Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
21/10/2023, 21:30
General
-
Target
NEAS.bfc58916ecb82b0722c30a119a02dff0.exe
-
Size
233KB
-
MD5
bfc58916ecb82b0722c30a119a02dff0
-
SHA1
6e04697aa5185e99ab0da105a2654f37abf6c3a1
-
SHA256
42bcbfbfc0019acea5db079ed46bad64658a57b0286a1ba9e7ef83125b08ba01
-
SHA512
1c4f603888a602e5d86d155f4c8c2e98ed86b6bfa898aa04824d1d60be7d4f98bb63bddb136e7757b7cffee7f1ba405a64f93f11b4b67c8ce3c1411c982ee607
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4MAWYi7tQ:n3C9BRo7MlrWKo+lxtntQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 63 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.bfc58916ecb82b0722c30a119a02dff0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.bfc58916ecb82b0722c30a119a02dff0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3lcts78.exec:\3lcts78.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ro045j.exec:\5ro045j.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hr49cu7.exec:\hr49cu7.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\64wuwdo.exec:\64wuwdo.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5mgd4.exec:\5mgd4.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6189x9.exec:\6189x9.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j153k.exec:\j153k.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\msm4o.exec:\msm4o.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v76c32o.exec:\v76c32o.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rdkog.exec:\rdkog.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1337m10.exec:\1337m10.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4v7n1.exec:\4v7n1.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\23g9u.exec:\23g9u.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8mt5mc.exec:\8mt5mc.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\843k329.exec:\843k329.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xb37e7.exec:\xb37e7.exe17⤵
- Executes dropped EXE
-
\??\c:\75ai1a.exec:\75ai1a.exe18⤵
- Executes dropped EXE
-
\??\c:\pm57d.exec:\pm57d.exe19⤵
- Executes dropped EXE
-
\??\c:\839p2.exec:\839p2.exe20⤵
- Executes dropped EXE
-
\??\c:\n7ct8q.exec:\n7ct8q.exe21⤵
- Executes dropped EXE
-
\??\c:\p735g.exec:\p735g.exe22⤵
- Executes dropped EXE
-
\??\c:\7i3kd.exec:\7i3kd.exe23⤵
- Executes dropped EXE
-
\??\c:\f5155c5.exec:\f5155c5.exe24⤵
- Executes dropped EXE
-
\??\c:\i3ih8i.exec:\i3ih8i.exe25⤵
- Executes dropped EXE
-
\??\c:\97ahi.exec:\97ahi.exe26⤵
- Executes dropped EXE
-
\??\c:\x152u9.exec:\x152u9.exe27⤵
- Executes dropped EXE
-
\??\c:\r155s.exec:\r155s.exe28⤵
- Executes dropped EXE
-
\??\c:\o841ja8.exec:\o841ja8.exe29⤵
- Executes dropped EXE
-
\??\c:\riu5k.exec:\riu5k.exe30⤵
- Executes dropped EXE
-
\??\c:\40wfx.exec:\40wfx.exe31⤵
- Executes dropped EXE
-
\??\c:\e8u36gk.exec:\e8u36gk.exe32⤵
- Executes dropped EXE
-
\??\c:\69kb54c.exec:\69kb54c.exe33⤵
- Executes dropped EXE
-
\??\c:\132k18k.exec:\132k18k.exe34⤵
- Executes dropped EXE
-
\??\c:\8e8393.exec:\8e8393.exe35⤵
- Executes dropped EXE
-
\??\c:\be12e.exec:\be12e.exe36⤵
- Executes dropped EXE
-
\??\c:\g5ee33k.exec:\g5ee33k.exe37⤵
- Executes dropped EXE
-
\??\c:\fem56f.exec:\fem56f.exe38⤵
- Executes dropped EXE
-
\??\c:\v28lmj5.exec:\v28lmj5.exe39⤵
- Executes dropped EXE
-
\??\c:\puoik.exec:\puoik.exe40⤵
- Executes dropped EXE
-
\??\c:\7i71u.exec:\7i71u.exe41⤵
- Executes dropped EXE
-
\??\c:\h12r37e.exec:\h12r37e.exe42⤵
- Executes dropped EXE
-
