Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231025-en -
resource tags
-
submitted
17/11/2023, 22:35
General
-
Target
NEAS.070abc06c9d3f8e744429eebed715c20.exe
-
Size
59KB
-
MD5
070abc06c9d3f8e744429eebed715c20
-
SHA1
38d76f4e4211f36f15674b27b6aebc3fce631962
-
SHA256
72402b77df2cb403611bf7299db7871240d88b1ca0d7af482f0e52842547a6e5
-
SHA512
3cd4734d72d190603d55d04a20a431e3beb01d9bcede53a9b0e988254925fc1a72c85804f949db1064f000fb57ff2e6443fa823295d775097e4385744b41d799
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU/mj:ymb3NkkiQ3mdBjF0y/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 34 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 59 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.070abc06c9d3f8e744429eebed715c20.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.070abc06c9d3f8e744429eebed715c20.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\a8r49.exec:\a8r49.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\84g55j9.exec:\84g55j9.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f35or38.exec:\f35or38.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x357g7u.exec:\x357g7u.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7r9f30.exec:\7r9f30.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\aoki1o.exec:\aoki1o.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9512k.exec:\9512k.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\91357.exec:\91357.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1cie06.exec:\1cie06.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\674s898.exec:\674s898.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\19gj12o.exec:\19gj12o.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\cwq6677.exec:\cwq6677.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxu357.exec:\pxu357.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a4mt5.exec:\a4mt5.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\60nr8.exec:\60nr8.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q1ips.exec:\q1ips.exe17⤵
- Executes dropped EXE
-
\??\c:\121x8x.exec:\121x8x.exe18⤵
- Executes dropped EXE
-
\??\c:\iaqqn.exec:\iaqqn.exe19⤵
- Executes dropped EXE
-
\??\c:\1585un.exec:\1585un.exe20⤵
- Executes dropped EXE
-
\??\c:\lckom8k.exec:\lckom8k.exe21⤵
- Executes dropped EXE
-
\??\c:\rg56kg.exec:\rg56kg.exe22⤵
- Executes dropped EXE
-
\??\c:\eam5i.exec:\eam5i.exe23⤵
- Executes dropped EXE
-
\??\c:\788c5o.exec:\788c5o.exe24⤵
- Executes dropped EXE
-
\??\c:\83kv13q.exec:\83kv13q.exe25⤵
- Executes dropped EXE
-
\??\c:\41159.exec:\41159.exe26⤵
- Executes dropped EXE
-
\??\c:\9ohlbec.exec:\9ohlbec.exe27⤵
- Executes dropped EXE
-
\??\c:\n4ah6p.exec:\n4ah6p.exe28⤵
- Executes dropped EXE
-
\??\c:\i3i76go.exec:\i3i76go.exe29⤵
- Executes dropped EXE
-
\??\c:\73qeu.exec:\73qeu.exe30⤵
- Executes dropped EXE
-
\??\c:\5v4u1w.exec:\5v4u1w.exe31⤵
- Executes dropped EXE
-
\??\c:\95sq1q.exec:\95sq1q.exe32⤵
- Executes dropped EXE
-
\??\c:\976ol2.exec:\976ol2.exe33⤵
- Executes dropped EXE
-
\??\c:\43b510.exec:\43b510.exe34⤵
- Executes dropped EXE
-
\??\c:\94ol12.exec:\94ol12.exe35⤵
- Executes dropped EXE
-
\??\c:\c6g2k90.exec:\c6g2k90.exe36⤵
- Executes dropped EXE
-
\??\c:\1b7923.exec:\1b7923.exe37⤵
- Executes dropped EXE
-
\??\c:\vmgsi.exec:\vmgsi.exe38⤵
- Executes dropped EXE
-
\??\c:\c7k37.exec:\c7k37.exe39⤵
- Executes dropped EXE
-
\??\c:\q95991.exec:\q95991.exe40⤵
- Executes dropped EXE
-
\??\c:\h393ibt.exec:\h393ibt.exe41⤵
- Executes dropped EXE
-
\??\c:\5d05w.exec:\5d05w.exe42⤵
