Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
13/11/2023, 06:20
General
-
Target
NEAS.c8a7504dc18831326760506ac798ae40.exe
-
Size
54KB
-
MD5
c8a7504dc18831326760506ac798ae40
-
SHA1
1866ac1c7e9a11b20f93fa1e88bc8031382a723b
-
SHA256
a47fb79a9a2a63298ed22ca0944bc55ab71b6499fd504fd0370c4afa346f9b5a
-
SHA512
4c97efbea13b5f5c572b811ced46b96e8c2394d6f640dbeda4b1ba9f19ac49da30f56501f1a784ae85557372eabd4be8441ecde69b0d7af27b8cb48e75ca5407
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+JTj:zhOmTsF93UYfwC6GIoutiTn
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 54 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.c8a7504dc18831326760506ac798ae40.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.c8a7504dc18831326760506ac798ae40.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\qv08c8.exec:\qv08c8.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5731351.exec:\5731351.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f18s8.exec:\f18s8.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0p2n344.exec:\0p2n344.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q8046t.exec:\q8046t.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k5mc9.exec:\k5mc9.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b8a901.exec:\b8a901.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0x9ou.exec:\0x9ou.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f7kv8f9.exec:\f7kv8f9.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\28p4d4.exec:\28p4d4.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6f3577.exec:\6f3577.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j3in3.exec:\j3in3.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\134u36c.exec:\134u36c.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6n2733.exec:\6n2733.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p1pml92.exec:\p1pml92.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\849w1.exec:\849w1.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0ssoq34.exec:\0ssoq34.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1wuuui.exec:\1wuuui.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qwggs.exec:\qwggs.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5j540t5.exec:\5j540t5.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ql4ct7.exec:\9ql4ct7.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v76j949.exec:\v76j949.exe23⤵
- Executes dropped EXE
-
\??\c:\25357k.exec:\25357k.exe24⤵
- Executes dropped EXE
-
\??\c:\joamsws.exec:\joamsws.exe25⤵
- Executes dropped EXE
-
\??\c:\tvmcm.exec:\tvmcm.exe26⤵
- Executes dropped EXE
-
\??\c:\h63do6.exec:\h63do6.exe27⤵
- Executes dropped EXE
-
\??\c:\m91ec.exec:\m91ec.exe28⤵
- Executes dropped EXE
-
\??\c:\5n16aw5.exec:\5n16aw5.exe29⤵
- Executes dropped EXE
-
\??\c:\6oicm3.exec:\6oicm3.exe30⤵
- Executes dropped EXE
-
\??\c:\q9sd3.exec:\q9sd3.exe31⤵
- Executes dropped EXE
-
\??\c:\1l39955.exec:\1l39955.exe32⤵
- Executes dropped EXE
-
