Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
02/11/2023, 07:58
General
-
Target
NEAS.245040d9c33da5a3dd4eab8f651d9ef0.exe
-
Size
113KB
-
MD5
245040d9c33da5a3dd4eab8f651d9ef0
-
SHA1
38c7ef043bb156d472dd74823d7334a7fb1e1219
-
SHA256
ebbdb80ec302867bdae9a2f91024390e49f0a6c6eb344bb76090348d791b2cca
-
SHA512
01c06569cb386aa635077a5e22d379dbad3bf3dd1f9257cf9113b201b7afe5a57f7c7843a353a1b246589ef5f961336ab83b3c8cbee91939114b4520636a1940
-
SSDEEP
3072:chOmTsF93UYfwC6GIout5pi8rY9AABa1D1DV6LYok:ccm4FmowdHoS5ddWi1KY9
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.245040d9c33da5a3dd4eab8f651d9ef0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.245040d9c33da5a3dd4eab8f651d9ef0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frdvpp.exec:\frdvpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxrjx.exec:\pxrjx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fbrnlpv.exec:\fbrnlpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hfxtndb.exec:\hfxtndb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ldldvrr.exec:\ldldvrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fnvvbfd.exec:\fnvvbfd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bljlnpf.exec:\bljlnpf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hfprbp.exec:\hfprbp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vlrpvr.exec:\vlrpvr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jhxjv.exec:\jhxjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lppjht.exec:\lppjht.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lbnff.exec:\lbnff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vbfvjjx.exec:\vbfvjjx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bphpxl.exec:\bphpxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thlbv.exec:\thlbv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hpltf.exec:\hpltf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jnrvd.exec:\jnrvd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bjvtln.exec:\bjvtln.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ptbhhv.exec:\ptbhhv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rpprdr.exec:\rpprdr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxrfbjd.exec:\hxrfbjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thvbv.exec:\thvbv.exe23⤵
- Executes dropped EXE
-
\??\c:\jxhjd.exec:\jxhjd.exe24⤵
- Executes dropped EXE
-
\??\c:\rbldthn.exec:\rbldthn.exe25⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\nlxfl.exec:\nlxfl.exe14⤵
-
\??\c:\njfrvt.exec:\njfrvt.exe15⤵
-
-
-
