Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
153s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
16/10/2023, 18:32
General
-
Target
NEAS.aae33400556c1f43f617036f1bf83300.exe
-
Size
138KB
-
MD5
aae33400556c1f43f617036f1bf83300
-
SHA1
73f59ea973f56030d38548d9c946706ec5ad0042
-
SHA256
7acfdd8db2bf6f775408fd96d06babbb8d2cec670c44b72d399506f36cd8f548
-
SHA512
70d358f1335380fbedc5af36c00fd492453c1c60b6918d45c287bbd9a6d6d2f42013ae832d8dad152f50e8e8ca5de7b04a66fb2242d674af407f1de657f29310
-
SSDEEP
3072:EhOmTsF93UYfwC6GIoutcEDjmDH6lPqZD2N/67ZWRZWZ1AgkniEz:Ecm4FmowdHoScQmL6l6O/8WOWiEz
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.aae33400556c1f43f617036f1bf83300.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.aae33400556c1f43f617036f1bf83300.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bwqsewg.exec:\bwqsewg.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vp58v14.exec:\vp58v14.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pw2ks2.exec:\3pw2ks2.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wx6w7wh.exec:\wx6w7wh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\697h5.exec:\697h5.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3o56a.exec:\3o56a.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6ov5a.exec:\6ov5a.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ook06v6.exec:\ook06v6.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\eqt41w9.exec:\eqt41w9.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a6mw77.exec:\a6mw77.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fwcmm.exec:\fwcmm.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\95715.exec:\95715.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rf0e7.exec:\rf0e7.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xhqio.exec:\xhqio.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\894h50f.exec:\894h50f.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bxou1.exec:\bxou1.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8ul3h91.exec:\8ul3h91.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6677ik.exec:\6677ik.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\eo9iil3.exec:\eo9iil3.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bmc3u39.exec:\bmc3u39.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbaul60.exec:\nbaul60.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\72s54b.exec:\72s54b.exe23⤵
- Executes dropped EXE
-
\??\c:\59377w.exec:\59377w.exe24⤵
- Executes dropped EXE
-
\??\c:\4st6v.exec:\4st6v.exe25⤵
- Executes dropped EXE
-
\??\c:\f38x504.exec:\f38x504.exe26⤵
- Executes dropped EXE
-
\??\c:\kgt7t.exec:\kgt7t.exe27⤵
- Executes dropped EXE
-
\??\c:\cc74e.exec:\cc74e.exe28⤵
- Executes dropped EXE
-
\??\c:\ec3qlk1.exec:\ec3qlk1.exe29⤵
- Executes dropped EXE
-
\??\c:\o5cix4.exec:\o5cix4.exe30⤵
- Executes dropped EXE
-
\??\c:\70cb2.exec:\70cb2.exe31⤵
- Executes dropped EXE
-
\??\c:\aoj7sg.exec:\aoj7sg.exe32⤵
- Executes dropped EXE
-
\??\c:\o56157.exec:\o56157.exe33⤵
- Executes dropped EXE
-
\??\c:\33795.exec:\33795.exe34⤵
-
\??\c:\48890rq.exec:\48890rq.exe35⤵
- Executes dropped EXE
-
\??\c:\b1371e.exec:\b1371e.exe36⤵
- Executes dropped EXE
-
\??\c:\sh9wu.exec:\sh9wu.exe37⤵
- Executes dropped EXE
-
\??\c:\2u55ix.exec:\2u55ix.exe38⤵
- Executes dropped EXE
-
\??\c:\eios2.exec:\eios2.exe39⤵
- Executes dropped EXE
-
\??\c:\23i5q5.exec:\23i5q5.exe40⤵
- Executes dropped EXE
-
\??\c:\9t1s9w1.exec:\9t1s9w1.exe41⤵
- Executes dropped EXE
-
\??\c:\h2xi76u.exec:\h2xi76u.exe42⤵
