Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
64s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
01/11/2023, 14:17
General
-
Target
NEAS.b1d4caf9ef64b16bf93bf2cb4ba86cd0.exe
-
Size
1.0MB
-
MD5
b1d4caf9ef64b16bf93bf2cb4ba86cd0
-
SHA1
28914ee6b9c0672e7020b74bb8f2b9d042f2e6f6
-
SHA256
39b4287a62fbb4968a92aa1c754f0e425eda99fd001df017795046667d9bf3bc
-
SHA512
a0164c8feb9ea88a309c4cf778fb6df7580eb5ae09f16fd75a55020d0d81fed1e0fc0ff2be695cdd8c9e0b949cd3768607dbbfa4e49f066e84a6b364172f18dd
-
SSDEEP
24576:Sgdn8whShajgdn8whSrgdnTg0wCtEgdn8whSZ9:TQL3R6
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 56 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.b1d4caf9ef64b16bf93bf2cb4ba86cd0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.b1d4caf9ef64b16bf93bf2cb4ba86cd0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\h44g54t.exec:\h44g54t.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t0w112.exec:\t0w112.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3f0a34t.exec:\3f0a34t.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mf7e9.exec:\mf7e9.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r1c56.exec:\r1c56.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o24s0gn.exec:\o24s0gn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n39o9x.exec:\n39o9x.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r233qtg.exec:\r233qtg.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3g5g51.exec:\3g5g51.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\54u18dq.exec:\54u18dq.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0rh267.exec:\0rh267.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ub85c.exec:\9ub85c.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l620j2.exec:\l620j2.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ku03c.exec:\ku03c.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\87kc4i.exec:\87kc4i.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6rli689.exec:\6rli689.exe17⤵
- Executes dropped EXE
-
\??\c:\h93091.exec:\h93091.exe18⤵
- Executes dropped EXE
-
\??\c:\g5ne21.exec:\g5ne21.exe19⤵
- Executes dropped EXE
-
\??\c:\giutc3.exec:\giutc3.exe20⤵
- Executes dropped EXE
-
\??\c:\910c3.exec:\910c3.exe21⤵
- Executes dropped EXE
-
\??\c:\81g3u14.exec:\81g3u14.exe22⤵
- Executes dropped EXE
-
\??\c:\65ws6.exec:\65ws6.exe23⤵
- Executes dropped EXE
-
\??\c:\k3sq18.exec:\k3sq18.exe24⤵
- Executes dropped EXE
-
\??\c:\xgoa1.exec:\xgoa1.exe25⤵
- Executes dropped EXE
-
\??\c:\h03c3s.exec:\h03c3s.exe26⤵
- Executes dropped EXE
-
\??\c:\p3odit7.exec:\p3odit7.exe27⤵
- Executes dropped EXE
-
\??\c:\0j4cw6.exec:\0j4cw6.exe28⤵
- Executes dropped EXE
-
\??\c:\2io59.exec:\2io59.exe29⤵
- Executes dropped EXE
-
\??\c:\sl42q2.exec:\sl42q2.exe30⤵
- Executes dropped EXE
-
\??\c:\li2rw1.exec:\li2rw1.exe31⤵
- Executes dropped EXE
-
\??\c:\72ib7.exec:\72ib7.exe32⤵
- Executes dropped EXE
-
\??\c:\9126imo.exec:\9126imo.exe33⤵
- Executes dropped EXE
-
\??\c:\hc4gj.exec:\hc4gj.exe34⤵
- Executes dropped EXE
-
\??\c:\62up2.exec:\62up2.exe35⤵
- Executes dropped EXE
-
\??\c:\t2x8jq7.exec:\t2x8jq7.exe36⤵
- Executes dropped EXE
-
\??\c:\balo2hh.exec:\balo2hh.exe37⤵
- Executes dropped EXE
-
\??\c:\dwh74.exec:\dwh74.exe38⤵
- Executes dropped EXE
-
\??\c:\f7a754.exec:\f7a754.exe39⤵
- Executes dropped EXE
-
\??\c:\s66g8wm.exec:\s66g8wm.exe40⤵
- Executes dropped EXE
-
\??\c:\7jdbm5.exec:\7jdbm5.exe41⤵
- Executes dropped EXE
-
\??\c:\6a7o3.exec:\6a7o3.exe42⤵
