Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
173s -
max time network
173s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
31/10/2023, 21:27
General
-
Target
NEAS.e5d76daead20c846bdc2f0671ae2bdd0_JC.exe
-
Size
407KB
-
MD5
e5d76daead20c846bdc2f0671ae2bdd0
-
SHA1
14a09f68099181e614dcde57bbc4cbe75569ab16
-
SHA256
794e24350dff4477052fa9d0fe1e5547bbcdc4e3c5aba7e83100ff0dfb60211c
-
SHA512
6cec6678fc222c2582dd51c6907a0c6111aeb783aa16b7bc29ea2c04cd4b5bbb4695a9556aaee37e40984f7fc0c73afc36ac3ac8a249df16446dd90d4f664f4f
-
SSDEEP
6144:n3C9BRo7MlrWKo+lS0Le4xRSAoq78yoyfx9FK:n3C9yMo+S0L9xRnoq7H9FK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.e5d76daead20c846bdc2f0671ae2bdd0_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.e5d76daead20c846bdc2f0671ae2bdd0_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ur57ui.exec:\ur57ui.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5khhx.exec:\5khhx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4qej3dd.exec:\4qej3dd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\345k2up.exec:\345k2up.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\967va77.exec:\967va77.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m81bk.exec:\m81bk.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t009lr.exec:\t009lr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0r731.exec:\0r731.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lot0j70.exec:\lot0j70.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p31l2j.exec:\p31l2j.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhb8890.exec:\lhb8890.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kp00414.exec:\kp00414.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3qxb55.exec:\3qxb55.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8k15n.exec:\8k15n.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\663j7.exec:\663j7.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\37ajn.exec:\37ajn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\743g4ki.exec:\743g4ki.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\53eku.exec:\53eku.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6jdnimp.exec:\6jdnimp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6fn14.exec:\6fn14.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a4ugr.exec:\a4ugr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\96n1l0.exec:\96n1l0.exe23⤵
- Executes dropped EXE
-
\??\c:\17odr9b.exec:\17odr9b.exe24⤵
- Executes dropped EXE
-
\??\c:\4ll4a3.exec:\4ll4a3.exe25⤵
- Executes dropped EXE
-
\??\c:\5j513th.exec:\5j513th.exe26⤵
- Executes dropped EXE
-
\??\c:\bi5ra6l.exec:\bi5ra6l.exe27⤵
- Executes dropped EXE
-
\??\c:\204o85.exec:\204o85.exe28⤵
- Executes dropped EXE
-
\??\c:\3wbxs.exec:\3wbxs.exe29⤵
- Executes dropped EXE
-
\??\c:\59dq3.exec:\59dq3.exe30⤵
- Executes dropped EXE
-
\??\c:\995k5n.exec:\995k5n.exe31⤵
- Executes dropped EXE
-
\??\c:\48q93.exec:\48q93.exe32⤵
- Executes dropped EXE
-
\??\c:\r1o0s9q.exec:\r1o0s9q.exe33⤵
- Executes dropped EXE
-
\??\c:\793l4.exec:\793l4.exe34⤵
- Executes dropped EXE
-
\??\c:\e6k30uf.exec:\e6k30uf.exe35⤵
- Executes dropped EXE
-
\??\c:\v4r413.exec:\v4r413.exe36⤵
- Executes dropped EXE
-
\??\c:\vmvx23.exec:\vmvx23.exe37⤵
- Executes dropped EXE
-
\??\c:\pqo04.exec:\pqo04.exe38⤵
- Executes dropped EXE
-
\??\c:\d49v7.exec:\d49v7.exe39⤵
- Executes dropped EXE
-
\??\c:\7k1oe7.exec:\7k1oe7.exe40⤵
- Executes dropped EXE
-
\??\c:\5lx71mq.exec:\5lx71mq.exe41⤵
- Executes dropped EXE
-
