Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
07/11/2023, 20:55
General
-
Target
NEAS.3b348c05ea9f60284cf4f599ec711700.exe
-
Size
57KB
-
MD5
3b348c05ea9f60284cf4f599ec711700
-
SHA1
7f975492324072128a050aea992a2193c7374a4c
-
SHA256
add030135929e1a8eca82cdd23607b65cd8838e1d3935fc7c1ef5f7ce16d3076
-
SHA512
09d219de22ed81546736d44fff05abb0dc09ce0c63799178bff281cfd37e2b102a1d53b1e16b9d9879e76758b80ed9856ce28136a416f6696e8f73e865ac5f13
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIKTIPSw:ymb3NkkiQ3mdBjFIQw
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 35 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 62 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.3b348c05ea9f60284cf4f599ec711700.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.3b348c05ea9f60284cf4f599ec711700.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\74our.exec:\74our.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ab08p2.exec:\ab08p2.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t80b44.exec:\t80b44.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r15u7o4.exec:\r15u7o4.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\79ui14.exec:\79ui14.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n8g44i8.exec:\n8g44i8.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j9l3f9g.exec:\j9l3f9g.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\199w71.exec:\199w71.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\buuu711.exec:\buuu711.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\21p7ma9.exec:\21p7ma9.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l46s9o8.exec:\l46s9o8.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7m1151.exec:\7m1151.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f2ka7.exec:\f2ka7.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\81397.exec:\81397.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b1ko0a2.exec:\b1ko0a2.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fdct4.exec:\9fdct4.exe17⤵
- Executes dropped EXE
-
\??\c:\12d0pxq.exec:\12d0pxq.exe18⤵
- Executes dropped EXE
-
\??\c:\k6k30c.exec:\k6k30c.exe19⤵
- Executes dropped EXE
-
\??\c:\l20u20.exec:\l20u20.exe20⤵
- Executes dropped EXE
-
\??\c:\614gl3.exec:\614gl3.exe21⤵
- Executes dropped EXE
-
\??\c:\h488l.exec:\h488l.exe22⤵
- Executes dropped EXE
-
\??\c:\2vf11.exec:\2vf11.exe23⤵
- Executes dropped EXE
-
\??\c:\8l5q9.exec:\8l5q9.exe24⤵
- Executes dropped EXE
-
\??\c:\qgwv7iq.exec:\qgwv7iq.exe25⤵
- Executes dropped EXE
-
\??\c:\9ltj6.exec:\9ltj6.exe26⤵
- Executes dropped EXE
-
\??\c:\546iw1u.exec:\546iw1u.exe27⤵
- Executes dropped EXE
-
\??\c:\53j61.exec:\53j61.exe28⤵
- Executes dropped EXE
-
\??\c:\t50r3q.exec:\t50r3q.exe29⤵
- Executes dropped EXE
-
\??\c:\3et7wb3.exec:\3et7wb3.exe30⤵
- Executes dropped EXE
-
\??\c:\eomu1.exec:\eomu1.exe31⤵
- Executes dropped EXE
-
\??\c:\xi36gu.exec:\xi36gu.exe32⤵
- Executes dropped EXE
-
\??\c:\e0a9wt8.exec:\e0a9wt8.exe33⤵
- Executes dropped EXE
-
\??\c:\1i172s7.exec:\1i172s7.exe34⤵
- Executes dropped EXE
-
\??\c:\6856l.exec:\6856l.exe35⤵
- Executes dropped EXE
-
\??\c:\b4l70.exec:\b4l70.exe36⤵
- Executes dropped EXE
-
\??\c:\ehu1ucn.exec:\ehu1ucn.exe37⤵
- Executes dropped EXE
-
\??\c:\gh8of7.exec:\gh8of7.exe38⤵
- Executes dropped EXE
-
\??\c:\q79g57.exec:\q79g57.exe39⤵
- Executes dropped EXE
-
\??\c:\as553e9.exec:\as553e9.exe40⤵
- Executes dropped EXE
-
\??\c:\lls50k.exec:\lls50k.exe41⤵
- Executes dropped EXE
-
\??\c:\ilv029c.exec:\ilv029c.exe42⤵
