Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
186s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
14/10/2023, 18:04
General
-
Target
NEAS.8bbb62c77bed134b6692405b63512750.exe
-
Size
67KB
-
MD5
8bbb62c77bed134b6692405b63512750
-
SHA1
09f13121689969f0b3992411adb5b5e8caeac75e
-
SHA256
b061e9e71b46790f781acfc2b10ce74a860ee6e5f586fcafcf48dd8f3ea6be0b
-
SHA512
bb6949fb708386366c4048e2bcefca0c5f16bb5ec6dfa256e3f2e19a16154d123c2407bc026e87cda9671b34d732050649e14f7335993df8acc549d4ddecde19
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIzX0WX:ymb3NkkiQ3mdBjFIzvX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 61 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.8bbb62c77bed134b6692405b63512750.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.8bbb62c77bed134b6692405b63512750.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\n8b4d5.exec:\n8b4d5.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f4484m9.exec:\f4484m9.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\467bi0.exec:\467bi0.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lj252h4.exec:\lj252h4.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9p041at.exec:\9p041at.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x86ak8c.exec:\x86ak8c.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5r20f.exec:\5r20f.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\56snvp.exec:\56snvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\53e3ph8.exec:\53e3ph8.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1wu8i9.exec:\1wu8i9.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
\??\c:\ji56p2.exec:\ji56p2.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\562gxpc.exec:\562gxpc.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j081nq4.exec:\j081nq4.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4x0f8.exec:\4x0f8.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pnws91a.exec:\pnws91a.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jcb8w.exec:\jcb8w.exe6⤵
- Executes dropped EXE
-
\??\c:\6922e1.exec:\6922e1.exe7⤵
- Executes dropped EXE
-
\??\c:\9396p0m.exec:\9396p0m.exe8⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
\??\c:\rbx398c.exec:\rbx398c.exe1⤵
- Executes dropped EXE
-
\??\c:\d7g57.exec:\d7g57.exe2⤵
- Executes dropped EXE
-
\??\c:\sw3w1n.exec:\sw3w1n.exe3⤵
- Executes dropped EXE
-
\??\c:\j64g18c.exec:\j64g18c.exe4⤵
- Executes dropped EXE
-
\??\c:\epi88vk.exec:\epi88vk.exe5⤵
- Executes dropped EXE
-
\??\c:\rvw60.exec:\rvw60.exe6⤵
- Executes dropped EXE
-
\??\c:\4h56j.exec:\4h56j.exe7⤵
