Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
03/11/2023, 01:39
General
-
Target
NEAS.02fc29946a7a5b6dbfc932f9651fd610_JC.exe
-
Size
159KB
-
MD5
02fc29946a7a5b6dbfc932f9651fd610
-
SHA1
d2936a5ac22a119532436f4e8ccb23f659deedc6
-
SHA256
657795f3256db837c6d282877101128635713124d89dd09b94dfb13e7088bb19
-
SHA512
a9c02275bacbd48c340e8daeb8905ef4b9f559eb7e894a62ba754a68c56f7d324d6fa2ff15d9cb3ba9f1a51784b653abe11ebc01dc529f046b8ba1ae586606d7
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73HUoMsAbrFcFisXqOi8yzr:n3C9BRo7HCsAbhEXqOiVzr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 59 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.02fc29946a7a5b6dbfc932f9651fd610_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.02fc29946a7a5b6dbfc932f9651fd610_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbjtrtj.exec:\bbjtrtj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rdptd.exec:\rdptd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvrhtln.exec:\vvrhtln.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdvdvxx.exec:\bdvdvxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlpj.exec:\rlxlpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tblnldh.exec:\tblnldh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vtrlfxd.exec:\vtrlfxd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdvdh.exec:\xdvdh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vlnhfp.exec:\vlnhfp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxrhbht.exec:\hxrhbht.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htvdvpd.exec:\htvdvpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdjtln.exec:\xdjtln.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pbdfl.exec:\pbdfl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrpjdrv.exec:\xrpjdrv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frvbv.exec:\frvbv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdnxx.exec:\vdnxx.exe17⤵
- Executes dropped EXE
-
\??\c:\ldltrp.exec:\ldltrp.exe18⤵
- Executes dropped EXE
-
\??\c:\nhrxlh.exec:\nhrxlh.exe19⤵
- Executes dropped EXE
-
\??\c:\flhbnx.exec:\flhbnx.exe20⤵
- Executes dropped EXE
-
\??\c:\plbbt.exec:\plbbt.exe21⤵
- Executes dropped EXE
-
\??\c:\rrflt.exec:\rrflt.exe22⤵
- Executes dropped EXE
-
\??\c:\hhxvpd.exec:\hhxvpd.exe23⤵
- Executes dropped EXE
-
\??\c:\xjdtxr.exec:\xjdtxr.exe24⤵
- Executes dropped EXE
-
\??\c:\fftdpj.exec:\fftdpj.exe25⤵
- Executes dropped EXE
-
\??\c:\rblth.exec:\rblth.exe26⤵
- Executes dropped EXE
-
\??\c:\hxbjvt.exec:\hxbjvt.exe27⤵
- Executes dropped EXE
-
\??\c:\lftdpnn.exec:\lftdpnn.exe28⤵
- Executes dropped EXE
-
\??\c:\pthnpd.exec:\pthnpd.exe29⤵
- Executes dropped EXE
-
\??\c:\jtdppl.exec:\jtdppl.exe30⤵
