Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
03/11/2023, 01:06
General
-
Target
NEAS.fcd669e2deb091c6e949239540067260_JC.exe
-
Size
132KB
-
MD5
fcd669e2deb091c6e949239540067260
-
SHA1
ba0e076eb3a86026cc474bea3ecf76bf86b1bd23
-
SHA256
d8ec31cf52fb44a12a125b6ce0f24b6bc073f772d0e992d9b26e845136149b7b
-
SHA512
09b740d00379f0475fb874033ce6711fecec50c9d7db24eb81ad35782c31fc45026af9c95cf355a95184d1a3fb24121a5ba9069975eac7a664535b564adfafab
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73HUoMsAbrFWTLNwJ:n3C9BRo7HCsAbQC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 35 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.fcd669e2deb091c6e949239540067260_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.fcd669e2deb091c6e949239540067260_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\doc16gm.exec:\doc16gm.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jk6i41a.exec:\jk6i41a.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fp6t3.exec:\fp6t3.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2tssv.exec:\2tssv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7n5b5e.exec:\7n5b5e.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s23aa6.exec:\s23aa6.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f6f4wqa.exec:\f6f4wqa.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x7w88.exec:\x7w88.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0b733i.exec:\0b733i.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\28n76.exec:\28n76.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x6dbjv.exec:\x6dbjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\97tk9e5.exec:\97tk9e5.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\91i38.exec:\91i38.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\uk3k0g.exec:\uk3k0g.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i4621.exec:\i4621.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5b1ob9.exec:\5b1ob9.exe17⤵
- Executes dropped EXE
-
\??\c:\x27ik.exec:\x27ik.exe18⤵
- Executes dropped EXE
-
\??\c:\6r45o3t.exec:\6r45o3t.exe19⤵
- Executes dropped EXE
-
\??\c:\qo2g9.exec:\qo2g9.exe20⤵
- Executes dropped EXE
-
\??\c:\fq82084.exec:\fq82084.exe21⤵
- Executes dropped EXE
-
\??\c:\cp09q.exec:\cp09q.exe22⤵
- Executes dropped EXE
-
\??\c:\ei1ul7.exec:\ei1ul7.exe23⤵
- Executes dropped EXE
-
\??\c:\pisgl5.exec:\pisgl5.exe24⤵
- Executes dropped EXE
-
\??\c:\535sg9.exec:\535sg9.exe25⤵
- Executes dropped EXE
-
\??\c:\4n91p.exec:\4n91p.exe26⤵
- Executes dropped EXE
-
\??\c:\4vw9mto.exec:\4vw9mto.exe27⤵
- Executes dropped EXE
-
\??\c:\7p25r.exec:\7p25r.exe28⤵
- Executes dropped EXE
-
\??\c:\19ot80.exec:\19ot80.exe29⤵
- Executes dropped EXE
-
\??\c:\61mbu.exec:\61mbu.exe30⤵
- Executes dropped EXE
-
\??\c:\h0c5w.exec:\h0c5w.exe31⤵
- Executes dropped EXE
-
\??\c:\v8093x.exec:\v8093x.exe32⤵
- Executes dropped EXE
-
\??\c:\xcv7d5.exec:\xcv7d5.exe33⤵
- Executes dropped EXE
-
\??\c:\6coe6.exec:\6coe6.exe34⤵
- Executes dropped EXE
-
\??\c:\4i9ai6.exec:\4i9ai6.exe35⤵
- Executes dropped EXE
-
\??\c:\9pb12.exec:\9pb12.exe36⤵
- Executes dropped EXE
-
\??\c:\49s185.exec:\49s185.exe37⤵
- Executes dropped EXE
-
\??\c:\b33oog.exec:\b33oog.exe38⤵
- Executes dropped EXE
-
\??\c:\5bo55i2.exec:\5bo55i2.exe39⤵
- Executes dropped EXE
-
\??\c:\l323f.exec:\l323f.exe40⤵
- Executes dropped EXE
-
\??\c:\f49e19.exec:\f49e19.exe41⤵
- Executes dropped EXE
-
\??\c:\v7f0j.exec:\v7f0j.exe42⤵
- Executes dropped EXE
-
