Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
28/10/2023, 18:02
General
-
Target
NEAS.0ac3ce8d2ccb2a9a51d11c45bcc961f0.exe
-
Size
54KB
-
MD5
0ac3ce8d2ccb2a9a51d11c45bcc961f0
-
SHA1
86ca62f379bb837f7acf7d99ea7c2913f82db928
-
SHA256
f8e0db83aef1e4cfdcf17cc2815c03a8a2e84a1ba81045edea8d332d9fab3f53
-
SHA512
4276c501051bb937c47c2b3b4860ef55cc16b253ab0c64d0962287fd1bb432adcc77c4c633be00fdb833ca42b559611a611984567b398338555f9c21019ce640
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdOW:ymb3NkkiQ3mdBjFIFdOW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.0ac3ce8d2ccb2a9a51d11c45bcc961f0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.0ac3ce8d2ccb2a9a51d11c45bcc961f0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tx1k3.exec:\tx1k3.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\sww97q.exec:\sww97q.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\918o6u.exec:\918o6u.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ed27w4h.exec:\ed27w4h.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\60045dg.exec:\60045dg.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u71f5.exec:\u71f5.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wqieo5.exec:\wqieo5.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dbqt6l3.exec:\dbqt6l3.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\80a7j.exec:\80a7j.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8355mv3.exec:\8355mv3.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3w59x5m.exec:\3w59x5m.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qim861f.exec:\qim861f.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\07kbuqi.exec:\07kbuqi.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1967124.exec:\1967124.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\td3q5gi.exec:\td3q5gi.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\egwgk.exec:\egwgk.exe17⤵
- Executes dropped EXE
-
\??\c:\q2n5sgk.exec:\q2n5sgk.exe18⤵
- Executes dropped EXE
-
\??\c:\2s208o4.exec:\2s208o4.exe19⤵
- Executes dropped EXE
-
\??\c:\fqeq9w.exec:\fqeq9w.exe20⤵
- Executes dropped EXE
-
\??\c:\88oow.exec:\88oow.exe21⤵
- Executes dropped EXE
-
\??\c:\2351jin.exec:\2351jin.exe22⤵
- Executes dropped EXE
-
\??\c:\p4679j1.exec:\p4679j1.exe23⤵
- Executes dropped EXE
-
\??\c:\j6213j.exec:\j6213j.exe24⤵
- Executes dropped EXE
-
\??\c:\oi371h.exec:\oi371h.exe25⤵
- Executes dropped EXE
-
\??\c:\076ggi3.exec:\076ggi3.exe26⤵
- Executes dropped EXE
-
\??\c:\3dov4.exec:\3dov4.exe27⤵
- Executes dropped EXE
-
\??\c:\53wp7q.exec:\53wp7q.exe28⤵
- Executes dropped EXE
-
\??\c:\7u14n1.exec:\7u14n1.exe29⤵
- Executes dropped EXE
-
\??\c:\831xcru.exec:\831xcru.exe30⤵
- Executes dropped EXE
-
\??\c:\02n2wq5.exec:\02n2wq5.exe31⤵
- Executes dropped EXE
-
\??\c:\9b6qhw.exec:\9b6qhw.exe32⤵
- Executes dropped EXE
-
\??\c:\x361w5.exec:\x361w5.exe33⤵
- Executes dropped EXE
-
\??\c:\i7o39.exec:\i7o39.exe34⤵
- Executes dropped EXE
-
\??\c:\bg150.exec:\bg150.exe35⤵
- Executes dropped EXE
-
\??\c:\v8m71t.exec:\v8m71t.exe36⤵
- Executes dropped EXE
-
\??\c:\7alj12.exec:\7alj12.exe37⤵
- Executes dropped EXE
-
\??\c:\l96s32.exec:\l96s32.exe38⤵
- Executes dropped EXE
-
\??\c:\5m369o.exec:\5m369o.exe39⤵
- Executes dropped EXE
-
\??\c:\o9eu54.exec:\o9eu54.exe40⤵
- Executes dropped EXE
-
\??\c:\a6ea9e.exec:\a6ea9e.exe41⤵
- Executes dropped EXE
-
\??\c:\o532u.exec:\o532u.exe42⤵
- Executes dropped EXE
-
\??\c:\6ee61n.exec:\6ee61n.exe43⤵
