Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
87s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
16/10/2023, 18:34
General
-
Target
NEAS.ba735208cea5597a0a5bb154332929e0.exe
-
Size
54KB
-
MD5
ba735208cea5597a0a5bb154332929e0
-
SHA1
5750dc71eef0a9603378a64e997cc872184dd0a2
-
SHA256
99b56bccb75ab8d4fecc90ca77e2be594ec2e1a6e380a3b0191129b712acf245
-
SHA512
26e7b23e90d0f9083781407f7808de02d9911a74ec77b634d2eef1e7e01ae9bbd62ecbe2cc700e1842c2e4e92d9fabfe1e9dbf873ef96c85c0aaee5640ce1587
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIz3n:ymb3NkkiQ3mdBjFIz3n
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.ba735208cea5597a0a5bb154332929e0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.ba735208cea5597a0a5bb154332929e0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1ra4smw.exec:\1ra4smw.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4pw8mr.exec:\4pw8mr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ua45e0.exec:\ua45e0.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u47mjw7.exec:\u47mjw7.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\64rv8m.exec:\64rv8m.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dwhj2.exec:\dwhj2.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6vpp70.exec:\6vpp70.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\604k86.exec:\604k86.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g958j.exec:\g958j.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jwpp6.exec:\5jwpp6.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l52v9.exec:\l52v9.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\863s8.exec:\863s8.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bwjd7.exec:\bwjd7.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\uc6m93.exec:\uc6m93.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l888k02.exec:\l888k02.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\75t494r.exec:\75t494r.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s9k5eb.exec:\s9k5eb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s3hk5.exec:\s3hk5.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ts2v0.exec:\ts2v0.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\513416f.exec:\513416f.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ip45me.exec:\9ip45me.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s44so.exec:\s44so.exe23⤵
- Executes dropped EXE
-
\??\c:\x55n1qj.exec:\x55n1qj.exe24⤵
- Executes dropped EXE
-
\??\c:\uo3n21.exec:\uo3n21.exe25⤵
- Executes dropped EXE
-
\??\c:\h8g37t.exec:\h8g37t.exe26⤵
- Executes dropped EXE
-
\??\c:\1oisq9.exec:\1oisq9.exe27⤵
- Executes dropped EXE
-
\??\c:\x4hes.exec:\x4hes.exe28⤵
- Executes dropped EXE
-
\??\c:\vx3mf7w.exec:\vx3mf7w.exe29⤵
- Executes dropped EXE
-
\??\c:\8h0x66.exec:\8h0x66.exe30⤵
- Executes dropped EXE
-
\??\c:\otwh92b.exec:\otwh92b.exe31⤵
- Executes dropped EXE
-
\??\c:\grq273.exec:\grq273.exe32⤵
- Executes dropped EXE
-
\??\c:\pe6oa.exec:\pe6oa.exe33⤵
- Executes dropped EXE
-
\??\c:\018w0.exec:\018w0.exe34⤵
- Executes dropped EXE
-
\??\c:\0581qsk.exec:\0581qsk.exe35⤵
- Executes dropped EXE
-
\??\c:\2h10240.exec:\2h10240.exe36⤵
- Executes dropped EXE
-
\??\c:\w0sg65.exec:\w0sg65.exe37⤵
- Executes dropped EXE
-
\??\c:\5gl62.exec:\5gl62.exe38⤵
- Executes dropped EXE
-
\??\c:\7ql25u1.exec:\7ql25u1.exe39⤵
- Executes dropped EXE
-
\??\c:\4qrh1.exec:\4qrh1.exe40⤵
- Executes dropped EXE
-
\??\c:\0ohwq1b.exec:\0ohwq1b.exe41⤵
- Executes dropped EXE
-
\??\c:\u4akg.exec:\u4akg.exe42⤵
