Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
157s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
16/10/2023, 18:39
General
-
Target
NEAS.d1eaa72d63b42f7fab1d017e4090c640.exe
-
Size
63KB
-
MD5
d1eaa72d63b42f7fab1d017e4090c640
-
SHA1
e9c5707535e74c9a471483ef36a0b9032aab703e
-
SHA256
636afb1190c5240ab077fa8b66350129403d90236f5f09d8f749b0c5ba804492
-
SHA512
fb65a82819d5f37d9340e4285918896bb18d8762446ca508254a86430c00362a6b5deb28bec9035c9d49f190271227a496624b77c34a6a851b72c951bb1118ec
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIWHKAbDTR6z:ymb3NkkiQ3mdBjFIWHn16z
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 62 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.d1eaa72d63b42f7fab1d017e4090c640.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.d1eaa72d63b42f7fab1d017e4090c640.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dogwhi.exec:\dogwhi.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ru18wv6.exec:\ru18wv6.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\45w7o7.exec:\45w7o7.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1u1q8e.exec:\1u1q8e.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\02i351.exec:\02i351.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xuom7t.exec:\xuom7t.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\768jn7.exec:\768jn7.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\61j5b9.exec:\61j5b9.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xip5p6.exec:\5xip5p6.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l196c0.exec:\l196c0.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8a49q.exec:\8a49q.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1v5u1q.exec:\1v5u1q.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u9btf2l.exec:\u9btf2l.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4j34d1o.exec:\4j34d1o.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\263tk6.exec:\263tk6.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\suu5uk6.exec:\suu5uk6.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q61ajs0.exec:\q61ajs0.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5v9173.exec:\5v9173.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\47o3o.exec:\47o3o.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ssv1g7t.exec:\ssv1g7t.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fss2u.exec:\fss2u.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l188h.exec:\l188h.exe23⤵
- Executes dropped EXE
-
\??\c:\p395ds.exec:\p395ds.exe24⤵
- Executes dropped EXE
-
\??\c:\6bh6c.exec:\6bh6c.exe25⤵
- Executes dropped EXE
-
\??\c:\271rh.exec:\271rh.exe26⤵
- Executes dropped EXE
-
\??\c:\a6mv5w2.exec:\a6mv5w2.exe27⤵
- Executes dropped EXE
-
\??\c:\681sg.exec:\681sg.exe28⤵
- Executes dropped EXE
-
\??\c:\vq11smq.exec:\vq11smq.exe29⤵
- Executes dropped EXE
-
\??\c:\24n31.exec:\24n31.exe30⤵
- Executes dropped EXE
-
\??\c:\hg590.exec:\hg590.exe31⤵
- Executes dropped EXE
-
\??\c:\1xxe33c.exec:\1xxe33c.exe32⤵
- Executes dropped EXE
-
\??\c:\m33c0p2.exec:\m33c0p2.exe33⤵
- Executes dropped EXE
-
\??\c:\1177b1q.exec:\1177b1q.exe34⤵
- Executes dropped EXE
-
\??\c:\670l2.exec:\670l2.exe35⤵
- Executes dropped EXE
-
\??\c:\rlc89.exec:\rlc89.exe36⤵
- Executes dropped EXE
-
\??\c:\0wk9g.exec:\0wk9g.exe37⤵
- Executes dropped EXE
-
\??\c:\02s439d.exec:\02s439d.exe38⤵
- Executes dropped EXE
-
\??\c:\6x7aam.exec:\6x7aam.exe39⤵
- Executes dropped EXE
-
\??\c:\vp4o3.exec:\vp4o3.exe40⤵
- Executes dropped EXE
-
\??\c:\lxr55.exec:\lxr55.exe41⤵
