Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
11/11/2023, 17:12
General
-
Target
NEAS.30d851a66cff1f1c84a7800e3084d580.exe
-
Size
74KB
-
MD5
30d851a66cff1f1c84a7800e3084d580
-
SHA1
3852bd5f4b3f06e75369ce7ca8348bddc82d4652
-
SHA256
66005d0b5b0ee2048a71f2ce240e822942a280b06c869f37c4f15b37510fe707
-
SHA512
1acf2449e8171f45edbf897b55113781fd897fb4198c241836503c47d6d42998675e23cb9b7588a275609dd7269bb93e7e5b26db70a9e4366ba1d6bc792d6135
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDWiekja1br3GGBxfotGpS7TkQ:ymb3NkkiQ3mdBjFWXkj7afowpe
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 55 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.30d851a66cff1f1c84a7800e3084d580.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.30d851a66cff1f1c84a7800e3084d580.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\l9pt2.exec:\l9pt2.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\49osn.exec:\49osn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x998u.exec:\x998u.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w4fi04.exec:\w4fi04.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n5rri.exec:\n5rri.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hu8o3hq.exec:\hu8o3hq.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u996kv.exec:\u996kv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lufgd4.exec:\lufgd4.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d3q39.exec:\d3q39.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\611k1gp.exec:\611k1gp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a5c0a8.exec:\a5c0a8.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xx2s5i.exec:\xx2s5i.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbos.exec:\1bbos.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\85xfmjk.exec:\85xfmjk.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j37uim3.exec:\j37uim3.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3b70xl.exec:\3b70xl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i3s5k4.exec:\i3s5k4.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0o94nwe.exec:\0o94nwe.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1x2p53.exec:\1x2p53.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h5aawoi.exec:\h5aawoi.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\26f3uh.exec:\26f3uh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\usd70.exec:\usd70.exe23⤵
- Executes dropped EXE
-
\??\c:\3mge217.exec:\3mge217.exe24⤵
- Executes dropped EXE
-
\??\c:\07a2ma.exec:\07a2ma.exe25⤵
- Executes dropped EXE
-
\??\c:\snb43l1.exec:\snb43l1.exe26⤵
- Executes dropped EXE
-
\??\c:\0lsp5b.exec:\0lsp5b.exe27⤵
- Executes dropped EXE
-
\??\c:\5w7h3.exec:\5w7h3.exe28⤵
- Executes dropped EXE
-
\??\c:\mm4s9q.exec:\mm4s9q.exe29⤵
- Executes dropped EXE
-
\??\c:\12j57q.exec:\12j57q.exe30⤵
- Executes dropped EXE
-
\??\c:\u2be8.exec:\u2be8.exe31⤵
- Executes dropped EXE
-
\??\c:\x0t796.exec:\x0t796.exe32⤵
- Executes dropped EXE
-
\??\c:\96sqk.exec:\96sqk.exe33⤵
- Executes dropped EXE
-
\??\c:\6jxv965.exec:\6jxv965.exe34⤵
- Executes dropped EXE
-
\??\c:\46bn7.exec:\46bn7.exe35⤵
- Executes dropped EXE
-
\??\c:\n9081h.exec:\n9081h.exe36⤵
- Executes dropped EXE
-
\??\c:\9l1g12f.exec:\9l1g12f.exe37⤵
- Executes dropped EXE
-
\??\c:\x01m2.exec:\x01m2.exe38⤵
- Executes dropped EXE
-
\??\c:\360qwi9.exec:\360qwi9.exe39⤵
- Executes dropped EXE
-
\??\c:\qlcae.exec:\qlcae.exe40⤵
- Executes dropped EXE
-
\??\c:\ov73b8a.exec:\ov73b8a.exe41⤵
- Executes dropped EXE
-
