Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
180s -
max time network
185s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
17/11/2023, 18:03 UTC
General
-
Target
NEAS.ef170c1aac447ab504a45eb2c9a6f360.exe
-
Size
93KB
-
MD5
ef170c1aac447ab504a45eb2c9a6f360
-
SHA1
b255d9f09381a34f6a60183847e4c0bb30b090f9
-
SHA256
c5ccd2f0d417d8c54945e471004671cf614fb23cfea929a81cfb899d306f7c65
-
SHA512
936616d4273cfd0addcde8a68393a6f94ab9c347ad1b89bc43b9097e12be8b4dd53406856fcf12450f9eb8afbe4710b27e855962330e1f936fcca7b3825c18ba
-
SSDEEP
1536:kvQBeOGtrYS3srx93UBWfwC6Ggnouy8p5yAXNlIQkPvA3qrEvO7C87Fq:khOmTsF93UYfwC6GIoutpYcvrqrE6dq
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 62 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.ef170c1aac447ab504a45eb2c9a6f360.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.ef170c1aac447ab504a45eb2c9a6f360.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ig178j7.exec:\ig178j7.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h4f6j86.exec:\h4f6j86.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wg537wt.exec:\wg537wt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xie6p6.exec:\xie6p6.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4vq8w.exec:\4vq8w.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\916o7.exec:\916o7.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8677d0.exec:\8677d0.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wahx8.exec:\wahx8.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hmww37.exec:\hmww37.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\988g7.exec:\988g7.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x3c2j.exec:\x3c2j.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6f91335.exec:\6f91335.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\751399.exec:\751399.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xq979.exec:\xq979.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n1359.exec:\n1359.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\35up5.exec:\35up5.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v9977cm.exec:\v9977cm.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6ii58d.exec:\6ii58d.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8513cx.exec:\8513cx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\010606.exec:\010606.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\11mqs.exec:\11mqs.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9x9733u.exec:\9x9733u.exe23⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\16kk161.exec:\16kk161.exe1⤵
- Executes dropped EXE
-
\??\c:\701x59.exec:\701x59.exe2⤵
- Executes dropped EXE
