Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
164s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
02/11/2023, 16:51
General
-
Target
NEAS.e32e1929a6dea4d0165dd130fc88d770.exe
-
Size
62KB
-
MD5
e32e1929a6dea4d0165dd130fc88d770
-
SHA1
6d7ff5304400670beb97ded101a816f5cdee18f0
-
SHA256
a1a1830a140665ff9604f03d4e826ada5df113c1b45911075d34648b19cfb2ac
-
SHA512
67dc09e07668b51271dc2a1040986d6a948f978672f6a7dde0edfa7c2c077db8d6f867346d57fca55537fe1d08efc9f317793262d642710f388ef0dfdba508c8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJ/RWiv5:ymb3NkkiQ3mdBjFIqQ5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 60 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.e32e1929a6dea4d0165dd130fc88d770.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.e32e1929a6dea4d0165dd130fc88d770.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7sfod1.exec:\7sfod1.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ghwlm1.exec:\ghwlm1.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jgm5q.exec:\jgm5q.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\aqqc5sa.exec:\aqqc5sa.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ogrri.exec:\ogrri.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u4p0r8.exec:\u4p0r8.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ou51c0v.exec:\ou51c0v.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\179hwet.exec:\179hwet.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gquv28n.exec:\gquv28n.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6tigj42.exec:\6tigj42.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7s7395d.exec:\7s7395d.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8612q7.exec:\8612q7.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n4jg76k.exec:\n4jg76k.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k9570.exec:\k9570.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\02mpjmg.exec:\02mpjmg.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e588e.exec:\e588e.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9l397d.exec:\9l397d.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q14i5.exec:\q14i5.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j0g6ccg.exec:\j0g6ccg.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\03wpt1.exec:\03wpt1.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e79l5.exec:\e79l5.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\24w27g.exec:\24w27g.exe23⤵
- Executes dropped EXE
-
\??\c:\h7j7qk8.exec:\h7j7qk8.exe24⤵
- Executes dropped EXE
-
\??\c:\7a75c1.exec:\7a75c1.exe25⤵
- Executes dropped EXE
-
\??\c:\x63li1.exec:\x63li1.exe26⤵
- Executes dropped EXE
-
\??\c:\g1r110c.exec:\g1r110c.exe27⤵
- Executes dropped EXE
-
\??\c:\0n6uol.exec:\0n6uol.exe28⤵
- Executes dropped EXE
-
\??\c:\b46x6.exec:\b46x6.exe29⤵
- Executes dropped EXE
-
\??\c:\tb7ek.exec:\tb7ek.exe30⤵
- Executes dropped EXE
-
\??\c:\jv9mk5.exec:\jv9mk5.exe31⤵
- Executes dropped EXE
-
\??\c:\8rs3wf.exec:\8rs3wf.exe32⤵
- Executes dropped EXE
-
\??\c:\wl9hqm5.exec:\wl9hqm5.exe33⤵
- Executes dropped EXE
-
\??\c:\q73cn8.exec:\q73cn8.exe34⤵
- Executes dropped EXE
-
\??\c:\h8xo0sp.exec:\h8xo0sp.exe35⤵
- Executes dropped EXE
-
\??\c:\0339o.exec:\0339o.exe36⤵
- Executes dropped EXE
-
\??\c:\b01445r.exec:\b01445r.exe37⤵
- Executes dropped EXE
-
\??\c:\4k420.exec:\4k420.exe38⤵
- Executes dropped EXE
-
\??\c:\x201e.exec:\x201e.exe39⤵
- Executes dropped EXE
-
\??\c:\el0x87b.exec:\el0x87b.exe40⤵
- Executes dropped EXE
-
\??\c:\qdde43.exec:\qdde43.exe41⤵
- Executes dropped EXE