\??\c:\e3if2.exec:\e3if2.exe42⤵
- Executes dropped EXE
-
\??\c:\l083io2.exec:\l083io2.exe43⤵
- Executes dropped EXE
-
\??\c:\7893n1.exec:\7893n1.exe44⤵
- Executes dropped EXE
-
\??\c:\tw1exd5.exec:\tw1exd5.exe45⤵
- Executes dropped EXE
-
\??\c:\wos7m.exec:\wos7m.exe46⤵
- Executes dropped EXE
-
\??\c:\k0f2mjs.exec:\k0f2mjs.exe47⤵
- Executes dropped EXE
-
\??\c:\7k5uu5g.exec:\7k5uu5g.exe48⤵
- Executes dropped EXE
-
\??\c:\c0uc9.exec:\c0uc9.exe49⤵
- Executes dropped EXE
-
\??\c:\5qnip5k.exec:\5qnip5k.exe50⤵
- Executes dropped EXE
-
\??\c:\4o9kq.exec:\4o9kq.exe51⤵
- Executes dropped EXE
-
\??\c:\28u7as.exec:\28u7as.exe52⤵
- Executes dropped EXE
-
\??\c:\79c11.exec:\79c11.exe53⤵
- Executes dropped EXE
-
\??\c:\91ga3k5.exec:\91ga3k5.exe54⤵
- Executes dropped EXE
-
\??\c:\3f85kb.exec:\3f85kb.exe55⤵
- Executes dropped EXE
-
\??\c:\w19hb.exec:\w19hb.exe56⤵
- Executes dropped EXE
-
\??\c:\n32ro.exec:\n32ro.exe57⤵
- Executes dropped EXE
-
\??\c:\q7qw2.exec:\q7qw2.exe58⤵
- Executes dropped EXE
-
\??\c:\s3s46hk.exec:\s3s46hk.exe59⤵
- Executes dropped EXE
-
\??\c:\21e18.exec:\21e18.exe60⤵
- Executes dropped EXE
-
\??\c:\8219g7.exec:\8219g7.exe61⤵
- Executes dropped EXE
-
\??\c:\ac585w1.exec:\ac585w1.exe62⤵
- Executes dropped EXE
-
\??\c:\dn25t7.exec:\dn25t7.exe63⤵
- Executes dropped EXE
-
\??\c:\8d5c1.exec:\8d5c1.exe64⤵
- Executes dropped EXE
-
\??\c:\1wqrdm2.exec:\1wqrdm2.exe65⤵
- Executes dropped EXE
-
\??\c:\ha3gp05.exec:\ha3gp05.exe66⤵
-
\??\c:\0ge105.exec:\0ge105.exe67⤵
-
\??\c:\l72hq.exec:\l72hq.exe68⤵
-
\??\c:\p5mwi1.exec:\p5mwi1.exe69⤵
-
\??\c:\1cp5k5.exec:\1cp5k5.exe70⤵
-
\??\c:\194fu.exec:\194fu.exe71⤵
-
\??\c:\9fc7dg.exec:\9fc7dg.exe72⤵
-
\??\c:\ds18mp2.exec:\ds18mp2.exe73⤵
-
\??\c:\41bq3o.exec:\41bq3o.exe74⤵
-
\??\c:\4tbnv13.exec:\4tbnv13.exe75⤵
-
\??\c:\9n9i5.exec:\9n9i5.exe76⤵
-
\??\c:\tw5dg.exec:\tw5dg.exe77⤵
-
\??\c:\77329.exec:\77329.exe78⤵
-
\??\c:\m5f35mv.exec:\m5f35mv.exe79⤵
-
\??\c:\2d88dg6.exec:\2d88dg6.exe80⤵
-
\??\c:\o8x47e.exec:\o8x47e.exe81⤵
-
\??\c:\6ne51.exec:\6ne51.exe82⤵
-
\??\c:\hx319e1.exec:\hx319e1.exe83⤵
-
\??\c:\41gsw.exec:\41gsw.exe84⤵
-
\??\c:\819p9.exec:\819p9.exe85⤵
-
\??\c:\9qe37t.exec:\9qe37t.exe86⤵
-
\??\c:\ra2to8.exec:\ra2to8.exe87⤵
-
\??\c:\i4544s5.exec:\i4544s5.exe88⤵
-
\??\c:\268o4g.exec:\268o4g.exe89⤵
-
\??\c:\16wnr.exec:\16wnr.exe90⤵
-
\??\c:\l1929un.exec:\l1929un.exe91⤵
-
\??\c:\xmaq27p.exec:\xmaq27p.exe92⤵
-
\??\c:\21t5g.exec:\21t5g.exe93⤵
-
\??\c:\0478t3.exec:\0478t3.exe94⤵
-
\??\c:\6x3d2d.exec:\6x3d2d.exe95⤵
-
\??\c:\sbwu3sg.exec:\sbwu3sg.exe96⤵
-
\??\c:\6u14g.exec:\6u14g.exe97⤵
-
\??\c:\c5u91.exec:\c5u91.exe98⤵
-
\??\c:\qo666.exec:\qo666.exe99⤵
-
\??\c:\nfxc4.exec:\nfxc4.exe100⤵
-
\??\c:\bi96d9.exec:\bi96d9.exe101⤵
-
\??\c:\1f9n9.exec:\1f9n9.exe102⤵
-
\??\c:\41ev7.exec:\41ev7.exe103⤵
-
\??\c:\40571.exec:\40571.exe104⤵
-
\??\c:\13oua5.exec:\13oua5.exe105⤵
-
\??\c:\n7h9g4.exec:\n7h9g4.exe106⤵
-
\??\c:\8vdsn1r.exec:\8vdsn1r.exe107⤵
-
\??\c:\1915lg1.exec:\1915lg1.exe108⤵
-
\??\c:\i556r.exec:\i556r.exe109⤵
-
\??\c:\8j2qq.exec:\8j2qq.exe110⤵
-
\??\c:\065jg.exec:\065jg.exe111⤵
-
\??\c:\83k524.exec:\83k524.exe112⤵
-
\??\c:\3hi6f2.exec:\3hi6f2.exe113⤵
-
\??\c:\i49316t.exec:\i49316t.exe114⤵
-
\??\c:\2hx103.exec:\2hx103.exe115⤵
-
\??\c:\4p89cia.exec:\4p89cia.exe116⤵
-
\??\c:\s519l.exec:\s519l.exe117⤵
-
\??\c:\j10n310.exec:\j10n310.exe118⤵
-
\??\c:\6jv07ec.exec:\6jv07ec.exe119⤵
-
\??\c:\a7535.exec:\a7535.exe120⤵
-
\??\c:\2146o.exec:\2146o.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-