-
\??\c:\sv557as.exec:\sv557as.exe3⤵
- Executes dropped EXE
-
\??\c:\391un.exec:\391un.exe4⤵
- Executes dropped EXE
-
\??\c:\26jndk6.exec:\26jndk6.exe5⤵
- Executes dropped EXE
-
\??\c:\f0emk38.exec:\f0emk38.exe6⤵
- Executes dropped EXE
-
\??\c:\bd1et9b.exec:\bd1et9b.exe7⤵
- Executes dropped EXE
-
\??\c:\04awiaw.exec:\04awiaw.exe8⤵
- Executes dropped EXE
-
\??\c:\552igr.exec:\552igr.exe9⤵
- Executes dropped EXE
-
\??\c:\x8o1uco.exec:\x8o1uco.exe10⤵
- Executes dropped EXE
-
\??\c:\ksuo1.exec:\ksuo1.exe11⤵
- Executes dropped EXE
-
\??\c:\ia9ql.exec:\ia9ql.exe12⤵
- Executes dropped EXE
-
\??\c:\waickks.exec:\waickks.exe13⤵
- Executes dropped EXE
-
\??\c:\536f1s.exec:\536f1s.exe14⤵
- Executes dropped EXE
-
\??\c:\l9aj6r8.exec:\l9aj6r8.exe15⤵
- Executes dropped EXE
-
\??\c:\d29d79.exec:\d29d79.exe16⤵
- Executes dropped EXE
-
\??\c:\491ve.exec:\491ve.exe17⤵
- Executes dropped EXE
-
\??\c:\75ehk2s.exec:\75ehk2s.exe18⤵
- Executes dropped EXE
-
\??\c:\9ujgc.exec:\9ujgc.exe19⤵
- Executes dropped EXE
-
\??\c:\9e09nx0.exec:\9e09nx0.exe20⤵
- Executes dropped EXE
-
\??\c:\gget3.exec:\gget3.exe21⤵
- Executes dropped EXE
-
\??\c:\7csa3ea.exec:\7csa3ea.exe22⤵
- Executes dropped EXE
-
\??\c:\x1956if.exec:\x1956if.exe23⤵
- Executes dropped EXE
-
\??\c:\p9pqk.exec:\p9pqk.exe24⤵
- Executes dropped EXE
-
\??\c:\omw01.exec:\omw01.exe25⤵
- Executes dropped EXE
-
\??\c:\ai935.exec:\ai935.exe26⤵
- Executes dropped EXE
-
\??\c:\8aqakix.exec:\8aqakix.exe27⤵
- Executes dropped EXE
-
\??\c:\2e1ax.exec:\2e1ax.exe28⤵
- Executes dropped EXE
-
\??\c:\i52ukt.exec:\i52ukt.exe29⤵
- Executes dropped EXE
-
\??\c:\93m77.exec:\93m77.exe30⤵
- Executes dropped EXE
-
\??\c:\09k55.exec:\09k55.exe31⤵
- Executes dropped EXE
-
\??\c:\1h5i5c.exec:\1h5i5c.exe32⤵
- Executes dropped EXE
-
\??\c:\1ek315.exec:\1ek315.exe33⤵
- Executes dropped EXE
-
\??\c:\35ed2at.exec:\35ed2at.exe34⤵
- Executes dropped EXE
-
\??\c:\79195.exec:\79195.exe35⤵
- Executes dropped EXE
-
\??\c:\l77c9.exec:\l77c9.exe36⤵
- Executes dropped EXE
-
\??\c:\858mcas.exec:\858mcas.exe37⤵
- Executes dropped EXE
-
\??\c:\6iio5gs.exec:\6iio5gs.exe38⤵
- Executes dropped EXE
-
\??\c:\htnk4.exec:\htnk4.exe39⤵
- Executes dropped EXE
-
\??\c:\75599.exec:\75599.exe40⤵
- Executes dropped EXE
-
\??\c:\bv5w9q.exec:\bv5w9q.exe41⤵
- Executes dropped EXE
-
\??\c:\20n72.exec:\20n72.exe42⤵
- Executes dropped EXE
-
\??\c:\eikdt57.exec:\eikdt57.exe43⤵
-
\??\c:\lkfe89m.exec:\lkfe89m.exe44⤵
-
\??\c:\eoa8c7.exec:\eoa8c7.exe45⤵
-
\??\c:\23d49.exec:\23d49.exe46⤵
-
\??\c:\jj930.exec:\jj930.exe47⤵
-
\??\c:\oej79.exec:\oej79.exe48⤵
-
\??\c:\2973t8.exec:\2973t8.exe49⤵
-
\??\c:\6p3k7.exec:\6p3k7.exe50⤵
