Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
68s -
max time network
86s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
21/10/2023, 21:21
General
-
Target
NEAS.64a67642b53992e313acdbb766993bf0.exe
-
Size
190KB
-
MD5
64a67642b53992e313acdbb766993bf0
-
SHA1
11f3ae363267667d6b5d3a7bef925e786be51119
-
SHA256
dc09efb07aa062c09ff0d576bfd434ea630445235a0a84b79a0d3a905646c632
-
SHA512
5ff6a528dda3914154ba2f0a6cfe7c59cd1cfa0826cf3d8789282032c5d75181c37d8e78b42bd992dbed0ea2ae96c68b1197e96194e7d72052838a227b14e00d
-
SSDEEP
1536:1vQBeOGtrYSSsrc93UBIfdC67m6AJiqpfg3Cn/uiX:1hOm2sI93UufdC67ciifmCnmiX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 63 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.64a67642b53992e313acdbb766993bf0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.64a67642b53992e313acdbb766993bf0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\q78mak5.exec:\q78mak5.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8h8n8wv.exec:\8h8n8wv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9gm2u31.exec:\9gm2u31.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a9895g.exec:\a9895g.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6m43k6.exec:\6m43k6.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4e1mwus.exec:\4e1mwus.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hils5m.exec:\hils5m.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3a8e6.exec:\3a8e6.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tlddldp.exec:\tlddldp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j0dh1.exec:\j0dh1.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\npwm7.exec:\npwm7.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\35vdqe4.exec:\35vdqe4.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1wt036.exec:\1wt036.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8j4k53.exec:\8j4k53.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\28l271.exec:\28l271.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\867xg6.exec:\867xg6.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7643b.exec:\7643b.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tq1chv.exec:\tq1chv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8tw9k.exec:\8tw9k.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\25k1l6.exec:\25k1l6.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m5xkh.exec:\m5xkh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n381o0v.exec:\n381o0v.exe23⤵
- Executes dropped EXE
-
\??\c:\j4swf5.exec:\j4swf5.exe24⤵
- Executes dropped EXE
-
\??\c:\w74lu.exec:\w74lu.exe25⤵
- Executes dropped EXE
-
\??\c:\d3kxll.exec:\d3kxll.exe26⤵
- Executes dropped EXE
-
\??\c:\72am7b.exec:\72am7b.exe27⤵
- Executes dropped EXE
-
\??\c:\l47jv.exec:\l47jv.exe28⤵
- Executes dropped EXE
-
\??\c:\ve7r4i7.exec:\ve7r4i7.exe29⤵
- Executes dropped EXE
-
\??\c:\rjhb69.exec:\rjhb69.exe30⤵
- Executes dropped EXE
-
\??\c:\qcuab6i.exec:\qcuab6i.exe31⤵
- Executes dropped EXE
-
\??\c:\xrfm1d.exec:\xrfm1d.exe32⤵
- Executes dropped EXE
-
\??\c:\2mnj72o.exec:\2mnj72o.exe33⤵
- Executes dropped EXE
-
\??\c:\8j401.exec:\8j401.exe34⤵
- Executes dropped EXE
-
\??\c:\j847x4u.exec:\j847x4u.exe35⤵
- Executes dropped EXE
-
\??\c:\ljc8ti0.exec:\ljc8ti0.exe36⤵
- Executes dropped EXE
-
\??\c:\phxdht.exec:\phxdht.exe37⤵
- Executes dropped EXE
-
\??\c:\314pgje.exec:\314pgje.exe38⤵
- Executes dropped EXE
-
\??\c:\92ig1.exec:\92ig1.exe39⤵
- Executes dropped EXE
-
\??\c:\d634kn3.exec:\d634kn3.exe40⤵
- Executes dropped EXE
-
\??\c:\r04o7.exec:\r04o7.exe41⤵