-
-
-
-
\??\c:\lnjtfb.exec:\lnjtfb.exe10⤵
-
\??\c:\dffhb.exec:\dffhb.exe11⤵
-
\??\c:\bhffd.exec:\bhffd.exe12⤵
-
\??\c:\nttbdp.exec:\nttbdp.exe13⤵
-
\??\c:\fhxjjr.exec:\fhxjjr.exe14⤵
-
\??\c:\ftjhj.exec:\ftjhj.exe15⤵
-
\??\c:\jvpjdf.exec:\jvpjdf.exe16⤵
-
\??\c:\ddbrvd.exec:\ddbrvd.exe17⤵
-
\??\c:\tftrht.exec:\tftrht.exe18⤵
-
\??\c:\hxrbpbr.exec:\hxrbpbr.exe19⤵
-
\??\c:\rdptbrh.exec:\rdptbrh.exe20⤵
-
\??\c:\npdjp.exec:\npdjp.exe21⤵
-
\??\c:\xvvfr.exec:\xvvfr.exe22⤵
-
\??\c:\lhrnt.exec:\lhrnt.exe23⤵
-
\??\c:\bxnfvjj.exec:\bxnfvjj.exe24⤵
-
\??\c:\tbrxrf.exec:\tbrxrf.exe25⤵
-
\??\c:\pdphj.exec:\pdphj.exe26⤵
-
\??\c:\txpnb.exec:\txpnb.exe27⤵
-
\??\c:\hvfrvh.exec:\hvfrvh.exe28⤵
-
\??\c:\ttlllpj.exec:\ttlllpj.exe29⤵
-
\??\c:\vllldd.exec:\vllldd.exe30⤵
-
\??\c:\rphdh.exec:\rphdh.exe31⤵
-
\??\c:\fvdjrt.exec:\fvdjrt.exe32⤵
-
\??\c:\vddft.exec:\vddft.exe33⤵
-
\??\c:\fhbjdnp.exec:\fhbjdnp.exe34⤵
-
\??\c:\fjdbv.exec:\fjdbv.exe35⤵
-
\??\c:\jxdhxjb.exec:\jxdhxjb.exe36⤵
-
\??\c:\ltprp.exec:\ltprp.exe37⤵
-
\??\c:\hprdhbd.exec:\hprdhbd.exe38⤵
-
\??\c:\npbxrtp.exec:\npbxrtp.exe39⤵
-
\??\c:\rnntjx.exec:\rnntjx.exe40⤵
-
\??\c:\lpbrp.exec:\lpbrp.exe41⤵
-
\??\c:\bbjvb.exec:\bbjvb.exe42⤵
-
\??\c:\brhvjd.exec:\brhvjd.exe43⤵
-
\??\c:\rdhrh.exec:\rdhrh.exe44⤵
-
\??\c:\rddbx.exec:\rddbx.exe45⤵
-
\??\c:\xnpdj.exec:\xnpdj.exe46⤵
-
\??\c:\bppdjf.exec:\bppdjf.exe47⤵
-
\??\c:\nhbbbp.exec:\nhbbbp.exe48⤵
-
\??\c:\dpflr.exec:\dpflr.exe49⤵
-
\??\c:\frlbr.exec:\frlbr.exe50⤵
-
\??\c:\tdxht.exec:\tdxht.exe51⤵
-
\??\c:\ftffnbp.exec:\ftffnbp.exe52⤵
-
\??\c:\brrnbp.exec:\brrnbp.exe53⤵
-
\??\c:\hxnvtrv.exec:\hxnvtrv.exe54⤵
-
\??\c:\nxvrx.exec:\nxvrx.exe55⤵
-
\??\c:\jnxvxn.exec:\jnxvxn.exe56⤵
-
\??\c:\xvvtj.exec:\xvvtj.exe57⤵
-
\??\c:\hbxphd.exec:\hbxphd.exe58⤵
-
\??\c:\nvnrrv.exec:\nvnrrv.exe59⤵
-
\??\c:\tfxll.exec:\tfxll.exe60⤵
-
\??\c:\tltfjvn.exec:\tltfjvn.exe61⤵
-
\??\c:\fpvhfhd.exec:\fpvhfhd.exe62⤵
-
\??\c:\rnjjdp.exec:\rnjjdp.exe63⤵
-
\??\c:\rdnll.exec:\rdnll.exe64⤵
-
\??\c:\ftfvnjn.exec:\ftfvnjn.exe65⤵
-
\??\c:\rfxpfxp.exec:\rfxpfxp.exe66⤵
-
\??\c:\fpfhrfh.exec:\fpfhrfh.exe67⤵
-
\??\c:\nrtvbn.exec:\nrtvbn.exe68⤵
-
\??\c:\xpxlb.exec:\xpxlb.exe69⤵
-
\??\c:\ldhxd.exec:\ldhxd.exe70⤵
-
\??\c:\bbrrtf.exec:\bbrrtf.exe71⤵
-
\??\c:\nljrdp.exec:\nljrdp.exe72⤵
-
\??\c:\jpdvbpb.exec:\jpdvbpb.exe73⤵
-
\??\c:\tdrrv.exec:\tdrrv.exe74⤵
-
\??\c:\ffpppbr.exec:\ffpppbr.exe75⤵
-
\??\c:\rdfltl.exec:\rdfltl.exe76⤵
-
\??\c:\bjpvbp.exec:\bjpvbp.exe77⤵
-
\??\c:\fjhprj.exec:\fjhprj.exe78⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\nbtjn.exec:\nbtjn.exe54⤵
