⤵
-
\??\c:\6f2n9k.exec:\6f2n9k.exe92⤵
-
\??\c:\1330n.exec:\1330n.exe93⤵
-
\??\c:\h39ul.exec:\h39ul.exe94⤵
-
\??\c:\i4iqqwc.exec:\i4iqqwc.exe95⤵
-
\??\c:\t7kv5cm.exec:\t7kv5cm.exe96⤵
-
\??\c:\gt3a9.exec:\gt3a9.exe97⤵
-
\??\c:\93wj2e.exec:\93wj2e.exe98⤵
-
\??\c:\8s7431.exec:\8s7431.exe99⤵
-
\??\c:\1svhj.exec:\1svhj.exe100⤵
-
\??\c:\5ftm2sv.exec:\5ftm2sv.exe101⤵
-
\??\c:\99r78d7.exec:\99r78d7.exe102⤵
-
\??\c:\2me59ti.exec:\2me59ti.exe103⤵
-
\??\c:\ieiwa.exec:\ieiwa.exe104⤵
-
\??\c:\594mb.exec:\594mb.exe105⤵
-
\??\c:\698v1ea.exec:\698v1ea.exe106⤵
-
\??\c:\mv1375.exec:\mv1375.exe107⤵
-
\??\c:\ruce45.exec:\ruce45.exe108⤵
-
\??\c:\9joh8xi.exec:\9joh8xi.exe109⤵
-
\??\c:\wc6k5.exec:\wc6k5.exe110⤵
-
\??\c:\iv6t51.exec:\iv6t51.exe111⤵
-
\??\c:\p445a.exec:\p445a.exe112⤵
-
\??\c:\hdiatk.exec:\hdiatk.exe113⤵
-
\??\c:\n4q96c.exec:\n4q96c.exe114⤵
-
\??\c:\44l74.exec:\44l74.exe115⤵
-
\??\c:\af7o50.exec:\af7o50.exe116⤵
-
\??\c:\xuakk.exec:\xuakk.exe117⤵
-
\??\c:\r1xw9c0.exec:\r1xw9c0.exe118⤵
-
\??\c:\0xw9612.exec:\0xw9612.exe119⤵
-
\??\c:\5iov07.exec:\5iov07.exe120⤵
-
\??\c:\c665f81.exec:\c665f81.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-