- Executes dropped EXE
-
\??\c:\f4m0th.exec:\f4m0th.exe43⤵
- Executes dropped EXE
-
\??\c:\3um4p.exec:\3um4p.exe44⤵
- Executes dropped EXE
-
\??\c:\q0i9at.exec:\q0i9at.exe45⤵
- Executes dropped EXE
-
\??\c:\xsmu1n.exec:\xsmu1n.exe46⤵
- Executes dropped EXE
-
\??\c:\gb0x1b.exec:\gb0x1b.exe47⤵
- Executes dropped EXE
-
\??\c:\wd2x9.exec:\wd2x9.exe48⤵
- Executes dropped EXE
-
\??\c:\qcj3rf2.exec:\qcj3rf2.exe49⤵
- Executes dropped EXE
-
\??\c:\93ol698.exec:\93ol698.exe50⤵
- Executes dropped EXE
-
\??\c:\8f804f2.exec:\8f804f2.exe51⤵
- Executes dropped EXE
-
\??\c:\9ji424.exec:\9ji424.exe52⤵
- Executes dropped EXE
-
\??\c:\oj17h.exec:\oj17h.exe53⤵
- Executes dropped EXE
-
\??\c:\7ik7q9j.exec:\7ik7q9j.exe54⤵
- Executes dropped EXE
-
\??\c:\p898h3.exec:\p898h3.exe55⤵
- Executes dropped EXE
-
\??\c:\s23csk4.exec:\s23csk4.exe56⤵
- Executes dropped EXE
-
\??\c:\116fo02.exec:\116fo02.exe57⤵
- Executes dropped EXE
-
\??\c:\q20r86.exec:\q20r86.exe58⤵
- Executes dropped EXE
-
\??\c:\9d5t9o.exec:\9d5t9o.exe59⤵
- Executes dropped EXE
-
\??\c:\7574h6.exec:\7574h6.exe60⤵
- Executes dropped EXE
-
\??\c:\8j1fo96.exec:\8j1fo96.exe61⤵
- Executes dropped EXE
-
\??\c:\35e9855.exec:\35e9855.exe62⤵
- Executes dropped EXE
-
\??\c:\ap9enui.exec:\ap9enui.exe63⤵
- Executes dropped EXE
-
\??\c:\nek8b.exec:\nek8b.exe64⤵
- Executes dropped EXE
-
\??\c:\272l63.exec:\272l63.exe65⤵
- Executes dropped EXE
-
\??\c:\4xpw6u.exec:\4xpw6u.exe66⤵
- Executes dropped EXE
-
\??\c:\8co5uv.exec:\8co5uv.exe67⤵
-
\??\c:\vrw0gqn.exec:\vrw0gqn.exe68⤵
-
\??\c:\e25sh.exec:\e25sh.exe69⤵
-
\??\c:\99216g5.exec:\99216g5.exe70⤵
-
\??\c:\p2id84x.exec:\p2id84x.exe71⤵
-
\??\c:\ll3n9s.exec:\ll3n9s.exe72⤵
-
\??\c:\cu0rns.exec:\cu0rns.exe73⤵
-
\??\c:\70gm1qu.exec:\70gm1qu.exe74⤵
-
\??\c:\1n9m1w.exec:\1n9m1w.exe75⤵
-
\??\c:\3r7og.exec:\3r7og.exe76⤵
-
\??\c:\gi5w56i.exec:\gi5w56i.exe77⤵
-
\??\c:\g0a7st.exec:\g0a7st.exe78⤵
-
\??\c:\v99e7ka.exec:\v99e7ka.exe79⤵
-
\??\c:\2d777.exec:\2d777.exe80⤵
-
\??\c:\ai4h9s8.exec:\ai4h9s8.exe81⤵
-
\??\c:\p9k92.exec:\p9k92.exe82⤵
-
\??\c:\5sib6k9.exec:\5sib6k9.exe83⤵
-
\??\c:\2f3sih.exec:\2f3sih.exe84⤵
-
\??\c:\genp217.exec:\genp217.exe85⤵
-
\??\c:\ms7ol.exec:\ms7ol.exe86⤵
-
\??\c:\2l2ra.exec:\2l2ra.exe87⤵
-
\??\c:\v4mc5lj.exec:\v4mc5lj.exe88⤵
-
\??\c:\h5qmm7.exec:\h5qmm7.exe89⤵
-
\??\c:\db9no.exec:\db9no.exe90⤵
-
\??\c:\h8m9k.exec:\h8m9k.exe91⤵
-
\??\c:\5w8mio.exec:\5w8mio.exe92⤵
-
\??\c:\tvp3h7.exec:\tvp3h7.exe93⤵
-
\??\c:\wt50j.exec:\wt50j.exe94⤵
-
\??\c:\n851j9.exec:\n851j9.exe95⤵
-
\??\c:\3axe683.exec:\3axe683.exe96⤵
-
\??\c:\dv2r5.exec:\dv2r5.exe97⤵
-
\??\c:\53pja.exec:\53pja.exe98⤵
-
\??\c:\iick3ae.exec:\iick3ae.exe99⤵
-
\??\c:\ika7x33.exec:\ika7x33.exe100⤵
-
\??\c:\tb084.exec:\tb084.exe101⤵
-
\??\c:\97imuac.exec:\97imuac.exe102⤵
-
\??\c:\eptfnx.exec:\eptfnx.exe103⤵
-
\??\c:\158r919.exec:\158r919.exe104⤵
-
\??\c:\mmd52x.exec:\mmd52x.exe105⤵
-
\??\c:\45d1sf.exec:\45d1sf.exe106⤵
-
\??\c:\5wd4r.exec:\5wd4r.exe107⤵
-
\??\c:\bf5xlh9.exec:\bf5xlh9.exe108⤵
-
\??\c:\9f408.exec:\9f408.exe109⤵
-
\??\c:\qx99870.exec:\qx99870.exe110⤵
-
\??\c:\955pn9.exec:\955pn9.exe111⤵
-
\??\c:\53wf8.exec:\53wf8.exe112⤵
-
\??\c:\hsprs22.exec:\hsprs22.exe113⤵
-
\??\c:\48d8e7.exec:\48d8e7.exe114⤵
-
\??\c:\7njqr.exec:\7njqr.exe115⤵
-
\??\c:\55v737.exec:\55v737.exe116⤵
-
\??\c:\95mv9.exec:\95mv9.exe117⤵
-
\??\c:\938t13.exec:\938t13.exe118⤵
-
\??\c:\m00feiv.exec:\m00feiv.exe119⤵
-
\??\c:\64it6o.exec:\64it6o.exe120⤵
-
\??\c:\l7971er.exec:\l7971er.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-