Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
11/11/2023, 18:18
General
-
Target
NEAS.df69b73cafbd4cac5c473bbbbc0413d0.exe
-
Size
465KB
-
MD5
df69b73cafbd4cac5c473bbbbc0413d0
-
SHA1
2bdcc6773bb57beec4dfa57ead50dd6d81046b88
-
SHA256
ed08130b0f40bdbf5f5cfc7149484a4deccda8d309d0beddeaf321d748885def
-
SHA512
a261411c83581e683ea15a135b7d935ed0d9c4d74a2356d3a8ae13021b3b467856e9d5d71d1ab7700dd0ac1fff027e286dc1b577d75550a38cf0082161ce4a4a
-
SSDEEP
12288:n3C9uDVw6326pKZ9asZqoZHz+evcn0Meh2Fa:Su326p0aroZt0C
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 45 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 59 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.df69b73cafbd4cac5c473bbbbc0413d0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.df69b73cafbd4cac5c473bbbbc0413d0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tddnn.exec:\tddnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\txddtbh.exec:\txddtbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfdpjr.exec:\lfdpjr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfdxtj.exec:\rfdxtj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rpdbhp.exec:\rpdbhp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fhdhnf.exec:\fhdhnf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\npxxbbt.exec:\npxxbbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnrxt.exec:\nnrxt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tllphr.exec:\tllphr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nndph.exec:\nndph.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bndtj.exec:\bndtj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjnlp.exec:\hjnlp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djftllb.exec:\djftllb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\vdrdndr.exec:\vdrdndr.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dbvlr.exec:\dbvlr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fdhtjr.exec:\fdhtjr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdrxt.exec:\bdrxt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jlnlh.exec:\jlnlh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fdppjrx.exec:\fdppjrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ptnhh.exec:\ptnhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdjdtbt.exec:\xdjdtbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ltptp.exec:\ltptp.exe9⤵
- Executes dropped EXE
-
\??\c:\jxhxbnt.exec:\jxhxbnt.exe10⤵
- Executes dropped EXE
-
\??\c:\tffhf.exec:\tffhf.exe11⤵
- Executes dropped EXE
-
\??\c:\lbxtxl.exec:\lbxtxl.exe12⤵
- Executes dropped EXE
-
\??\c:\rnhrrjd.exec:\rnhrrjd.exe13⤵
- Executes dropped EXE
-
\??\c:\jlljdrp.exec:\jlljdrp.exe14⤵
- Executes dropped EXE