\??\c:\i7vef0.exec:\i7vef0.exe33⤵
- Executes dropped EXE
-
\??\c:\110uf.exec:\110uf.exe34⤵
- Executes dropped EXE
-
\??\c:\79439a.exec:\79439a.exe35⤵
- Executes dropped EXE
-
\??\c:\3o514.exec:\3o514.exe36⤵
- Executes dropped EXE
-
\??\c:\810o39.exec:\810o39.exe37⤵
- Executes dropped EXE
-
\??\c:\9394j.exec:\9394j.exe38⤵
- Executes dropped EXE
-
\??\c:\234gn.exec:\234gn.exe39⤵
- Executes dropped EXE
-
\??\c:\x979awo.exec:\x979awo.exe40⤵
- Executes dropped EXE
-
\??\c:\8339m.exec:\8339m.exe41⤵
- Executes dropped EXE
-
\??\c:\51ueo3.exec:\51ueo3.exe42⤵
- Executes dropped EXE
-
\??\c:\wusamom.exec:\wusamom.exe43⤵
- Executes dropped EXE
-
\??\c:\vpe9f.exec:\vpe9f.exe44⤵
- Executes dropped EXE
-
\??\c:\c6s2kee.exec:\c6s2kee.exe45⤵
- Executes dropped EXE
-
\??\c:\58422l.exec:\58422l.exe46⤵
- Executes dropped EXE
-
\??\c:\b99w9.exec:\b99w9.exe47⤵
- Executes dropped EXE
-
\??\c:\t9ia1la.exec:\t9ia1la.exe48⤵
- Executes dropped EXE
-
\??\c:\385199.exec:\385199.exe49⤵
- Executes dropped EXE
-
\??\c:\nn96mq.exec:\nn96mq.exe50⤵
- Executes dropped EXE
-
\??\c:\93a8s.exec:\93a8s.exe51⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\2t0alk.exec:\2t0alk.exe1⤵
- Executes dropped EXE
-
\??\c:\f3ap7sv.exec:\f3ap7sv.exe2⤵
- Executes dropped EXE
-
\??\c:\950c95.exec:\950c95.exe3⤵
- Executes dropped EXE
-
\??\c:\u91759.exec:\u91759.exe4⤵
- Executes dropped EXE
-
\??\c:\33iv12.exec:\33iv12.exe5⤵
- Executes dropped EXE
-
\??\c:\t6qaqsi.exec:\t6qaqsi.exe6⤵
- Executes dropped EXE
-
\??\c:\22ok14.exec:\22ok14.exe7⤵
- Executes dropped EXE
-
\??\c:\63462r.exec:\63462r.exe8⤵
- Executes dropped EXE
-
\??\c:\a12mg37.exec:\a12mg37.exe9⤵
- Executes dropped EXE
-
\??\c:\2m2es.exec:\2m2es.exe10⤵
- Executes dropped EXE
-
\??\c:\k979x.exec:\k979x.exe11⤵
- Executes dropped EXE
-
\??\c:\45j7r5.exec:\45j7r5.exe12⤵
- Executes dropped EXE
-
\??\c:\l68n589.exec:\l68n589.exe13⤵
- Executes dropped EXE
-
\??\c:\n1cv1i.exec:\n1cv1i.exe14⤵
- Executes dropped EXE
-
\??\c:\n2vh4q.exec:\n2vh4q.exe15⤵
-
\??\c:\b40o98a.exec:\b40o98a.exe16⤵
-
\??\c:\71k10j.exec:\71k10j.exe17⤵
-
\??\c:\ra241p.exec:\ra241p.exe18⤵
-
\??\c:\qukoqq3.exec:\qukoqq3.exe19⤵
-
\??\c:\j4v13.exec:\j4v13.exe20⤵
-
\??\c:\4h1qb7.exec:\4h1qb7.exe21⤵
-
\??\c:\a805tj.exec:\a805tj.exe22⤵
-
\??\c:\61k7797.exec:\61k7797.exe23⤵
-
\??\c:\ew797.exec:\ew797.exe24⤵
-
\??\c:\opckuw.exec:\opckuw.exe25⤵
-
\??\c:\056k7.exec:\056k7.exe26⤵
-
\??\c:\u34h5wj.exec:\u34h5wj.exe27⤵
-
\??\c:\5vh0o.exec:\5vh0o.exe28⤵
-
\??\c:\9235q.exec:\9235q.exe29⤵
-
\??\c:\295ar6a.exec:\295ar6a.exe30⤵
-
\??\c:\h5iucqi.exec:\h5iucqi.exe31⤵
-
\??\c:\2od33.exec:\2od33.exe32⤵
-
\??\c:\iu30o93.exec:\iu30o93.exe33⤵
-
\??\c:\aeoau.exec:\aeoau.exe34⤵
-
\??\c:\ei9mm.exec:\ei9mm.exe35⤵
-
\??\c:\ckecm.exec:\ckecm.exe36⤵
-
\??\c:\x95qssi.exec:\x95qssi.exe37⤵
-
\??\c:\dscsgk.exec:\dscsgk.exe38⤵
-
\??\c:\gcr4uw.exec:\gcr4uw.exe39⤵
-
\??\c:\5j9953.exec:\5j9953.exe40⤵
-
\??\c:\qcc3e.exec:\qcc3e.exe41⤵
-
