Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
155s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
14/10/2023, 19:10
General
-
Target
NEAS.bb0055d5477af7440c5d593f047eb9d0.exe
-
Size
56KB
-
MD5
bb0055d5477af7440c5d593f047eb9d0
-
SHA1
bb9deaad6c6cdf1b0e04110686c3e0670d9c6cc0
-
SHA256
168c54552cfc3c4822cf57606d0b979e8302fcdfdc73ecc04494612a631d0e15
-
SHA512
76a2f6eed4140498fc66323015efabca31ad926cde3a59929c72afad1db611de54b2e3299ee7cad51e5e0ca6fa3fa0decb6dfef75a2ac822528785d217df643c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIlxAQ:ymb3NkkiQ3mdBjFI7z
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 35 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.bb0055d5477af7440c5d593f047eb9d0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.bb0055d5477af7440c5d593f047eb9d0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\n2e78w7.exec:\n2e78w7.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8n8l7.exec:\8n8l7.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\09821k.exec:\09821k.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gq18am.exec:\gq18am.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0k9bq7.exec:\0k9bq7.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g8m17u.exec:\g8m17u.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xpj7d3b.exec:\xpj7d3b.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o13aa50.exec:\o13aa50.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qkbxa1.exec:\qkbxa1.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g48fql.exec:\g48fql.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bm30j56.exec:\bm30j56.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wu19h.exec:\wu19h.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j3apk1.exec:\j3apk1.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\995ur.exec:\995ur.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m3av99.exec:\m3av99.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2eei9hi.exec:\2eei9hi.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tiq83g.exec:\tiq83g.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6if94q.exec:\6if94q.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j5hkr.exec:\j5hkr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kdo2u.exec:\kdo2u.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fq82n7.exec:\fq82n7.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7a462.exec:\7a462.exe23⤵
- Executes dropped EXE
-
\??\c:\17pgh.exec:\17pgh.exe24⤵
- Executes dropped EXE
-
\??\c:\hf1v2.exec:\hf1v2.exe25⤵
- Executes dropped EXE
-
\??\c:\3cbur7.exec:\3cbur7.exe26⤵
- Executes dropped EXE
-
\??\c:\3ma7li.exec:\3ma7li.exe27⤵
- Executes dropped EXE
-
\??\c:\w6m19.exec:\w6m19.exe28⤵
- Executes dropped EXE
-
\??\c:\640n0.exec:\640n0.exe29⤵
- Executes dropped EXE
-
\??\c:\7h2ccu.exec:\7h2ccu.exe30⤵
- Executes dropped EXE
-
\??\c:\k061c99.exec:\k061c99.exe31⤵
- Executes dropped EXE
-
\??\c:\b6cxi.exec:\b6cxi.exe32⤵
- Executes dropped EXE
-
\??\c:\4n7fu.exec:\4n7fu.exe33⤵
- Executes dropped EXE
