Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
02/11/2023, 16:44
General
-
Target
NEAS.7b943939f435b6d63c409c6a254a8a80.exe
-
Size
124KB
-
MD5
7b943939f435b6d63c409c6a254a8a80
-
SHA1
ddceba5b26e489a8d64afc99d03231408c9311c1
-
SHA256
670bfc481bb83c797e0f257aaa3981c7df0a2016cb02bc04ef99c57e283d24d5
-
SHA512
4da9301a6588e03f24ab6c8f5c115a1469cca5f6d7fbb7d3a747d7e721981bd4a898a8992994cc973d344d67905bcd1bb4d4793c87fc704ddf22d3299718ef28
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp9gFbctg0IyAyhZvjQH+qNn:n3C9BRo7tvnJ9oH0IRgZvjQeqB
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 32 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 62 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.7b943939f435b6d63c409c6a254a8a80.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.7b943939f435b6d63c409c6a254a8a80.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jm8g32o.exec:\jm8g32o.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8q2a9gq.exec:\8q2a9gq.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bws1e.exec:\bws1e.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1sr3at3.exec:\1sr3at3.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tkpmms.exec:\tkpmms.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\53e32g.exec:\53e32g.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wm3mdrt.exec:\wm3mdrt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j8e4u.exec:\j8e4u.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lws95j9.exec:\lws95j9.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bj792a.exec:\bj792a.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ss3ru.exec:\ss3ru.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5582ks.exec:\5582ks.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\67395.exec:\67395.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3e33gom.exec:\3e33gom.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\08a9s.exec:\08a9s.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bon3s50.exec:\bon3s50.exe17⤵
- Executes dropped EXE
-
\??\c:\03vd1lw.exec:\03vd1lw.exe18⤵
- Executes dropped EXE
-
\??\c:\4s1h1w.exec:\4s1h1w.exe19⤵
- Executes dropped EXE
-
\??\c:\itfbeu4.exec:\itfbeu4.exe20⤵
- Executes dropped EXE
-
\??\c:\3w56i.exec:\3w56i.exe21⤵
- Executes dropped EXE
-
\??\c:\34n1mor.exec:\34n1mor.exe22⤵
- Executes dropped EXE
-
\??\c:\78d7e.exec:\78d7e.exe23⤵
- Executes dropped EXE
-
\??\c:\o9io7m1.exec:\o9io7m1.exe24⤵
- Executes dropped EXE
-
\??\c:\4mh5w1.exec:\4mh5w1.exe25⤵
- Executes dropped EXE
-
\??\c:\0571i7.exec:\0571i7.exe26⤵
- Executes dropped EXE
-
\??\c:\8ap015.exec:\8ap015.exe27⤵
- Executes dropped EXE
-
\??\c:\p90717.exec:\p90717.exe28⤵
- Executes dropped EXE
-
\??\c:\69c7qd.exec:\69c7qd.exe29⤵
- Executes dropped EXE
-
\??\c:\a91a557.exec:\a91a557.exe30⤵
- Executes dropped EXE
-
\??\c:\jqd38q.exec:\jqd38q.exe31⤵
- Executes dropped EXE
-
\??\c:\22qj7o.exec:\22qj7o.exe32⤵
- Executes dropped EXE
-
\??\c:\r571um9.exec:\r571um9.exe33⤵
-
\??\c:\j4r1a.exec:\j4r1a.exe34⤵
- Executes dropped EXE
-
\??\c:\6omw5c.exec:\6omw5c.exe35⤵
- Executes dropped EXE
-
\??\c:\3qpc7mq.exec:\3qpc7mq.exe36⤵
- Executes dropped EXE
-
\??\c:\t69pi8m.exec:\t69pi8m.exe37⤵
- Executes dropped EXE
-
\??\c:\dq7737.exec:\dq7737.exe38⤵
- Executes dropped EXE
-
\??\c:\bk55uk6.exec:\bk55uk6.exe39⤵
- Executes dropped EXE
-
\??\c:\roaqr6a.exec:\roaqr6a.exe40⤵
- Executes dropped EXE
-
\??\c:\wt1lwhs.exec:\wt1lwhs.exe41⤵
- Executes dropped EXE
-
\??\c:\bm383sb.exec:\bm383sb.exe42⤵
