Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
02/11/2023, 14:47
General
-
Target
NEAS.113d161c8616cce8e86e0d4511293c30_JC.exe
-
Size
106KB
-
MD5
113d161c8616cce8e86e0d4511293c30
-
SHA1
95edbeb7405a6a6dbf07d33fb08cc0b400f188e5
-
SHA256
0ebd6e14b0369952ddfada2d9aa7a7d68f944abb49e6840b135dcef0f3aac4b7
-
SHA512
1652e28c168e2dd41d887b76a96192f621335a9f64e3f1eb26e864dd2898dd0e533037ec51369091efcda8d58154d85a32953955ddf7a9b1489220b542af4141
-
SSDEEP
3072:9hOmTsF93UYfwC6GIoutz5yLpckaTXCxiPjO3:9cm4FmowdHoSZTyxm63
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.113d161c8616cce8e86e0d4511293c30_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.113d161c8616cce8e86e0d4511293c30_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\816i5io.exec:\816i5io.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5s83h.exec:\5s83h.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ee99b3.exec:\1ee99b3.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0qwkh97.exec:\0qwkh97.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k76ro7.exec:\k76ro7.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l8ase.exec:\l8ase.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a1p5tp3.exec:\a1p5tp3.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3kwhur.exec:\3kwhur.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\86o1239.exec:\86o1239.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f88ijw.exec:\f88ijw.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22m1bo9.exec:\22m1bo9.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6t83u9.exec:\6t83u9.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l3x7qn.exec:\l3x7qn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\95559.exec:\95559.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\81g36.exec:\81g36.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6elj5.exec:\6elj5.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9q4512p.exec:\9q4512p.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\76e51a.exec:\76e51a.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1p1eh.exec:\1p1eh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n463as5.exec:\n463as5.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\biqnu.exec:\biqnu.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vp365.exec:\1vp365.exe23⤵
- Executes dropped EXE
-
\??\c:\3i7373.exec:\3i7373.exe24⤵
- Executes dropped EXE
-
\??\c:\3920hl.exec:\3920hl.exe25⤵
- Executes dropped EXE
-
\??\c:\k999l.exec:\k999l.exe26⤵
- Executes dropped EXE
-
\??\c:\03u71.exec:\03u71.exe27⤵
- Executes dropped EXE
-
\??\c:\2uiu0.exec:\2uiu0.exe28⤵
- Executes dropped EXE
-
\??\c:\6389u94.exec:\6389u94.exe29⤵
- Executes dropped EXE
-
\??\c:\u1g1dt4.exec:\u1g1dt4.exe30⤵
- Executes dropped EXE
-
\??\c:\98570.exec:\98570.exe31⤵
- Executes dropped EXE
-
\??\c:\li5m8.exec:\li5m8.exe32⤵
- Executes dropped EXE
-
\??\c:\90060k.exec:\90060k.exe33⤵
- Executes dropped EXE
-
\??\c:\7ge56n6.exec:\7ge56n6.exe34⤵
- Executes dropped EXE
-
\??\c:\62x9gm0.exec:\62x9gm0.exe35⤵
- Executes dropped EXE
-
\??\c:\hqe12.exec:\hqe12.exe36⤵
- Executes dropped EXE
-
\??\c:\5bkef.exec:\5bkef.exe37⤵
- Executes dropped EXE
-
\??\c:\t2f5783.exec:\t2f5783.exe38⤵
- Executes dropped EXE
-
\??\c:\k41g04.exec:\k41g04.exe39⤵
- Executes dropped EXE
-
\??\c:\a0q8ap.exec:\a0q8ap.exe40⤵
- Executes dropped EXE
-
\??\c:\1n928.exec:\1n928.exe41⤵
- Executes dropped EXE
-
\??\c:\37k92bn.exec:\37k92bn.exe42⤵
- Executes dropped EXE