- Executes dropped EXE
-
\??\c:\4n050.exec:\4n050.exe8⤵
- Executes dropped EXE
-
\??\c:\j1dxf6.exec:\j1dxf6.exe9⤵
- Executes dropped EXE
-
\??\c:\8144t0.exec:\8144t0.exe10⤵
- Executes dropped EXE
-
\??\c:\17t47t.exec:\17t47t.exe11⤵
- Executes dropped EXE
-
\??\c:\5v14f3.exec:\5v14f3.exe12⤵
- Executes dropped EXE
-
\??\c:\ut6n8e.exec:\ut6n8e.exe13⤵
- Executes dropped EXE
-
\??\c:\74bn3t7.exec:\74bn3t7.exe14⤵
- Executes dropped EXE
-
\??\c:\usn08.exec:\usn08.exe15⤵
- Executes dropped EXE
-
\??\c:\h17fu.exec:\h17fu.exe16⤵
- Executes dropped EXE
-
\??\c:\4h32h6.exec:\4h32h6.exe17⤵
- Executes dropped EXE
-
\??\c:\9t1k36l.exec:\9t1k36l.exe18⤵
- Executes dropped EXE
-
\??\c:\t69g4.exec:\t69g4.exe19⤵
- Executes dropped EXE
-
\??\c:\j0wrh.exec:\j0wrh.exe20⤵
- Executes dropped EXE
-
\??\c:\2f3npal.exec:\2f3npal.exe21⤵
- Executes dropped EXE
-
\??\c:\o7gu3a7.exec:\o7gu3a7.exe22⤵
- Executes dropped EXE
-
\??\c:\4b5lv6.exec:\4b5lv6.exe23⤵
- Executes dropped EXE
-
\??\c:\429u0.exec:\429u0.exe24⤵
- Executes dropped EXE
-
\??\c:\59qcs.exec:\59qcs.exe25⤵
- Executes dropped EXE
-
\??\c:\hqieu.exec:\hqieu.exe26⤵
- Executes dropped EXE
-
\??\c:\v0cd96.exec:\v0cd96.exe27⤵
- Executes dropped EXE
-
\??\c:\bi0r53.exec:\bi0r53.exe28⤵
- Executes dropped EXE
-
\??\c:\4ckwt4.exec:\4ckwt4.exe29⤵
- Executes dropped EXE
-
\??\c:\1sx4kk.exec:\1sx4kk.exe30⤵
- Executes dropped EXE
-
\??\c:\jk7213.exec:\jk7213.exe31⤵
- Executes dropped EXE
-
\??\c:\kg2eo.exec:\kg2eo.exe32⤵
- Executes dropped EXE
-
\??\c:\1ww73o.exec:\1ww73o.exe33⤵
- Executes dropped EXE
-
\??\c:\dm94o10.exec:\dm94o10.exe34⤵
- Executes dropped EXE
-
\??\c:\2m8392.exec:\2m8392.exe35⤵
- Executes dropped EXE
-
\??\c:\j8n7op.exec:\j8n7op.exe36⤵
- Executes dropped EXE
-
\??\c:\3k9kl5.exec:\3k9kl5.exe37⤵
- Executes dropped EXE
-
\??\c:\1r4l8sk.exec:\1r4l8sk.exe38⤵
- Executes dropped EXE
-
\??\c:\v2745n6.exec:\v2745n6.exe39⤵
- Executes dropped EXE
-
\??\c:\kq9k826.exec:\kq9k826.exe40⤵
- Executes dropped EXE
-
\??\c:\8ho04jj.exec:\8ho04jj.exe41⤵
- Executes dropped EXE
-
\??\c:\61gl4f.exec:\61gl4f.exe42⤵
- Executes dropped EXE
-
\??\c:\89eq9.exec:\89eq9.exe43⤵
- Executes dropped EXE
-
\??\c:\2uv69.exec:\2uv69.exe44⤵
- Executes dropped EXE
-
\??\c:\k2rx4dj.exec:\k2rx4dj.exe45⤵
- Executes dropped EXE
-
\??\c:\xo6i6jq.exec:\xo6i6jq.exe46⤵
- Executes dropped EXE
-
\??\c:\khu41pm.exec:\khu41pm.exe47⤵
-
\??\c:\v86tc.exec:\v86tc.exe48⤵
-
\??\c:\x9g9b.exec:\x9g9b.exe49⤵
-
\??\c:\2i3mv.exec:\2i3mv.exe50⤵
-
\??\c:\2o3t21.exec:\2o3t21.exe51⤵
-
\??\c:\f1a06.exec:\f1a06.exe52⤵
-