-
\??\c:\e6u51j.exec:\e6u51j.exe34⤵
- Executes dropped EXE
-
\??\c:\hx68m.exec:\hx68m.exe35⤵
- Executes dropped EXE
-
\??\c:\53k5o.exec:\53k5o.exe36⤵
- Executes dropped EXE
-
\??\c:\vwpwu.exec:\vwpwu.exe37⤵
- Executes dropped EXE
-
\??\c:\544g051.exec:\544g051.exe38⤵
- Executes dropped EXE
-
\??\c:\10q871.exec:\10q871.exe39⤵
- Executes dropped EXE
-
\??\c:\k3or49.exec:\k3or49.exe40⤵
- Executes dropped EXE
-
\??\c:\0qm1g0q.exec:\0qm1g0q.exe41⤵
- Executes dropped EXE
-
\??\c:\01gn6nm.exec:\01gn6nm.exe42⤵
- Executes dropped EXE
-
\??\c:\us85asq.exec:\us85asq.exe43⤵
- Executes dropped EXE
-
\??\c:\87x9f39.exec:\87x9f39.exe44⤵
- Executes dropped EXE
-
\??\c:\cd1eh6.exec:\cd1eh6.exe45⤵
- Executes dropped EXE
-
\??\c:\058p4d.exec:\058p4d.exe46⤵
- Executes dropped EXE
-
\??\c:\17l3w.exec:\17l3w.exe47⤵
- Executes dropped EXE
-
\??\c:\jbos6t7.exec:\jbos6t7.exe48⤵
- Executes dropped EXE
-
\??\c:\hhtb4.exec:\hhtb4.exe49⤵
- Executes dropped EXE
-
\??\c:\m6473.exec:\m6473.exe50⤵
- Executes dropped EXE
-
\??\c:\wjkpq.exec:\wjkpq.exe51⤵
- Executes dropped EXE
-
\??\c:\gco3d40.exec:\gco3d40.exe52⤵
- Executes dropped EXE
-
\??\c:\kbm05.exec:\kbm05.exe53⤵
- Executes dropped EXE
-
\??\c:\rh21fn5.exec:\rh21fn5.exe54⤵
- Executes dropped EXE
-
\??\c:\2vp8h3.exec:\2vp8h3.exe55⤵
- Executes dropped EXE
-
\??\c:\g3cra6k.exec:\g3cra6k.exe56⤵
- Executes dropped EXE
-
\??\c:\1jlfq.exec:\1jlfq.exe57⤵
- Executes dropped EXE
-
\??\c:\rar5q.exec:\rar5q.exe58⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\uoi5g.exec:\uoi5g.exe1⤵
- Executes dropped EXE
-
\??\c:\vp2o6c.exec:\vp2o6c.exe2⤵
- Executes dropped EXE
-
\??\c:\93r6273.exec:\93r6273.exe3⤵
- Executes dropped EXE
-
\??\c:\98379e.exec:\98379e.exe4⤵
- Executes dropped EXE
-
\??\c:\6s1gg.exec:\6s1gg.exe5⤵
- Executes dropped EXE
-
\??\c:\30wt1sq.exec:\30wt1sq.exe6⤵
- Executes dropped EXE
-
\??\c:\n93pxvg.exec:\n93pxvg.exe7⤵
- Executes dropped EXE
-
\??\c:\wdq3t.exec:\wdq3t.exe8⤵
-
\??\c:\kjk6h.exec:\kjk6h.exe9⤵
-
\??\c:\r180f96.exec:\r180f96.exe10⤵
-
\??\c:\uw73u.exec:\uw73u.exe11⤵
-
\??\c:\p0ce36.exec:\p0ce36.exe12⤵
-
\??\c:\24q2v.exec:\24q2v.exe13⤵
-
\??\c:\c17ev4.exec:\c17ev4.exe14⤵
-
\??\c:\sgj555.exec:\sgj555.exe15⤵
-
\??\c:\ih4dsmj.exec:\ih4dsmj.exe16⤵
-
\??\c:\1o3hu5.exec:\1o3hu5.exe17⤵
-
\??\c:\ih060.exec:\ih060.exe18⤵
-
\??\c:\6i95vd1.exec:\6i95vd1.exe19⤵
-
\??\c:\68u19.exec:\68u19.exe20⤵
-
\??\c:\fl9ud.exec:\fl9ud.exe21⤵
-
\??\c:\8lrpc.exec:\8lrpc.exe22⤵
-
\??\c:\k46954.exec:\k46954.exe23⤵
-
\??\c:\6365u.exec:\6365u.exe24⤵
-
\??\c:\q95t63.exec:\q95t63.exe25⤵
-
\??\c:\047cve.exec:\047cve.exe26⤵
-
\??\c:\4jp43c9.exec:\4jp43c9.exe27⤵
-
\??\c:\m64juxj.exec:\m64juxj.exe28⤵
-
\??\c:\v8da69.exec:\v8da69.exe29⤵
-
\??\c:\8vu17f7.exec:\8vu17f7.exe30⤵
-
\??\c:\bc87rf6.exec:\bc87rf6.exe31⤵
-
\??\c:\p39o0.exec:\p39o0.exe32⤵
-
\??\c:\l6w7h.exec:\l6w7h.exe33⤵
-
\??\c:\79fkp.exec:\79fkp.exe34⤵
-
\??\c:\398195.exec:\398195.exe35⤵
-
\??\c:\b5sdg.exec:\b5sdg.exe36⤵
-
\??\c:\53gg06.exec:\53gg06.exe37⤵
-
\??\c:\18u38dm.exec:\18u38dm.exe38⤵
-