\??\c:\0qf1gs.exec:\0qf1gs.exe43⤵
- Executes dropped EXE
-
\??\c:\21ch10c.exec:\21ch10c.exe44⤵
- Executes dropped EXE
-
\??\c:\avb5k.exec:\avb5k.exe45⤵
- Executes dropped EXE
-
\??\c:\qi89so.exec:\qi89so.exe46⤵
- Executes dropped EXE
-
\??\c:\r3tjg0.exec:\r3tjg0.exe47⤵
- Executes dropped EXE
-
\??\c:\06em7.exec:\06em7.exe48⤵
- Executes dropped EXE
-
\??\c:\n8lx7.exec:\n8lx7.exe49⤵
- Executes dropped EXE
-
\??\c:\mf40b4.exec:\mf40b4.exe50⤵
- Executes dropped EXE
-
\??\c:\xu01e.exec:\xu01e.exe51⤵
- Executes dropped EXE
-
\??\c:\419e77.exec:\419e77.exe52⤵
- Executes dropped EXE
-
\??\c:\w13935.exec:\w13935.exe53⤵
- Executes dropped EXE
-
\??\c:\b02o4.exec:\b02o4.exe54⤵
- Executes dropped EXE
-
\??\c:\g58p9.exec:\g58p9.exe55⤵
- Executes dropped EXE
-
\??\c:\re1i781.exec:\re1i781.exe56⤵
- Executes dropped EXE
-
\??\c:\97mqt7i.exec:\97mqt7i.exe57⤵
- Executes dropped EXE
-
\??\c:\9k39e.exec:\9k39e.exe58⤵
- Executes dropped EXE
-
\??\c:\wrbxu.exec:\wrbxu.exe59⤵
- Executes dropped EXE
-
\??\c:\v79t7w.exec:\v79t7w.exe60⤵
- Executes dropped EXE
-
\??\c:\tf12v7.exec:\tf12v7.exe61⤵
- Executes dropped EXE
-
\??\c:\87q55t.exec:\87q55t.exe62⤵
- Executes dropped EXE
-
\??\c:\w913kcq.exec:\w913kcq.exe63⤵
- Executes dropped EXE
-
\??\c:\l574l.exec:\l574l.exe64⤵
- Executes dropped EXE
-
\??\c:\bal3x17.exec:\bal3x17.exe65⤵
- Executes dropped EXE
-
\??\c:\26ch4.exec:\26ch4.exe66⤵
-
\??\c:\3g3s72r.exec:\3g3s72r.exe67⤵
-
\??\c:\44swu9.exec:\44swu9.exe68⤵
-
\??\c:\935121i.exec:\935121i.exe69⤵
-
\??\c:\xe10ma.exec:\xe10ma.exe70⤵
-
\??\c:\8esuui.exec:\8esuui.exe71⤵
-
\??\c:\fn12t3d.exec:\fn12t3d.exe72⤵
-
\??\c:\8109wi.exec:\8109wi.exe73⤵
-
\??\c:\3q9ncj.exec:\3q9ncj.exe74⤵
-
\??\c:\ae37w.exec:\ae37w.exe75⤵
-
\??\c:\c5gju.exec:\c5gju.exe76⤵
-
\??\c:\p5137e.exec:\p5137e.exe77⤵
-
\??\c:\755i7.exec:\755i7.exe78⤵
-
\??\c:\f9149a3.exec:\f9149a3.exe79⤵
-
\??\c:\8sip4.exec:\8sip4.exe80⤵
-
\??\c:\dd59ot.exec:\dd59ot.exe81⤵
-
\??\c:\39i9c3.exec:\39i9c3.exe82⤵
-
\??\c:\h53m19r.exec:\h53m19r.exe83⤵
-
\??\c:\f84e55.exec:\f84e55.exe84⤵
-
\??\c:\1g4ick5.exec:\1g4ick5.exe85⤵
-
\??\c:\bm37g.exec:\bm37g.exe86⤵
-
\??\c:\fs159u.exec:\fs159u.exe87⤵
-
\??\c:\r0xd54.exec:\r0xd54.exe88⤵
-
\??\c:\h0731ca.exec:\h0731ca.exe89⤵
-
\??\c:\3i4v9q.exec:\3i4v9q.exe90⤵
-
\??\c:\e0wi2.exec:\e0wi2.exe91⤵
-
\??\c:\i18o8g.exec:\i18o8g.exe92⤵
-
\??\c:\q92ew.exec:\q92ew.exe93⤵
-
\??\c:\0r75e1.exec:\0r75e1.exe94⤵
-
\??\c:\67o78u.exec:\67o78u.exe95⤵
-
\??\c:\0k2da9.exec:\0k2da9.exe96⤵
-
\??\c:\618ns5.exec:\618ns5.exe97⤵
-
\??\c:\fs100.exec:\fs100.exe98⤵
-
\??\c:\n3e1mp.exec:\n3e1mp.exe99⤵
-
\??\c:\67ob5.exec:\67ob5.exe100⤵
-
\??\c:\tws7o3.exec:\tws7o3.exe101⤵
-
\??\c:\not76.exec:\not76.exe102⤵
-
\??\c:\q190eg.exec:\q190eg.exe103⤵
-
\??\c:\m7cg8q.exec:\m7cg8q.exe104⤵
-
\??\c:\906s70.exec:\906s70.exe105⤵
-
\??\c:\116ap36.exec:\116ap36.exe106⤵
-
\??\c:\1o7g178.exec:\1o7g178.exe107⤵
-
\??\c:\6i71sj5.exec:\6i71sj5.exe108⤵
-
\??\c:\a4w8i5.exec:\a4w8i5.exe109⤵
-
\??\c:\j9131.exec:\j9131.exe110⤵
-
\??\c:\t5mm6i.exec:\t5mm6i.exe111⤵
-
\??\c:\fcaar8k.exec:\fcaar8k.exe112⤵
-
\??\c:\678nsw.exec:\678nsw.exe113⤵
-
\??\c:\7l9lq7.exec:\7l9lq7.exe114⤵
-
\??\c:\36ah8x3.exec:\36ah8x3.exe115⤵
-
\??\c:\q921d.exec:\q921d.exe116⤵
-
\??\c:\955cw05.exec:\955cw05.exe117⤵
-
\??\c:\d74t6ev.exec:\d74t6ev.exe118⤵
-
\??\c:\66i7so3.exec:\66i7so3.exe119⤵
-
\??\c:\e64oa69.exec:\e64oa69.exe120⤵
-
\??\c:\b3inr.exec:\b3inr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-