-
\??\c:\0akc3u.exec:\0akc3u.exe43⤵
- Executes dropped EXE
-
\??\c:\cxui2md.exec:\cxui2md.exe44⤵
- Executes dropped EXE
-
\??\c:\s59ne.exec:\s59ne.exe45⤵
- Executes dropped EXE
-
\??\c:\omj37sq.exec:\omj37sq.exe46⤵
- Executes dropped EXE
-
\??\c:\0t98i4b.exec:\0t98i4b.exe47⤵
- Executes dropped EXE
-
\??\c:\b18c2.exec:\b18c2.exe48⤵
- Executes dropped EXE
-
\??\c:\3ggp40.exec:\3ggp40.exe49⤵
- Executes dropped EXE
-
\??\c:\cu29umk.exec:\cu29umk.exe50⤵
- Executes dropped EXE
-
\??\c:\m56ol.exec:\m56ol.exe51⤵
- Executes dropped EXE
-
\??\c:\56r90c.exec:\56r90c.exe52⤵
- Executes dropped EXE
-
\??\c:\1ip455.exec:\1ip455.exe53⤵
- Executes dropped EXE
-
\??\c:\h4n7bl.exec:\h4n7bl.exe54⤵
- Executes dropped EXE
-
\??\c:\f15eec.exec:\f15eec.exe55⤵
- Executes dropped EXE
-
\??\c:\430qw6i.exec:\430qw6i.exe56⤵
- Executes dropped EXE
-
\??\c:\0xoss3q.exec:\0xoss3q.exe57⤵
- Executes dropped EXE
-
\??\c:\749bq6c.exec:\749bq6c.exe58⤵
- Executes dropped EXE
-
\??\c:\7kk45.exec:\7kk45.exe59⤵
- Executes dropped EXE
-
\??\c:\pil03.exec:\pil03.exe60⤵
- Executes dropped EXE
-
\??\c:\391qw7w.exec:\391qw7w.exe61⤵
- Executes dropped EXE
-
\??\c:\74s80.exec:\74s80.exe62⤵
- Executes dropped EXE
-
\??\c:\cubsu3.exec:\cubsu3.exe63⤵
- Executes dropped EXE
-
\??\c:\md18e0.exec:\md18e0.exe64⤵
- Executes dropped EXE
-
\??\c:\r579q.exec:\r579q.exe65⤵
- Executes dropped EXE
-
\??\c:\40pj1.exec:\40pj1.exe66⤵
-
\??\c:\n6q14.exec:\n6q14.exe67⤵
-
\??\c:\b828ef.exec:\b828ef.exe68⤵
-
\??\c:\drlo6m.exec:\drlo6m.exe69⤵
-
\??\c:\16jeq.exec:\16jeq.exe70⤵
-
\??\c:\1olc70.exec:\1olc70.exe71⤵
-
\??\c:\3r3v5n.exec:\3r3v5n.exe72⤵
-
\??\c:\r7o4fcg.exec:\r7o4fcg.exe73⤵
-
\??\c:\c6o9v1.exec:\c6o9v1.exe74⤵
-
\??\c:\05x47r1.exec:\05x47r1.exe75⤵
-
\??\c:\uo7u2.exec:\uo7u2.exe76⤵
-
\??\c:\2lc26uc.exec:\2lc26uc.exe77⤵
-
\??\c:\d7217q.exec:\d7217q.exe78⤵
-
\??\c:\ot7bt.exec:\ot7bt.exe79⤵
-
\??\c:\a1m77.exec:\a1m77.exe80⤵
-
\??\c:\c53ol.exec:\c53ol.exe81⤵
-
\??\c:\l03o7.exec:\l03o7.exe82⤵
-
\??\c:\99vkc70.exec:\99vkc70.exe83⤵
-
\??\c:\2w654x.exec:\2w654x.exe84⤵
-
\??\c:\d5cvqq7.exec:\d5cvqq7.exe85⤵
-
\??\c:\l87g71.exec:\l87g71.exe86⤵
-
\??\c:\8mqi3h.exec:\8mqi3h.exe87⤵
-
\??\c:\e7q747.exec:\e7q747.exe88⤵
-
\??\c:\s2lc777.exec:\s2lc777.exe89⤵
-
\??\c:\14s127q.exec:\14s127q.exe90⤵
-
\??\c:\t15lcbn.exec:\t15lcbn.exe91⤵
-
\??\c:\s63x5.exec:\s63x5.exe92⤵
-
\??\c:\q2k67h3.exec:\q2k67h3.exe93⤵
-
\??\c:\x97no.exec:\x97no.exe94⤵
-
\??\c:\g615u.exec:\g615u.exe95⤵
-
\??\c:\d5js7qh.exec:\d5js7qh.exe96⤵
-
\??\c:\33g7bif.exec:\33g7bif.exe97⤵
-
\??\c:\cmgak5.exec:\cmgak5.exe98⤵
-
\??\c:\47o90.exec:\47o90.exe99⤵
-
\??\c:\txwi9gu.exec:\txwi9gu.exe100⤵
-
\??\c:\3as75.exec:\3as75.exe101⤵
-
\??\c:\4o046v.exec:\4o046v.exe102⤵
-
\??\c:\85s3a.exec:\85s3a.exe103⤵
-
\??\c:\4gkec1.exec:\4gkec1.exe104⤵
-
\??\c:\iapq2.exec:\iapq2.exe105⤵
-
\??\c:\pmjs21.exec:\pmjs21.exe106⤵
-
\??\c:\99dhqus.exec:\99dhqus.exe107⤵
-
\??\c:\71ex45.exec:\71ex45.exe108⤵
-
\??\c:\7iaak.exec:\7iaak.exe109⤵
-
\??\c:\3e7m9o9.exec:\3e7m9o9.exe110⤵
-
\??\c:\8146n.exec:\8146n.exe111⤵
-
\??\c:\oii80f.exec:\oii80f.exe112⤵
-
\??\c:\6i37f.exec:\6i37f.exe113⤵
-
\??\c:\8v83588.exec:\8v83588.exe114⤵
-
\??\c:\rpaeogq.exec:\rpaeogq.exe115⤵
-
\??\c:\rmpgn.exec:\rmpgn.exe116⤵
-
\??\c:\d6v9t.exec:\d6v9t.exe117⤵
-
\??\c:\8786326.exec:\8786326.exe118⤵
-
\??\c:\653u2j.exec:\653u2j.exe119⤵
-
\??\c:\39qvo3.exec:\39qvo3.exe120⤵
-
\??\c:\54lrqm1.exec:\54lrqm1.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-