\??\c:\f6935pg.exec:\f6935pg.exe39⤵
-
\??\c:\d4wkcw4.exec:\d4wkcw4.exe40⤵
-
\??\c:\t31de3.exec:\t31de3.exe41⤵
-
\??\c:\4q9nw08.exec:\4q9nw08.exe42⤵
-
\??\c:\40w5igm.exec:\40w5igm.exe43⤵
-
\??\c:\idhui.exec:\idhui.exe44⤵
-
\??\c:\5s8k3.exec:\5s8k3.exe45⤵
-
\??\c:\374n89.exec:\374n89.exe46⤵
-
\??\c:\qg6gto.exec:\qg6gto.exe47⤵
-
\??\c:\hbe16.exec:\hbe16.exe48⤵
-
\??\c:\v55apkc.exec:\v55apkc.exe49⤵
-
\??\c:\9m99j.exec:\9m99j.exe50⤵
-
\??\c:\s509xl.exec:\s509xl.exe51⤵
-
\??\c:\xowni.exec:\xowni.exe52⤵
-
\??\c:\18n7c.exec:\18n7c.exe53⤵
-
\??\c:\n29xo.exec:\n29xo.exe54⤵
-
\??\c:\915a1.exec:\915a1.exe55⤵
-
\??\c:\98hc3r.exec:\98hc3r.exe56⤵
-
\??\c:\bfi3q95.exec:\bfi3q95.exe57⤵
-
\??\c:\vgbwc.exec:\vgbwc.exe58⤵
-
\??\c:\2g5wqb1.exec:\2g5wqb1.exe59⤵
-
\??\c:\c460ru.exec:\c460ru.exe60⤵
-
\??\c:\19g2q.exec:\19g2q.exe61⤵
-
\??\c:\4l7j3.exec:\4l7j3.exe62⤵
-
\??\c:\7736w.exec:\7736w.exe63⤵
-
\??\c:\5xsj7kr.exec:\5xsj7kr.exe64⤵
-
\??\c:\c0txb.exec:\c0txb.exe65⤵
-
\??\c:\f315e.exec:\f315e.exe66⤵
-
\??\c:\wl109.exec:\wl109.exe67⤵
-
\??\c:\7379h5.exec:\7379h5.exe68⤵
-
\??\c:\1124fe.exec:\1124fe.exe69⤵
-
\??\c:\u4kb6.exec:\u4kb6.exe70⤵
-
\??\c:\nkl6o.exec:\nkl6o.exe71⤵
-
\??\c:\t9xrf7.exec:\t9xrf7.exe72⤵
-
\??\c:\7621rm5.exec:\7621rm5.exe73⤵
-
\??\c:\v039c.exec:\v039c.exe74⤵
-
\??\c:\x8eu30.exec:\x8eu30.exe75⤵
-
\??\c:\536vmfr.exec:\536vmfr.exe76⤵
-
\??\c:\dgq4iec.exec:\dgq4iec.exe77⤵
-
\??\c:\1290m.exec:\1290m.exe78⤵
-
\??\c:\kt4s4.exec:\kt4s4.exe79⤵
-
\??\c:\v377j.exec:\v377j.exe80⤵
-
\??\c:\l181a.exec:\l181a.exe81⤵
-
\??\c:\813s13w.exec:\813s13w.exe82⤵
-
\??\c:\2fd2x.exec:\2fd2x.exe83⤵
-
\??\c:\ajw3807.exec:\ajw3807.exe84⤵
-
\??\c:\bul301.exec:\bul301.exe85⤵
-
\??\c:\0x354.exec:\0x354.exe86⤵
-
\??\c:\45omm.exec:\45omm.exe87⤵
-
\??\c:\774fc08.exec:\774fc08.exe88⤵
-
\??\c:\x88o45s.exec:\x88o45s.exe89⤵
-
\??\c:\945077.exec:\945077.exe90⤵
-
\??\c:\13o936.exec:\13o936.exe91⤵
-
\??\c:\7ecx0a3.exec:\7ecx0a3.exe92⤵
-
\??\c:\69v5h.exec:\69v5h.exe93⤵
-
\??\c:\2oh914.exec:\2oh914.exe94⤵
-
\??\c:\2k7lu.exec:\2k7lu.exe95⤵
-
\??\c:\1g6t9g.exec:\1g6t9g.exe96⤵
-
\??\c:\16471xg.exec:\16471xg.exe97⤵
-
\??\c:\kmvk9u4.exec:\kmvk9u4.exe98⤵
-
\??\c:\ukpjv6.exec:\ukpjv6.exe99⤵
-
\??\c:\891ln.exec:\891ln.exe100⤵
-
\??\c:\t5aa256.exec:\t5aa256.exe101⤵
-
\??\c:\lan92r.exec:\lan92r.exe102⤵
-
\??\c:\csk2n.exec:\csk2n.exe103⤵
-
\??\c:\39un2d.exec:\39un2d.exe104⤵
-
\??\c:\0rb76.exec:\0rb76.exe105⤵
-
\??\c:\xv91ha.exec:\xv91ha.exe106⤵
-
\??\c:\92c6756.exec:\92c6756.exe107⤵
-
\??\c:\9v3f6ev.exec:\9v3f6ev.exe108⤵
-
\??\c:\931boa.exec:\931boa.exe109⤵
-
\??\c:\sjje3.exec:\sjje3.exe110⤵
-
\??\c:\7uasbk.exec:\7uasbk.exe111⤵
-
\??\c:\7sj862.exec:\7sj862.exe112⤵
-
\??\c:\7451n5.exec:\7451n5.exe113⤵
-
\??\c:\9m6lo.exec:\9m6lo.exe114⤵
-
\??\c:\ep6sq.exec:\ep6sq.exe115⤵
-
\??\c:\paur98i.exec:\paur98i.exe116⤵
-
\??\c:\p92se5h.exec:\p92se5h.exe117⤵
-
\??\c:\5hhvvu.exec:\5hhvvu.exe118⤵
-
\??\c:\49ud91.exec:\49ud91.exe119⤵
-
\??\c:\14882xl.exec:\14882xl.exe120⤵
-
\??\c:\9966ntr.exec:\9966ntr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-