\??\c:\6k2949.exec:\6k2949.exe42⤵
-
\??\c:\j71d5.exec:\j71d5.exe43⤵
-
\??\c:\ruesmcq.exec:\ruesmcq.exe44⤵
-
\??\c:\154c17.exec:\154c17.exe45⤵
-
\??\c:\6m3535.exec:\6m3535.exe46⤵
-
\??\c:\d5331.exec:\d5331.exe47⤵
-
\??\c:\q91s6.exec:\q91s6.exe48⤵
-
\??\c:\l53337.exec:\l53337.exe49⤵
-
\??\c:\i7ikgl.exec:\i7ikgl.exe50⤵
-
\??\c:\esx38.exec:\esx38.exe51⤵
-
\??\c:\a97mko.exec:\a97mko.exe52⤵
-
\??\c:\4gr1ej.exec:\4gr1ej.exe53⤵
-
\??\c:\egma833.exec:\egma833.exe54⤵
-
\??\c:\t3g1w.exec:\t3g1w.exe55⤵
-
\??\c:\196weg.exec:\196weg.exe56⤵
-
\??\c:\19hj9.exec:\19hj9.exe57⤵
-
\??\c:\ea9753.exec:\ea9753.exe58⤵
-
\??\c:\8seqq.exec:\8seqq.exe59⤵
-
\??\c:\4n3sd4.exec:\4n3sd4.exe60⤵
-
\??\c:\ugp4s14.exec:\ugp4s14.exe61⤵
-
\??\c:\355cp18.exec:\355cp18.exe62⤵
-
\??\c:\aax90si.exec:\aax90si.exe63⤵
-
\??\c:\c55j1.exec:\c55j1.exe64⤵
-
\??\c:\qj3d779.exec:\qj3d779.exe65⤵
-
\??\c:\91e3ogc.exec:\91e3ogc.exe66⤵
-
\??\c:\fk317g.exec:\fk317g.exe67⤵
-
\??\c:\n6brqx.exec:\n6brqx.exe68⤵
-
\??\c:\c090193.exec:\c090193.exe69⤵
-
\??\c:\990w3.exec:\990w3.exe70⤵
-
\??\c:\kuqqig.exec:\kuqqig.exe71⤵
-
\??\c:\rac52h.exec:\rac52h.exe72⤵
-
\??\c:\it97167.exec:\it97167.exe73⤵
-
\??\c:\1ctg5.exec:\1ctg5.exe74⤵
-
\??\c:\2b5igc.exec:\2b5igc.exe75⤵
-
\??\c:\3739971.exec:\3739971.exe76⤵
-
\??\c:\3p3713.exec:\3p3713.exe77⤵
-
\??\c:\41b732v.exec:\41b732v.exe78⤵
-
\??\c:\4oks36.exec:\4oks36.exe79⤵
-
\??\c:\8oh1us5.exec:\8oh1us5.exe80⤵
-
\??\c:\3v4i5.exec:\3v4i5.exe81⤵
-
\??\c:\492p08.exec:\492p08.exe82⤵
-
\??\c:\aqn53.exec:\aqn53.exe83⤵
-
\??\c:\h1jlk4.exec:\h1jlk4.exe84⤵
-
\??\c:\79975ci.exec:\79975ci.exe85⤵
-
\??\c:\6de1f2.exec:\6de1f2.exe86⤵
-
\??\c:\77oesk.exec:\77oesk.exe87⤵
-
\??\c:\iwagia.exec:\iwagia.exe88⤵
-
\??\c:\hcgac.exec:\hcgac.exe89⤵
-
\??\c:\gin77w.exec:\gin77w.exe90⤵
-
\??\c:\7b54s73.exec:\7b54s73.exe91⤵
-
\??\c:\p14ec80.exec:\p14ec80.exe92⤵
-
\??\c:\ha51194.exec:\ha51194.exe93⤵
-
\??\c:\6mf7w.exec:\6mf7w.exe94⤵
-
\??\c:\4m13i33.exec:\4m13i33.exe95⤵
-
\??\c:\35owgi.exec:\35owgi.exe96⤵
-
\??\c:\6395q57.exec:\6395q57.exe97⤵
-
\??\c:\77mg9ss.exec:\77mg9ss.exe98⤵
-
\??\c:\15571.exec:\15571.exe99⤵
-
\??\c:\33abqu.exec:\33abqu.exe100⤵
-
\??\c:\a397xbc.exec:\a397xbc.exe101⤵
-
\??\c:\xw7715.exec:\xw7715.exe102⤵
-
\??\c:\7v548.exec:\7v548.exe103⤵
-
\??\c:\iemhk.exec:\iemhk.exe104⤵
-
\??\c:\n9xwc.exec:\n9xwc.exe105⤵
-
\??\c:\p5wc90a.exec:\p5wc90a.exe106⤵
-
\??\c:\4cd9g.exec:\4cd9g.exe107⤵
-
\??\c:\e0wqw5.exec:\e0wqw5.exe108⤵
-
\??\c:\s3535.exec:\s3535.exe109⤵
-
\??\c:\133759.exec:\133759.exe110⤵
-
\??\c:\5n33395.exec:\5n33395.exe111⤵
-
\??\c:\9535713.exec:\9535713.exe112⤵
-
\??\c:\qd1ww11.exec:\qd1ww11.exe113⤵
-
\??\c:\f3351i.exec:\f3351i.exe114⤵
-
\??\c:\205317.exec:\205317.exe115⤵
-
\??\c:\53kims.exec:\53kims.exe116⤵
-
\??\c:\kwamud.exec:\kwamud.exe117⤵
-
\??\c:\33d52.exec:\33d52.exe118⤵
-
\??\c:\0e9w133.exec:\0e9w133.exe119⤵
-
\??\c:\0m755.exec:\0m755.exe120⤵
-
\??\c:\oc56n5.exec:\oc56n5.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-