Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
48s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
02/11/2023, 16:44
General
-
Target
NEAS.7b943939f435b6d63c409c6a254a8a80.exe
-
Size
124KB
-
MD5
7b943939f435b6d63c409c6a254a8a80
-
SHA1
ddceba5b26e489a8d64afc99d03231408c9311c1
-
SHA256
670bfc481bb83c797e0f257aaa3981c7df0a2016cb02bc04ef99c57e283d24d5
-
SHA512
4da9301a6588e03f24ab6c8f5c115a1469cca5f6d7fbb7d3a747d7e721981bd4a898a8992994cc973d344d67905bcd1bb4d4793c87fc704ddf22d3299718ef28
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp9gFbctg0IyAyhZvjQH+qNn:n3C9BRo7tvnJ9oH0IRgZvjQeqB
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.7b943939f435b6d63c409c6a254a8a80.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.7b943939f435b6d63c409c6a254a8a80.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjftpr.exec:\ppjftpr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvxpfx.exec:\pvxpfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
\??\c:\ndnfb.exec:\ndnfb.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\trfftdj.exec:\trfftdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tlnvfln.exec:\tlnvfln.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjndxh.exec:\pjndxh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjxptt.exec:\hjxptt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fdnvdxh.exec:\fdnvdxh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hplbp.exec:\hplbp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fvhdxx.exec:\fvhdxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjprp.exec:\jjjprp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vbdtlp.exec:\vbdtlp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prbbbpl.exec:\prbbbpl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fbjxrdl.exec:\fbjxrdl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhpvjnj.exec:\rhpvjnj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfdht.exec:\pfdht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vlpvdfh.exec:\vlpvdfh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbjlbxx.exec:\tbjlbxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdfjxfj.exec:\bdfjxfj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lpntvlp.exec:\lpntvlp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prvxrx.exec:\prvxrx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\xvpxp.exec:\xvpxp.exe1⤵
- Executes dropped EXE
-
\??\c:\dxrtrrv.exec:\dxrtrrv.exe2⤵
- Executes dropped EXE
-
\??\c:\xvllf.exec:\xvllf.exe3⤵
- Executes dropped EXE
-
\??\c:\ntjdpnp.exec:\ntjdpnp.exe4⤵
- Executes dropped EXE
-