- Executes dropped EXE
-
\??\c:\678pl27.exec:\678pl27.exe43⤵
- Executes dropped EXE
-
\??\c:\m6ec74.exec:\m6ec74.exe44⤵
- Executes dropped EXE
-
\??\c:\28ou0.exec:\28ou0.exe45⤵
- Executes dropped EXE
-
\??\c:\777s8.exec:\777s8.exe46⤵
- Executes dropped EXE
-
\??\c:\6rhst.exec:\6rhst.exe47⤵
- Executes dropped EXE
-
\??\c:\e96g72.exec:\e96g72.exe48⤵
- Executes dropped EXE
-
\??\c:\076q941.exec:\076q941.exe49⤵
- Executes dropped EXE
-
\??\c:\rt7h1i1.exec:\rt7h1i1.exe50⤵
- Executes dropped EXE
-
\??\c:\84m286s.exec:\84m286s.exe51⤵
- Executes dropped EXE
-
\??\c:\7gn32.exec:\7gn32.exe52⤵
- Executes dropped EXE
-
\??\c:\59od7og.exec:\59od7og.exe53⤵
- Executes dropped EXE
-
\??\c:\8jvsw4.exec:\8jvsw4.exe54⤵
- Executes dropped EXE
-
\??\c:\cao819.exec:\cao819.exe55⤵
- Executes dropped EXE
-
\??\c:\umdf4i.exec:\umdf4i.exe56⤵
- Executes dropped EXE
-
\??\c:\r39k76.exec:\r39k76.exe57⤵
- Executes dropped EXE
-
\??\c:\m8kf7.exec:\m8kf7.exe58⤵
- Executes dropped EXE
-
\??\c:\6174g.exec:\6174g.exe59⤵
- Executes dropped EXE
-
\??\c:\nw1aw.exec:\nw1aw.exe60⤵
- Executes dropped EXE
-
\??\c:\akv1x1.exec:\akv1x1.exe61⤵
- Executes dropped EXE
-
\??\c:\85rb7.exec:\85rb7.exe62⤵
- Executes dropped EXE
-
\??\c:\cck14u3.exec:\cck14u3.exe63⤵
- Executes dropped EXE
-
\??\c:\2e7wt.exec:\2e7wt.exe64⤵
- Executes dropped EXE
-
\??\c:\536f3.exec:\536f3.exe65⤵
- Executes dropped EXE
-
\??\c:\3n5ad.exec:\3n5ad.exe66⤵
-
\??\c:\rh931v.exec:\rh931v.exe67⤵
-
\??\c:\1888id1.exec:\1888id1.exe68⤵
-
\??\c:\w52l14.exec:\w52l14.exe69⤵
-
\??\c:\rjc71lw.exec:\rjc71lw.exe70⤵
-
\??\c:\639dib.exec:\639dib.exe71⤵
-
\??\c:\4q25t.exec:\4q25t.exe72⤵
-
\??\c:\ouv5kj.exec:\ouv5kj.exe73⤵
-
\??\c:\h2nx2.exec:\h2nx2.exe74⤵
-
\??\c:\9r9b53.exec:\9r9b53.exe75⤵
-
\??\c:\e7eavv.exec:\e7eavv.exe76⤵
-
\??\c:\61v36.exec:\61v36.exe77⤵
-
\??\c:\6n6b8.exec:\6n6b8.exe78⤵
-
\??\c:\e6gq38.exec:\e6gq38.exe79⤵
-
\??\c:\29d9i93.exec:\29d9i93.exe80⤵
-
\??\c:\811gen1.exec:\811gen1.exe81⤵
-
\??\c:\p05sk.exec:\p05sk.exe82⤵
-
\??\c:\7wf9q9.exec:\7wf9q9.exe83⤵
-
\??\c:\8gm23m2.exec:\8gm23m2.exe84⤵
-
\??\c:\hf14d7.exec:\hf14d7.exe85⤵
-
\??\c:\1p621.exec:\1p621.exe86⤵
-
\??\c:\l2s13.exec:\l2s13.exe87⤵
-
\??\c:\22l1mc5.exec:\22l1mc5.exe88⤵
-
\??\c:\11e5m5.exec:\11e5m5.exe89⤵
-
\??\c:\1519il.exec:\1519il.exe90⤵
-
\??\c:\6peu3.exec:\6peu3.exe91⤵
-
\??\c:\43g5v72.exec:\43g5v72.exe92⤵
-
\??\c:\f6u1o9.exec:\f6u1o9.exe93⤵
-
\??\c:\1b37h.exec:\1b37h.exe94⤵
-
\??\c:\o3846.exec:\o3846.exe95⤵
-
\??\c:\5131d71.exec:\5131d71.exe96⤵
-
\??\c:\053357.exec:\053357.exe97⤵
-
\??\c:\cwb4e.exec:\cwb4e.exe98⤵
-
\??\c:\o8f3g8c.exec:\o8f3g8c.exe99⤵
-
\??\c:\rl72s.exec:\rl72s.exe100⤵
-
\??\c:\07mn54m.exec:\07mn54m.exe101⤵
-
\??\c:\l15v115.exec:\l15v115.exe102⤵
-
\??\c:\ko513.exec:\ko513.exe103⤵
-
\??\c:\65v2b8.exec:\65v2b8.exe104⤵
-
\??\c:\cqom3a9.exec:\cqom3a9.exe105⤵
-
\??\c:\qa47u1k.exec:\qa47u1k.exe106⤵
-
\??\c:\78k4420.exec:\78k4420.exe107⤵
-
\??\c:\p771d.exec:\p771d.exe108⤵
-
\??\c:\cguk17.exec:\cguk17.exe109⤵
-
\??\c:\667r59.exec:\667r59.exe110⤵
-
\??\c:\n7k62.exec:\n7k62.exe111⤵
-
\??\c:\7e7j5.exec:\7e7j5.exe112⤵
-
\??\c:\6bvn1c.exec:\6bvn1c.exe113⤵
-
\??\c:\iaew5ow.exec:\iaew5ow.exe114⤵
-
\??\c:\h66b88.exec:\h66b88.exe115⤵
-
\??\c:\674qs97.exec:\674qs97.exe116⤵
-
\??\c:\t5a50m.exec:\t5a50m.exe117⤵
-
\??\c:\11c5p.exec:\11c5p.exe118⤵
-
\??\c:\s4u58m.exec:\s4u58m.exe119⤵
-
\??\c:\tsb1mv.exec:\tsb1mv.exe120⤵
-
\??\c:\m4u9kf4.exec:\m4u9kf4.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-