Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
175s -
max time network
173s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
07/11/2023, 20:55
General
-
Target
NEAS.3b348c05ea9f60284cf4f599ec711700.exe
-
Size
57KB
-
MD5
3b348c05ea9f60284cf4f599ec711700
-
SHA1
7f975492324072128a050aea992a2193c7374a4c
-
SHA256
add030135929e1a8eca82cdd23607b65cd8838e1d3935fc7c1ef5f7ce16d3076
-
SHA512
09d219de22ed81546736d44fff05abb0dc09ce0c63799178bff281cfd37e2b102a1d53b1e16b9d9879e76758b80ed9856ce28136a416f6696e8f73e865ac5f13
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIKTIPSw:ymb3NkkiQ3mdBjFIQw
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.3b348c05ea9f60284cf4f599ec711700.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.3b348c05ea9f60284cf4f599ec711700.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\s1e1g82.exec:\s1e1g82.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i951866.exec:\i951866.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kg6qxa.exec:\kg6qxa.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0ut7v.exec:\0ut7v.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\624r6.exec:\624r6.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bv6v6v5.exec:\bv6v6v5.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g91739.exec:\g91739.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4a118i1.exec:\4a118i1.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qc4kgo.exec:\qc4kgo.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xl30jb.exec:\1xl30jb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n8135.exec:\n8135.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\861g5.exec:\861g5.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k2e0r.exec:\k2e0r.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1l7de9.exec:\1l7de9.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ij9e5as.exec:\ij9e5as.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a23v1i.exec:\a23v1i.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\028n1j.exec:\028n1j.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mm1aiu9.exec:\mm1aiu9.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1sf57.exec:\1sf57.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2cuet.exec:\2cuet.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\14v3e7.exec:\14v3e7.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\aq21f9f.exec:\aq21f9f.exe23⤵
- Executes dropped EXE
-
\??\c:\75kp3.exec:\75kp3.exe24⤵
- Executes dropped EXE
-
\??\c:\qvmmf.exec:\qvmmf.exe25⤵
- Executes dropped EXE
-
\??\c:\sff1985.exec:\sff1985.exe26⤵
- Executes dropped EXE
-
\??\c:\ev24rn2.exec:\ev24rn2.exe27⤵
- Executes dropped EXE
-
\??\c:\7fv063s.exec:\7fv063s.exe28⤵
- Executes dropped EXE
-
\??\c:\heow4ft.exec:\heow4ft.exe29⤵
- Executes dropped EXE
-
\??\c:\d1s6d7m.exec:\d1s6d7m.exe30⤵
- Executes dropped EXE
-
\??\c:\r9q997o.exec:\r9q997o.exe31⤵
- Executes dropped EXE
-
\??\c:\75l7qj3.exec:\75l7qj3.exe32⤵
- Executes dropped EXE
-
\??\c:\0a9f28.exec:\0a9f28.exe33⤵
- Executes dropped EXE
-
\??\c:\8cf3u.exec:\8cf3u.exe34⤵
- Executes dropped EXE
-
\??\c:\k8afw9.exec:\k8afw9.exe35⤵
- Executes dropped EXE
-
\??\c:\g7s51b.exec:\g7s51b.exe36⤵
- Executes dropped EXE
-
\??\c:\p6d7aj.exec:\p6d7aj.exe37⤵
- Executes dropped EXE
-
\??\c:\h1s3959.exec:\h1s3959.exe38⤵
- Executes dropped EXE
-
\??\c:\b8g5ob.exec:\b8g5ob.exe39⤵
- Executes dropped EXE
-
\??\c:\s5sl41.exec:\s5sl41.exe40⤵
- Executes dropped EXE
-
\??\c:\4227tp.exec:\4227tp.exe41⤵
- Executes dropped EXE
-
