Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
170s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
01/11/2023, 14:15
General
-
Target
NEAS.992b9204f18dc4ec02973dd1f5bb5600.exe
-
Size
87KB
-
MD5
992b9204f18dc4ec02973dd1f5bb5600
-
SHA1
5113e3039db8db6104f9a9806b59b54c5f750de4
-
SHA256
1bed5fd6213c8e2ed4bb290f2bb23c66a947a4e2d5713c1852193fafe135477f
-
SHA512
f2b9ef4f750b732276ef2806796bea3adf5cbfa99404e6755940f61c959bc3fa2f322be299a8fdc7f6d58b8733a460d9125e254baa9fbbd1d7ea9f18a9413071
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1gq6toilpUsp70DDIL:ymb3NkkiQ3mdBjFoLkmo+UU7yEL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 33 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 63 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.992b9204f18dc4ec02973dd1f5bb5600.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.992b9204f18dc4ec02973dd1f5bb5600.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bk07n4.exec:\bk07n4.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\900cmj.exec:\900cmj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9o842.exec:\9o842.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\60c9a.exec:\60c9a.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3x2641.exec:\3x2641.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s6wli3.exec:\s6wli3.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0a7937.exec:\0a7937.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\af7q39.exec:\af7q39.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2s616.exec:\2s616.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kvex107.exec:\kvex107.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6q453it.exec:\6q453it.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f48o94.exec:\f48o94.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6kx99p9.exec:\6kx99p9.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j16c1i.exec:\j16c1i.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b9ix6.exec:\b9ix6.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvq44.exec:\pvq44.exe17⤵
- Executes dropped EXE
-
\??\c:\8a4033u.exec:\8a4033u.exe18⤵
- Executes dropped EXE
-
\??\c:\2h19189.exec:\2h19189.exe19⤵
- Executes dropped EXE
-
\??\c:\0afj6a.exec:\0afj6a.exe20⤵
- Executes dropped EXE
-
\??\c:\5m341h9.exec:\5m341h9.exe21⤵
- Executes dropped EXE
-
\??\c:\5k35hn7.exec:\5k35hn7.exe22⤵
- Executes dropped EXE
-
\??\c:\2ume6.exec:\2ume6.exe23⤵
- Executes dropped EXE
-
\??\c:\rg54c9b.exec:\rg54c9b.exe24⤵
- Executes dropped EXE
-
\??\c:\67643p6.exec:\67643p6.exe25⤵
- Executes dropped EXE
-
\??\c:\hb4x2ks.exec:\hb4x2ks.exe26⤵
- Executes dropped EXE
-
\??\c:\mssg9w.exec:\mssg9w.exe27⤵
- Executes dropped EXE
-
\??\c:\5913p.exec:\5913p.exe28⤵
- Executes dropped EXE
-
\??\c:\792g9.exec:\792g9.exe29⤵
- Executes dropped EXE
-
\??\c:\ac1jp6r.exec:\ac1jp6r.exe30⤵
- Executes dropped EXE
-
\??\c:\cg3hfe6.exec:\cg3hfe6.exe31⤵
- Executes dropped EXE
-
\??\c:\4tae8rw.exec:\4tae8rw.exe32⤵
- Executes dropped EXE
-
\??\c:\j2cvf27.exec:\j2cvf27.exe33⤵
- Executes dropped EXE
-
\??\c:\kt02x9.exec:\kt02x9.exe34⤵
- Executes dropped EXE
-
\??\c:\6g8e0.exec:\6g8e0.exe35⤵
- Executes dropped EXE
-
\??\c:\msd5u.exec:\msd5u.exe36⤵
- Executes dropped EXE
-
\??\c:\7ihks4.exec:\7ihks4.exe37⤵
- Executes dropped EXE
-
\??\c:\p33d5.exec:\p33d5.exe38⤵
- Executes dropped EXE
-
\??\c:\4o59uhm.exec:\4o59uhm.exe39⤵
- Executes dropped EXE
-
\??\c:\8cl2e85.exec:\8cl2e85.exe40⤵
- Executes dropped EXE
-
\??\c:\08bs3.exec:\08bs3.exe41⤵
- Executes dropped EXE