\??\c:\33ahic.exec:\33ahic.exe43⤵
- Executes dropped EXE
-
\??\c:\2v19l.exec:\2v19l.exe44⤵
- Executes dropped EXE
-
\??\c:\19tgu6.exec:\19tgu6.exe45⤵
- Executes dropped EXE
-
\??\c:\69r69.exec:\69r69.exe46⤵
- Executes dropped EXE
-
\??\c:\b8ivc1.exec:\b8ivc1.exe47⤵
- Executes dropped EXE
-
\??\c:\8fn5l59.exec:\8fn5l59.exe48⤵
- Executes dropped EXE
-
\??\c:\behb9.exec:\behb9.exe49⤵
- Executes dropped EXE
-
\??\c:\76tnl.exec:\76tnl.exe50⤵
- Executes dropped EXE
-
\??\c:\1n93i.exec:\1n93i.exe51⤵
- Executes dropped EXE
-
\??\c:\4c5ow.exec:\4c5ow.exe52⤵
- Executes dropped EXE
-
\??\c:\456j6j.exec:\456j6j.exe53⤵
- Executes dropped EXE
-
\??\c:\h95ubwm.exec:\h95ubwm.exe54⤵
- Executes dropped EXE
-
\??\c:\2v1e3.exec:\2v1e3.exe55⤵
- Executes dropped EXE
-
\??\c:\gxe3n1e.exec:\gxe3n1e.exe56⤵
- Executes dropped EXE
-
\??\c:\5i68ca.exec:\5i68ca.exe57⤵
- Executes dropped EXE
-
\??\c:\n2njr4.exec:\n2njr4.exe58⤵
- Executes dropped EXE
-
\??\c:\g217d5r.exec:\g217d5r.exe59⤵
- Executes dropped EXE
-
\??\c:\ogd21.exec:\ogd21.exe60⤵
- Executes dropped EXE
-
\??\c:\v452nv.exec:\v452nv.exe61⤵
- Executes dropped EXE
-
\??\c:\cu3h5s.exec:\cu3h5s.exe62⤵
- Executes dropped EXE
-
\??\c:\b2pb1gv.exec:\b2pb1gv.exe63⤵
- Executes dropped EXE
-
\??\c:\7e1s5w.exec:\7e1s5w.exe64⤵
- Executes dropped EXE
-
\??\c:\js6n7c4.exec:\js6n7c4.exe65⤵
- Executes dropped EXE
-
\??\c:\6948v.exec:\6948v.exe66⤵
-
\??\c:\j2n5tv.exec:\j2n5tv.exe67⤵
-
\??\c:\n164n1g.exec:\n164n1g.exe68⤵
-
\??\c:\pi61mt.exec:\pi61mt.exe69⤵
-
\??\c:\2h5bu.exec:\2h5bu.exe70⤵
-
\??\c:\8j0gr89.exec:\8j0gr89.exe71⤵
-
\??\c:\01o1c1w.exec:\01o1c1w.exe72⤵
-
\??\c:\0o986.exec:\0o986.exe73⤵
-
\??\c:\63r09.exec:\63r09.exe74⤵
-
\??\c:\0c50392.exec:\0c50392.exe75⤵
-
\??\c:\6r94g.exec:\6r94g.exe76⤵
-
\??\c:\623l4.exec:\623l4.exe77⤵
-
\??\c:\xg30c7.exec:\xg30c7.exe78⤵
-
\??\c:\12367u.exec:\12367u.exe79⤵
-
\??\c:\0t348k.exec:\0t348k.exe80⤵
-
\??\c:\xn4w5.exec:\xn4w5.exe81⤵
-
\??\c:\rt61f.exec:\rt61f.exe82⤵
-
\??\c:\640jxb0.exec:\640jxb0.exe83⤵
-
\??\c:\p88hi3.exec:\p88hi3.exe84⤵
-
\??\c:\ktv168i.exec:\ktv168i.exe85⤵
-
\??\c:\f4tt248.exec:\f4tt248.exe86⤵
-
\??\c:\k2xg69.exec:\k2xg69.exe87⤵
-
\??\c:\7fc439d.exec:\7fc439d.exe88⤵
-
\??\c:\4b7sh4.exec:\4b7sh4.exe89⤵
-
\??\c:\x894x9.exec:\x894x9.exe90⤵
-
\??\c:\6l32b8d.exec:\6l32b8d.exe91⤵
-
\??\c:\ols973.exec:\ols973.exe92⤵
-
\??\c:\g1wwi.exec:\g1wwi.exe93⤵
-
\??\c:\hb8t3e3.exec:\hb8t3e3.exe94⤵
-
\??\c:\6n6o8.exec:\6n6o8.exe95⤵
-
\??\c:\sm9a2ns.exec:\sm9a2ns.exe96⤵
-
\??\c:\1pk99he.exec:\1pk99he.exe97⤵
-
\??\c:\8g48sm3.exec:\8g48sm3.exe98⤵
-
\??\c:\j394n11.exec:\j394n11.exe99⤵
-
\??\c:\78235.exec:\78235.exe100⤵
-
\??\c:\10lofg2.exec:\10lofg2.exe101⤵
-
\??\c:\06129fv.exec:\06129fv.exe102⤵
-
\??\c:\2ers64.exec:\2ers64.exe103⤵
-
\??\c:\l17f39.exec:\l17f39.exe104⤵
-
\??\c:\ui3k4.exec:\ui3k4.exe105⤵
-
\??\c:\g1qh45.exec:\g1qh45.exe106⤵
-
\??\c:\r7w9g.exec:\r7w9g.exe107⤵
-
\??\c:\7a6a1.exec:\7a6a1.exe108⤵
-
\??\c:\ni5h7t7.exec:\ni5h7t7.exe109⤵
-
\??\c:\86p670.exec:\86p670.exe110⤵
-
\??\c:\x4w734.exec:\x4w734.exe111⤵
-
\??\c:\u228x.exec:\u228x.exe112⤵
-
\??\c:\6b2651.exec:\6b2651.exe113⤵
-
\??\c:\meu684.exec:\meu684.exe114⤵
-
\??\c:\d1ffxc.exec:\d1ffxc.exe115⤵
-
\??\c:\078h6.exec:\078h6.exe116⤵
-
\??\c:\x242cg.exec:\x242cg.exe117⤵
-
\??\c:\jse69.exec:\jse69.exe118⤵
-
\??\c:\09i242.exec:\09i242.exe119⤵
-
\??\c:\jmr4s.exec:\jmr4s.exe120⤵
-
\??\c:\co9c5.exec:\co9c5.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-