\??\c:\25e6i7.exec:\25e6i7.exe42⤵
- Executes dropped EXE
-
\??\c:\224451t.exec:\224451t.exe43⤵
- Executes dropped EXE
-
\??\c:\o7p7sdi.exec:\o7p7sdi.exe44⤵
- Executes dropped EXE
-
\??\c:\d7khut.exec:\d7khut.exe45⤵
- Executes dropped EXE
-
\??\c:\1i185.exec:\1i185.exe46⤵
- Executes dropped EXE
-
\??\c:\470xt08.exec:\470xt08.exe47⤵
- Executes dropped EXE
-
\??\c:\kpkn5q3.exec:\kpkn5q3.exe48⤵
- Executes dropped EXE
-
\??\c:\he5cp6b.exec:\he5cp6b.exe49⤵
- Executes dropped EXE
-
\??\c:\b2bx4.exec:\b2bx4.exe50⤵
- Executes dropped EXE
-
\??\c:\fab47b.exec:\fab47b.exe51⤵
- Executes dropped EXE
-
\??\c:\u66hx.exec:\u66hx.exe52⤵
- Executes dropped EXE
-
\??\c:\gkb8ls.exec:\gkb8ls.exe53⤵
- Executes dropped EXE
-
\??\c:\1r809.exec:\1r809.exe54⤵
- Executes dropped EXE
-
\??\c:\9ob0f.exec:\9ob0f.exe55⤵
- Executes dropped EXE
-
\??\c:\s4wl7g1.exec:\s4wl7g1.exe56⤵
- Executes dropped EXE
-
\??\c:\801dx.exec:\801dx.exe57⤵
- Executes dropped EXE
-
\??\c:\j8h8k.exec:\j8h8k.exe58⤵
- Executes dropped EXE
-
\??\c:\p3qka7q.exec:\p3qka7q.exe59⤵
- Executes dropped EXE
-
\??\c:\f55sk.exec:\f55sk.exe60⤵
- Executes dropped EXE
-
\??\c:\3hq3kn8.exec:\3hq3kn8.exe61⤵
- Executes dropped EXE
-
\??\c:\p22rj2.exec:\p22rj2.exe62⤵
- Executes dropped EXE
-
\??\c:\nln8h1.exec:\nln8h1.exe63⤵
- Executes dropped EXE
-
\??\c:\pa59o55.exec:\pa59o55.exe64⤵
- Executes dropped EXE
-
\??\c:\890ns.exec:\890ns.exe65⤵
- Executes dropped EXE
-
\??\c:\58u82u.exec:\58u82u.exe66⤵
-
\??\c:\a65h396.exec:\a65h396.exe67⤵
-
\??\c:\57t5v.exec:\57t5v.exe68⤵
-
\??\c:\5q3kc.exec:\5q3kc.exe69⤵
-
\??\c:\4mt87w.exec:\4mt87w.exe70⤵
-
\??\c:\982o7.exec:\982o7.exe71⤵
-
\??\c:\ks42jt6.exec:\ks42jt6.exe72⤵
-
\??\c:\tld67d.exec:\tld67d.exe73⤵
-
\??\c:\4g14k.exec:\4g14k.exe74⤵
-
\??\c:\grc24vd.exec:\grc24vd.exe75⤵
-
\??\c:\17k7043.exec:\17k7043.exe76⤵
-
\??\c:\444d1tx.exec:\444d1tx.exe77⤵
-
\??\c:\sm869.exec:\sm869.exe78⤵
-
\??\c:\g88pvj.exec:\g88pvj.exe79⤵
-
\??\c:\0h442.exec:\0h442.exe80⤵
-
\??\c:\8v5nhx5.exec:\8v5nhx5.exe81⤵
-
\??\c:\0o4vt.exec:\0o4vt.exe82⤵
-
\??\c:\f53vnre.exec:\f53vnre.exe83⤵
-
\??\c:\35ev1.exec:\35ev1.exe84⤵
-
\??\c:\6u1w1k.exec:\6u1w1k.exe85⤵
-
\??\c:\mis7i.exec:\mis7i.exe86⤵
-
\??\c:\9et6s3.exec:\9et6s3.exe87⤵
-
\??\c:\4q82p9.exec:\4q82p9.exe88⤵
-
\??\c:\iu64q10.exec:\iu64q10.exe89⤵
-
\??\c:\6rebi6a.exec:\6rebi6a.exe90⤵
-
\??\c:\sabbg.exec:\sabbg.exe91⤵
-
\??\c:\pkm41m1.exec:\pkm41m1.exe92⤵
-
\??\c:\45071.exec:\45071.exe93⤵
-
\??\c:\9rf72.exec:\9rf72.exe94⤵
-
\??\c:\978c2.exec:\978c2.exe95⤵
-
\??\c:\xbr025a.exec:\xbr025a.exe96⤵
-
\??\c:\141113.exec:\141113.exe97⤵
-
\??\c:\7koicf.exec:\7koicf.exe98⤵
-
\??\c:\7903820.exec:\7903820.exe99⤵
-
\??\c:\0nh92dx.exec:\0nh92dx.exe100⤵
-
\??\c:\tpcip6.exec:\tpcip6.exe101⤵
-
\??\c:\73t15u0.exec:\73t15u0.exe102⤵
-
\??\c:\4130t.exec:\4130t.exe103⤵
-
\??\c:\msv2a.exec:\msv2a.exe104⤵
-
\??\c:\xs4035l.exec:\xs4035l.exe105⤵
-
\??\c:\jcrm4.exec:\jcrm4.exe106⤵
-
\??\c:\e6flxrx.exec:\e6flxrx.exe107⤵
-
\??\c:\c9m358s.exec:\c9m358s.exe108⤵
-
\??\c:\6p2mv2.exec:\6p2mv2.exe109⤵
-
\??\c:\6h6m7tx.exec:\6h6m7tx.exe110⤵
-
\??\c:\6fm83p2.exec:\6fm83p2.exe111⤵
-
\??\c:\089v913.exec:\089v913.exe112⤵
-
\??\c:\4rmg68.exec:\4rmg68.exe113⤵
-
\??\c:\s62nn1w.exec:\s62nn1w.exe114⤵
-
\??\c:\81ce8.exec:\81ce8.exe115⤵
-
\??\c:\rk4fr.exec:\rk4fr.exe116⤵
-
\??\c:\4fo2133.exec:\4fo2133.exe117⤵
-
\??\c:\jjg061.exec:\jjg061.exe118⤵
-
\??\c:\vr1p0.exec:\vr1p0.exe119⤵
-
\??\c:\97i7ea.exec:\97i7ea.exe120⤵
-
\??\c:\28l28n0.exec:\28l28n0.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-