-
\??\c:\g4c72uw.exec:\g4c72uw.exe42⤵
- Executes dropped EXE
-
\??\c:\93g1ebu.exec:\93g1ebu.exe43⤵
- Executes dropped EXE
-
\??\c:\64qeil.exec:\64qeil.exe44⤵
- Executes dropped EXE
-
\??\c:\l633v0.exec:\l633v0.exe45⤵
- Executes dropped EXE
-
\??\c:\3d0pd.exec:\3d0pd.exe46⤵
- Executes dropped EXE
-
\??\c:\d7sa286.exec:\d7sa286.exe47⤵
- Executes dropped EXE
-
\??\c:\x1e43dw.exec:\x1e43dw.exe48⤵
- Executes dropped EXE
-
\??\c:\m26mi.exec:\m26mi.exe49⤵
- Executes dropped EXE
-
\??\c:\q9m53b.exec:\q9m53b.exe50⤵
- Executes dropped EXE
-
\??\c:\13hvnk.exec:\13hvnk.exe51⤵
- Executes dropped EXE
-
\??\c:\v88eixs.exec:\v88eixs.exe52⤵
- Executes dropped EXE
-
\??\c:\m949nwu.exec:\m949nwu.exe53⤵
- Executes dropped EXE
-
\??\c:\35lsh3.exec:\35lsh3.exe54⤵
- Executes dropped EXE
-
\??\c:\69c09ix.exec:\69c09ix.exe55⤵
- Executes dropped EXE
-
\??\c:\pkq55d9.exec:\pkq55d9.exe56⤵
- Executes dropped EXE
-
\??\c:\2q81e1.exec:\2q81e1.exe57⤵
- Executes dropped EXE
-
\??\c:\8scoqx.exec:\8scoqx.exe58⤵
- Executes dropped EXE
-
\??\c:\2nt4lx.exec:\2nt4lx.exe59⤵
- Executes dropped EXE
-
\??\c:\14m6et7.exec:\14m6et7.exe60⤵
- Executes dropped EXE
-
\??\c:\p7w35q.exec:\p7w35q.exe61⤵
- Executes dropped EXE
-
\??\c:\08v3kqi.exec:\08v3kqi.exe62⤵
- Executes dropped EXE
-
\??\c:\31f46.exec:\31f46.exe63⤵
- Executes dropped EXE
-
\??\c:\9rols1.exec:\9rols1.exe64⤵
- Executes dropped EXE
-
\??\c:\5mpkois.exec:\5mpkois.exe65⤵
- Executes dropped EXE
-
\??\c:\d957ol.exec:\d957ol.exe66⤵
-
\??\c:\70kko59.exec:\70kko59.exe67⤵
-
\??\c:\lgvdd2.exec:\lgvdd2.exe68⤵
-
\??\c:\dec0m.exec:\dec0m.exe69⤵
-
\??\c:\kd8l7c.exec:\kd8l7c.exe70⤵
-
\??\c:\dm7jt6.exec:\dm7jt6.exe71⤵
-
\??\c:\2l5s336.exec:\2l5s336.exe72⤵
-
\??\c:\pm936.exec:\pm936.exe73⤵
-
\??\c:\k7s0hhx.exec:\k7s0hhx.exe74⤵
-
\??\c:\1c3x3.exec:\1c3x3.exe75⤵
-
\??\c:\511wqo.exec:\511wqo.exe76⤵
-
\??\c:\97t73t.exec:\97t73t.exe77⤵
-
\??\c:\id49sd5.exec:\id49sd5.exe78⤵
-
\??\c:\ulcm7sq.exec:\ulcm7sq.exe79⤵
-
\??\c:\h8f8e.exec:\h8f8e.exe80⤵
-
\??\c:\lm3eti.exec:\lm3eti.exe81⤵
-
\??\c:\mnvl8.exec:\mnvl8.exe82⤵
-
\??\c:\0l883.exec:\0l883.exe83⤵
-
\??\c:\r3sm6.exec:\r3sm6.exe84⤵
-
\??\c:\b93jg91.exec:\b93jg91.exe85⤵
-
\??\c:\7r1v5c.exec:\7r1v5c.exe86⤵
-
\??\c:\v53k3.exec:\v53k3.exe87⤵
-
\??\c:\4cr57.exec:\4cr57.exe88⤵
-
\??\c:\3pp56.exec:\3pp56.exe89⤵
-
\??\c:\jmlf5b6.exec:\jmlf5b6.exe90⤵
-
\??\c:\cc1qe.exec:\cc1qe.exe91⤵
-
\??\c:\dh99b.exec:\dh99b.exe92⤵
-
\??\c:\a9k01x1.exec:\a9k01x1.exe93⤵
-
\??\c:\j4e347.exec:\j4e347.exe94⤵
-
\??\c:\jwwug.exec:\jwwug.exe95⤵
-
\??\c:\9h0lme.exec:\9h0lme.exe96⤵
-
\??\c:\a64558.exec:\a64558.exe97⤵
-
\??\c:\cu03xr8.exec:\cu03xr8.exe98⤵
-
\??\c:\c1ppw6.exec:\c1ppw6.exe99⤵
-
\??\c:\tigp2e.exec:\tigp2e.exe100⤵
-
\??\c:\503ja.exec:\503ja.exe101⤵
-
\??\c:\ki1cf5g.exec:\ki1cf5g.exe102⤵
-
\??\c:\g173fis.exec:\g173fis.exe103⤵
-
\??\c:\a7s353.exec:\a7s353.exe104⤵
-
\??\c:\vs13m.exec:\vs13m.exe105⤵
-
\??\c:\0o1ape.exec:\0o1ape.exe106⤵
-
\??\c:\a1948p.exec:\a1948p.exe107⤵
-
\??\c:\0k8w9.exec:\0k8w9.exe108⤵
-
\??\c:\03quag5.exec:\03quag5.exe109⤵
-
\??\c:\o115o2q.exec:\o115o2q.exe110⤵
-
\??\c:\0799pv.exec:\0799pv.exe111⤵
-
\??\c:\0aw56d.exec:\0aw56d.exe112⤵
-
\??\c:\ui7pv.exec:\ui7pv.exe113⤵
-
\??\c:\c1353o9.exec:\c1353o9.exe114⤵
-
\??\c:\979fc6.exec:\979fc6.exe115⤵
-
\??\c:\xbl96b.exec:\xbl96b.exe116⤵
-
\??\c:\s8fgn7.exec:\s8fgn7.exe117⤵
-
\??\c:\4s11nnl.exec:\4s11nnl.exe118⤵
-
\??\c:\1k6u44.exec:\1k6u44.exe119⤵
-
\??\c:\fc198.exec:\fc198.exe120⤵
-
\??\c:\78hofd.exec:\78hofd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-