Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
07/11/2023, 03:03
General
-
Target
NEAS.f6d9900b1a5bd7cb0d9fb21469a05570.exe
-
Size
320KB
-
MD5
f6d9900b1a5bd7cb0d9fb21469a05570
-
SHA1
d67dd43d80dacea5dd7972eb1a80b0879bf55a29
-
SHA256
043902a917dc376ee4b2b0928998d2ee2e6bf8e6052320852fa58d250fd5cc2f
-
SHA512
6d26ff9f65bc2e4eab6bf7582d4c9dd85ee6b7987afbe1618992acd056a5f6b9fc50778c5ed3de16c4380bf3aa07709fc67709ba17eabcc126409fff92233d13
-
SSDEEP
6144:rcm4FmowdHoSphraHcpOaKHpXfRo0V8JcgE+ezpg1s:x4wFHoS3eFaKHpv/VycgE8s
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.f6d9900b1a5bd7cb0d9fb21469a05570.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.f6d9900b1a5bd7cb0d9fb21469a05570.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\t8kgcx2.exec:\t8kgcx2.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3p593.exec:\3p593.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
\??\c:\8pw3q1.exec:\8pw3q1.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\530d0.exec:\530d0.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nwo0on7.exec:\nwo0on7.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\578awqe.exec:\578awqe.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\oex3m.exec:\oex3m.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\15ap1.exec:\15ap1.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\575735e.exec:\575735e.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5oom295.exec:\5oom295.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\raokh7.exec:\raokh7.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6p19gh.exec:\6p19gh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\25797gg.exec:\25797gg.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\75e9795.exec:\75e9795.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h2n5kl3.exec:\h2n5kl3.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r2kqkc.exec:\r2kqkc.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v76ki.exec:\v76ki.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ei0k5m.exec:\ei0k5m.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wawiwe6.exec:\wawiwe6.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k9cv8.exec:\k9cv8.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ok18.exec:\1ok18.exe19⤵
- Executes dropped EXE
-
\??\c:\9j1f4t7.exec:\9j1f4t7.exe20⤵
- Executes dropped EXE
-
\??\c:\9v15nm.exec:\9v15nm.exe21⤵
- Executes dropped EXE
-
\??\c:\9n1qn0s.exec:\9n1qn0s.exe22⤵
- Executes dropped EXE
-
\??\c:\6r73k.exec:\6r73k.exe23⤵
- Executes dropped EXE
-
\??\c:\q2f58kn.exec:\q2f58kn.exe24⤵
- Executes dropped EXE
-
\??\c:\725e55.exec:\725e55.exe25⤵
- Executes dropped EXE
-
\??\c:\8nx485s.exec:\8nx485s.exe26⤵
- Executes dropped EXE
-
\??\c:\giwiqot.exec:\giwiqot.exe27⤵
- Executes dropped EXE
-
\??\c:\c36qq9.exec:\c36qq9.exe28⤵
- Executes dropped EXE
-
\??\c:\il10k.exec:\il10k.exe29⤵
- Executes dropped EXE
-
\??\c:\8ecoo.exec:\8ecoo.exe30⤵
- Executes dropped EXE
-
\??\c:\h2w51.exec:\h2w51.exe31⤵
- Executes dropped EXE
-
\??\c:\6qgku.exec:\6qgku.exe32⤵
- Executes dropped EXE
-
\??\c:\1ioi2uu.exec:\1ioi2uu.exe33⤵
-
\??\c:\974m8.exec:\974m8.exe34⤵
- Executes dropped EXE
-
\??\c:\v171173.exec:\v171173.exe35⤵
- Executes dropped EXE
-
\??\c:\3kwkw.exec:\3kwkw.exe36⤵
- Executes dropped EXE
-
\??\c:\eat7i.exec:\eat7i.exe37⤵
- Executes dropped EXE
-
\??\c:\15wt31.exec:\15wt31.exe38⤵
- Executes dropped EXE
-
\??\c:\ag98q1.exec:\ag98q1.exe39⤵
-
\??\c:\5f0qg5.exec:\5f0qg5.exe40⤵
- Executes dropped EXE