\??\c:\fvjhp.exec:\fvjhp.exe5⤵
- Executes dropped EXE
-
\??\c:\jptht.exec:\jptht.exe6⤵
- Executes dropped EXE
-
\??\c:\rpvlbj.exec:\rpvlbj.exe7⤵
- Executes dropped EXE
-
\??\c:\tlpln.exec:\tlpln.exe8⤵
- Executes dropped EXE
-
\??\c:\hfbdhdn.exec:\hfbdhdn.exe9⤵
- Executes dropped EXE
-
\??\c:\nvvfnl.exec:\nvvfnl.exe10⤵
- Executes dropped EXE
-
\??\c:\prlvt.exec:\prlvt.exe11⤵
- Executes dropped EXE
-
\??\c:\ljnthvn.exec:\ljnthvn.exe12⤵
- Executes dropped EXE
-
\??\c:\tjjpfld.exec:\tjjpfld.exe13⤵
- Executes dropped EXE
-
\??\c:\vvbltr.exec:\vvbltr.exe14⤵
- Executes dropped EXE
-
\??\c:\txtnftl.exec:\txtnftl.exe15⤵
- Executes dropped EXE
-
\??\c:\vdtfxvx.exec:\vdtfxvx.exe16⤵
- Executes dropped EXE
-
\??\c:\fldbn.exec:\fldbn.exe17⤵
- Executes dropped EXE
-
\??\c:\hjlpn.exec:\hjlpn.exe18⤵
- Executes dropped EXE
-
\??\c:\tdtvjxf.exec:\tdtvjxf.exe19⤵
- Executes dropped EXE
-
\??\c:\xnftlfv.exec:\xnftlfv.exe20⤵
- Executes dropped EXE
-
\??\c:\jhlhhdl.exec:\jhlhhdl.exe21⤵
- Executes dropped EXE
-
\??\c:\dllxjf.exec:\dllxjf.exe22⤵
- Executes dropped EXE
-
\??\c:\vndff.exec:\vndff.exe23⤵
- Executes dropped EXE
-
\??\c:\djvdbl.exec:\djvdbl.exe24⤵
- Executes dropped EXE
-
\??\c:\fxffxh.exec:\fxffxh.exe25⤵
- Executes dropped EXE
-
\??\c:\xhfhb.exec:\xhfhb.exe26⤵
- Executes dropped EXE
-
\??\c:\rtfvrbt.exec:\rtfvrbt.exe27⤵
- Executes dropped EXE
-
\??\c:\xrdnff.exec:\xrdnff.exe28⤵
- Executes dropped EXE
-
\??\c:\nbhvt.exec:\nbhvt.exe29⤵
- Executes dropped EXE
-
\??\c:\jjjpt.exec:\jjjpt.exe30⤵
- Executes dropped EXE
-
\??\c:\lnhnfvj.exec:\lnhnfvj.exe31⤵
- Executes dropped EXE
-
\??\c:\brpfxbt.exec:\brpfxbt.exe32⤵
- Executes dropped EXE
-
\??\c:\tdfdptd.exec:\tdfdptd.exe33⤵
- Executes dropped EXE
-
\??\c:\hptvrx.exec:\hptvrx.exe34⤵
- Executes dropped EXE
-
\??\c:\flrtr.exec:\flrtr.exe35⤵
- Executes dropped EXE
-
\??\c:\xdbvtfb.exec:\xdbvtfb.exe36⤵
- Executes dropped EXE
-
\??\c:\pbtlplf.exec:\pbtlplf.exe37⤵
- Executes dropped EXE
-
\??\c:\jlxpl.exec:\jlxpl.exe38⤵
- Executes dropped EXE
-
\??\c:\xvnff.exec:\xvnff.exe39⤵
- Executes dropped EXE
-
\??\c:\vxrpvv.exec:\vxrpvv.exe40⤵
- Executes dropped EXE
-
\??\c:\bftxl.exec:\bftxl.exe41⤵
- Executes dropped EXE
-
\??\c:\pdnplr.exec:\pdnplr.exe42⤵
- Executes dropped EXE
-
\??\c:\bhnnt.exec:\bhnnt.exe43⤵
- Executes dropped EXE
-
\??\c:\bfbdfl.exec:\bfbdfl.exe44⤵
-
\??\c:\hxdxf.exec:\hxdxf.exe45⤵
-
\??\c:\nhtjt.exec:\nhtjt.exe46⤵
-
\??\c:\phtnl.exec:\phtnl.exe47⤵
-
\??\c:\tlhjx.exec:\tlhjx.exe48⤵
-
\??\c:\dbpvp.exec:\dbpvp.exe49⤵
-
\??\c:\lvlrn.exec:\lvlrn.exe50⤵
-
\??\c:\vbtdb.exec:\vbtdb.exe51⤵
-