- Executes dropped EXE
-
\??\c:\vbxdhnf.exec:\vbxdhnf.exe31⤵
- Executes dropped EXE
-
\??\c:\jflfh.exec:\jflfh.exe32⤵
- Executes dropped EXE
-
\??\c:\dpxxlbv.exec:\dpxxlbv.exe33⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\tdxbjr.exec:\tdxbjr.exe1⤵
- Executes dropped EXE
-
\??\c:\lbbnl.exec:\lbbnl.exe2⤵
- Executes dropped EXE
-
\??\c:\rtddr.exec:\rtddr.exe3⤵
- Executes dropped EXE
-
\??\c:\drvnfb.exec:\drvnfb.exe4⤵
- Executes dropped EXE
-
\??\c:\dtxnhr.exec:\dtxnhr.exe5⤵
- Executes dropped EXE
-
\??\c:\rjnbjfd.exec:\rjnbjfd.exe6⤵
- Executes dropped EXE
-
\??\c:\vffdl.exec:\vffdl.exe7⤵
- Executes dropped EXE
-
\??\c:\ddvrr.exec:\ddvrr.exe8⤵
- Executes dropped EXE
-
\??\c:\fnpxp.exec:\fnpxp.exe9⤵
- Executes dropped EXE
-
\??\c:\rhplhlp.exec:\rhplhlp.exe10⤵
- Executes dropped EXE
-
\??\c:\ftlrp.exec:\ftlrp.exe11⤵
- Executes dropped EXE
-
\??\c:\bjphxt.exec:\bjphxt.exe12⤵
- Executes dropped EXE
-
\??\c:\lprlh.exec:\lprlh.exe13⤵
- Executes dropped EXE
-
\??\c:\blnfbbv.exec:\blnfbbv.exe14⤵
- Executes dropped EXE
-
\??\c:\rxxbjv.exec:\rxxbjv.exe15⤵
- Executes dropped EXE
-
\??\c:\njptnd.exec:\njptnd.exe16⤵
- Executes dropped EXE
-
\??\c:\fnxpl.exec:\fnxpl.exe17⤵
- Executes dropped EXE
-
\??\c:\hjlrx.exec:\hjlrx.exe18⤵
- Executes dropped EXE
-
\??\c:\nbvln.exec:\nbvln.exe19⤵
- Executes dropped EXE
-
\??\c:\rjttlvj.exec:\rjttlvj.exe20⤵
- Executes dropped EXE
-
\??\c:\xplfnd.exec:\xplfnd.exe21⤵
- Executes dropped EXE
-
\??\c:\ftlvn.exec:\ftlvn.exe22⤵
- Executes dropped EXE
-
\??\c:\npfjhp.exec:\npfjhp.exe23⤵
- Executes dropped EXE
-
\??\c:\tdbpxbh.exec:\tdbpxbh.exe24⤵
- Executes dropped EXE
-
\??\c:\jpdnjl.exec:\jpdnjl.exe25⤵
- Executes dropped EXE
-
\??\c:\lbvlb.exec:\lbvlb.exe26⤵
- Executes dropped EXE
-
\??\c:\hdpvp.exec:\hdpvp.exe27⤵
- Executes dropped EXE
-
\??\c:\ftbxpdr.exec:\ftbxpdr.exe28⤵
- Executes dropped EXE
-
\??\c:\ldppv.exec:\ldppv.exe29⤵
- Executes dropped EXE
-
\??\c:\lbpxtnv.exec:\lbpxtnv.exe30⤵
- Executes dropped EXE
-
\??\c:\rfdnhnt.exec:\rfdnhnt.exe31⤵
- Executes dropped EXE
-
\??\c:\xppnl.exec:\xppnl.exe32⤵
- Executes dropped EXE
-
\??\c:\xrlldpv.exec:\xrlldpv.exe33⤵
-
\??\c:\vlbrnjb.exec:\vlbrnjb.exe34⤵
-
\??\c:\lhhnj.exec:\lhhnj.exe35⤵
-
\??\c:\nnltrv.exec:\nnltrv.exe36⤵
-
\??\c:\xpfxnt.exec:\xpfxnt.exe37⤵
-
\??\c:\xdvnx.exec:\xdvnx.exe38⤵
-
\??\c:\pjxpt.exec:\pjxpt.exe39⤵
-
\??\c:\hrjxjdd.exec:\hrjxjdd.exe40⤵
-
\??\c:\hjvflv.exec:\hjvflv.exe41⤵
-
\??\c:\nvppvtt.exec:\nvppvtt.exe42⤵
-
\??\c:\trxfl.exec:\trxfl.exe43⤵
-
\??\c:\vvvllpf.exec:\vvvllpf.exe44⤵
-
\??\c:\jtfpvpd.exec:\jtfpvpd.exe45⤵
-
\??\c:\tdpnnv.exec:\tdpnnv.exe46⤵
-
\??\c:\dpjph.exec:\dpjph.exe47⤵
-
\??\c:\xvrrx.exec:\xvrrx.exe48⤵
-