-
\??\c:\htlrtn.exec:\htlrtn.exe15⤵
- Executes dropped EXE
-
\??\c:\lnbdfj.exec:\lnbdfj.exe16⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\vvbft.exec:\vvbft.exe1⤵
- Executes dropped EXE
-
\??\c:\jnrrn.exec:\jnrrn.exe2⤵
- Executes dropped EXE
-
\??\c:\fnbvhfj.exec:\fnbvhfj.exe3⤵
- Executes dropped EXE
-
\??\c:\vjljhp.exec:\vjljhp.exe4⤵
- Executes dropped EXE
-
\??\c:\fdhdrx.exec:\fdhdrx.exe5⤵
- Executes dropped EXE
-
\??\c:\tfhhhtv.exec:\tfhhhtv.exe6⤵
- Executes dropped EXE
-
\??\c:\fjnddbx.exec:\fjnddbx.exe7⤵
- Executes dropped EXE
-
\??\c:\jthffdh.exec:\jthffdh.exe8⤵
- Executes dropped EXE
-
\??\c:\pxxbbv.exec:\pxxbbv.exe9⤵
- Executes dropped EXE
-
\??\c:\hvfhl.exec:\hvfhl.exe10⤵
- Executes dropped EXE
-
\??\c:\xjnfx.exec:\xjnfx.exe11⤵
- Executes dropped EXE
-
\??\c:\hnpbbfb.exec:\hnpbbfb.exe12⤵
- Executes dropped EXE
-
\??\c:\hnffhvx.exec:\hnffhvx.exe13⤵
- Executes dropped EXE
-
\??\c:\vbntv.exec:\vbntv.exe14⤵
- Executes dropped EXE
-
\??\c:\bbltt.exec:\bbltt.exe15⤵
- Executes dropped EXE
-
\??\c:\rxjdf.exec:\rxjdf.exe16⤵
- Executes dropped EXE
-
\??\c:\ljxbb.exec:\ljxbb.exe17⤵
- Executes dropped EXE
-
\??\c:\pxfljp.exec:\pxfljp.exe18⤵
- Executes dropped EXE
-
\??\c:\dlvjrt.exec:\dlvjrt.exe19⤵
- Executes dropped EXE
-
\??\c:\dlltxxl.exec:\dlltxxl.exe20⤵
- Executes dropped EXE
-
\??\c:\vdjdvj.exec:\vdjdvj.exe21⤵
- Executes dropped EXE
-
\??\c:\fdddhx.exec:\fdddhx.exe22⤵
- Executes dropped EXE
-
\??\c:\bdbpd.exec:\bdbpd.exe23⤵
- Executes dropped EXE
-
\??\c:\blpfddv.exec:\blpfddv.exe24⤵
- Executes dropped EXE
-
\??\c:\xfnbt.exec:\xfnbt.exe25⤵
- Executes dropped EXE
-
\??\c:\ttnjdpl.exec:\ttnjdpl.exe26⤵
- Executes dropped EXE
-
\??\c:\pnhrrdt.exec:\pnhrrdt.exe27⤵
- Executes dropped EXE
-
\??\c:\tndxhpn.exec:\tndxhpn.exe28⤵
- Executes dropped EXE
-
\??\c:\lvpjbx.exec:\lvpjbx.exe29⤵
- Executes dropped EXE
-
\??\c:\rnnxfnt.exec:\rnnxfnt.exe30⤵
- Executes dropped EXE
-
\??\c:\jdtfh.exec:\jdtfh.exe31⤵
- Executes dropped EXE
-
\??\c:\ldlfl.exec:\ldlfl.exe32⤵
- Executes dropped EXE
-
\??\c:\xjltvh.exec:\xjltvh.exe33⤵
- Executes dropped EXE
-
\??\c:\ptdjbb.exec:\ptdjbb.exe34⤵
- Executes dropped EXE
-
\??\c:\jvnplv.exec:\jvnplv.exe35⤵
- Executes dropped EXE
-
\??\c:\hrdhpxb.exec:\hrdhpxb.exe36⤵
-
\??\c:\pvxdnp.exec:\pvxdnp.exe37⤵
-
\??\c:\jrjnt.exec:\jrjnt.exe38⤵
-
\??\c:\xrtlt.exec:\xrtlt.exe39⤵
-
\??\c:\bnrnd.exec:\bnrnd.exe40⤵
-
\??\c:\nbhxnt.exec:\nbhxnt.exe41⤵
-
\??\c:\hhllj.exec:\hhllj.exe42⤵
-
\??\c:\xhhdf.exec:\xhhdf.exe43⤵
-
\??\c:\jffnh.exec:\jffnh.exe44⤵
-
\??\c:\jjnlh.exec:\jjnlh.exe45⤵
-
\??\c:\ntdhlh.exec:\ntdhlh.exe46⤵
-
\??\c:\httppvh.exec:\httppvh.exe47⤵
-
\??\c:\pnbbv.exec:\pnbbv.exe48⤵
-
\??\c:\bxhhx.exec:\bxhhx.exe49⤵