- Executes dropped EXE
-
\??\c:\63gp6.exec:\63gp6.exe44⤵
- Executes dropped EXE
-
\??\c:\014u0m7.exec:\014u0m7.exe45⤵
- Executes dropped EXE
-
\??\c:\vb3mwm6.exec:\vb3mwm6.exe46⤵
- Executes dropped EXE
-
\??\c:\5ml7a.exec:\5ml7a.exe47⤵
- Executes dropped EXE
-
\??\c:\2na6cit.exec:\2na6cit.exe48⤵
- Executes dropped EXE
-
\??\c:\i3i99d.exec:\i3i99d.exe49⤵
- Executes dropped EXE
-
\??\c:\2phvdg.exec:\2phvdg.exe50⤵
- Executes dropped EXE
-
\??\c:\xaakh.exec:\xaakh.exe51⤵
- Executes dropped EXE
-
\??\c:\5w5wx3.exec:\5w5wx3.exe52⤵
- Executes dropped EXE
-
\??\c:\cq9w0.exec:\cq9w0.exe53⤵
- Executes dropped EXE
-
\??\c:\2w3q305.exec:\2w3q305.exe54⤵
- Executes dropped EXE
-
\??\c:\1w50b.exec:\1w50b.exe55⤵
- Executes dropped EXE
-
\??\c:\gq0191.exec:\gq0191.exe56⤵
- Executes dropped EXE
-
\??\c:\i1jd4.exec:\i1jd4.exe57⤵
- Executes dropped EXE
-
\??\c:\5n31mt3.exec:\5n31mt3.exe58⤵
- Executes dropped EXE
-
\??\c:\i6qm1.exec:\i6qm1.exe59⤵
- Executes dropped EXE
-
\??\c:\s8g7u7.exec:\s8g7u7.exe60⤵
- Executes dropped EXE
-
\??\c:\d203xj3.exec:\d203xj3.exe61⤵
- Executes dropped EXE
-
\??\c:\ts125.exec:\ts125.exe62⤵
- Executes dropped EXE
-
\??\c:\v3347.exec:\v3347.exe63⤵
- Executes dropped EXE
-
\??\c:\2970bm6.exec:\2970bm6.exe64⤵
- Executes dropped EXE
-
\??\c:\98g9qi1.exec:\98g9qi1.exe65⤵
- Executes dropped EXE
-
\??\c:\e2q25e.exec:\e2q25e.exe66⤵
-
\??\c:\akua92.exec:\akua92.exe67⤵
-
\??\c:\vrqqci.exec:\vrqqci.exe68⤵
-
\??\c:\19ie9.exec:\19ie9.exe69⤵
-
\??\c:\mw14ii.exec:\mw14ii.exe70⤵
-
\??\c:\haicc.exec:\haicc.exe71⤵
-
\??\c:\5t76l5.exec:\5t76l5.exe72⤵
-
\??\c:\68el180.exec:\68el180.exe73⤵
-
\??\c:\kckj2u.exec:\kckj2u.exe74⤵
-
\??\c:\p677r.exec:\p677r.exe75⤵
-
\??\c:\1v9qk.exec:\1v9qk.exe76⤵
-
\??\c:\9903gt7.exec:\9903gt7.exe77⤵
-
\??\c:\uw3ia.exec:\uw3ia.exe78⤵
-
\??\c:\98pe37.exec:\98pe37.exe79⤵
-
\??\c:\jskoma.exec:\jskoma.exe80⤵
-
\??\c:\36e49.exec:\36e49.exe81⤵
-
\??\c:\8p8in9.exec:\8p8in9.exe82⤵
-
\??\c:\9936t.exec:\9936t.exe83⤵
-
\??\c:\15ec10c.exec:\15ec10c.exe84⤵
-
\??\c:\7991d.exec:\7991d.exe85⤵
-
\??\c:\oci1ea.exec:\oci1ea.exe86⤵
-
\??\c:\08krb9.exec:\08krb9.exe87⤵
-
\??\c:\82x46e5.exec:\82x46e5.exe88⤵
-
\??\c:\66131o.exec:\66131o.exe89⤵
-
\??\c:\db33uw.exec:\db33uw.exe90⤵
-
\??\c:\jg45t.exec:\jg45t.exe91⤵
-
\??\c:\9355e59.exec:\9355e59.exe92⤵
-
\??\c:\5147i53.exec:\5147i53.exe93⤵
-
\??\c:\vw1873.exec:\vw1873.exe94⤵
-
\??\c:\9v0m3ot.exec:\9v0m3ot.exe95⤵
-
\??\c:\n7439xb.exec:\n7439xb.exe96⤵
-
\??\c:\53mr6a.exec:\53mr6a.exe97⤵
-
\??\c:\738bcj1.exec:\738bcj1.exe98⤵
-
\??\c:\1d7fa.exec:\1d7fa.exe99⤵
-
\??\c:\ks59t5.exec:\ks59t5.exe100⤵
-
\??\c:\jx1kd.exec:\jx1kd.exe101⤵
-
\??\c:\h7o19w.exec:\h7o19w.exe102⤵
-
\??\c:\3v7jqdc.exec:\3v7jqdc.exe103⤵
-
\??\c:\24m4q.exec:\24m4q.exe104⤵
-
\??\c:\r0rck51.exec:\r0rck51.exe105⤵
-
\??\c:\k4w94.exec:\k4w94.exe106⤵
-
\??\c:\15943.exec:\15943.exe107⤵
-
\??\c:\85ii7.exec:\85ii7.exe108⤵
-
\??\c:\63kkci2.exec:\63kkci2.exe109⤵
-
\??\c:\pr397s.exec:\pr397s.exe110⤵
-
\??\c:\fs53u.exec:\fs53u.exe111⤵
-
\??\c:\9911wf1.exec:\9911wf1.exe112⤵
-
\??\c:\7t0g1oa.exec:\7t0g1oa.exe113⤵
-
\??\c:\1a31j7i.exec:\1a31j7i.exe114⤵
-
\??\c:\5kd39m7.exec:\5kd39m7.exe115⤵
-
\??\c:\df4e7.exec:\df4e7.exe116⤵
-
\??\c:\89958r1.exec:\89958r1.exe117⤵
-
\??\c:\g6gw7ma.exec:\g6gw7ma.exe118⤵
-
\??\c:\45nf7.exec:\45nf7.exe119⤵
-
\??\c:\8927kt.exec:\8927kt.exe120⤵
-
\??\c:\5x6l9g.exec:\5x6l9g.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-