\??\c:\ntlfx.exec:\ntlfx.exe49⤵
-
\??\c:\fdxpl.exec:\fdxpl.exe50⤵
-
\??\c:\hhldnfx.exec:\hhldnfx.exe51⤵
-
\??\c:\lvlbhft.exec:\lvlbhft.exe52⤵
-
\??\c:\vjjthjb.exec:\vjjthjb.exe53⤵
-
\??\c:\llpbxff.exec:\llpbxff.exe54⤵
-
\??\c:\nfffnh.exec:\nfffnh.exe55⤵
-
\??\c:\xjrvhtd.exec:\xjrvhtd.exe56⤵
-
\??\c:\lrnhdl.exec:\lrnhdl.exe57⤵
-
\??\c:\tjvlhn.exec:\tjvlhn.exe58⤵
-
\??\c:\vrllnnb.exec:\vrllnnb.exe59⤵
-
\??\c:\vjvvdl.exec:\vjvvdl.exe60⤵
-
\??\c:\xpppbv.exec:\xpppbv.exe61⤵
-
\??\c:\ppdxp.exec:\ppdxp.exe62⤵
-
\??\c:\plrdf.exec:\plrdf.exe63⤵
-
\??\c:\jvhxpr.exec:\jvhxpr.exe64⤵
-
\??\c:\bxbph.exec:\bxbph.exe65⤵
-
\??\c:\ldxxrbf.exec:\ldxxrbf.exe66⤵
-
\??\c:\xpbpd.exec:\xpbpd.exe67⤵
-
\??\c:\pnntv.exec:\pnntv.exe68⤵
-
\??\c:\nvhtv.exec:\nvhtv.exe69⤵
-
\??\c:\nxlvtnd.exec:\nxlvtnd.exe70⤵
-
\??\c:\lfjvl.exec:\lfjvl.exe71⤵
-
\??\c:\bbffrnr.exec:\bbffrnr.exe72⤵
-
\??\c:\rfnpt.exec:\rfnpt.exe73⤵
-
\??\c:\xbjbjdb.exec:\xbjbjdb.exe74⤵
-
\??\c:\frfvdjj.exec:\frfvdjj.exe75⤵
-
\??\c:\phfpb.exec:\phfpb.exe76⤵
-
\??\c:\jvjtxt.exec:\jvjtxt.exe77⤵
-
\??\c:\rthfxx.exec:\rthfxx.exe78⤵
-
\??\c:\jdbnvvr.exec:\jdbnvvr.exe79⤵
-
\??\c:\vvpppf.exec:\vvpppf.exe80⤵
-
\??\c:\pljllfv.exec:\pljllfv.exe81⤵
-
\??\c:\nvthr.exec:\nvthr.exe82⤵
-
\??\c:\nxrlrxd.exec:\nxrlrxd.exe83⤵
-
\??\c:\jdjntr.exec:\jdjntr.exe84⤵
-
\??\c:\jlpdtt.exec:\jlpdtt.exe85⤵
-
\??\c:\lrvjxj.exec:\lrvjxj.exe86⤵
-
\??\c:\bbjvl.exec:\bbjvl.exe87⤵
-
\??\c:\nhhxrdn.exec:\nhhxrdn.exe88⤵
-
\??\c:\hrpfnl.exec:\hrpfnl.exe89⤵
-
\??\c:\tfntph.exec:\tfntph.exe90⤵
-
\??\c:\bbbfhld.exec:\bbbfhld.exe91⤵
-
\??\c:\jxlppdl.exec:\jxlppdl.exe92⤵
-
\??\c:\blpxhfp.exec:\blpxhfp.exe93⤵
-
\??\c:\hfjtfd.exec:\hfjtfd.exe94⤵
-
\??\c:\xtnxv.exec:\xtnxv.exe95⤵
-
\??\c:\dvlvtfd.exec:\dvlvtfd.exe96⤵
-
\??\c:\rhrtfd.exec:\rhrtfd.exe97⤵
-
\??\c:\xpxtthp.exec:\xpxtthp.exe98⤵
-
\??\c:\vvdpptj.exec:\vvdpptj.exe99⤵
-
\??\c:\xnddpdt.exec:\xnddpdt.exe100⤵
-
\??\c:\jxdpldr.exec:\jxdpldr.exe101⤵
-
\??\c:\hvrtdj.exec:\hvrtdj.exe102⤵
-
\??\c:\jfvvj.exec:\jfvvj.exe103⤵
-
\??\c:\phnfb.exec:\phnfb.exe104⤵
-
\??\c:\ltndj.exec:\ltndj.exe105⤵
-
\??\c:\rprbr.exec:\rprbr.exe106⤵
-
\??\c:\hdhdbl.exec:\hdhdbl.exe107⤵
-
\??\c:\hlfxprn.exec:\hlfxprn.exe108⤵
-
\??\c:\ljdlljl.exec:\ljdlljl.exe109⤵
-
\??\c:\bdtxhv.exec:\bdtxhv.exe110⤵
-
\??\c:\vfvlfd.exec:\vfvlfd.exe111⤵
-
\??\c:\dtjxp.exec:\dtjxp.exe112⤵
-
\??\c:\nfthdj.exec:\nfthdj.exe113⤵
-
\??\c:\vjjhxd.exec:\vjjhxd.exe114⤵
-
\??\c:\vpxpx.exec:\vpxpx.exe115⤵
-
\??\c:\lvrxxd.exec:\lvrxxd.exe116⤵
-
\??\c:\ltbph.exec:\ltbph.exe117⤵
-
\??\c:\tvxfdv.exec:\tvxfdv.exe118⤵
-
\??\c:\bldllj.exec:\bldllj.exe119⤵
-
\??\c:\jhpdrhb.exec:\jhpdrhb.exe120⤵
-
\??\c:\rlnnnj.exec:\rlnnnj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-