Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
59s -
max time network
75s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
17/11/2023, 22:35
General
-
Target
NEAS.070abc06c9d3f8e744429eebed715c20.exe
-
Size
59KB
-
MD5
070abc06c9d3f8e744429eebed715c20
-
SHA1
38d76f4e4211f36f15674b27b6aebc3fce631962
-
SHA256
72402b77df2cb403611bf7299db7871240d88b1ca0d7af482f0e52842547a6e5
-
SHA512
3cd4734d72d190603d55d04a20a431e3beb01d9bcede53a9b0e988254925fc1a72c85804f949db1064f000fb57ff2e6443fa823295d775097e4385744b41d799
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU/mj:ymb3NkkiQ3mdBjF0y/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 50 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.070abc06c9d3f8e744429eebed715c20.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.070abc06c9d3f8e744429eebed715c20.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9b2swo1.exec:\9b2swo1.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\914ce.exec:\914ce.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0sqqw1.exec:\0sqqw1.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8cml2g.exec:\8cml2g.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4sf5so9.exec:\4sf5so9.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i6gmesu.exec:\i6gmesu.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\in827m5.exec:\in827m5.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lc56m.exec:\lc56m.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d73993.exec:\d73993.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0r3cv.exec:\0r3cv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\igr77ig.exec:\igr77ig.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\uul541.exec:\uul541.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ek755.exec:\ek755.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mmoq329.exec:\mmoq329.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u0mmab.exec:\u0mmab.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qsqgmcu.exec:\qsqgmcu.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7g3iup1.exec:\7g3iup1.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wq2e13.exec:\wq2e13.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pv5nb.exec:\pv5nb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\79mr3f.exec:\79mr3f.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9asseom.exec:\9asseom.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\75u7dg.exec:\75u7dg.exe23⤵
- Executes dropped EXE
-
\??\c:\r5sgu90.exec:\r5sgu90.exe24⤵
- Executes dropped EXE
-
\??\c:\172b94m.exec:\172b94m.exe25⤵
- Executes dropped EXE
-
\??\c:\kswkg.exec:\kswkg.exe26⤵
- Executes dropped EXE
-
\??\c:\2vk7i14.exec:\2vk7i14.exe27⤵
- Executes dropped EXE
-
\??\c:\wb55op.exec:\wb55op.exe28⤵
- Executes dropped EXE
-
\??\c:\276vl9.exec:\276vl9.exe29⤵
- Executes dropped EXE
-
\??\c:\332w9ca.exec:\332w9ca.exe30⤵
-
\??\c:\4ceei.exec:\4ceei.exe31⤵
- Executes dropped EXE
-
\??\c:\1j62q82.exec:\1j62q82.exe32⤵
- Executes dropped EXE
-
\??\c:\854c76.exec:\854c76.exe33⤵
- Executes dropped EXE
-
\??\c:\r133a.exec:\r133a.exe34⤵
- Executes dropped EXE
-
\??\c:\v5939on.exec:\v5939on.exe35⤵
- Executes dropped EXE
-
\??\c:\g8swk2o.exec:\g8swk2o.exe36⤵
- Executes dropped EXE
-
\??\c:\51155.exec:\51155.exe37⤵
- Executes dropped EXE
-
\??\c:\93711b.exec:\93711b.exe38⤵
- Executes dropped EXE
-
\??\c:\1d8o13.exec:\1d8o13.exe39⤵
- Executes dropped EXE
-
\??\c:\w9s777.exec:\w9s777.exe40⤵
- Executes dropped EXE
-
\??\c:\ma78u.exec:\ma78u.exe41⤵
- Executes dropped EXE