-
\??\c:\i0w4m.exec:\i0w4m.exe42⤵
- Executes dropped EXE
-
\??\c:\796t5a.exec:\796t5a.exe43⤵
- Executes dropped EXE
-
\??\c:\ec31s9k.exec:\ec31s9k.exe44⤵
- Executes dropped EXE
-
\??\c:\e4p30q.exec:\e4p30q.exe45⤵
- Executes dropped EXE
-
\??\c:\owwq12f.exec:\owwq12f.exe46⤵
- Executes dropped EXE
-
\??\c:\7642g3.exec:\7642g3.exe47⤵
- Executes dropped EXE
-
\??\c:\6atwg.exec:\6atwg.exe48⤵
- Executes dropped EXE
-
\??\c:\67idgw.exec:\67idgw.exe49⤵
- Executes dropped EXE
-
\??\c:\66n8rc.exec:\66n8rc.exe50⤵
- Executes dropped EXE
-
\??\c:\dgh95.exec:\dgh95.exe51⤵
- Executes dropped EXE
-
\??\c:\26ee749.exec:\26ee749.exe52⤵
- Executes dropped EXE
-
\??\c:\8ogwo.exec:\8ogwo.exe53⤵
- Executes dropped EXE
-
\??\c:\23iia1k.exec:\23iia1k.exe54⤵
- Executes dropped EXE
-
\??\c:\058u55s.exec:\058u55s.exe55⤵
- Executes dropped EXE
-
\??\c:\tn38o.exec:\tn38o.exe56⤵
- Executes dropped EXE
-
\??\c:\cg5g1.exec:\cg5g1.exe57⤵
- Executes dropped EXE
-
\??\c:\dwl30ul.exec:\dwl30ul.exe58⤵
- Executes dropped EXE
-
\??\c:\92smx.exec:\92smx.exe59⤵
- Executes dropped EXE
-
\??\c:\awki9.exec:\awki9.exe60⤵
- Executes dropped EXE
-
\??\c:\4ms82.exec:\4ms82.exe61⤵
- Executes dropped EXE
-
\??\c:\og5wo5.exec:\og5wo5.exe62⤵
- Executes dropped EXE
-
\??\c:\g47w4.exec:\g47w4.exe63⤵
- Executes dropped EXE
-
\??\c:\q70ob.exec:\q70ob.exe64⤵
- Executes dropped EXE
-
\??\c:\e998qs7.exec:\e998qs7.exe65⤵
- Executes dropped EXE
-
\??\c:\5f2sl.exec:\5f2sl.exe66⤵
-
\??\c:\89cw4gg.exec:\89cw4gg.exe67⤵
-
\??\c:\w4h5h1.exec:\w4h5h1.exe68⤵
-
\??\c:\m0wh6k.exec:\m0wh6k.exe69⤵
-
\??\c:\jlc4693.exec:\jlc4693.exe70⤵
-
\??\c:\px1n3.exec:\px1n3.exe71⤵
-
\??\c:\3x93a2.exec:\3x93a2.exe72⤵
-
\??\c:\030f1u.exec:\030f1u.exe73⤵
-
\??\c:\w8nrkgt.exec:\w8nrkgt.exe74⤵
-
\??\c:\570s1m.exec:\570s1m.exe75⤵
-
\??\c:\w0cssf4.exec:\w0cssf4.exe76⤵
-
\??\c:\fu17qe1.exec:\fu17qe1.exe77⤵
-
\??\c:\3h2c3.exec:\3h2c3.exe78⤵
-
\??\c:\26cei1e.exec:\26cei1e.exe79⤵
-
\??\c:\jv8q17.exec:\jv8q17.exe80⤵
-
\??\c:\80o256w.exec:\80o256w.exe81⤵
-
\??\c:\41n5gsd.exec:\41n5gsd.exe82⤵
-
\??\c:\77k756.exec:\77k756.exe83⤵
-
\??\c:\wfjf43h.exec:\wfjf43h.exe84⤵
-
\??\c:\03wq10.exec:\03wq10.exe85⤵
-
\??\c:\qo3qt.exec:\qo3qt.exe86⤵
-
\??\c:\scscc5.exec:\scscc5.exe87⤵
-
\??\c:\oo689.exec:\oo689.exe88⤵
-
\??\c:\15tqeo.exec:\15tqeo.exe89⤵
-
\??\c:\36iq3.exec:\36iq3.exe90⤵
-
\??\c:\4618ob2.exec:\4618ob2.exe91⤵
-
\??\c:\43u2gr.exec:\43u2gr.exe92⤵
-
\??\c:\67p1up8.exec:\67p1up8.exe93⤵
-
\??\c:\ii231r.exec:\ii231r.exe94⤵
-
\??\c:\t4qn997.exec:\t4qn997.exe95⤵
-
\??\c:\22p0b6.exec:\22p0b6.exe96⤵
-
\??\c:\qob62e.exec:\qob62e.exe97⤵
-
\??\c:\dk588.exec:\dk588.exe98⤵
-
\??\c:\7w35h.exec:\7w35h.exe99⤵
-
\??\c:\8l6ac4.exec:\8l6ac4.exe100⤵
-
\??\c:\93859kq.exec:\93859kq.exe101⤵
-
\??\c:\0p0g9.exec:\0p0g9.exe102⤵
-
\??\c:\gaj3a75.exec:\gaj3a75.exe103⤵
-
\??\c:\89wn5i.exec:\89wn5i.exe104⤵
-
\??\c:\d4v0n5.exec:\d4v0n5.exe105⤵
-
\??\c:\43v44v.exec:\43v44v.exe106⤵
-
\??\c:\4x33a.exec:\4x33a.exe107⤵
-
\??\c:\l12hc7.exec:\l12hc7.exe108⤵
-
\??\c:\l3i25.exec:\l3i25.exe109⤵
-
\??\c:\8rt259.exec:\8rt259.exe110⤵
-
\??\c:\q455t9.exec:\q455t9.exe111⤵
-
\??\c:\djtoh.exec:\djtoh.exe112⤵
-
\??\c:\255tgj1.exec:\255tgj1.exe113⤵
-
\??\c:\b7v51f1.exec:\b7v51f1.exe114⤵
-
\??\c:\i957585.exec:\i957585.exe115⤵
-
\??\c:\b1bp1gc.exec:\b1bp1gc.exe116⤵
-
\??\c:\o5s22q.exec:\o5s22q.exe117⤵
-
\??\c:\k4as9.exec:\k4as9.exe118⤵
-
\??\c:\r4j1k1.exec:\r4j1k1.exe119⤵
-
\??\c:\mdvdtk.exec:\mdvdtk.exe120⤵
-
\??\c:\v2k23g3.exec:\v2k23g3.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-