-
\??\c:\nxbfdp.exec:\nxbfdp.exe55⤵
-
\??\c:\frhdf.exec:\frhdf.exe56⤵
-
\??\c:\tvxrpvb.exec:\tvxrpvb.exe57⤵
-
\??\c:\fjdtv.exec:\fjdtv.exe58⤵
-
\??\c:\dhldvjj.exec:\dhldvjj.exe59⤵
-
\??\c:\xdhvnrd.exec:\xdhvnrd.exe60⤵
-
\??\c:\dfvpjp.exec:\dfvpjp.exe61⤵
-
\??\c:\nrvjbj.exec:\nrvjbj.exe62⤵
-
\??\c:\rvvxtpv.exec:\rvvxtpv.exe63⤵
-
\??\c:\rbbjxd.exec:\rbbjxd.exe64⤵
-
\??\c:\tfpprxv.exec:\tfpprxv.exe65⤵
-
\??\c:\tdjjn.exec:\tdjjn.exe66⤵
-
\??\c:\xjpbf.exec:\xjpbf.exe67⤵
-
\??\c:\fdlrnh.exec:\fdlrnh.exe68⤵
-
\??\c:\jrvtpbf.exec:\jrvtpbf.exe69⤵
-
\??\c:\hnbvfjp.exec:\hnbvfjp.exe70⤵
-
\??\c:\nddldvr.exec:\nddldvr.exe71⤵
-
\??\c:\ndnxb.exec:\ndnxb.exe72⤵
-
\??\c:\jrvfbfl.exec:\jrvfbfl.exe73⤵
-
\??\c:\dlnhjdh.exec:\dlnhjdh.exe74⤵
-
\??\c:\plxlx.exec:\plxlx.exe75⤵
-
\??\c:\lbvvn.exec:\lbvvn.exe76⤵
-
\??\c:\hjvrvdn.exec:\hjvrvdn.exe77⤵
-
\??\c:\xbltn.exec:\xbltn.exe78⤵
-
\??\c:\ndnjv.exec:\ndnjv.exe79⤵
-
\??\c:\xhlddl.exec:\xhlddl.exe80⤵
-
\??\c:\fdtpbbt.exec:\fdtpbbt.exe81⤵
-
\??\c:\frrxph.exec:\frrxph.exe82⤵
-
\??\c:\fhltxrb.exec:\fhltxrb.exe83⤵
-
\??\c:\vpnrtt.exec:\vpnrtt.exe84⤵
-
\??\c:\jhhtlf.exec:\jhhtlf.exe85⤵
-
\??\c:\brphj.exec:\brphj.exe86⤵
-
\??\c:\pjnhl.exec:\pjnhl.exe87⤵
-
\??\c:\brhnlrv.exec:\brhnlrv.exe88⤵
-
\??\c:\ftdjp.exec:\ftdjp.exe89⤵
-
\??\c:\jrfbnv.exec:\jrfbnv.exe90⤵
-
\??\c:\bbbxvpp.exec:\bbbxvpp.exe91⤵
-
\??\c:\fdrldbn.exec:\fdrldbn.exe92⤵
-
\??\c:\rfttvh.exec:\rfttvh.exe93⤵
-
\??\c:\lrplt.exec:\lrplt.exe94⤵
-
\??\c:\xrtdj.exec:\xrtdj.exe95⤵
-
\??\c:\lvplvvp.exec:\lvplvvp.exe96⤵
-
\??\c:\nnlvvbd.exec:\nnlvvbd.exe97⤵
-
\??\c:\pnhbfn.exec:\pnhbfn.exe98⤵
-
\??\c:\vbpxpvn.exec:\vbpxpvn.exe99⤵
-
\??\c:\hfpxhvt.exec:\hfpxhvt.exe100⤵
-
\??\c:\ftpvl.exec:\ftpvl.exe101⤵
-
\??\c:\vtjhd.exec:\vtjhd.exe102⤵
-
\??\c:\jbfrxr.exec:\jbfrxr.exe103⤵
-
\??\c:\dttrrrj.exec:\dttrrrj.exe104⤵
-
\??\c:\bplfbv.exec:\bplfbv.exe105⤵
-
\??\c:\jxrdnl.exec:\jxrdnl.exe106⤵
-
\??\c:\drxnr.exec:\drxnr.exe107⤵
-
\??\c:\pbxpfjh.exec:\pbxpfjh.exe108⤵
-
\??\c:\brrblhr.exec:\brrblhr.exe109⤵
-
\??\c:\bhnvvb.exec:\bhnvvb.exe110⤵
-
\??\c:\drvtprf.exec:\drvtprf.exe111⤵
-
\??\c:\btplr.exec:\btplr.exe112⤵
-
\??\c:\dxbrj.exec:\dxbrj.exe113⤵
-
\??\c:\lfttfjd.exec:\lfttfjd.exe114⤵
-
\??\c:\rxjjxbh.exec:\rxjjxbh.exe115⤵
-
\??\c:\rtxvlph.exec:\rtxvlph.exe116⤵
-
\??\c:\bnbph.exec:\bnbph.exe117⤵
-
\??\c:\jrfvl.exec:\jrfvl.exe118⤵
-
\??\c:\vdvjn.exec:\vdvjn.exe119⤵
-
\??\c:\lpvfl.exec:\lpvfl.exe120⤵
-
\??\c:\rntvr.exec:\rntvr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-