\??\c:\xjbfhtr.exec:\xjbfhtr.exe52⤵
-
\??\c:\hrfjprf.exec:\hrfjprf.exe53⤵
-
\??\c:\btvxj.exec:\btvxj.exe54⤵
-
\??\c:\pjbvjl.exec:\pjbvjl.exe55⤵
-
\??\c:\xhjdvxn.exec:\xhjdvxn.exe56⤵
-
\??\c:\jlnxrnr.exec:\jlnxrnr.exe57⤵
-
\??\c:\lxlnnr.exec:\lxlnnr.exe58⤵
-
\??\c:\fhdtlnp.exec:\fhdtlnp.exe59⤵
-
\??\c:\xppnxfj.exec:\xppnxfj.exe60⤵
-
\??\c:\vhrpdb.exec:\vhrpdb.exe61⤵
-
\??\c:\tfvnpx.exec:\tfvnpx.exe62⤵
-
\??\c:\vldtrfr.exec:\vldtrfr.exe63⤵
-
\??\c:\jdxttb.exec:\jdxttb.exe64⤵
-
\??\c:\lndpb.exec:\lndpb.exe65⤵
-
\??\c:\nrfxhhv.exec:\nrfxhhv.exe66⤵
-
\??\c:\vvpxbj.exec:\vvpxbj.exe67⤵
-
\??\c:\jhpldnv.exec:\jhpldnv.exe68⤵
-
\??\c:\vhppxd.exec:\vhppxd.exe69⤵
-
\??\c:\xbdbn.exec:\xbdbn.exe70⤵
-
\??\c:\xltnxxd.exec:\xltnxxd.exe71⤵
-
\??\c:\lpplltf.exec:\lpplltf.exe72⤵
-
\??\c:\jndtd.exec:\jndtd.exe73⤵
-
\??\c:\rbdbdl.exec:\rbdbdl.exe74⤵
-
\??\c:\frfjvrb.exec:\frfjvrb.exe75⤵
-
\??\c:\fpbvr.exec:\fpbvr.exe76⤵
-
\??\c:\vhtxpbn.exec:\vhtxpbn.exe77⤵
-
\??\c:\vnthxj.exec:\vnthxj.exe78⤵
-
\??\c:\fvfvpfn.exec:\fvfvpfn.exe79⤵
-
\??\c:\pnlrtp.exec:\pnlrtp.exe80⤵
-
\??\c:\lpvvt.exec:\lpvvt.exe81⤵
-
\??\c:\tdxln.exec:\tdxln.exe82⤵
-
\??\c:\rfptffd.exec:\rfptffd.exe83⤵
-
\??\c:\fbltlnn.exec:\fbltlnn.exe84⤵
-
\??\c:\rhxrfv.exec:\rhxrfv.exe85⤵
-
\??\c:\pnjfnjf.exec:\pnjfnjf.exe86⤵
-
\??\c:\bbpxbdh.exec:\bbpxbdh.exe87⤵
-
\??\c:\tvpxbvx.exec:\tvpxbvx.exe88⤵
-
\??\c:\nnpplh.exec:\nnpplh.exe89⤵
-
\??\c:\ttnpjdv.exec:\ttnpjdv.exe90⤵
-
\??\c:\txxdf.exec:\txxdf.exe91⤵
-
\??\c:\pxpptr.exec:\pxpptr.exe92⤵
-
\??\c:\vlbhn.exec:\vlbhn.exe93⤵
-
\??\c:\lvpjbp.exec:\lvpjbp.exe94⤵
-
\??\c:\rdjrv.exec:\rdjrv.exe95⤵
-
\??\c:\ptfhv.exec:\ptfhv.exe96⤵
-
\??\c:\vxldpxh.exec:\vxldpxh.exe97⤵
-
\??\c:\jtrhv.exec:\jtrhv.exe98⤵
-
\??\c:\bjlplf.exec:\bjlplf.exe99⤵
-
\??\c:\ltxjdfn.exec:\ltxjdfn.exe100⤵
-
\??\c:\xppll.exec:\xppll.exe101⤵
-
\??\c:\jnjxp.exec:\jnjxp.exe102⤵
-
\??\c:\pdbpjdf.exec:\pdbpjdf.exe103⤵
-
\??\c:\ldxdvl.exec:\ldxdvl.exe104⤵
-
\??\c:\dhjrl.exec:\dhjrl.exe105⤵
-
\??\c:\vbpbpxj.exec:\vbpbpxj.exe106⤵
-
\??\c:\nrfrlv.exec:\nrfrlv.exe107⤵
-
\??\c:\fxthf.exec:\fxthf.exe108⤵
-
\??\c:\bdtdnpl.exec:\bdtdnpl.exe109⤵
-
\??\c:\fhbfnpv.exec:\fhbfnpv.exe110⤵
-
\??\c:\xjntj.exec:\xjntj.exe111⤵
-
\??\c:\vfprf.exec:\vfprf.exe112⤵
-
\??\c:\xfnlfp.exec:\xfnlfp.exe113⤵
-
\??\c:\lxjth.exec:\lxjth.exe114⤵
-
\??\c:\phxnr.exec:\phxnr.exe115⤵
-
\??\c:\phhxxh.exec:\phhxxh.exe116⤵
-
\??\c:\trjpvl.exec:\trjpvl.exe117⤵
-
\??\c:\tjxtpdl.exec:\tjxtpdl.exe118⤵
-
\??\c:\jnlhpjh.exec:\jnlhpjh.exe119⤵
-
\??\c:\nhjdt.exec:\nhjdt.exe120⤵
-
\??\c:\tfnnvnp.exec:\tfnnvnp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-