- Executes dropped EXE
-
\??\c:\347x7.exec:\347x7.exe42⤵
- Executes dropped EXE
-
\??\c:\h13548l.exec:\h13548l.exe43⤵
- Executes dropped EXE
-
\??\c:\5b759.exec:\5b759.exe44⤵
- Executes dropped EXE
-
\??\c:\77f389.exec:\77f389.exe45⤵
- Executes dropped EXE
-
\??\c:\1glfs.exec:\1glfs.exe46⤵
- Executes dropped EXE
-
\??\c:\uuug6.exec:\uuug6.exe47⤵
- Executes dropped EXE
-
\??\c:\0pb11b3.exec:\0pb11b3.exe48⤵
- Executes dropped EXE
-
\??\c:\ed40f.exec:\ed40f.exe49⤵
- Executes dropped EXE
-
\??\c:\das2v.exec:\das2v.exe50⤵
- Executes dropped EXE
-
\??\c:\drgp52.exec:\drgp52.exe51⤵
- Executes dropped EXE
-
\??\c:\6e2or.exec:\6e2or.exe52⤵
- Executes dropped EXE
-
\??\c:\4a9ph.exec:\4a9ph.exe53⤵
- Executes dropped EXE
-
\??\c:\urx6m4a.exec:\urx6m4a.exe54⤵
- Executes dropped EXE
-
\??\c:\rg5thno.exec:\rg5thno.exe55⤵
- Executes dropped EXE
-
\??\c:\g070sj3.exec:\g070sj3.exe56⤵
- Executes dropped EXE
-
\??\c:\l53wo.exec:\l53wo.exe57⤵
- Executes dropped EXE
-
\??\c:\v97674.exec:\v97674.exe58⤵
- Executes dropped EXE
-
\??\c:\l7dski.exec:\l7dski.exe59⤵
- Executes dropped EXE
-
\??\c:\s39w376.exec:\s39w376.exe60⤵
- Executes dropped EXE
-
\??\c:\3e9hn.exec:\3e9hn.exe61⤵
- Executes dropped EXE
-
\??\c:\2i9aq13.exec:\2i9aq13.exe62⤵
- Executes dropped EXE
-
\??\c:\1g3jp.exec:\1g3jp.exe63⤵
- Executes dropped EXE
-
\??\c:\s8329p.exec:\s8329p.exe64⤵
- Executes dropped EXE
-
\??\c:\3ulag2.exec:\3ulag2.exe65⤵
- Executes dropped EXE
-
\??\c:\0c7w62n.exec:\0c7w62n.exe66⤵
-
\??\c:\96gu9.exec:\96gu9.exe67⤵
-
\??\c:\x3u5d.exec:\x3u5d.exe68⤵
-
\??\c:\r3o0255.exec:\r3o0255.exe69⤵
-
\??\c:\qc8oc74.exec:\qc8oc74.exe70⤵
-
\??\c:\e1lc5.exec:\e1lc5.exe71⤵
-
\??\c:\054431k.exec:\054431k.exe72⤵
-
\??\c:\6j45vn.exec:\6j45vn.exe73⤵
-
\??\c:\xh499k.exec:\xh499k.exe74⤵
-
\??\c:\5s5v0.exec:\5s5v0.exe75⤵
-
\??\c:\04h58m.exec:\04h58m.exe76⤵
-
\??\c:\68104w.exec:\68104w.exe77⤵
-
\??\c:\33mvh9.exec:\33mvh9.exe78⤵
-
\??\c:\99550.exec:\99550.exe79⤵
-
\??\c:\ic1a3.exec:\ic1a3.exe80⤵
-
\??\c:\179403w.exec:\179403w.exe81⤵
-
\??\c:\6l0c2a.exec:\6l0c2a.exe82⤵
-
\??\c:\141ao.exec:\141ao.exe83⤵
-
\??\c:\82m259.exec:\82m259.exe84⤵
-
\??\c:\901beku.exec:\901beku.exe85⤵
-
\??\c:\f338g5.exec:\f338g5.exe86⤵
-
\??\c:\78p5k1.exec:\78p5k1.exe87⤵
-
\??\c:\2hqbo4.exec:\2hqbo4.exe88⤵
-
\??\c:\iho7irf.exec:\iho7irf.exe89⤵
-
\??\c:\m1x014.exec:\m1x014.exe90⤵
-
\??\c:\7q87x.exec:\7q87x.exe91⤵
-
\??\c:\6m86o5s.exec:\6m86o5s.exe92⤵
-
\??\c:\kq80t.exec:\kq80t.exe93⤵
-
\??\c:\o98n2op.exec:\o98n2op.exe94⤵
-
\??\c:\8k4hti.exec:\8k4hti.exe95⤵
-
\??\c:\57x3u.exec:\57x3u.exe96⤵
-
\??\c:\rhbb0o4.exec:\rhbb0o4.exe97⤵
-
\??\c:\7maecf.exec:\7maecf.exe98⤵
-
\??\c:\5u73x.exec:\5u73x.exe99⤵
-
\??\c:\8vaah9.exec:\8vaah9.exe100⤵
-
\??\c:\05gocs6.exec:\05gocs6.exe101⤵
-
\??\c:\0gc00bw.exec:\0gc00bw.exe102⤵
-
\??\c:\0r72p1.exec:\0r72p1.exe103⤵
-
\??\c:\gs4x68.exec:\gs4x68.exe104⤵
-
\??\c:\p7sp64s.exec:\p7sp64s.exe105⤵
-
\??\c:\b34uugb.exec:\b34uugb.exe106⤵
-
\??\c:\j1u21q.exec:\j1u21q.exe107⤵
-
\??\c:\teh3b0.exec:\teh3b0.exe108⤵
-
\??\c:\sd1437.exec:\sd1437.exe109⤵
-
\??\c:\qsg3n14.exec:\qsg3n14.exe110⤵
-
\??\c:\2q41b.exec:\2q41b.exe111⤵
-
\??\c:\3p6ek0.exec:\3p6ek0.exe112⤵
-
\??\c:\xrbxfg9.exec:\xrbxfg9.exe113⤵
-
\??\c:\13t313.exec:\13t313.exe114⤵
-
\??\c:\c2k53.exec:\c2k53.exe115⤵
-
\??\c:\iq5d2q.exec:\iq5d2q.exe116⤵
-
\??\c:\f43o9.exec:\f43o9.exe117⤵
-
\??\c:\1jv17.exec:\1jv17.exe118⤵
-
\??\c:\vaat15.exec:\vaat15.exe119⤵
-
\??\c:\di0r39.exec:\di0r39.exe120⤵
-
\??\c:\j78mmq.exec:\j78mmq.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-