Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
154s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
31/10/2023, 08:50
General
-
Target
NEAS.075eaef9554b973e915d6df0ea938a20.exe
-
Size
470KB
-
MD5
075eaef9554b973e915d6df0ea938a20
-
SHA1
1f73385ae2cfd606e248a324db0020e8197e46e1
-
SHA256
c770e7ab6aa0d80143647be6253b70e9d7bd13b49c374476dabd3d935813a8b4
-
SHA512
e893eee92afd393bdea01e7fad539677cac8533f0101cefb272dd30d99177fa14991d0d80b6407594cc0bc115ca76763d325438fd23e729d559b1a9b444a184f
-
SSDEEP
12288:n3C9uDVw6326pKZ9asZqoZHz+evcn0Meh2FCw:Su326p0aroZt0qw
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 54 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.075eaef9554b973e915d6df0ea938a20.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.075eaef9554b973e915d6df0ea938a20.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\kc9g3.exec:\kc9g3.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a5m7gu.exec:\a5m7gu.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lah1g9.exec:\lah1g9.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\asqm6c.exec:\asqm6c.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0gi3ch.exec:\0gi3ch.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5b91sg1.exec:\5b91sg1.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3f497.exec:\3f497.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\67h7m.exec:\67h7m.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0m9lb8.exec:\0m9lb8.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f56i34k.exec:\f56i34k.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0u3sg.exec:\0u3sg.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\uu2i36.exec:\uu2i36.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wsgic.exec:\wsgic.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4swhtc8.exec:\4swhtc8.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xk52c.exec:\xk52c.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\85ai16h.exec:\85ai16h.exe17⤵
- Executes dropped EXE
-
\??\c:\83q8w1s.exec:\83q8w1s.exe18⤵
- Executes dropped EXE
-
\??\c:\3319s5.exec:\3319s5.exe19⤵
- Executes dropped EXE
-
\??\c:\8532v7.exec:\8532v7.exe20⤵
- Executes dropped EXE
-
\??\c:\2tm57.exec:\2tm57.exe21⤵
- Executes dropped EXE
-
\??\c:\i76o21e.exec:\i76o21e.exe22⤵
- Executes dropped EXE
-
\??\c:\tp7e1q.exec:\tp7e1q.exe23⤵
- Executes dropped EXE
-
\??\c:\ub3o78.exec:\ub3o78.exe24⤵
- Executes dropped EXE
-
\??\c:\e79l9il.exec:\e79l9il.exe25⤵
- Executes dropped EXE
-
\??\c:\g5g8f7a.exec:\g5g8f7a.exe26⤵
- Executes dropped EXE
-
\??\c:\x7i85.exec:\x7i85.exe27⤵
- Executes dropped EXE
-
\??\c:\6o9de.exec:\6o9de.exe28⤵
- Executes dropped EXE
-
\??\c:\9775w1.exec:\9775w1.exe29⤵
- Executes dropped EXE
-
\??\c:\e3n5p5w.exec:\e3n5p5w.exe30⤵
- Executes dropped EXE
-
\??\c:\t1t1d1a.exec:\t1t1d1a.exe31⤵
- Executes dropped EXE
-
\??\c:\o2ikw.exec:\o2ikw.exe32⤵
- Executes dropped EXE
-
\??\c:\pggum.exec:\pggum.exe33⤵
- Executes dropped EXE
-
\??\c:\qg6o7i.exec:\qg6o7i.exe34⤵
- Executes dropped EXE
-
\??\c:\g11m9g.exec:\g11m9g.exe35⤵
- Executes dropped EXE
-
\??\c:\ahm221.exec:\ahm221.exe36⤵
- Executes dropped EXE
-
\??\c:\jmusd2.exec:\jmusd2.exe37⤵
- Executes dropped EXE
-
\??\c:\1r3qx1s.exec:\1r3qx1s.exe38⤵
- Executes dropped EXE
-
\??\c:\i506uo.exec:\i506uo.exe39⤵
- Executes dropped EXE
-
\??\c:\xc77tm1.exec:\xc77tm1.exe40⤵
- Executes dropped EXE
-
\??\c:\90u57.exec:\90u57.exe41⤵
- Executes dropped EXE
-
\??\c:\m4mro.exec:\m4mro.exe42⤵