- Executes dropped EXE
-
\??\c:\re8sl.exec:\re8sl.exe43⤵
- Executes dropped EXE
-
\??\c:\91s8l.exec:\91s8l.exe44⤵
- Executes dropped EXE
-
\??\c:\70s70g.exec:\70s70g.exe45⤵
- Executes dropped EXE
-
\??\c:\4m483l8.exec:\4m483l8.exe46⤵
- Executes dropped EXE
-
\??\c:\6e864df.exec:\6e864df.exe47⤵
- Executes dropped EXE
-
\??\c:\d2i10w.exec:\d2i10w.exe48⤵
- Executes dropped EXE
-
\??\c:\f90l8m.exec:\f90l8m.exe49⤵
- Executes dropped EXE
-
\??\c:\4p99l.exec:\4p99l.exe50⤵
- Executes dropped EXE
-
\??\c:\4btntm.exec:\4btntm.exe51⤵
- Executes dropped EXE
-
\??\c:\d5ao2.exec:\d5ao2.exe52⤵
- Executes dropped EXE
-
\??\c:\6ga66.exec:\6ga66.exe53⤵
- Executes dropped EXE
-
\??\c:\bt4756.exec:\bt4756.exe54⤵
- Executes dropped EXE
-
\??\c:\ta11qa1.exec:\ta11qa1.exe55⤵
- Executes dropped EXE
-
\??\c:\fav92.exec:\fav92.exe56⤵
- Executes dropped EXE
-
\??\c:\mp86cl.exec:\mp86cl.exe57⤵
- Executes dropped EXE
-
\??\c:\0379q1.exec:\0379q1.exe58⤵
- Executes dropped EXE
-
\??\c:\nwj8l92.exec:\nwj8l92.exe59⤵
- Executes dropped EXE
-
\??\c:\x3u857.exec:\x3u857.exe60⤵
- Executes dropped EXE
-
\??\c:\1g369s4.exec:\1g369s4.exe61⤵
- Executes dropped EXE
-
\??\c:\49ii2.exec:\49ii2.exe62⤵
- Executes dropped EXE
-
\??\c:\29an3.exec:\29an3.exe63⤵
- Executes dropped EXE
-
\??\c:\p34o3.exec:\p34o3.exe64⤵
- Executes dropped EXE
-
\??\c:\l383tw.exec:\l383tw.exe65⤵
- Executes dropped EXE
-
\??\c:\1kcwo3i.exec:\1kcwo3i.exe66⤵
- Executes dropped EXE
-
\??\c:\9o6di7q.exec:\9o6di7q.exe67⤵
-
\??\c:\2c9x9s.exec:\2c9x9s.exe68⤵
-
\??\c:\t3sqwc.exec:\t3sqwc.exe69⤵
-
\??\c:\f523gx.exec:\f523gx.exe70⤵
-
\??\c:\3f6cc88.exec:\3f6cc88.exe71⤵
-
\??\c:\xm722s.exec:\xm722s.exe72⤵
-
\??\c:\65j7h3q.exec:\65j7h3q.exe73⤵
-
\??\c:\c9k41a.exec:\c9k41a.exe74⤵
-
\??\c:\05gc72k.exec:\05gc72k.exe75⤵
-
\??\c:\67ad1.exec:\67ad1.exe76⤵
-
\??\c:\4q10b3.exec:\4q10b3.exe77⤵
-
\??\c:\hc54l3.exec:\hc54l3.exe78⤵
-
\??\c:\2rgoi3a.exec:\2rgoi3a.exe79⤵
-
\??\c:\0er5k.exec:\0er5k.exe80⤵
-
\??\c:\6n33i.exec:\6n33i.exe81⤵
-
\??\c:\swd54q1.exec:\swd54q1.exe82⤵
-
\??\c:\x927a.exec:\x927a.exe83⤵
-
\??\c:\47755.exec:\47755.exe84⤵
-
\??\c:\c6ap8e.exec:\c6ap8e.exe85⤵
-
\??\c:\0k9c11i.exec:\0k9c11i.exe86⤵
-
\??\c:\57p762v.exec:\57p762v.exe87⤵
-
\??\c:\0g9s1wp.exec:\0g9s1wp.exe88⤵
-
\??\c:\o9151.exec:\o9151.exe89⤵
-
\??\c:\4wo3k3.exec:\4wo3k3.exe90⤵
-
\??\c:\0kcis6.exec:\0kcis6.exe91⤵
-
\??\c:\d96m39.exec:\d96m39.exe92⤵
-
\??\c:\2gia8iq.exec:\2gia8iq.exe93⤵
-
\??\c:\4d54m1n.exec:\4d54m1n.exe94⤵
-
\??\c:\e7s18.exec:\e7s18.exe95⤵
-
\??\c:\36vhu1.exec:\36vhu1.exe96⤵
-
\??\c:\65et8u.exec:\65et8u.exe97⤵
-
\??\c:\hjs847.exec:\hjs847.exe98⤵
-
\??\c:\09gt7.exec:\09gt7.exe99⤵
-
\??\c:\x4ss732.exec:\x4ss732.exe100⤵
-
\??\c:\dc426.exec:\dc426.exe101⤵
-
\??\c:\l8m0d.exec:\l8m0d.exe102⤵
-
\??\c:\83mu38k.exec:\83mu38k.exe103⤵
-
\??\c:\fs13oe.exec:\fs13oe.exe104⤵
-
\??\c:\w5o5qc.exec:\w5o5qc.exe105⤵
-
\??\c:\fg9311c.exec:\fg9311c.exe106⤵
-
\??\c:\ra4a90.exec:\ra4a90.exe107⤵
-
\??\c:\13usoik.exec:\13usoik.exe108⤵
-
\??\c:\j9c5gvm.exec:\j9c5gvm.exe109⤵
-
\??\c:\p5d06qb.exec:\p5d06qb.exe110⤵
-
\??\c:\vjuqsn.exec:\vjuqsn.exe111⤵
-
\??\c:\0swe7.exec:\0swe7.exe112⤵
-
\??\c:\bp19n1.exec:\bp19n1.exe113⤵
-
\??\c:\62q3e38.exec:\62q3e38.exe114⤵
-
\??\c:\cv30w8.exec:\cv30w8.exe115⤵
-
\??\c:\812agq.exec:\812agq.exe116⤵
-
\??\c:\qord52.exec:\qord52.exe117⤵
-
\??\c:\43gj1.exec:\43gj1.exe118⤵
-
\??\c:\66mh9.exec:\66mh9.exe119⤵
-
\??\c:\t92a70.exec:\t92a70.exe120⤵
-
\??\c:\46em3gb.exec:\46em3gb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-