-
\??\c:\sd9k5u1.exec:\sd9k5u1.exe42⤵
- Executes dropped EXE
-
\??\c:\jarkwq.exec:\jarkwq.exe43⤵
- Executes dropped EXE
-
\??\c:\5r797b2.exec:\5r797b2.exe44⤵
- Executes dropped EXE
-
\??\c:\kwwo6u.exec:\kwwo6u.exe45⤵
- Executes dropped EXE
-
\??\c:\cwrasos.exec:\cwrasos.exe46⤵
- Executes dropped EXE
-
\??\c:\95v9m.exec:\95v9m.exe47⤵
- Executes dropped EXE
-
\??\c:\7xut1.exec:\7xut1.exe48⤵
- Executes dropped EXE
-
\??\c:\1e6ukg.exec:\1e6ukg.exe49⤵
- Executes dropped EXE
-
\??\c:\ov3999.exec:\ov3999.exe50⤵
- Executes dropped EXE
-
\??\c:\gunta.exec:\gunta.exe51⤵
- Executes dropped EXE
-
\??\c:\77979.exec:\77979.exe52⤵
- Executes dropped EXE
-
\??\c:\2jr155r.exec:\2jr155r.exe53⤵
- Executes dropped EXE
-
\??\c:\75gkot7.exec:\75gkot7.exe54⤵
- Executes dropped EXE
-
\??\c:\4aeqma3.exec:\4aeqma3.exe55⤵
- Executes dropped EXE
-
\??\c:\mae2u.exec:\mae2u.exe56⤵
- Executes dropped EXE
-
\??\c:\v36o93c.exec:\v36o93c.exe57⤵
- Executes dropped EXE
-
\??\c:\gj757.exec:\gj757.exe58⤵
- Executes dropped EXE
-
\??\c:\5553f.exec:\5553f.exe59⤵
- Executes dropped EXE
-
\??\c:\ukk36.exec:\ukk36.exe60⤵
- Executes dropped EXE
-
\??\c:\f3d953.exec:\f3d953.exe61⤵
- Executes dropped EXE
-
\??\c:\acj5u32.exec:\acj5u32.exe62⤵
- Executes dropped EXE
-
\??\c:\932ko.exec:\932ko.exe63⤵
- Executes dropped EXE
-
\??\c:\v6ag32k.exec:\v6ag32k.exe64⤵
- Executes dropped EXE
-
\??\c:\1j77539.exec:\1j77539.exe65⤵
- Executes dropped EXE
-
\??\c:\gs78x.exec:\gs78x.exe66⤵
- Executes dropped EXE
-
\??\c:\qsegu.exec:\qsegu.exe67⤵
-
\??\c:\37cj8k.exec:\37cj8k.exe68⤵
-
\??\c:\391f2.exec:\391f2.exe69⤵
-
\??\c:\84iqc.exec:\84iqc.exe70⤵
-
\??\c:\3n33exh.exec:\3n33exh.exe71⤵
-
\??\c:\10egaw8.exec:\10egaw8.exe72⤵
-
\??\c:\35993.exec:\35993.exe73⤵
-
\??\c:\45xvq24.exec:\45xvq24.exe74⤵
-
\??\c:\2kgf73v.exec:\2kgf73v.exe75⤵
-
\??\c:\m08sb.exec:\m08sb.exe76⤵
-
\??\c:\eac56.exec:\eac56.exe77⤵
-
\??\c:\491t39.exec:\491t39.exe78⤵
-
\??\c:\1u6uksn.exec:\1u6uksn.exe79⤵
-
\??\c:\cokaa6v.exec:\cokaa6v.exe80⤵
-
\??\c:\ul92s05.exec:\ul92s05.exe81⤵
-
\??\c:\oociu.exec:\oociu.exe82⤵
-
\??\c:\qkh2sr.exec:\qkh2sr.exe83⤵
-
\??\c:\luewj.exec:\luewj.exe84⤵
-
\??\c:\gm7su.exec:\gm7su.exe85⤵
-
\??\c:\20cwwou.exec:\20cwwou.exe86⤵
-
\??\c:\09k9v.exec:\09k9v.exe87⤵
-
\??\c:\33w99e.exec:\33w99e.exe88⤵
-
\??\c:\n2p6t.exec:\n2p6t.exe89⤵
-
\??\c:\286qqa3.exec:\286qqa3.exe90⤵
-
\??\c:\0f11s50.exec:\0f11s50.exe91⤵
-
\??\c:\58h7k11.exec:\58h7k11.exe92⤵
-
\??\c:\aiqui.exec:\aiqui.exe93⤵
-
\??\c:\75wc1.exec:\75wc1.exe94⤵
-
\??\c:\ikmcw.exec:\ikmcw.exe95⤵
-
\??\c:\71759.exec:\71759.exe96⤵
-
\??\c:\am7862.exec:\am7862.exe97⤵
-
\??\c:\r7535.exec:\r7535.exe98⤵
-
\??\c:\1sq9uj.exec:\1sq9uj.exe99⤵
-
\??\c:\hn8iow.exec:\hn8iow.exe100⤵
-
\??\c:\q6x3k.exec:\q6x3k.exe101⤵
-
\??\c:\uc51cv.exec:\uc51cv.exe102⤵
-
\??\c:\puq51m.exec:\puq51m.exe103⤵
-
\??\c:\g80ai.exec:\g80ai.exe104⤵
-
\??\c:\54oko.exec:\54oko.exe105⤵
-
\??\c:\h27333.exec:\h27333.exe106⤵
-
\??\c:\0wl32.exec:\0wl32.exe107⤵
-
\??\c:\wewmoe.exec:\wewmoe.exe108⤵
-
\??\c:\175335w.exec:\175335w.exe109⤵
-
\??\c:\4413o.exec:\4413o.exe110⤵
-
\??\c:\us7773.exec:\us7773.exe111⤵
-
\??\c:\0mc8c7e.exec:\0mc8c7e.exe112⤵
-
\??\c:\ags03be.exec:\ags03be.exe113⤵
-
\??\c:\h8mr18g.exec:\h8mr18g.exe114⤵
-
\??\c:\9gxd4.exec:\9gxd4.exe115⤵
-
\??\c:\sqca2c.exec:\sqca2c.exe116⤵
-
\??\c:\oudd65j.exec:\oudd65j.exe117⤵
-
\??\c:\woeai73.exec:\woeai73.exe118⤵
-
\??\c:\5757735.exec:\5757735.exe119⤵
-
\??\c:\mj393g.exec:\mj393g.exe120⤵
-
\??\c:\5aiax.exec:\5aiax.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-