-
\??\c:\71cs3.exec:\71cs3.exe51⤵
-
\??\c:\30mh4a.exec:\30mh4a.exe52⤵
-
\??\c:\29q30w.exec:\29q30w.exe53⤵
-
\??\c:\aue059.exec:\aue059.exe54⤵
-
\??\c:\53irwk.exec:\53irwk.exe55⤵
-
\??\c:\473905l.exec:\473905l.exe56⤵
-
\??\c:\wi0idwe.exec:\wi0idwe.exe57⤵
-
\??\c:\41fs2ej.exec:\41fs2ej.exe58⤵
-
\??\c:\4e72c5.exec:\4e72c5.exe59⤵
-
\??\c:\r173591.exec:\r173591.exe60⤵
-
\??\c:\o07wu8s.exec:\o07wu8s.exe61⤵
-
\??\c:\290w8.exec:\290w8.exe62⤵
-
\??\c:\cqb2qa.exec:\cqb2qa.exe63⤵
-
\??\c:\3vo5073.exec:\3vo5073.exe64⤵
-
\??\c:\gwlx5m5.exec:\gwlx5m5.exe65⤵
-
\??\c:\5o25vve.exec:\5o25vve.exe66⤵
-
\??\c:\81882.exec:\81882.exe67⤵
-
\??\c:\w5ra50c.exec:\w5ra50c.exe68⤵
-
\??\c:\o700b.exec:\o700b.exe69⤵
-
\??\c:\9w99n8.exec:\9w99n8.exe70⤵
-
\??\c:\l0g5cro.exec:\l0g5cro.exe71⤵
-
\??\c:\gv0eeu0.exec:\gv0eeu0.exe72⤵
-
\??\c:\4oj533.exec:\4oj533.exe73⤵
-
\??\c:\41415.exec:\41415.exe74⤵
-
\??\c:\t5kk76.exec:\t5kk76.exe75⤵
-
\??\c:\mt4575.exec:\mt4575.exe76⤵
-
\??\c:\6nmlf.exec:\6nmlf.exe77⤵
-
\??\c:\87i73.exec:\87i73.exe78⤵
-
\??\c:\4r997k.exec:\4r997k.exe79⤵
-
\??\c:\lt8p1.exec:\lt8p1.exe80⤵
-
\??\c:\r1uf7kh.exec:\r1uf7kh.exe81⤵
-
\??\c:\wc2uge.exec:\wc2uge.exe82⤵
-
\??\c:\qxgag.exec:\qxgag.exe83⤵
-
\??\c:\8g669fc.exec:\8g669fc.exe84⤵
-
\??\c:\0pr3s5.exec:\0pr3s5.exe85⤵
-
\??\c:\f3351u.exec:\f3351u.exe86⤵
-
\??\c:\13m78.exec:\13m78.exe87⤵
-
\??\c:\fr1ou.exec:\fr1ou.exe88⤵
-
\??\c:\eem9132.exec:\eem9132.exe89⤵
-
\??\c:\8a5ek3.exec:\8a5ek3.exe90⤵
-
\??\c:\er4f74.exec:\er4f74.exe91⤵
-
\??\c:\ws5d30.exec:\ws5d30.exe92⤵
-
\??\c:\qfx881.exec:\qfx881.exe93⤵
-
\??\c:\58cp0.exec:\58cp0.exe94⤵
-
\??\c:\s930uwh.exec:\s930uwh.exe95⤵
-
\??\c:\8x7v82.exec:\8x7v82.exe96⤵
-
\??\c:\199s5s.exec:\199s5s.exe97⤵
-
\??\c:\91177.exec:\91177.exe98⤵
-
\??\c:\is50ip.exec:\is50ip.exe99⤵
-
\??\c:\t3wj0ej.exec:\t3wj0ej.exe100⤵
-
\??\c:\d92p2c.exec:\d92p2c.exe101⤵
-
\??\c:\91u1c9.exec:\91u1c9.exe102⤵
-
\??\c:\3766bw.exec:\3766bw.exe103⤵
-
\??\c:\huxe8e8.exec:\huxe8e8.exe104⤵
-
\??\c:\057bj7.exec:\057bj7.exe105⤵
-
\??\c:\97oesu.exec:\97oesu.exe106⤵
-
\??\c:\j34fmg.exec:\j34fmg.exe107⤵
-
\??\c:\d298k7.exec:\d298k7.exe108⤵
-
\??\c:\l31995.exec:\l31995.exe109⤵
-
\??\c:\57uj98m.exec:\57uj98m.exe110⤵
-
\??\c:\g4vfn8.exec:\g4vfn8.exe111⤵
-
\??\c:\waqmr.exec:\waqmr.exe112⤵
-
\??\c:\jxw9o.exec:\jxw9o.exe113⤵
-
\??\c:\6oj9c.exec:\6oj9c.exe114⤵
-
\??\c:\g0q1an.exec:\g0q1an.exe115⤵
-
\??\c:\vp10e.exec:\vp10e.exe116⤵
-
\??\c:\k8ukmg5.exec:\k8ukmg5.exe117⤵
-
\??\c:\h50x54.exec:\h50x54.exe118⤵
-
\??\c:\oeuwmo.exec:\oeuwmo.exe119⤵
-
\??\c:\05k1s1.exec:\05k1s1.exe120⤵
-
\??\c:\j8g01aj.exec:\j8g01aj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-