Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
15/11/2023, 09:00
General
-
Target
NEAS.b46e842e35cf209e1cd1990ea1becbf0.exe
-
Size
93KB
-
MD5
b46e842e35cf209e1cd1990ea1becbf0
-
SHA1
8a87f0ce728b1ebb47fb96ae6b430db88076b3ab
-
SHA256
f4672da0c3d5e5d2c0569e78fc728b9f2a2cdd4afcf81f79f3db0be748704fce
-
SHA512
7cd0cb8a1f0ce1b6365b3202bdd4ffc85393f727d5634dd8f8f7d6e0205e096b7cfe4ada2dd6cdceaf4a421c038bdd627c85ff009a13e77dae1cff62c7c76d5b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73t6MlYqn+jMp9IHKqkHpnXgS:ymb3NkkiQ3mdBjFo73tvn+Yp9FrHP
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 48 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.b46e842e35cf209e1cd1990ea1becbf0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.b46e842e35cf209e1cd1990ea1becbf0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\qm1spsq.exec:\qm1spsq.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1647753.exec:\1647753.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0826qu0.exec:\0826qu0.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m700743.exec:\m700743.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q2217j.exec:\q2217j.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\oo1405.exec:\oo1405.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\718j0ss.exec:\718j0ss.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\06104.exec:\06104.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\40f43d.exec:\40f43d.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hwx38.exec:\hwx38.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2epw5.exec:\2epw5.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c7041.exec:\c7041.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i65e596.exec:\i65e596.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\64f74.exec:\64f74.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\31cm39.exec:\31cm39.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ghk2dje.exec:\ghk2dje.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4m07oh.exec:\4m07oh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6hek0.exec:\6hek0.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5282u3.exec:\5282u3.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\95gv25h.exec:\95gv25h.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\45s19e.exec:\45s19e.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\71828v9.exec:\71828v9.exe23⤵
- Executes dropped EXE
-
\??\c:\sjrek19.exec:\sjrek19.exe24⤵
- Executes dropped EXE
-
\??\c:\ffi9i.exec:\ffi9i.exe25⤵
- Executes dropped EXE
-
\??\c:\4fx44cl.exec:\4fx44cl.exe26⤵
- Executes dropped EXE
-
\??\c:\1714t02.exec:\1714t02.exe27⤵
- Executes dropped EXE
-
\??\c:\c4639.exec:\c4639.exe28⤵
- Executes dropped EXE
-
\??\c:\7ibu52.exec:\7ibu52.exe29⤵
- Executes dropped EXE
-
\??\c:\e2xsw20.exec:\e2xsw20.exe30⤵
- Executes dropped EXE
-
\??\c:\o1k2418.exec:\o1k2418.exe31⤵
- Executes dropped EXE
-
\??\c:\q3bk9ox.exec:\q3bk9ox.exe32⤵
- Executes dropped EXE
-
\??\c:\qvqt1v.exec:\qvqt1v.exe33⤵
- Executes dropped EXE
-
\??\c:\98pp7.exec:\98pp7.exe34⤵
- Executes dropped EXE
-
\??\c:\rk69jh.exec:\rk69jh.exe35⤵
- Executes dropped EXE
-
\??\c:\rr4i25.exec:\rr4i25.exe36⤵
- Executes dropped EXE
-
\??\c:\9twu36.exec:\9twu36.exe37⤵
- Executes dropped EXE
-
\??\c:\f87qx81.exec:\f87qx81.exe38⤵
- Executes dropped EXE
-
\??\c:\d4h88o.exec:\d4h88o.exe39⤵
- Executes dropped EXE
-
\??\c:\11ad2.exec:\11ad2.exe40⤵
- Executes dropped EXE
-
\??\c:\jlr14t.exec:\jlr14t.exe41⤵
- Executes dropped EXE
-
