Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
160s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
16/10/2023, 13:30 UTC
General
-
Target
NEAS.0a328661d22cf6cd8a37f18341842810_JC.exe
-
Size
198KB
-
MD5
0a328661d22cf6cd8a37f18341842810
-
SHA1
b8a476b6066e604a7ee210402baaf64158995808
-
SHA256
de2f6298b43049443e423a213be65e0562ae086f1bf2e85631518e0c9637035a
-
SHA512
8b3a56eb0933730528d6785756e6ff9d03ca9b79b3c6f2fe025c785390460884a85147456d430792e1a9f0c1e37a4daefff9fe70838d69d729c7f2c43b8b9c21
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqgT4+C2HVMsuox3I:PhOm2sI93UufdC67ciJTU2HVjy
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.0a328661d22cf6cd8a37f18341842810_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.0a328661d22cf6cd8a37f18341842810_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\g0o2op.exec:\g0o2op.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wmnv7m.exec:\wmnv7m.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4na0kcm.exec:\4na0kcm.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\08199.exec:\08199.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\10203.exec:\10203.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\201os9a.exec:\201os9a.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v01l23.exec:\v01l23.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\77973.exec:\77973.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
\??\c:\rai0b.exec:\rai0b.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\45977l.exec:\45977l.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\13o93.exec:\13o93.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\cai92c.exec:\cai92c.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v1bc5od.exec:\v1bc5od.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u76p62.exec:\u76p62.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\38c4ig.exec:\38c4ig.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0f8cs7a.exec:\0f8cs7a.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6loqj6.exec:\6loqj6.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\334j374.exec:\334j374.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xhh04j9.exec:\xhh04j9.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ndu87.exec:\5ndu87.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\62ed03.exec:\62ed03.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\985f64.exec:\985f64.exe14⤵
- Executes dropped EXE
-
\??\c:\h6asav.exec:\h6asav.exe15⤵
- Executes dropped EXE
-
\??\c:\3fd8w.exec:\3fd8w.exe16⤵
- Executes dropped EXE
-
\??\c:\78dsq1.exec:\78dsq1.exe17⤵
- Executes dropped EXE
-
\??\c:\hc5xft6.exec:\hc5xft6.exe18⤵
- Executes dropped EXE
-
\??\c:\5v7cv4.exec:\5v7cv4.exe19⤵
- Executes dropped EXE
-
\??\c:\hcxdu.exec:\hcxdu.exe20⤵
- Executes dropped EXE
-
\??\c:\88tqhvs.exec:\88tqhvs.exe21⤵
- Executes dropped EXE
-
\??\c:\m7i52k.exec:\m7i52k.exe22⤵
- Executes dropped EXE
-
\??\c:\2i16e.exec:\2i16e.exe23⤵
- Executes dropped EXE
-
\??\c:\0701c9.exec:\0701c9.exe24⤵
- Executes dropped EXE
-
\??\c:\u24h5.exec:\u24h5.exe25⤵
- Executes dropped EXE
-
\??\c:\476lv7.exec:\476lv7.exe26⤵
- Executes dropped EXE
-
\??\c:\gpacbp.exec:\gpacbp.exe27⤵
- Executes dropped EXE
-
\??\c:\9ksq8i.exec:\9ksq8i.exe28⤵
- Executes dropped EXE
-
\??\c:\s55v6i.exec:\s55v6i.exe29⤵
- Executes dropped EXE
-
\??\c:\c332f.exec:\c332f.exe30⤵
- Executes dropped EXE
-
\??\c:\8vdfu0i.exec:\8vdfu0i.exe31⤵
- Executes dropped EXE
-
\??\c:\07q55tx.exec:\07q55tx.exe32⤵
- Executes dropped EXE
-
\??\c:\1f133.exec:\1f133.exe33⤵
- Executes dropped EXE
-
\??\c:\3kc4v.exec:\3kc4v.exe34⤵
- Executes dropped EXE
-
\??\c:\6hlj2c6.exec:\6hlj2c6.exe35⤵