\??\c:\rln4fj.exec:\rln4fj.exe53⤵
-
\??\c:\1cig0j.exec:\1cig0j.exe54⤵
-
\??\c:\792j589.exec:\792j589.exe55⤵
-
\??\c:\278f0.exec:\278f0.exe56⤵
-
\??\c:\ku2ts4.exec:\ku2ts4.exe57⤵
-
\??\c:\4dns9.exec:\4dns9.exe58⤵
-
\??\c:\pl4q7f.exec:\pl4q7f.exe59⤵
-
\??\c:\49p1fb.exec:\49p1fb.exe60⤵
-
\??\c:\ul53s1.exec:\ul53s1.exe61⤵
-
\??\c:\6r1rv.exec:\6r1rv.exe62⤵
-
\??\c:\l6hul.exec:\l6hul.exe63⤵
-
\??\c:\2t162.exec:\2t162.exe64⤵
-
\??\c:\p2dv990.exec:\p2dv990.exe65⤵
-
\??\c:\0461p.exec:\0461p.exe66⤵
-
\??\c:\ws3ni2.exec:\ws3ni2.exe67⤵
-
\??\c:\l928v.exec:\l928v.exe68⤵
-
\??\c:\oh66s.exec:\oh66s.exe69⤵
-
\??\c:\706ad2.exec:\706ad2.exe70⤵
-
\??\c:\948miv3.exec:\948miv3.exe71⤵
-
\??\c:\93cfcd.exec:\93cfcd.exe72⤵
-
\??\c:\8u1ob.exec:\8u1ob.exe73⤵
-
\??\c:\xwix6.exec:\xwix6.exe74⤵
-
\??\c:\p2lhi4.exec:\p2lhi4.exe75⤵
-
\??\c:\674pvfe.exec:\674pvfe.exe76⤵
-
\??\c:\9as08xk.exec:\9as08xk.exe77⤵
-
\??\c:\4b48ts.exec:\4b48ts.exe78⤵
-
\??\c:\n0un08.exec:\n0un08.exe79⤵
-
\??\c:\b27n8d.exec:\b27n8d.exe80⤵
-
\??\c:\6eabhi.exec:\6eabhi.exe81⤵
-
\??\c:\504fdq4.exec:\504fdq4.exe82⤵
-
\??\c:\0lg82.exec:\0lg82.exe83⤵
-
\??\c:\ti6po.exec:\ti6po.exe84⤵
-
\??\c:\5d7b4.exec:\5d7b4.exe85⤵
-
\??\c:\ho1o8.exec:\ho1o8.exe86⤵
-
\??\c:\0avxn9m.exec:\0avxn9m.exe87⤵
-
\??\c:\2jqk3.exec:\2jqk3.exe88⤵
-
\??\c:\h81on5.exec:\h81on5.exe89⤵
-
\??\c:\88i7ov0.exec:\88i7ov0.exe90⤵
-
\??\c:\j474f7.exec:\j474f7.exe91⤵
-
\??\c:\b6d790.exec:\b6d790.exe92⤵
-
\??\c:\oo7w7uj.exec:\oo7w7uj.exe93⤵
-
\??\c:\3g28ix.exec:\3g28ix.exe94⤵
-
\??\c:\s707g.exec:\s707g.exe95⤵
-
\??\c:\8bepxee.exec:\8bepxee.exe96⤵
-
\??\c:\jhj104k.exec:\jhj104k.exe97⤵
-
\??\c:\75swn0.exec:\75swn0.exe98⤵
-
\??\c:\d9j57j.exec:\d9j57j.exe99⤵
-
\??\c:\80bgwq1.exec:\80bgwq1.exe100⤵
-
\??\c:\356dej.exec:\356dej.exe101⤵
-
\??\c:\37n791e.exec:\37n791e.exe102⤵
-
\??\c:\u0kb1.exec:\u0kb1.exe103⤵
-
\??\c:\85m9h1k.exec:\85m9h1k.exe104⤵
-
\??\c:\aqg3as.exec:\aqg3as.exe105⤵
-
\??\c:\okqv4.exec:\okqv4.exe106⤵
-
\??\c:\3h4i8.exec:\3h4i8.exe107⤵
-
\??\c:\o3noc78.exec:\o3noc78.exe108⤵
-
\??\c:\73itmuk.exec:\73itmuk.exe109⤵
-
\??\c:\5j33i.exec:\5j33i.exe110⤵
-
\??\c:\u6ie3k.exec:\u6ie3k.exe111⤵
-
\??\c:\62c1ga7.exec:\62c1ga7.exe112⤵
-
\??\c:\15v4b39.exec:\15v4b39.exe113⤵
-
\??\c:\xiki131.exec:\xiki131.exe114⤵
-
\??\c:\iioa7.exec:\iioa7.exe115⤵
-
\??\c:\7t95r.exec:\7t95r.exe116⤵
-
\??\c:\45wpmx.exec:\45wpmx.exe117⤵
-
\??\c:\u6u5c6e.exec:\u6u5c6e.exe118⤵
-
\??\c:\65a7qv3.exec:\65a7qv3.exe119⤵
-
\??\c:\x94xq16.exec:\x94xq16.exe120⤵
-
\??\c:\hhjitr3.exec:\hhjitr3.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-