-
\??\c:\8unswko.exec:\8unswko.exe41⤵
- Executes dropped EXE
-
\??\c:\uu8xmbo.exec:\uu8xmbo.exe42⤵
- Executes dropped EXE
-
\??\c:\v51ri.exec:\v51ri.exe43⤵
- Executes dropped EXE
-
\??\c:\438qa.exec:\438qa.exe44⤵
- Executes dropped EXE
-
\??\c:\ba5237.exec:\ba5237.exe45⤵
- Executes dropped EXE
-
\??\c:\3v73397.exec:\3v73397.exe46⤵
- Executes dropped EXE
-
\??\c:\f2ij3.exec:\f2ij3.exe47⤵
- Executes dropped EXE
-
\??\c:\akeei.exec:\akeei.exe48⤵
- Executes dropped EXE
-
\??\c:\k32n3i.exec:\k32n3i.exe49⤵
- Executes dropped EXE
-
\??\c:\a2gs4o.exec:\a2gs4o.exe50⤵
- Executes dropped EXE
-
\??\c:\426e67.exec:\426e67.exe51⤵
- Executes dropped EXE
-
\??\c:\99aiaj0.exec:\99aiaj0.exe52⤵
- Executes dropped EXE
-
\??\c:\9s65g.exec:\9s65g.exe53⤵
- Executes dropped EXE
-
\??\c:\2x515.exec:\2x515.exe54⤵
- Executes dropped EXE
-
\??\c:\96n97mc.exec:\96n97mc.exe55⤵
- Executes dropped EXE
-
\??\c:\25m650.exec:\25m650.exe56⤵
- Executes dropped EXE
-
\??\c:\x17fuw.exec:\x17fuw.exe57⤵
-
\??\c:\f9mh3.exec:\f9mh3.exe58⤵
- Executes dropped EXE
-
\??\c:\97131.exec:\97131.exe59⤵
- Executes dropped EXE
-
\??\c:\2r0i7.exec:\2r0i7.exe60⤵
-
\??\c:\d9b799e.exec:\d9b799e.exe61⤵
- Executes dropped EXE
-
\??\c:\0igmf.exec:\0igmf.exe62⤵
- Executes dropped EXE
-
\??\c:\2sgug.exec:\2sgug.exe63⤵
-
\??\c:\q61xr.exec:\q61xr.exe64⤵
-
\??\c:\wg392g.exec:\wg392g.exe65⤵
-
\??\c:\niqccg.exec:\niqccg.exe66⤵
-
\??\c:\o93190k.exec:\o93190k.exe67⤵
-
\??\c:\xqkwuo.exec:\xqkwuo.exe68⤵
-
\??\c:\wm8r5.exec:\wm8r5.exe69⤵
-
\??\c:\ef16k.exec:\ef16k.exe70⤵
-
\??\c:\lscio.exec:\lscio.exe71⤵
-
\??\c:\n0b32b.exec:\n0b32b.exe72⤵
-
\??\c:\wqmi195.exec:\wqmi195.exe73⤵
-
\??\c:\4j2c6am.exec:\4j2c6am.exe74⤵
-
\??\c:\915935.exec:\915935.exe75⤵
-
\??\c:\cbp59.exec:\cbp59.exe76⤵
-
\??\c:\4mf5ch.exec:\4mf5ch.exe77⤵
-
\??\c:\bivun8.exec:\bivun8.exe78⤵
-
\??\c:\5m35397.exec:\5m35397.exe79⤵
-
\??\c:\29ikkio.exec:\29ikkio.exe80⤵
-
\??\c:\8qgs2w.exec:\8qgs2w.exe81⤵
-
\??\c:\g4q34.exec:\g4q34.exe82⤵
-
\??\c:\54ocuk.exec:\54ocuk.exe83⤵
-
\??\c:\b316mfk.exec:\b316mfk.exe84⤵
-
\??\c:\keec2g6.exec:\keec2g6.exe85⤵
-
\??\c:\50a98c.exec:\50a98c.exe86⤵
-
\??\c:\a8716.exec:\a8716.exe87⤵
-
\??\c:\591791.exec:\591791.exe88⤵
-
\??\c:\e0oj16.exec:\e0oj16.exe89⤵
-
\??\c:\j20v919.exec:\j20v919.exe90⤵
-
\??\c:\14s24.exec:\14s24.exe91⤵
-
\??\c:\6iqi8w.exec:\6iqi8w.exe92⤵
-
\??\c:\795ij1.exec:\795ij1.exe93⤵
-
\??\c:\gosug.exec:\gosug.exe94⤵
- Executes dropped EXE
-
\??\c:\f12e3e.exec:\f12e3e.exe95⤵
-
\??\c:\0q3ckng.exec:\0q3ckng.exe96⤵
-
\??\c:\dcgek.exec:\dcgek.exe97⤵
- Executes dropped EXE
-
\??\c:\d0kqe.exec:\d0kqe.exe98⤵
-
\??\c:\2a7753.exec:\2a7753.exe99⤵
-
\??\c:\qqw3s.exec:\qqw3s.exe100⤵
-
\??\c:\0iiwu.exec:\0iiwu.exe101⤵
-
\??\c:\v739kt.exec:\v739kt.exe102⤵
-
\??\c:\7kx8e9.exec:\7kx8e9.exe103⤵
-
\??\c:\872ei.exec:\872ei.exe104⤵
-
\??\c:\575mwj.exec:\575mwj.exe105⤵
-
\??\c:\uud0gs5.exec:\uud0gs5.exe106⤵
-
\??\c:\8519w59.exec:\8519w59.exe107⤵
-
\??\c:\04b12o.exec:\04b12o.exe108⤵
-
\??\c:\6swp95.exec:\6swp95.exe109⤵
-
\??\c:\0ma15oq.exec:\0ma15oq.exe110⤵
-
\??\c:\40f72q.exec:\40f72q.exe111⤵
-
\??\c:\3n758.exec:\3n758.exe112⤵
-
\??\c:\auv31k.exec:\auv31k.exe113⤵
-
\??\c:\9hp845x.exec:\9hp845x.exe114⤵
-
\??\c:\89175.exec:\89175.exe115⤵
-
\??\c:\18j9139.exec:\18j9139.exe116⤵
-
\??\c:\i9eek.exec:\i9eek.exe117⤵
-
\??\c:\ol137.exec:\ol137.exe118⤵
-
\??\c:\f573j1e.exec:\f573j1e.exe119⤵
-
\??\c:\6d0uo.exec:\6d0uo.exe120⤵
-
\??\c:\b37cp5.exec:\b37cp5.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-