Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

NEAS.c56fd...JC.exe

windows7-x64

10

NEAS.c56fd...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    1s
  • max time network
    7s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/10/2023, 00:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.c56fd8ae55fac1c449a1492f20c095a0_JC.exe

  • Size

    392KB

  • MD5

    c56fd8ae55fac1c449a1492f20c095a0

  • SHA1

    9dc8cf6ec6069a8cf0a3b83f62b0ec00ad6c6d72

  • SHA256

    5a66dec96a86d26eeefe918dc19bc5f3ae8556d52dc26b41d43489438bd1dacb

  • SHA512

    84b2bcd49124fd5a9a2dd416f6d9692a9714c7b3747c447063502c7eddcb17c1979e3c7fafd5b2fa4890ed651bba1df3cc80f8a83db1e21aadf4a2d71aded466

  • SSDEEP

    12288:n3C9uDVFSjA8uhwI7FjpjUEq0rczZhfihmCJXb3dV:SnhQ9z

Score
10/10
blackmoonbankertrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 4 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.c56fd8ae55fac1c449a1492f20c095a0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c56fd8ae55fac1c449a1492f20c095a0_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2244
    • \??\c:\pt899.exe
      c:\pt899.exe
      2⤵
      • Executes dropped EXE
      PID:3144
      • \??\c:\gwgu4nu.exe
        c:\gwgu4nu.exe
        3⤵
          PID:3228
          • \??\c:\26795.exe
            c:\26795.exe
            4⤵
              PID:2520
              • \??\c:\imook.exe
                c:\imook.exe
                5⤵
                  PID:3068

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\26795.exe
          Filesize

          392KB

          MD5

          8a5a6e514f8d99883979f0fe9312aabb

          SHA1

          6410b3ddd1ed7e0202293751b5fe1757a6825d0e

          SHA256

          bffbb6780d82a4848c6a9dbf41058ae8791bdedbbdb32339d54c53371a830160

          SHA512

          b5be89cf83fc780514f7aaf4f3d6a728f3f51f054905bba1ef54deaf0b73ec8aaeaad2a98ac994f0e65187d6c13ec0e322041023cc0ba4ff834c18b987a3b424

          Download Submit

        • C:\26795.exe
          Filesize

          392KB

          MD5

          8a5a6e514f8d99883979f0fe9312aabb

          SHA1

          6410b3ddd1ed7e0202293751b5fe1757a6825d0e

          SHA256

          bffbb6780d82a4848c6a9dbf41058ae8791bdedbbdb32339d54c53371a830160

          SHA512

          b5be89cf83fc780514f7aaf4f3d6a728f3f51f054905bba1ef54deaf0b73ec8aaeaad2a98ac994f0e65187d6c13ec0e322041023cc0ba4ff834c18b987a3b424

          Download Submit

        • C:\gwgu4nu.exe
          Filesize

          392KB

          MD5

          3042deea2a41febb4555aea9209e4de8

          SHA1

          bde75483f2131a803f8ab6bb3c4abba028e48b78

          SHA256

          c2aa79d046b9eb8fd6de38c634580d284d02845ef5ec8abf0a3a0b4ce8216daa

          SHA512

          d655cc5fdf5d860d63a04afb874707804b48f5bf777ed991ed8da83299c45697833a29026cc412bc96bf3ecacd3bfbaa9d2e0c54d5cecf9e9ee62f4e05229c8e

          Download Submit

        • C:\imook.exe
          Filesize

          392KB

          MD5

          d8efd7ac0b4c7884566cda09948b050d

          SHA1

          8e19acbd2e636c21d4e187bc604b7fcaccfbd929

          SHA256

          2ef001d46acf1fb696103407139cd29e0f183a0c6aa0f45b861b829339d1e9ea

          SHA512

          57b0bc96d8b23064b5556339426eaf028391890827cf1ec770641a0d3efaccf0dee1b95e997ad32c99905e0e2c0efe84454528fac3c16cd54c8b20bae3a958e0

          Download Submit

        • C:\pt899.exe
          Filesize

          392KB

          MD5

          6a7980b4926f4f96dbbe763150538a8c

          SHA1

          4ccc9ebd350e6aa64c89445fe77f82f8e1ad6952

          SHA256

          8e78c9247676068763a016c6b359e61259a21ba65e644c194ab46caf3859f9d8

          SHA512

          e9a05d2a50c197bb818f242b71909a7aa8bd61d9e57dd3be9835cee4f9cdc622be7dd22ae6f6929cce5fb72083f67888c9c3e301c4f497fd25d91640140f33c9

          Download Submit

        • \??\c:\26795.exe
          Filesize

          392KB

          MD5

          8a5a6e514f8d99883979f0fe9312aabb

          SHA1

          6410b3ddd1ed7e0202293751b5fe1757a6825d0e

          SHA256

          bffbb6780d82a4848c6a9dbf41058ae8791bdedbbdb32339d54c53371a830160

          SHA512

          b5be89cf83fc780514f7aaf4f3d6a728f3f51f054905bba1ef54deaf0b73ec8aaeaad2a98ac994f0e65187d6c13ec0e322041023cc0ba4ff834c18b987a3b424

          Download Submit

        • \??\c:\gwgu4nu.exe
          Filesize

          392KB

          MD5

          3042deea2a41febb4555aea9209e4de8

          SHA1

          bde75483f2131a803f8ab6bb3c4abba028e48b78

          SHA256

          c2aa79d046b9eb8fd6de38c634580d284d02845ef5ec8abf0a3a0b4ce8216daa

          SHA512

          d655cc5fdf5d860d63a04afb874707804b48f5bf777ed991ed8da83299c45697833a29026cc412bc96bf3ecacd3bfbaa9d2e0c54d5cecf9e9ee62f4e05229c8e

          Download Submit

        • \??\c:\imook.exe
          Filesize

          66KB

          MD5

          bb894bef51ff94282c07054eff54f927

          SHA1

          1d28fd6c9bcb28c78fbd00a217a9ab21b394c3b5

          SHA256

          1a98fffb5a8918e6ff0ff074bd416c1f96899cf8d17a20b2c23c16a06273e82a

          SHA512

          d3c6d1cefa7e466967e187fa93bdc421da96c4d519a46aa091256931a36cfae784d34b40c62748bd7b5ad3882058fd3e044b29f9eaa6dda9938b3d92a5c1b206

          Download Submit

        • \??\c:\pt899.exe
          Filesize

          392KB

          MD5

          6a7980b4926f4f96dbbe763150538a8c

          SHA1

          4ccc9ebd350e6aa64c89445fe77f82f8e1ad6952

          SHA256

          8e78c9247676068763a016c6b359e61259a21ba65e644c194ab46caf3859f9d8

          SHA512

          e9a05d2a50c197bb818f242b71909a7aa8bd61d9e57dd3be9835cee4f9cdc622be7dd22ae6f6929cce5fb72083f67888c9c3e301c4f497fd25d91640140f33c9

          Download Submit

        • memory/2244-3-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

          Download

        • memory/2244-1-0x0000000000580000-0x000000000058C000-memory.dmp

          Filesize

          48KB

          Download

        • memory/2244-2-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

          Download

        • memory/2244-0-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

          Download

        • memory/2520-26-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

          Download

        • memory/3144-10-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

          Download

        • memory/3144-12-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

          Download

        • memory/3228-20-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

          Download

        • memory/3228-18-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

          Download