Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
16/10/2023, 18:20
General
-
Target
NEAS.4be015d98c3c8dec9eab81ffb4814fe0.exe
-
Size
347KB
-
MD5
4be015d98c3c8dec9eab81ffb4814fe0
-
SHA1
b69bbcff106cfcb51d89d05e0aa1ba496bc4de27
-
SHA256
c9e83ff948b6da117d2747e040a76d42fc856f72b23076897d69259227842290
-
SHA512
bfb759d38b7168391214411207ae45ab7b337a3cf87729bd82916513fd7bf9ba854f0bde97bf8a37ed353a97c926e7d2716c8122089a92d01e5462284a7a7fb1
-
SSDEEP
6144:9cm7ImGddXvJuzyy/SfVFKpU/sien7NuOpo0HmtDKe0wKyKqiOfm8RCfDK4Tr3:/7TcBuGy/Sa+/sie0OpncKe/KFBOfmz/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.4be015d98c3c8dec9eab81ffb4814fe0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.4be015d98c3c8dec9eab81ffb4814fe0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xvfpxb.exec:\xvfpxb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fdbjnb.exec:\fdbjnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dftfth.exec:\dftfth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjlhbbd.exec:\jjlhbbd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jhhrd.exec:\jhhrd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btrhh.exec:\btrhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bvvpdlp.exec:\bvvpdlp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhlbxvl.exec:\lhlbxvl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvfjxlj.exec:\hvfjxlj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhttbb.exec:\lhttbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xljdtvx.exec:\xljdtvx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lppndn.exec:\lppndn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rvdvjl.exec:\rvdvjl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\drrrbl.exec:\drrrbl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lphpd.exec:\lphpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrnvpn.exec:\rrnvpn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxnffnn.exec:\jxnffnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhhdlt.exec:\lhhdlt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hpfxv.exec:\hpfxv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdfbbn.exec:\xdfbbn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvftn.exec:\dvftn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ndxvf.exec:\ndxvf.exe23⤵
- Executes dropped EXE
-
\??\c:\nlllvlb.exec:\nlllvlb.exe24⤵
- Executes dropped EXE
-
\??\c:\ttpxt.exec:\ttpxt.exe25⤵
- Executes dropped EXE
-
\??\c:\fljhjr.exec:\fljhjr.exe26⤵
- Executes dropped EXE
-
\??\c:\blnvh.exec:\blnvh.exe27⤵
- Executes dropped EXE
-
\??\c:\trhjl.exec:\trhjl.exe28⤵
- Executes dropped EXE
-
\??\c:\djtnr.exec:\djtnr.exe29⤵
- Executes dropped EXE
-
\??\c:\thfxt.exec:\thfxt.exe30⤵
- Executes dropped EXE
-
\??\c:\plfjhv.exec:\plfjhv.exe31⤵
- Executes dropped EXE
-
\??\c:\xtrhxv.exec:\xtrhxv.exe32⤵
- Executes dropped EXE
-
\??\c:\tfjrh.exec:\tfjrh.exe33⤵
- Executes dropped EXE
-
\??\c:\vnnxp.exec:\vnnxp.exe34⤵
- Executes dropped EXE
-
\??\c:\vvbldl.exec:\vvbldl.exe35⤵
- Executes dropped EXE
-
\??\c:\txxbttf.exec:\txxbttf.exe36⤵
- Executes dropped EXE
-
\??\c:\ptdbnpr.exec:\ptdbnpr.exe37⤵
- Executes dropped EXE
-
\??\c:\lbphv.exec:\lbphv.exe38⤵
- Executes dropped EXE
-
\??\c:\lnnjx.exec:\lnnjx.exe39⤵
- Executes dropped EXE
-
\??\c:\vpbjj.exec:\vpbjj.exe40⤵
- Executes dropped EXE
-
\??\c:\jlfrl.exec:\jlfrl.exe41⤵
- Executes dropped EXE
-
\??\c:\ntjnr.exec:\ntjnr.exe42⤵
- Executes dropped EXE
-
