Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
16/10/2023, 12:47
General
-
Target
NEAS.064cd27053535b9f6862f7bf89383de0_JC.exe
-
Size
101KB
-
MD5
064cd27053535b9f6862f7bf89383de0
-
SHA1
518e70e9b02497390c64d5d1b3805ec9d13d1100
-
SHA256
859ea7cf3cde970c32c2b6d3dccc7753cbafd9cf8a7bb29eff624259db4b31fc
-
SHA512
e880c3b66b6d021d0bd82f13884e0d1b26f77d95ddc705fdd7fd00e562535b16105f898a5e846c26352c957dd95da9eb95c4cc230c7fac7d3b275d0cef71b1da
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7NguQG1nug55eJ/dLLm:n3C9BRo+ZgjeBdLLm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 62 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.064cd27053535b9f6862f7bf89383de0_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.064cd27053535b9f6862f7bf89383de0_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\2rl2k.exec:\2rl2k.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lu5qw.exec:\lu5qw.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\90r39c5.exec:\90r39c5.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k3937a3.exec:\k3937a3.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\89c1r.exec:\89c1r.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9i59ub.exec:\9i59ub.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1b35qd.exec:\1b35qd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mu2qd.exec:\mu2qd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xd2vo.exec:\xd2vo.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1p3sds.exec:\1p3sds.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f5539u1.exec:\f5539u1.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e2o1c5.exec:\e2o1c5.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q9802.exec:\q9802.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\229aeex.exec:\229aeex.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k917p9s.exec:\k917p9s.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e9sp2.exec:\e9sp2.exe17⤵
- Executes dropped EXE
-
\??\c:\8k55me.exec:\8k55me.exe18⤵
- Executes dropped EXE
-
\??\c:\ce17o.exec:\ce17o.exe19⤵
- Executes dropped EXE
-
\??\c:\5o9g555.exec:\5o9g555.exe20⤵
- Executes dropped EXE
-
\??\c:\o0f9t.exec:\o0f9t.exe21⤵
- Executes dropped EXE
-
\??\c:\jgmk18g.exec:\jgmk18g.exe22⤵
- Executes dropped EXE
-
\??\c:\8qi4nvq.exec:\8qi4nvq.exe23⤵
- Executes dropped EXE
-
\??\c:\qox437.exec:\qox437.exe24⤵
- Executes dropped EXE
-
\??\c:\ns10id.exec:\ns10id.exe25⤵
- Executes dropped EXE
-
\??\c:\58sp72.exec:\58sp72.exe26⤵
- Executes dropped EXE
-
\??\c:\q2395e.exec:\q2395e.exe27⤵
- Executes dropped EXE
-
\??\c:\og58mih.exec:\og58mih.exe28⤵
- Executes dropped EXE
-
\??\c:\m6b7c7.exec:\m6b7c7.exe29⤵
- Executes dropped EXE
-
\??\c:\jba2w.exec:\jba2w.exe30⤵
- Executes dropped EXE
-
\??\c:\3f10ckl.exec:\3f10ckl.exe31⤵
- Executes dropped EXE
-
\??\c:\3g8s1.exec:\3g8s1.exe32⤵
- Executes dropped EXE
-
\??\c:\652m5.exec:\652m5.exe33⤵
- Executes dropped EXE
-
\??\c:\hj16h5g.exec:\hj16h5g.exe34⤵
- Executes dropped EXE
-
\??\c:\ae5wa08.exec:\ae5wa08.exe35⤵
- Executes dropped EXE
-
\??\c:\tg673d1.exec:\tg673d1.exe36⤵
- Executes dropped EXE
-
\??\c:\7311h.exec:\7311h.exe37⤵
- Executes dropped EXE
-
\??\c:\786298u.exec:\786298u.exe38⤵
- Executes dropped EXE
-
\??\c:\91sjm2.exec:\91sjm2.exe39⤵
- Executes dropped EXE
-
\??\c:\21ge32i.exec:\21ge32i.exe40⤵
- Executes dropped EXE
-
\??\c:\q5kvdk.exec:\q5kvdk.exe41⤵
- Executes dropped EXE
-
\??\c:\03a3kv5.exec:\03a3kv5.exe42⤵
- Executes dropped EXE