-
\??\c:\ljhrpxj.exec:\ljhrpxj.exe50⤵
-
\??\c:\xnlltb.exec:\xnlltb.exe51⤵
-
\??\c:\pfpvt.exec:\pfpvt.exe52⤵
-
\??\c:\vvhfxp.exec:\vvhfxp.exe53⤵
-
\??\c:\lpjpnrd.exec:\lpjpnrd.exe54⤵
-
\??\c:\tjthd.exec:\tjthd.exe55⤵
-
\??\c:\xnrpj.exec:\xnrpj.exe56⤵
-
\??\c:\dlfnndh.exec:\dlfnndh.exe57⤵
-
\??\c:\plvrxlr.exec:\plvrxlr.exe58⤵
-
\??\c:\nlxxtf.exec:\nlxxtf.exe59⤵
-
\??\c:\fnrdd.exec:\fnrdd.exe60⤵
-
\??\c:\hltlpjx.exec:\hltlpjx.exe61⤵
-
\??\c:\npprb.exec:\npprb.exe62⤵
-
\??\c:\tnbjlx.exec:\tnbjlx.exe63⤵
-
\??\c:\drvvrjj.exec:\drvvrjj.exe64⤵
-
\??\c:\bttxnt.exec:\bttxnt.exe65⤵
-
\??\c:\tfptj.exec:\tfptj.exe66⤵
-
\??\c:\nnlbndn.exec:\nnlbndn.exe67⤵
-
\??\c:\hjvfbxv.exec:\hjvfbxv.exe68⤵
-
\??\c:\njrvn.exec:\njrvn.exe69⤵
-
\??\c:\jlprrbd.exec:\jlprrbd.exe70⤵
-
\??\c:\vtfvnlj.exec:\vtfvnlj.exe71⤵
-
\??\c:\pthxrrb.exec:\pthxrrb.exe72⤵
-
\??\c:\xrlxrdp.exec:\xrlxrdp.exe73⤵
-
\??\c:\htdrfrh.exec:\htdrfrh.exe74⤵
-
\??\c:\nbtvv.exec:\nbtvv.exe75⤵
-
\??\c:\jltndnx.exec:\jltndnx.exe76⤵
-
\??\c:\hdhjxh.exec:\hdhjxh.exe77⤵
-
\??\c:\tpxth.exec:\tpxth.exe78⤵
-
\??\c:\thrrd.exec:\thrrd.exe79⤵
-
\??\c:\ljfptbb.exec:\ljfptbb.exe80⤵
-
\??\c:\pdtltvd.exec:\pdtltvd.exe81⤵
-
\??\c:\dfthnd.exec:\dfthnd.exe82⤵
-
\??\c:\lrfvdxn.exec:\lrfvdxn.exe83⤵
-
\??\c:\rtjdldj.exec:\rtjdldj.exe84⤵
-
\??\c:\rhplfrt.exec:\rhplfrt.exe85⤵
-
\??\c:\bphbl.exec:\bphbl.exe86⤵
-
\??\c:\trbxt.exec:\trbxt.exe87⤵
-
\??\c:\jvtdjv.exec:\jvtdjv.exe88⤵
-
\??\c:\ftxxl.exec:\ftxxl.exe89⤵
-
\??\c:\bjvhnhn.exec:\bjvhnhn.exe90⤵
-
\??\c:\rvlxxl.exec:\rvlxxl.exe91⤵
-
\??\c:\xftdbnl.exec:\xftdbnl.exe92⤵
-
\??\c:\hdjvr.exec:\hdjvr.exe93⤵
-
\??\c:\tvbftrd.exec:\tvbftrd.exe94⤵
-
\??\c:\rttrn.exec:\rttrn.exe95⤵
-
\??\c:\dxlrp.exec:\dxlrp.exe96⤵
-
\??\c:\pblbnv.exec:\pblbnv.exe97⤵
-
\??\c:\xlfvnn.exec:\xlfvnn.exe98⤵
-
\??\c:\lnhnpp.exec:\lnhnpp.exe99⤵
-
\??\c:\dhhxvl.exec:\dhhxvl.exe100⤵
-
\??\c:\ndvvltt.exec:\ndvvltt.exe101⤵
-
\??\c:\bttrvr.exec:\bttrvr.exe102⤵
-
\??\c:\vlxvxll.exec:\vlxvxll.exe103⤵
-
\??\c:\nnxvptb.exec:\nnxvptb.exe104⤵
-
\??\c:\vbpht.exec:\vbpht.exe105⤵
-
\??\c:\lhbbhf.exec:\lhbbhf.exe106⤵
-
\??\c:\rthdt.exec:\rthdt.exe107⤵
-
\??\c:\jphhvn.exec:\jphhvn.exe108⤵
-
\??\c:\hntfdfl.exec:\hntfdfl.exe109⤵
-
\??\c:\nlfhlb.exec:\nlfhlb.exe110⤵
-
\??\c:\ndftvhx.exec:\ndftvhx.exe111⤵
-
\??\c:\lltvdl.exec:\lltvdl.exe112⤵
-
\??\c:\hpvdd.exec:\hpvdd.exe113⤵
-
\??\c:\ptbtftt.exec:\ptbtftt.exe114⤵
-
\??\c:\rdxvtt.exec:\rdxvtt.exe115⤵
-
\??\c:\prlhbjx.exec:\prlhbjx.exe116⤵
-
\??\c:\xjrbp.exec:\xjrbp.exe117⤵
-
\??\c:\bfftxx.exec:\bfftxx.exe118⤵
-
\??\c:\ttxbpdp.exec:\ttxbpdp.exe119⤵
-
\??\c:\tvbfbdt.exec:\tvbfbdt.exe120⤵
-
\??\c:\npnhtxr.exec:\npnhtxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-