- Executes dropped EXE
-
\??\c:\0f9q18.exec:\0f9q18.exe36⤵
- Executes dropped EXE
-
\??\c:\416pmx.exec:\416pmx.exe37⤵
- Executes dropped EXE
-
\??\c:\m9ub4.exec:\m9ub4.exe38⤵
- Executes dropped EXE
-
\??\c:\qwrc1qv.exec:\qwrc1qv.exe39⤵
- Executes dropped EXE
-
\??\c:\k1r648.exec:\k1r648.exe40⤵
- Executes dropped EXE
-
\??\c:\c8q10m.exec:\c8q10m.exe41⤵
- Executes dropped EXE
-
\??\c:\615ju.exec:\615ju.exe42⤵
- Executes dropped EXE
-
\??\c:\h0geq.exec:\h0geq.exe43⤵
- Executes dropped EXE
-
\??\c:\3h8a5sp.exec:\3h8a5sp.exe44⤵
- Executes dropped EXE
-
\??\c:\4a6mw.exec:\4a6mw.exe45⤵
- Executes dropped EXE
-
\??\c:\0u3rl.exec:\0u3rl.exe46⤵
- Executes dropped EXE
-
\??\c:\553drh.exec:\553drh.exe47⤵
- Executes dropped EXE
-
\??\c:\3a88w2g.exec:\3a88w2g.exe48⤵
- Executes dropped EXE
-
\??\c:\e9297.exec:\e9297.exe49⤵
- Executes dropped EXE
-
\??\c:\6sxm5v8.exec:\6sxm5v8.exe50⤵
- Executes dropped EXE
-
\??\c:\a05ga.exec:\a05ga.exe51⤵
- Executes dropped EXE
-
\??\c:\0e3q9.exec:\0e3q9.exe52⤵
- Executes dropped EXE
-
\??\c:\gexq4.exec:\gexq4.exe53⤵
- Executes dropped EXE
-
\??\c:\b9200b.exec:\b9200b.exe54⤵
- Executes dropped EXE
-
\??\c:\5j0cj85.exec:\5j0cj85.exe55⤵
- Executes dropped EXE
-
\??\c:\swqsi9.exec:\swqsi9.exe56⤵
- Executes dropped EXE
-
\??\c:\3p921o3.exec:\3p921o3.exe57⤵
-
\??\c:\65m9q.exec:\65m9q.exe58⤵
-
\??\c:\h2p4ik.exec:\h2p4ik.exe59⤵
-
\??\c:\295x52p.exec:\295x52p.exe60⤵
-
\??\c:\r3gp7.exec:\r3gp7.exe61⤵
-
\??\c:\9p7k70.exec:\9p7k70.exe62⤵
-
\??\c:\9540369.exec:\9540369.exe63⤵
-
\??\c:\3e92r.exec:\3e92r.exe64⤵
-
\??\c:\w4k4v6v.exec:\w4k4v6v.exe65⤵
-
\??\c:\okv2c.exec:\okv2c.exe66⤵
-
\??\c:\12062.exec:\12062.exe67⤵
-
\??\c:\59ttd.exec:\59ttd.exe68⤵
-
\??\c:\tvlhp.exec:\tvlhp.exe69⤵
-
\??\c:\1ric49.exec:\1ric49.exe70⤵
-
\??\c:\6vb5u0.exec:\6vb5u0.exe71⤵
-
\??\c:\319t1v9.exec:\319t1v9.exe72⤵
-
\??\c:\160g80f.exec:\160g80f.exe73⤵
-
\??\c:\71s1qd0.exec:\71s1qd0.exe74⤵
-
\??\c:\e9657dj.exec:\e9657dj.exe75⤵
-
\??\c:\7vmp3f.exec:\7vmp3f.exe76⤵
-
\??\c:\ac6rx.exec:\ac6rx.exe77⤵
-
\??\c:\a47k371.exec:\a47k371.exe78⤵
-
\??\c:\hem80.exec:\hem80.exe79⤵
-
\??\c:\08769.exec:\08769.exe80⤵
-
\??\c:\0dn102.exec:\0dn102.exe81⤵
-
\??\c:\a9lfl6.exec:\a9lfl6.exe82⤵
-
\??\c:\350v1h.exec:\350v1h.exe83⤵
-
\??\c:\3p0j37.exec:\3p0j37.exe84⤵
-
\??\c:\h8q4657.exec:\h8q4657.exe85⤵
-
\??\c:\5jcw6.exec:\5jcw6.exe86⤵
-
\??\c:\k3vk4.exec:\k3vk4.exe87⤵
-
\??\c:\274894.exec:\274894.exe88⤵
-
\??\c:\0dx57.exec:\0dx57.exe89⤵
-
\??\c:\6f7q156.exec:\6f7q156.exe90⤵
-
\??\c:\wa50p2g.exec:\wa50p2g.exe91⤵
-
\??\c:\6lr6mp4.exec:\6lr6mp4.exe92⤵
-
\??\c:\458psr.exec:\458psr.exe93⤵
-
\??\c:\uj19tn.exec:\uj19tn.exe94⤵
-
\??\c:\125100.exec:\125100.exe95⤵
-
\??\c:\2oa1gn6.exec:\2oa1gn6.exe96⤵
-
\??\c:\37m1ib.exec:\37m1ib.exe97⤵
-
\??\c:\ekd5q.exec:\ekd5q.exe98⤵
-
\??\c:\69hol20.exec:\69hol20.exe99⤵
-
\??\c:\631g731.exec:\631g731.exe100⤵
-
\??\c:\ti81hpe.exec:\ti81hpe.exe101⤵
-
\??\c:\b89mdt8.exec:\b89mdt8.exe102⤵
-
\??\c:\5gno5l3.exec:\5gno5l3.exe103⤵
-
\??\c:\ithw20.exec:\ithw20.exe104⤵
-
\??\c:\073pp.exec:\073pp.exe105⤵
-
\??\c:\pbi6xvu.exec:\pbi6xvu.exe106⤵
-
\??\c:\iq6v1k7.exec:\iq6v1k7.exe107⤵
-
\??\c:\xg989.exec:\xg989.exe108⤵
-
\??\c:\x86885.exec:\x86885.exe109⤵
-
\??\c:\4o80rg.exec:\4o80rg.exe110⤵
-
\??\c:\8050d.exec:\8050d.exe111⤵
-
\??\c:\2ht605m.exec:\2ht605m.exe112⤵
-
\??\c:\r45s3m6.exec:\r45s3m6.exe113⤵
-
\??\c:\6du42.exec:\6du42.exe114⤵
-
\??\c:\j7v9j.exec:\j7v9j.exe115⤵
-
\??\c:\4956t9.exec:\4956t9.exe116⤵
-
\??\c:\w8xmmuh.exec:\w8xmmuh.exe117⤵
-
\??\c:\e2091.exec:\e2091.exe118⤵
-
\??\c:\dh56m.exec:\dh56m.exe119⤵
-
\??\c:\42m24.exec:\42m24.exe120⤵
-
\??\c:\tb9c7j.exec:\tb9c7j.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-