- Executes dropped EXE
-
\??\c:\329r691.exec:\329r691.exe42⤵
- Executes dropped EXE
-
\??\c:\6384x.exec:\6384x.exe43⤵
- Executes dropped EXE
-
\??\c:\ms346o6.exec:\ms346o6.exe44⤵
- Executes dropped EXE
-
\??\c:\onsko.exec:\onsko.exe45⤵
- Executes dropped EXE
-
\??\c:\9211r5.exec:\9211r5.exe46⤵
- Executes dropped EXE
-
\??\c:\xpxtl.exec:\xpxtl.exe47⤵
- Executes dropped EXE
-
\??\c:\000l06.exec:\000l06.exe48⤵
- Executes dropped EXE
-
\??\c:\97a0kv8.exec:\97a0kv8.exe49⤵
- Executes dropped EXE
-
\??\c:\4n0fw.exec:\4n0fw.exe50⤵
- Executes dropped EXE
-
\??\c:\b13i44.exec:\b13i44.exe51⤵
- Executes dropped EXE
-
\??\c:\vdj7cc.exec:\vdj7cc.exe52⤵
- Executes dropped EXE
-
\??\c:\wq3533.exec:\wq3533.exe53⤵
- Executes dropped EXE
-
\??\c:\94dv2.exec:\94dv2.exe54⤵
- Executes dropped EXE
-
\??\c:\f2ho4j.exec:\f2ho4j.exe55⤵
- Executes dropped EXE
-
\??\c:\v193k.exec:\v193k.exe56⤵
- Executes dropped EXE
-
\??\c:\q0akiae.exec:\q0akiae.exe57⤵
- Executes dropped EXE
-
\??\c:\od581.exec:\od581.exe58⤵
- Executes dropped EXE
-
\??\c:\v42phx0.exec:\v42phx0.exe59⤵
- Executes dropped EXE
-
\??\c:\tl8a585.exec:\tl8a585.exe60⤵
- Executes dropped EXE
-
\??\c:\j81hix.exec:\j81hix.exe61⤵
- Executes dropped EXE
-
\??\c:\u9a32q.exec:\u9a32q.exe62⤵
- Executes dropped EXE
-
\??\c:\536g21.exec:\536g21.exe63⤵
- Executes dropped EXE
-
\??\c:\b13vnl.exec:\b13vnl.exe64⤵
- Executes dropped EXE
-
\??\c:\80qku9.exec:\80qku9.exe65⤵
- Executes dropped EXE
-
\??\c:\q7191mp.exec:\q7191mp.exe66⤵
-
\??\c:\cgvw7p.exec:\cgvw7p.exe67⤵
-
\??\c:\u2nf86.exec:\u2nf86.exe68⤵
-
\??\c:\h905w3.exec:\h905w3.exe69⤵
-
\??\c:\3d8h5.exec:\3d8h5.exe70⤵
-
\??\c:\mjv771.exec:\mjv771.exe71⤵
-
\??\c:\58xp6.exec:\58xp6.exe72⤵
-
\??\c:\dug7k.exec:\dug7k.exe73⤵
-
\??\c:\f20c8.exec:\f20c8.exe74⤵
-
\??\c:\7q465f.exec:\7q465f.exe75⤵
-
\??\c:\p419t.exec:\p419t.exe76⤵
-
\??\c:\69u36c.exec:\69u36c.exe77⤵
-
\??\c:\815r4.exec:\815r4.exe78⤵
-
\??\c:\26h1c.exec:\26h1c.exe79⤵
-
\??\c:\090w33p.exec:\090w33p.exe80⤵
-
\??\c:\eq4u6s.exec:\eq4u6s.exe81⤵
-
\??\c:\1mvm5p.exec:\1mvm5p.exe82⤵
-
\??\c:\hw3dod7.exec:\hw3dod7.exe83⤵
-
\??\c:\5x3u9.exec:\5x3u9.exe84⤵
-
\??\c:\il73gs.exec:\il73gs.exe85⤵
-
\??\c:\cw93rj0.exec:\cw93rj0.exe86⤵
-
\??\c:\4951523.exec:\4951523.exe87⤵
-
\??\c:\2p72st.exec:\2p72st.exe88⤵
-
\??\c:\8hk7e.exec:\8hk7e.exe89⤵
-
\??\c:\ebk41.exec:\ebk41.exe90⤵
-
\??\c:\9j2n0.exec:\9j2n0.exe91⤵
-
\??\c:\7tk99g8.exec:\7tk99g8.exe92⤵
-
\??\c:\aqq9a.exec:\aqq9a.exe93⤵
-
\??\c:\j8o5h6.exec:\j8o5h6.exe94⤵
-
\??\c:\5ph9x.exec:\5ph9x.exe95⤵
-
\??\c:\4jemo5.exec:\4jemo5.exe96⤵
-
\??\c:\1mpe6c.exec:\1mpe6c.exe97⤵
-
\??\c:\v2m98el.exec:\v2m98el.exe98⤵
-
\??\c:\n8fs2e.exec:\n8fs2e.exe99⤵
-
\??\c:\e8u0r2e.exec:\e8u0r2e.exe100⤵
-
\??\c:\d7jxh5.exec:\d7jxh5.exe101⤵
-
\??\c:\21s3r.exec:\21s3r.exe102⤵
-
\??\c:\x7r3v96.exec:\x7r3v96.exe103⤵
-
\??\c:\jwwrb.exec:\jwwrb.exe104⤵
-
\??\c:\978xb.exec:\978xb.exe105⤵
-
\??\c:\8sqae87.exec:\8sqae87.exe106⤵
-
\??\c:\mk3343.exec:\mk3343.exe107⤵
-
\??\c:\59o9k7.exec:\59o9k7.exe108⤵
-
\??\c:\c11lj.exec:\c11lj.exe109⤵
-
\??\c:\wr373.exec:\wr373.exe110⤵
-
\??\c:\lpphdh.exec:\lpphdh.exe111⤵
-
\??\c:\62b3p0.exec:\62b3p0.exe112⤵
-
\??\c:\k43x9me.exec:\k43x9me.exe113⤵
-
\??\c:\5f45t.exec:\5f45t.exe114⤵
-
\??\c:\92c1f8.exec:\92c1f8.exe115⤵
-
\??\c:\409ke7u.exec:\409ke7u.exe116⤵
-
\??\c:\h127sod.exec:\h127sod.exe117⤵
-
\??\c:\tclvt.exec:\tclvt.exe118⤵
-
\??\c:\cmmba.exec:\cmmba.exe119⤵
-
\??\c:\6h137.exec:\6h137.exe120⤵
-
\??\c:\b9bx1.exec:\b9bx1.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-