- Executes dropped EXE
-
\??\c:\9c0c6c.exec:\9c0c6c.exe43⤵
- Executes dropped EXE
-
\??\c:\g0q5a.exec:\g0q5a.exe44⤵
- Executes dropped EXE
-
\??\c:\t191a97.exec:\t191a97.exe45⤵
- Executes dropped EXE
-
\??\c:\331s1.exec:\331s1.exe46⤵
- Executes dropped EXE
-
\??\c:\278x2in.exec:\278x2in.exe47⤵
- Executes dropped EXE
-
\??\c:\p11g3s.exec:\p11g3s.exe48⤵
- Executes dropped EXE
-
\??\c:\51ok7.exec:\51ok7.exe49⤵
- Executes dropped EXE
-
\??\c:\9pi7q.exec:\9pi7q.exe50⤵
- Executes dropped EXE
-
\??\c:\mcn9w.exec:\mcn9w.exe51⤵
- Executes dropped EXE
-
\??\c:\iwj7en.exec:\iwj7en.exe52⤵
- Executes dropped EXE
-
\??\c:\gi790.exec:\gi790.exe53⤵
- Executes dropped EXE
-
\??\c:\22f3lc.exec:\22f3lc.exe54⤵
- Executes dropped EXE
-
\??\c:\0kn39.exec:\0kn39.exe55⤵
- Executes dropped EXE
-
\??\c:\r1gjx7m.exec:\r1gjx7m.exe56⤵
- Executes dropped EXE
-
\??\c:\wi7i14i.exec:\wi7i14i.exe57⤵
- Executes dropped EXE
-
\??\c:\fik9m.exec:\fik9m.exe58⤵
- Executes dropped EXE
-
\??\c:\s1i58p.exec:\s1i58p.exe59⤵
- Executes dropped EXE
-
\??\c:\x2ppr0.exec:\x2ppr0.exe60⤵
- Executes dropped EXE
-
\??\c:\o809vh.exec:\o809vh.exe61⤵
- Executes dropped EXE
-
\??\c:\kc1a36.exec:\kc1a36.exe62⤵
- Executes dropped EXE
-
\??\c:\o7mk71p.exec:\o7mk71p.exe63⤵
- Executes dropped EXE
-
\??\c:\gdv421.exec:\gdv421.exe64⤵
- Executes dropped EXE
-
\??\c:\7wt5as9.exec:\7wt5as9.exe65⤵
- Executes dropped EXE
-
\??\c:\5q8311k.exec:\5q8311k.exe66⤵
-
\??\c:\tw11i6.exec:\tw11i6.exe67⤵
-
\??\c:\fr79mv3.exec:\fr79mv3.exe68⤵
-
\??\c:\d9919a.exec:\d9919a.exe69⤵
-
\??\c:\5s13mkj.exec:\5s13mkj.exe70⤵
-
\??\c:\2iu1a.exec:\2iu1a.exe71⤵
-
\??\c:\ku19954.exec:\ku19954.exe72⤵
-
\??\c:\m0l23.exec:\m0l23.exe73⤵
-
\??\c:\uc58l.exec:\uc58l.exe74⤵
-
\??\c:\2o7327.exec:\2o7327.exe75⤵
-
\??\c:\07cq39a.exec:\07cq39a.exe76⤵
-
\??\c:\7e9m5cf.exec:\7e9m5cf.exe77⤵
-
\??\c:\g30ee.exec:\g30ee.exe78⤵
-
\??\c:\sj0m17i.exec:\sj0m17i.exe79⤵
-
\??\c:\0i7j439.exec:\0i7j439.exe80⤵
-
\??\c:\c10k5.exec:\c10k5.exe81⤵
-
\??\c:\8c158w.exec:\8c158w.exe82⤵
-
\??\c:\11912e.exec:\11912e.exe83⤵
-
\??\c:\53u5j.exec:\53u5j.exe84⤵
-
\??\c:\lm765.exec:\lm765.exe85⤵
-
\??\c:\e7e9o.exec:\e7e9o.exe86⤵
-
\??\c:\om7a6.exec:\om7a6.exe87⤵
-
\??\c:\v1eo8w.exec:\v1eo8w.exe88⤵
-
\??\c:\bfmj54v.exec:\bfmj54v.exe89⤵
-
\??\c:\9951mdw.exec:\9951mdw.exe90⤵
-
\??\c:\qcm5t.exec:\qcm5t.exe91⤵
-
\??\c:\3fcw31l.exec:\3fcw31l.exe92⤵
-
\??\c:\d441vs.exec:\d441vs.exe93⤵
-
\??\c:\89s1ch1.exec:\89s1ch1.exe94⤵
-
\??\c:\vw9kf.exec:\vw9kf.exe95⤵
-
\??\c:\6s71ub.exec:\6s71ub.exe96⤵
-
\??\c:\2mm1jd2.exec:\2mm1jd2.exe97⤵
-
\??\c:\1n7qw.exec:\1n7qw.exe98⤵
-
\??\c:\5j7q3p9.exec:\5j7q3p9.exe99⤵
-
\??\c:\1x7t5m.exec:\1x7t5m.exe100⤵
-
\??\c:\k1q18.exec:\k1q18.exe101⤵
-
\??\c:\41f7s7i.exec:\41f7s7i.exe102⤵
-
\??\c:\25g9l9.exec:\25g9l9.exe103⤵
-
\??\c:\5i5uv.exec:\5i5uv.exe104⤵
-
\??\c:\m4kr8cj.exec:\m4kr8cj.exe105⤵
-
\??\c:\0wu7a.exec:\0wu7a.exe106⤵
-
\??\c:\3m12ix1.exec:\3m12ix1.exe107⤵
-
\??\c:\m4wis.exec:\m4wis.exe108⤵
-
\??\c:\d8io611.exec:\d8io611.exe109⤵
-
\??\c:\c5u5s.exec:\c5u5s.exe110⤵
-
\??\c:\8ih9s.exec:\8ih9s.exe111⤵
-
\??\c:\2g5ob2.exec:\2g5ob2.exe112⤵
-
\??\c:\dv89qb.exec:\dv89qb.exe113⤵
-
\??\c:\454bm.exec:\454bm.exe114⤵
-
\??\c:\vw3gt6u.exec:\vw3gt6u.exe115⤵
-
\??\c:\69p337.exec:\69p337.exe116⤵
-
\??\c:\8c1gr2.exec:\8c1gr2.exe117⤵
-
\??\c:\3or9x7e.exec:\3or9x7e.exe118⤵
-
\??\c:\29g63o9.exec:\29g63o9.exe119⤵
-
\??\c:\433q74.exec:\433q74.exe120⤵
-
\??\c:\vo3o5s2.exec:\vo3o5s2.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-