-
\??\c:\263bq9.exec:\263bq9.exe43⤵
- Executes dropped EXE
-
\??\c:\eiaj8iv.exec:\eiaj8iv.exe44⤵
- Executes dropped EXE
-
\??\c:\17ic3.exec:\17ic3.exe45⤵
- Executes dropped EXE
-
\??\c:\imgr6.exec:\imgr6.exe46⤵
- Executes dropped EXE
-
\??\c:\m4q30.exec:\m4q30.exe47⤵
- Executes dropped EXE
-
\??\c:\71gj54.exec:\71gj54.exe48⤵
- Executes dropped EXE
-
\??\c:\g3rkn.exec:\g3rkn.exe49⤵
- Executes dropped EXE
-
\??\c:\27qd6m5.exec:\27qd6m5.exe50⤵
- Executes dropped EXE
-
\??\c:\vix6a.exec:\vix6a.exe51⤵
- Executes dropped EXE
-
\??\c:\w0x7nmf.exec:\w0x7nmf.exe52⤵
- Executes dropped EXE
-
\??\c:\8d1jt.exec:\8d1jt.exe53⤵
- Executes dropped EXE
-
\??\c:\8u61n8.exec:\8u61n8.exe54⤵
- Executes dropped EXE
-
\??\c:\0b0x2s.exec:\0b0x2s.exe55⤵
- Executes dropped EXE
-
\??\c:\51q87u9.exec:\51q87u9.exe56⤵
- Executes dropped EXE
-
\??\c:\0mu7p17.exec:\0mu7p17.exe57⤵
- Executes dropped EXE
-
\??\c:\4u1up1.exec:\4u1up1.exe58⤵
- Executes dropped EXE
-
\??\c:\7dx4n.exec:\7dx4n.exe59⤵
- Executes dropped EXE
-
\??\c:\uh8r5.exec:\uh8r5.exe60⤵
- Executes dropped EXE
-
\??\c:\47mi0g1.exec:\47mi0g1.exe61⤵
- Executes dropped EXE
-
\??\c:\7w7kq5.exec:\7w7kq5.exe62⤵
- Executes dropped EXE
-
\??\c:\u176k9.exec:\u176k9.exe63⤵
- Executes dropped EXE
-
\??\c:\kak53.exec:\kak53.exe64⤵
- Executes dropped EXE
-
\??\c:\3w33u7.exec:\3w33u7.exe65⤵
- Executes dropped EXE
-
\??\c:\hs16u.exec:\hs16u.exe66⤵
-
\??\c:\83w72a.exec:\83w72a.exe67⤵
-
\??\c:\wwp19e5.exec:\wwp19e5.exe68⤵
-
\??\c:\ra7k17f.exec:\ra7k17f.exe69⤵
-
\??\c:\09pvg.exec:\09pvg.exe70⤵
-
\??\c:\39ov0q.exec:\39ov0q.exe71⤵
-
\??\c:\ca7e59.exec:\ca7e59.exe72⤵
-
\??\c:\682d8.exec:\682d8.exe73⤵
-
\??\c:\xc5s13.exec:\xc5s13.exe74⤵
-
\??\c:\08w3g.exec:\08w3g.exe75⤵
-
\??\c:\r2q26v.exec:\r2q26v.exe76⤵
-
\??\c:\p915gb1.exec:\p915gb1.exe77⤵
-
\??\c:\79mt4s7.exec:\79mt4s7.exe78⤵
-
\??\c:\p88bn2.exec:\p88bn2.exe79⤵
-
\??\c:\fu9at36.exec:\fu9at36.exe80⤵
-
\??\c:\99eps5u.exec:\99eps5u.exe81⤵
-
\??\c:\ce7g1ep.exec:\ce7g1ep.exe82⤵
-
\??\c:\ac5d2c.exec:\ac5d2c.exe83⤵
-
\??\c:\s7857k.exec:\s7857k.exe84⤵
-
\??\c:\eem9m.exec:\eem9m.exe85⤵
-
\??\c:\wk16x4.exec:\wk16x4.exe86⤵
-
\??\c:\99733s4.exec:\99733s4.exe87⤵
-
\??\c:\vn7o5i.exec:\vn7o5i.exe88⤵
-
\??\c:\d8wgm2.exec:\d8wgm2.exe89⤵
-
\??\c:\ps1k9sj.exec:\ps1k9sj.exe90⤵
-
\??\c:\8em46x.exec:\8em46x.exe91⤵
-
\??\c:\jcd6g3c.exec:\jcd6g3c.exe92⤵
-
\??\c:\or17p5.exec:\or17p5.exe93⤵
-
\??\c:\96p5kq.exec:\96p5kq.exe94⤵
-
\??\c:\w54q190.exec:\w54q190.exe95⤵
-
\??\c:\xkk7a1.exec:\xkk7a1.exe96⤵
-
\??\c:\876ir7.exec:\876ir7.exe97⤵
-
\??\c:\fa71r3.exec:\fa71r3.exe98⤵
-
\??\c:\fv3110w.exec:\fv3110w.exe99⤵
-
\??\c:\33mm3q.exec:\33mm3q.exe100⤵
-
\??\c:\fukq35.exec:\fukq35.exe101⤵
-
\??\c:\q859av.exec:\q859av.exe102⤵
-
\??\c:\ln5q76.exec:\ln5q76.exe103⤵
-
\??\c:\0g534c.exec:\0g534c.exe104⤵
-
\??\c:\930g1.exec:\930g1.exe105⤵
-
\??\c:\7p119s.exec:\7p119s.exe106⤵
-
\??\c:\99874c3.exec:\99874c3.exe107⤵
-
\??\c:\09h71.exec:\09h71.exe108⤵
-
\??\c:\b9co5.exec:\b9co5.exe109⤵
-
\??\c:\i1qrdm.exec:\i1qrdm.exe110⤵
-
\??\c:\lon52q.exec:\lon52q.exe111⤵
-
\??\c:\0kt7is.exec:\0kt7is.exe112⤵
-
\??\c:\51iq93.exec:\51iq93.exe113⤵
-
\??\c:\p053776.exec:\p053776.exe114⤵
-
\??\c:\9b61s1.exec:\9b61s1.exe115⤵
-
\??\c:\q2swe.exec:\q2swe.exe116⤵
-
\??\c:\93461.exec:\93461.exe117⤵
-
\??\c:\vs18qj7.exec:\vs18qj7.exe118⤵
-
\??\c:\278k7q1.exec:\278k7q1.exe119⤵
-
\??\c:\k6g1u.exec:\k6g1u.exe120⤵
-
\??\c:\21s10d5.exec:\21s10d5.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-