- Executes dropped EXE
-
\??\c:\5h0o5n4.exec:\5h0o5n4.exe43⤵
- Executes dropped EXE
-
\??\c:\g63170.exec:\g63170.exe44⤵
- Executes dropped EXE
-
\??\c:\sh97u3s.exec:\sh97u3s.exe45⤵
- Executes dropped EXE
-
\??\c:\5rif8.exec:\5rif8.exe46⤵
- Executes dropped EXE
-
\??\c:\2ipq5hw.exec:\2ipq5hw.exe47⤵
- Executes dropped EXE
-
\??\c:\c15h30.exec:\c15h30.exe48⤵
- Executes dropped EXE
-
\??\c:\nsj1772.exec:\nsj1772.exe49⤵
- Executes dropped EXE
-
\??\c:\c05o85.exec:\c05o85.exe50⤵
- Executes dropped EXE
-
\??\c:\najvn17.exec:\najvn17.exe51⤵
- Executes dropped EXE
-
\??\c:\618hui.exec:\618hui.exe52⤵
- Executes dropped EXE
-
\??\c:\gc1kog0.exec:\gc1kog0.exe53⤵
- Executes dropped EXE
-
\??\c:\x3sldp.exec:\x3sldp.exe54⤵
- Executes dropped EXE
-
\??\c:\4iuwx.exec:\4iuwx.exe55⤵
- Executes dropped EXE
-
\??\c:\e7jk16.exec:\e7jk16.exe56⤵
- Executes dropped EXE
-
\??\c:\1uv7k.exec:\1uv7k.exe57⤵
- Executes dropped EXE
-
\??\c:\w50l1.exec:\w50l1.exe58⤵
- Executes dropped EXE
-
\??\c:\63rim.exec:\63rim.exe59⤵
- Executes dropped EXE
-
\??\c:\fo9qt.exec:\fo9qt.exe60⤵
- Executes dropped EXE
-
\??\c:\86p9r.exec:\86p9r.exe61⤵
- Executes dropped EXE
-
\??\c:\1a593a4.exec:\1a593a4.exe62⤵
- Executes dropped EXE
-
\??\c:\8j1d162.exec:\8j1d162.exe63⤵
- Executes dropped EXE
-
\??\c:\pq54epl.exec:\pq54epl.exe64⤵
- Executes dropped EXE
-
\??\c:\7vtxd.exec:\7vtxd.exe65⤵
- Executes dropped EXE
-
\??\c:\8bqm9i.exec:\8bqm9i.exe66⤵
-
\??\c:\4f3b773.exec:\4f3b773.exe67⤵
-
\??\c:\3uapl.exec:\3uapl.exe68⤵
-
\??\c:\x6308u.exec:\x6308u.exe69⤵
-
\??\c:\q1agq.exec:\q1agq.exe70⤵
-
\??\c:\9070m2g.exec:\9070m2g.exe71⤵
-
\??\c:\6gl7o.exec:\6gl7o.exe72⤵
-
\??\c:\m723qt.exec:\m723qt.exe73⤵
-
\??\c:\bnud94.exec:\bnud94.exe74⤵
-
\??\c:\f45p54w.exec:\f45p54w.exe75⤵
-
\??\c:\judp5m.exec:\judp5m.exe76⤵
-
\??\c:\9863c.exec:\9863c.exe77⤵
-
\??\c:\35js2h1.exec:\35js2h1.exe78⤵
-
\??\c:\f0v6h0.exec:\f0v6h0.exe79⤵
-
\??\c:\16i7l4.exec:\16i7l4.exe80⤵
-
\??\c:\3634gx2.exec:\3634gx2.exe81⤵
-
\??\c:\36icqqq.exec:\36icqqq.exe82⤵
-
\??\c:\727371.exec:\727371.exe83⤵
-
\??\c:\hx9j7a.exec:\hx9j7a.exe84⤵
-
\??\c:\b2ad6g5.exec:\b2ad6g5.exe85⤵
-
\??\c:\2pnxwim.exec:\2pnxwim.exe86⤵
-
\??\c:\i0u5e.exec:\i0u5e.exe87⤵
-
\??\c:\3nc629v.exec:\3nc629v.exe88⤵
-
\??\c:\9cx5c.exec:\9cx5c.exe89⤵
-
\??\c:\5206psk.exec:\5206psk.exe90⤵
-
\??\c:\bqj987.exec:\bqj987.exe91⤵
-
\??\c:\3q1b18.exec:\3q1b18.exe92⤵
-
\??\c:\0so6j92.exec:\0so6j92.exe93⤵
-
\??\c:\74009tg.exec:\74009tg.exe94⤵
-
\??\c:\afg5f9.exec:\afg5f9.exe95⤵
-
\??\c:\o50sm71.exec:\o50sm71.exe96⤵
-
\??\c:\837cdm.exec:\837cdm.exe97⤵
-
\??\c:\7h64q.exec:\7h64q.exe98⤵
-
\??\c:\x3cxgw.exec:\x3cxgw.exe99⤵
-
\??\c:\1p003w.exec:\1p003w.exe100⤵
-
\??\c:\1v134.exec:\1v134.exe101⤵
-
\??\c:\smb6e.exec:\smb6e.exe102⤵
-
\??\c:\9kig1.exec:\9kig1.exe103⤵
-
\??\c:\617779.exec:\617779.exe104⤵
-
\??\c:\2mix9.exec:\2mix9.exe105⤵
-
\??\c:\9j1cm.exec:\9j1cm.exe106⤵
-
\??\c:\fomlcn.exec:\fomlcn.exe107⤵
-
\??\c:\190sc0.exec:\190sc0.exe108⤵
-
\??\c:\mrv0id4.exec:\mrv0id4.exe109⤵
-
\??\c:\lha83.exec:\lha83.exe110⤵
-
\??\c:\7khsee.exec:\7khsee.exe111⤵
-
\??\c:\9337aq.exec:\9337aq.exe112⤵
-
\??\c:\f6uf31.exec:\f6uf31.exe113⤵
-
\??\c:\h2oabu.exec:\h2oabu.exe114⤵
-
\??\c:\xcj61.exec:\xcj61.exe115⤵
-
\??\c:\t91jj.exec:\t91jj.exe116⤵
-
\??\c:\w7usk.exec:\w7usk.exe117⤵
-
\??\c:\1tk90.exec:\1tk90.exe118⤵
-
\??\c:\qn6o36.exec:\qn6o36.exe119⤵
-
\??\c:\869h9.exec:\869h9.exe120⤵
-
\??\c:\0se9h25.exec:\0se9h25.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-