\??\c:\jttvdh.exec:\jttvdh.exe43⤵
- Executes dropped EXE
-
\??\c:\vljhdnv.exec:\vljhdnv.exe44⤵
- Executes dropped EXE
-
\??\c:\dlbtp.exec:\dlbtp.exe45⤵
- Executes dropped EXE
-
\??\c:\lntjb.exec:\lntjb.exe46⤵
- Executes dropped EXE
-
\??\c:\vplhtb.exec:\vplhtb.exe47⤵
- Executes dropped EXE
-
\??\c:\rfntltv.exec:\rfntltv.exe48⤵
- Executes dropped EXE
-
\??\c:\ntdtf.exec:\ntdtf.exe49⤵
- Executes dropped EXE
-
\??\c:\lpnnxx.exec:\lpnnxx.exe50⤵
- Executes dropped EXE
-
\??\c:\bhdldvb.exec:\bhdldvb.exe51⤵
- Executes dropped EXE
-
\??\c:\tpdthhb.exec:\tpdthhb.exe52⤵
- Executes dropped EXE
-
\??\c:\tfthtp.exec:\tfthtp.exe53⤵
- Executes dropped EXE
-
\??\c:\vjxhdr.exec:\vjxhdr.exe54⤵
- Executes dropped EXE
-
\??\c:\rbhbt.exec:\rbhbt.exe55⤵
- Executes dropped EXE
-
\??\c:\xbldtt.exec:\xbldtt.exe56⤵
- Executes dropped EXE
-
\??\c:\brlhlh.exec:\brlhlh.exe57⤵
- Executes dropped EXE
-
\??\c:\btpnpbt.exec:\btpnpbt.exe58⤵
- Executes dropped EXE
-
\??\c:\txxbhx.exec:\txxbhx.exe59⤵
- Executes dropped EXE
-
\??\c:\hjtln.exec:\hjtln.exe60⤵
- Executes dropped EXE
-
\??\c:\rppddt.exec:\rppddt.exe61⤵
- Executes dropped EXE
-
\??\c:\dlhnpd.exec:\dlhnpd.exe62⤵
- Executes dropped EXE
-
\??\c:\ttjdflr.exec:\ttjdflr.exe63⤵
- Executes dropped EXE
-
\??\c:\rhphx.exec:\rhphx.exe64⤵
- Executes dropped EXE
-
\??\c:\flljxn.exec:\flljxn.exe65⤵
- Executes dropped EXE
-
\??\c:\pbhrphb.exec:\pbhrphb.exe66⤵
-
\??\c:\dxbnr.exec:\dxbnr.exe67⤵
-
\??\c:\dntxf.exec:\dntxf.exe68⤵
-
\??\c:\nlrpjn.exec:\nlrpjn.exe69⤵
-
\??\c:\nplxxvt.exec:\nplxxvt.exe70⤵
-
\??\c:\nttbj.exec:\nttbj.exe71⤵
-
\??\c:\nplnn.exec:\nplnn.exe72⤵
-
\??\c:\nfjxxj.exec:\nfjxxj.exe73⤵
-
\??\c:\llfhnj.exec:\llfhnj.exe74⤵
-
\??\c:\tntvvpn.exec:\tntvvpn.exe75⤵
-
\??\c:\rtxrnd.exec:\rtxrnd.exe76⤵
-
\??\c:\xxjprxx.exec:\xxjprxx.exe77⤵
-
\??\c:\vvtvj.exec:\vvtvj.exe78⤵
-
\??\c:\jfvxft.exec:\jfvxft.exe79⤵
-
\??\c:\hbprll.exec:\hbprll.exe80⤵
-
\??\c:\vthdvdd.exec:\vthdvdd.exe81⤵
-
\??\c:\bbjnhfx.exec:\bbjnhfx.exe82⤵
-
\??\c:\blvxx.exec:\blvxx.exe83⤵
-
\??\c:\rbnxxj.exec:\rbnxxj.exe84⤵
-
\??\c:\xjnjt.exec:\xjnjt.exe85⤵
-
\??\c:\lxfxdfn.exec:\lxfxdfn.exe86⤵
-
\??\c:\dfnjf.exec:\dfnjf.exe87⤵
-
\??\c:\nnhtb.exec:\nnhtb.exe88⤵
-
\??\c:\xnhfpb.exec:\xnhfpb.exe89⤵
-
\??\c:\drjfnpl.exec:\drjfnpl.exe90⤵
-
\??\c:\tftnhfd.exec:\tftnhfd.exe91⤵
-
\??\c:\ppxlrp.exec:\ppxlrp.exe92⤵
-
\??\c:\njffn.exec:\njffn.exe93⤵
-
\??\c:\rxhtt.exec:\rxhtt.exe94⤵
-
\??\c:\fdpptx.exec:\fdpptx.exe95⤵
-
\??\c:\fpldv.exec:\fpldv.exe96⤵
-
\??\c:\jjfntv.exec:\jjfntv.exe97⤵
-
\??\c:\lpjfnh.exec:\lpjfnh.exe98⤵
-
\??\c:\dtnbfnd.exec:\dtnbfnd.exe99⤵
-
\??\c:\bdtlbfl.exec:\bdtlbfl.exe100⤵
-
\??\c:\dfvhbv.exec:\dfvhbv.exe101⤵
-
\??\c:\flxjjv.exec:\flxjjv.exe102⤵
-
\??\c:\xffhpr.exec:\xffhpr.exe103⤵
-
\??\c:\lltpf.exec:\lltpf.exe104⤵
-
\??\c:\bdjdj.exec:\bdjdj.exe105⤵
-
\??\c:\vfxrj.exec:\vfxrj.exe106⤵
-
\??\c:\vrxjhbn.exec:\vrxjhbn.exe107⤵
-
\??\c:\llfrxtb.exec:\llfrxtb.exe108⤵
-
\??\c:\rtttt.exec:\rtttt.exe109⤵
-
\??\c:\dtlrjlb.exec:\dtlrjlb.exe110⤵
-
\??\c:\dprjj.exec:\dprjj.exe111⤵
-
\??\c:\ffvnx.exec:\ffvnx.exe112⤵
-
\??\c:\pxdfxb.exec:\pxdfxb.exe113⤵
-
\??\c:\nlfxvn.exec:\nlfxvn.exe114⤵
-
\??\c:\rxnvtv.exec:\rxnvtv.exe115⤵
-
\??\c:\bldxnj.exec:\bldxnj.exe116⤵
-
\??\c:\dvtnv.exec:\dvtnv.exe117⤵
-
\??\c:\vfdbdfn.exec:\vfdbdfn.exe118⤵
-
\??\c:\ntjndrh.exec:\ntjndrh.exe119⤵
-
\??\c:\flhrtpr.exec:\flhrtpr.exe120⤵
-
\??\c:\pppbnj.exec:\pppbnj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-