\??\c:\1a2i7m.exec:\1a2i7m.exe42⤵
- Executes dropped EXE
-
\??\c:\x571h7.exec:\x571h7.exe43⤵
- Executes dropped EXE
-
\??\c:\d56en.exec:\d56en.exe44⤵
- Executes dropped EXE
-
\??\c:\ijw0e88.exec:\ijw0e88.exe45⤵
- Executes dropped EXE
-
\??\c:\3m927h.exec:\3m927h.exe46⤵
- Executes dropped EXE
-
\??\c:\csj272.exec:\csj272.exe47⤵
- Executes dropped EXE
-
\??\c:\8n6x8.exec:\8n6x8.exe48⤵
- Executes dropped EXE
-
\??\c:\q60o9.exec:\q60o9.exe49⤵
- Executes dropped EXE
-
\??\c:\8749c33.exec:\8749c33.exe50⤵
-
\??\c:\wood7.exec:\wood7.exe51⤵
- Executes dropped EXE
-
\??\c:\0sm1uc1.exec:\0sm1uc1.exe52⤵
- Executes dropped EXE
-
\??\c:\7v73d11.exec:\7v73d11.exe53⤵
- Executes dropped EXE
-
\??\c:\agaq4.exec:\agaq4.exe54⤵
- Executes dropped EXE
-
\??\c:\x37w0.exec:\x37w0.exe55⤵
- Executes dropped EXE
-
\??\c:\8olv3.exec:\8olv3.exe56⤵
- Executes dropped EXE
-
\??\c:\3674j7.exec:\3674j7.exe57⤵
- Executes dropped EXE
-
\??\c:\hs1170e.exec:\hs1170e.exe58⤵
- Executes dropped EXE
-
\??\c:\737ko.exec:\737ko.exe59⤵
- Executes dropped EXE
-
\??\c:\1010hi.exec:\1010hi.exe60⤵
- Executes dropped EXE
-
\??\c:\k0514bd.exec:\k0514bd.exe61⤵
- Executes dropped EXE
-
\??\c:\mvm9e5.exec:\mvm9e5.exe62⤵
- Executes dropped EXE
-
\??\c:\1ek3lo8.exec:\1ek3lo8.exe63⤵
- Executes dropped EXE
-
\??\c:\274khg6.exec:\274khg6.exe64⤵
- Executes dropped EXE
-
\??\c:\0w98h.exec:\0w98h.exe65⤵
- Executes dropped EXE
-
\??\c:\795rt0.exec:\795rt0.exe66⤵
- Executes dropped EXE
-
\??\c:\432j55.exec:\432j55.exe67⤵
-
\??\c:\91lcs.exec:\91lcs.exe68⤵
-
\??\c:\sr950.exec:\sr950.exe69⤵
-
\??\c:\1kkom9.exec:\1kkom9.exe70⤵
-
\??\c:\6a1pa.exec:\6a1pa.exe71⤵
-
\??\c:\1683c.exec:\1683c.exe72⤵
-
\??\c:\740nnq.exec:\740nnq.exe73⤵
-
\??\c:\63cjq4.exec:\63cjq4.exe74⤵
-
\??\c:\75g5h75.exec:\75g5h75.exe75⤵
-
\??\c:\v6ql16.exec:\v6ql16.exe76⤵
-
\??\c:\8idwc7d.exec:\8idwc7d.exe77⤵
-
\??\c:\p51r9.exec:\p51r9.exe78⤵
-
\??\c:\jjs9tt1.exec:\jjs9tt1.exe79⤵
-
\??\c:\e8cvet.exec:\e8cvet.exe80⤵
-
\??\c:\j44s0.exec:\j44s0.exe81⤵
-
\??\c:\hw8791.exec:\hw8791.exe82⤵
-
\??\c:\1bsrsgb.exec:\1bsrsgb.exe83⤵
-
\??\c:\320ne.exec:\320ne.exe84⤵
-
\??\c:\f3kq7c.exec:\f3kq7c.exe85⤵
-
\??\c:\oolin.exec:\oolin.exe86⤵
-
\??\c:\s4ica7n.exec:\s4ica7n.exe87⤵
-
\??\c:\epsmk.exec:\epsmk.exe88⤵
-
\??\c:\1667ox.exec:\1667ox.exe89⤵
-
\??\c:\8amg0.exec:\8amg0.exe90⤵
-
\??\c:\s75497c.exec:\s75497c.exe91⤵
-
\??\c:\7v3k2x9.exec:\7v3k2x9.exe92⤵
-
\??\c:\2w7udl2.exec:\2w7udl2.exe93⤵
-
\??\c:\02457q.exec:\02457q.exe94⤵
-
\??\c:\0s0m5.exec:\0s0m5.exe95⤵
-
\??\c:\1jcud.exec:\1jcud.exe96⤵
-
\??\c:\s09s5.exec:\s09s5.exe97⤵
-
\??\c:\cdmpe.exec:\cdmpe.exe98⤵
-
\??\c:\369wbho.exec:\369wbho.exe99⤵
-
\??\c:\dnc8i.exec:\dnc8i.exe100⤵
-
\??\c:\8fc9937.exec:\8fc9937.exe101⤵
-
\??\c:\qq3n473.exec:\qq3n473.exe102⤵
-
\??\c:\ca18o7.exec:\ca18o7.exe103⤵
-
\??\c:\f468ur.exec:\f468ur.exe104⤵
-
\??\c:\cf073.exec:\cf073.exe105⤵
-
\??\c:\80n43u5.exec:\80n43u5.exe106⤵
-
\??\c:\770q5.exec:\770q5.exe107⤵
-
\??\c:\pliod1.exec:\pliod1.exe108⤵
-
\??\c:\5385w.exec:\5385w.exe109⤵
-
\??\c:\ev1gg.exec:\ev1gg.exe110⤵
-
\??\c:\ksd79.exec:\ksd79.exe111⤵
-
\??\c:\xg1037t.exec:\xg1037t.exe112⤵
-
\??\c:\jh2kr.exec:\jh2kr.exe113⤵
-
\??\c:\k37dh3.exec:\k37dh3.exe114⤵
-
\??\c:\11jm5t4.exec:\11jm5t4.exe115⤵
-
\??\c:\p5499o.exec:\p5499o.exe116⤵
-
\??\c:\77noc.exec:\77noc.exe117⤵
-
\??\c:\ic6oj8.exec:\ic6oj8.exe118⤵
-
\??\c:\hek25.exec:\hek25.exe119⤵
-
\??\c:\9p6s7.exec:\9p6s7.exe120⤵
-
\??\c:\buupn9.exec:\buupn9.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-