- Executes dropped EXE
-
\??\c:\034s98f.exec:\034s98f.exe43⤵
- Executes dropped EXE
-
\??\c:\osk8q.exec:\osk8q.exe44⤵
- Executes dropped EXE
-
\??\c:\nf4p3.exec:\nf4p3.exe45⤵
- Executes dropped EXE
-
\??\c:\ww993.exec:\ww993.exe46⤵
- Executes dropped EXE
-
\??\c:\guq9wk.exec:\guq9wk.exe47⤵
- Executes dropped EXE
-
\??\c:\7s9ul.exec:\7s9ul.exe48⤵
- Executes dropped EXE
-
\??\c:\s0g14w5.exec:\s0g14w5.exe49⤵
- Executes dropped EXE
-
\??\c:\m77216a.exec:\m77216a.exe50⤵
- Executes dropped EXE
-
\??\c:\l1ffc06.exec:\l1ffc06.exe51⤵
- Executes dropped EXE
-
\??\c:\cekb73.exec:\cekb73.exe52⤵
- Executes dropped EXE
-
\??\c:\ae14t.exec:\ae14t.exe53⤵
- Executes dropped EXE
-
\??\c:\atpok4.exec:\atpok4.exe54⤵
- Executes dropped EXE
-
\??\c:\w1ooc0.exec:\w1ooc0.exe55⤵
- Executes dropped EXE
-
\??\c:\l374f.exec:\l374f.exe56⤵
- Executes dropped EXE
-
\??\c:\t6407.exec:\t6407.exe57⤵
- Executes dropped EXE
-
\??\c:\nis0se.exec:\nis0se.exe58⤵
- Executes dropped EXE
-
\??\c:\75ca33e.exec:\75ca33e.exe59⤵
- Executes dropped EXE
-
\??\c:\fl9n2.exec:\fl9n2.exe60⤵
- Executes dropped EXE
-
\??\c:\7d7is.exec:\7d7is.exe61⤵
- Executes dropped EXE
-
\??\c:\w0cx37.exec:\w0cx37.exe62⤵
- Executes dropped EXE
-
\??\c:\4975513.exec:\4975513.exe63⤵
- Executes dropped EXE
-
\??\c:\ckwut.exec:\ckwut.exe64⤵
- Executes dropped EXE
-
\??\c:\e2es21.exec:\e2es21.exe65⤵
- Executes dropped EXE
-
\??\c:\25377.exec:\25377.exe66⤵
-
\??\c:\n733noi.exec:\n733noi.exe67⤵
-
\??\c:\j540ld4.exec:\j540ld4.exe68⤵
-
\??\c:\4rq959.exec:\4rq959.exe69⤵
-
\??\c:\f4gok.exec:\f4gok.exe70⤵
-
\??\c:\sdjcnv.exec:\sdjcnv.exe71⤵
-
\??\c:\u6a7own.exec:\u6a7own.exe72⤵
-
\??\c:\5n31g.exec:\5n31g.exe73⤵
-
\??\c:\496ogww.exec:\496ogww.exe74⤵
-
\??\c:\11mi72.exec:\11mi72.exe75⤵
-
\??\c:\7f4q75c.exec:\7f4q75c.exe76⤵
-
\??\c:\ms13i74.exec:\ms13i74.exe77⤵
-
\??\c:\8a6kg2.exec:\8a6kg2.exe78⤵
-
\??\c:\l8txqr4.exec:\l8txqr4.exe79⤵
-
\??\c:\a92g6s.exec:\a92g6s.exe80⤵
-
\??\c:\99mp42.exec:\99mp42.exe81⤵
-
\??\c:\7a8j1f7.exec:\7a8j1f7.exe82⤵
-
\??\c:\q7x560q.exec:\q7x560q.exe83⤵
-
\??\c:\1657311.exec:\1657311.exe84⤵
-
\??\c:\3l3739.exec:\3l3739.exe85⤵
-
\??\c:\7q589.exec:\7q589.exe86⤵
-
\??\c:\ukiaemi.exec:\ukiaemi.exe87⤵
-
\??\c:\ucqa38a.exec:\ucqa38a.exe88⤵
-
\??\c:\he94h7.exec:\he94h7.exe89⤵
-
\??\c:\f3ba8.exec:\f3ba8.exe90⤵
-
\??\c:\08h37g2.exec:\08h37g2.exe91⤵
-
\??\c:\3f73qh8.exec:\3f73qh8.exe92⤵
-
\??\c:\q6k519.exec:\q6k519.exe93⤵
-
\??\c:\nc74m.exec:\nc74m.exe94⤵
-
\??\c:\593539i.exec:\593539i.exe95⤵
-
\??\c:\c0o3j58.exec:\c0o3j58.exe96⤵
-
\??\c:\l0rk490.exec:\l0rk490.exe97⤵
-
\??\c:\881795.exec:\881795.exe98⤵
-
\??\c:\3p3muj.exec:\3p3muj.exe99⤵
-
\??\c:\k6eq38o.exec:\k6eq38o.exe100⤵
-
\??\c:\4xgxf39.exec:\4xgxf39.exe101⤵
-
\??\c:\98itp3.exec:\98itp3.exe102⤵
-
\??\c:\vweea.exec:\vweea.exe103⤵
-
\??\c:\664e4a.exec:\664e4a.exe104⤵
-
\??\c:\1712731.exec:\1712731.exe105⤵
-
\??\c:\gcquv8.exec:\gcquv8.exe106⤵
-
\??\c:\1g314c.exec:\1g314c.exe107⤵
-
\??\c:\vh16o.exec:\vh16o.exe108⤵
-
\??\c:\43604.exec:\43604.exe109⤵
-
\??\c:\ulf59n.exec:\ulf59n.exe110⤵
-
\??\c:\99kfc33.exec:\99kfc33.exe111⤵
-
\??\c:\28uhuk.exec:\28uhuk.exe112⤵
-
\??\c:\j8t0w12.exec:\j8t0w12.exe113⤵
-
\??\c:\5b54e.exec:\5b54e.exe114⤵
-
\??\c:\w6i1g.exec:\w6i1g.exe115⤵
-
\??\c:\4m215j.exec:\4m215j.exe116⤵
-
\??\c:\joc5p0a.exec:\joc5p0a.exe117⤵
-
\??\c:\bg75p5r.exec:\bg75p5r.exe118⤵
-
\??\c:\373qm.exec:\373qm.exe119⤵
-
\??\c:\ceh03.exec:\ceh03.exe120⤵
-
\??\c:\qb318ui.exec:\qb318ui.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-