\??\c:\5bfst13.exec:\5bfst13.exe42⤵
- Executes dropped EXE
-
\??\c:\8hbi48.exec:\8hbi48.exe43⤵
- Executes dropped EXE
-
\??\c:\5x5u34b.exec:\5x5u34b.exe44⤵
- Executes dropped EXE
-
\??\c:\7e3k9c7.exec:\7e3k9c7.exe45⤵
- Executes dropped EXE
-
\??\c:\12id4.exec:\12id4.exe46⤵
- Executes dropped EXE
-
\??\c:\jvpgn2.exec:\jvpgn2.exe47⤵
- Executes dropped EXE
-
\??\c:\xk0396o.exec:\xk0396o.exe48⤵
- Executes dropped EXE
-
\??\c:\u2e8a72.exec:\u2e8a72.exe49⤵
- Executes dropped EXE
-
\??\c:\w9mdd.exec:\w9mdd.exe50⤵
- Executes dropped EXE
-
\??\c:\tc09li.exec:\tc09li.exe51⤵
- Executes dropped EXE
-
\??\c:\f2839sv.exec:\f2839sv.exe52⤵
- Executes dropped EXE
-
\??\c:\6gtckq.exec:\6gtckq.exe53⤵
- Executes dropped EXE
-
\??\c:\8k1c5et.exec:\8k1c5et.exe54⤵
- Executes dropped EXE
-
\??\c:\j93lo6.exec:\j93lo6.exe55⤵
- Executes dropped EXE
-
\??\c:\t0g494v.exec:\t0g494v.exe56⤵
- Executes dropped EXE
-
\??\c:\jke8n4.exec:\jke8n4.exe57⤵
- Executes dropped EXE
-
\??\c:\41l61.exec:\41l61.exe58⤵
- Executes dropped EXE
-
\??\c:\9qk5r.exec:\9qk5r.exe59⤵
- Executes dropped EXE
-
\??\c:\4v865lc.exec:\4v865lc.exe60⤵
- Executes dropped EXE
-
\??\c:\8dap8.exec:\8dap8.exe61⤵
- Executes dropped EXE
-
\??\c:\n5jc2x.exec:\n5jc2x.exe62⤵
- Executes dropped EXE
-
\??\c:\w544sgd.exec:\w544sgd.exe63⤵
- Executes dropped EXE
-
\??\c:\2kn1c51.exec:\2kn1c51.exe64⤵
- Executes dropped EXE
-
\??\c:\18x5a.exec:\18x5a.exe65⤵
- Executes dropped EXE
-
\??\c:\i4kqi.exec:\i4kqi.exe66⤵
-
\??\c:\9u6w1s.exec:\9u6w1s.exe67⤵
-
\??\c:\tliidh.exec:\tliidh.exe68⤵
-
\??\c:\0vr4pag.exec:\0vr4pag.exe69⤵
-
\??\c:\9mmtn1x.exec:\9mmtn1x.exe70⤵
-
\??\c:\2jga9k7.exec:\2jga9k7.exe71⤵
-
\??\c:\0e9kw.exec:\0e9kw.exe72⤵
-
\??\c:\1x60dn.exec:\1x60dn.exe73⤵
-
\??\c:\99p0jx5.exec:\99p0jx5.exe74⤵
-
\??\c:\6w7f7a.exec:\6w7f7a.exe75⤵
-
\??\c:\xp535h2.exec:\xp535h2.exe76⤵
-
\??\c:\g21da31.exec:\g21da31.exe77⤵
-
\??\c:\5nj5p89.exec:\5nj5p89.exe78⤵
-
\??\c:\vnb334e.exec:\vnb334e.exe79⤵
-
\??\c:\27ew2.exec:\27ew2.exe80⤵
-
\??\c:\b8t5o8m.exec:\b8t5o8m.exe81⤵
-
\??\c:\k8xl6d7.exec:\k8xl6d7.exe82⤵
-
\??\c:\mq59999.exec:\mq59999.exe83⤵
-
\??\c:\5vsb2.exec:\5vsb2.exe84⤵
-
\??\c:\w060e8.exec:\w060e8.exe85⤵
-
\??\c:\o72cum7.exec:\o72cum7.exe86⤵
-
\??\c:\47bag23.exec:\47bag23.exe87⤵
-
\??\c:\pm7n5i.exec:\pm7n5i.exe88⤵
-
\??\c:\k8252.exec:\k8252.exe89⤵
-
\??\c:\i639h.exec:\i639h.exe90⤵
-
\??\c:\6xxg9nc.exec:\6xxg9nc.exe91⤵
-
\??\c:\x20927.exec:\x20927.exe92⤵
-
\??\c:\9vsbi3.exec:\9vsbi3.exe93⤵
-
\??\c:\t0kq2i.exec:\t0kq2i.exe94⤵
-
\??\c:\77g648b.exec:\77g648b.exe95⤵
-
\??\c:\7g303.exec:\7g303.exe96⤵
-
\??\c:\4j01ga.exec:\4j01ga.exe97⤵
-
\??\c:\vad627.exec:\vad627.exe98⤵
-
\??\c:\h2i7gj.exec:\h2i7gj.exe99⤵
-
\??\c:\5080st.exec:\5080st.exe100⤵
-
\??\c:\of4xsm.exec:\of4xsm.exe101⤵
-
\??\c:\u05v10.exec:\u05v10.exe102⤵
-
\??\c:\98i738.exec:\98i738.exe103⤵
-
\??\c:\h17sc0x.exec:\h17sc0x.exe104⤵
-
\??\c:\abw2gs.exec:\abw2gs.exe105⤵
-
\??\c:\0s5n94p.exec:\0s5n94p.exe106⤵
-
\??\c:\09ap77.exec:\09ap77.exe107⤵
-
\??\c:\f31nk1n.exec:\f31nk1n.exe108⤵
-
\??\c:\0g1qt.exec:\0g1qt.exe109⤵
-
\??\c:\89g5945.exec:\89g5945.exe110⤵
-
\??\c:\ch553h3.exec:\ch553h3.exe111⤵
-
\??\c:\t71n4.exec:\t71n4.exe112⤵
-
\??\c:\m5c8mm.exec:\m5c8mm.exe113⤵
-
\??\c:\s0cc5m.exec:\s0cc5m.exe114⤵
-
\??\c:\0kr19.exec:\0kr19.exe115⤵
-
\??\c:\o340xl.exec:\o340xl.exe116⤵
-
\??\c:\c6rxi9.exec:\c6rxi9.exe117⤵
-
\??\c:\8g2tup.exec:\8g2tup.exe118⤵
-
\??\c:\l27d8.exec:\l27d8.exe119⤵
-
\??\c:\nx3xpwt.exec:\nx3xpwt.exe120⤵
-
\??\c:\4ilge7.exec:\4ilge7.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-