- Executes dropped EXE
-
\??\c:\j26ha00.exec:\j26ha00.exe43⤵
- Executes dropped EXE
-
\??\c:\h4n5o1.exec:\h4n5o1.exe44⤵
- Executes dropped EXE
-
\??\c:\8r8ni3.exec:\8r8ni3.exe45⤵
- Executes dropped EXE
-
\??\c:\s7s8ild.exec:\s7s8ild.exe46⤵
- Executes dropped EXE
-
\??\c:\3h8m98c.exec:\3h8m98c.exe47⤵
- Executes dropped EXE
-
\??\c:\49q97.exec:\49q97.exe48⤵
- Executes dropped EXE
-
\??\c:\23hv0.exec:\23hv0.exe49⤵
- Executes dropped EXE
-
\??\c:\v0vp180.exec:\v0vp180.exe50⤵
- Executes dropped EXE
-
\??\c:\rcwa2.exec:\rcwa2.exe51⤵
- Executes dropped EXE
-
\??\c:\ouuu1.exec:\ouuu1.exe52⤵
- Executes dropped EXE
-
\??\c:\2771rb.exec:\2771rb.exe53⤵
- Executes dropped EXE
-
\??\c:\2c9jib.exec:\2c9jib.exe54⤵
- Executes dropped EXE
-
\??\c:\h8x84.exec:\h8x84.exe55⤵
- Executes dropped EXE
-
\??\c:\sqj5go.exec:\sqj5go.exe56⤵
- Executes dropped EXE
-
\??\c:\k99v93f.exec:\k99v93f.exe57⤵
- Executes dropped EXE
-
\??\c:\e3n2248.exec:\e3n2248.exe58⤵
- Executes dropped EXE
-
\??\c:\34r78.exec:\34r78.exe59⤵
- Executes dropped EXE
-
\??\c:\72wu2.exec:\72wu2.exe60⤵
- Executes dropped EXE
-
\??\c:\0395r.exec:\0395r.exe61⤵
- Executes dropped EXE
-
\??\c:\s03s2.exec:\s03s2.exe62⤵
- Executes dropped EXE
-
\??\c:\t6m2lua.exec:\t6m2lua.exe63⤵
- Executes dropped EXE
-
\??\c:\iia9c.exec:\iia9c.exe64⤵
- Executes dropped EXE
-
\??\c:\b281s.exec:\b281s.exe65⤵
- Executes dropped EXE
-
\??\c:\4p30tm1.exec:\4p30tm1.exe66⤵
-
\??\c:\p865nnb.exec:\p865nnb.exe67⤵
-
\??\c:\3e30e3.exec:\3e30e3.exe68⤵
-
\??\c:\tw5kg1q.exec:\tw5kg1q.exe69⤵
-
\??\c:\1b2pip2.exec:\1b2pip2.exe70⤵
-
\??\c:\7ch19.exec:\7ch19.exe71⤵
-
\??\c:\77o1on3.exec:\77o1on3.exe72⤵
-
\??\c:\05ws3ga.exec:\05ws3ga.exe73⤵
-
\??\c:\8ch8n.exec:\8ch8n.exe74⤵
-
\??\c:\h7aqw0.exec:\h7aqw0.exe75⤵
-
\??\c:\l7omt14.exec:\l7omt14.exe76⤵
-
\??\c:\r4he9q3.exec:\r4he9q3.exe77⤵
-
\??\c:\j9ae3gg.exec:\j9ae3gg.exe78⤵
-
\??\c:\kkgb2i.exec:\kkgb2i.exe79⤵
-
\??\c:\n5s9g3.exec:\n5s9g3.exe80⤵
-
\??\c:\31xb9.exec:\31xb9.exe81⤵
-
\??\c:\33ut8.exec:\33ut8.exe82⤵
-
\??\c:\4a70j9.exec:\4a70j9.exe83⤵
-
\??\c:\43o9oj.exec:\43o9oj.exe84⤵
-
\??\c:\196q7.exec:\196q7.exe85⤵
-
\??\c:\7q6b8.exec:\7q6b8.exe86⤵
-
\??\c:\5xfg3e.exec:\5xfg3e.exe87⤵
-
\??\c:\5u57w11.exec:\5u57w11.exe88⤵
-
\??\c:\7k5g9.exec:\7k5g9.exe89⤵
-
\??\c:\01291t0.exec:\01291t0.exe90⤵
-
\??\c:\994q2k.exec:\994q2k.exe91⤵
-
\??\c:\hwpwqv.exec:\hwpwqv.exe92⤵
-
\??\c:\ss1276.exec:\ss1276.exe93⤵
-
\??\c:\to3cik.exec:\to3cik.exe94⤵
-
\??\c:\r130m.exec:\r130m.exe95⤵
-
\??\c:\3s9hm.exec:\3s9hm.exe96⤵
-
\??\c:\vg1wx6u.exec:\vg1wx6u.exe97⤵
-
\??\c:\s8q9b78.exec:\s8q9b78.exe98⤵
-
\??\c:\giqu3.exec:\giqu3.exe99⤵
-
\??\c:\7419k.exec:\7419k.exe100⤵
-
\??\c:\j8b0k.exec:\j8b0k.exe101⤵
-
\??\c:\3ars7w.exec:\3ars7w.exe102⤵
-
\??\c:\r39u52.exec:\r39u52.exe103⤵
-
\??\c:\49s1qn.exec:\49s1qn.exe104⤵
-
\??\c:\6l1v7gc.exec:\6l1v7gc.exe105⤵
-
\??\c:\hajd4k.exec:\hajd4k.exe106⤵
-
\??\c:\2q9eh1g.exec:\2q9eh1g.exe107⤵
-
\??\c:\sq01s.exec:\sq01s.exe108⤵
-
\??\c:\j5gg7w9.exec:\j5gg7w9.exe109⤵
-
\??\c:\p531mj4.exec:\p531mj4.exe110⤵
-
\??\c:\i07sn.exec:\i07sn.exe111⤵
-
\??\c:\g4105i.exec:\g4105i.exe112⤵
-
\??\c:\l5ur1m.exec:\l5ur1m.exe113⤵
-
\??\c:\r7xw5.exec:\r7xw5.exe114⤵
-
\??\c:\e515uh9.exec:\e515uh9.exe115⤵
-
\??\c:\8s1k0e.exec:\8s1k0e.exe116⤵
-
\??\c:\x4b6b72.exec:\x4b6b72.exe117⤵
-
\??\c:\b4t9cp.exec:\b4t9cp.exe118⤵
-
\??\c:\jbx6q.exec:\jbx6q.exe119⤵
-
\??\c:\m838r.exec:\m838r.exe120⤵
-
\??\c:\5r1g3.exec:\5r1g3.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-