Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
18/11/2023, 06:17
General
-
Target
NEAS.b48e9f83bb846d932835c72f97100410.exe
-
Size
88KB
-
MD5
b48e9f83bb846d932835c72f97100410
-
SHA1
30ac57f60ce21682f6d430d5f81ea9c323508d61
-
SHA256
677b4366b20f61f73623fa3c3e8964b366ef5fb3e625804da74e308f7dddde96
-
SHA512
e6b65e6950f284038fa53f1a495825588344de93999f464946c80098de8e2d8f862708469f8ef78532e8fcf7c217b072fc18fd4f087165016e727374f8894a75
-
SSDEEP
1536:9vQBeOGtrYS3srx93UBWfwC6Ggnouy8PbhnyLFbUZJjw5Ivov1dk:9hOmTsF93UYfwC6GIoutz5yLpc
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.b48e9f83bb846d932835c72f97100410.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.b48e9f83bb846d932835c72f97100410.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\p9919j6.exec:\p9919j6.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\038204.exec:\038204.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7mqlt5t.exec:\7mqlt5t.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9r7177.exec:\9r7177.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\18735.exec:\18735.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h1873.exec:\h1873.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u2su3.exec:\u2su3.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2isr13.exec:\2isr13.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\97el8d.exec:\97el8d.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j04b0.exec:\j04b0.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i8g8g.exec:\i8g8g.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fswws6.exec:\fswws6.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\eaqms33.exec:\eaqms33.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\93iass.exec:\93iass.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\5p7536.exec:\5p7536.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\99h16.exec:\99h16.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ef1553.exec:\ef1553.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2b1931.exec:\2b1931.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3sio3.exec:\3sio3.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
\??\c:\6a010.exec:\6a010.exe5⤵
-
\??\c:\2aj8r5.exec:\2aj8r5.exe6⤵
-
\??\c:\492s7.exec:\492s7.exe7⤵
-
\??\c:\6o16ar1.exec:\6o16ar1.exe8⤵
-
\??\c:\793oa.exec:\793oa.exe9⤵
-
\??\c:\957311.exec:\957311.exe10⤵
-
\??\c:\0f797.exec:\0f797.exe11⤵
-
\??\c:\akf7g.exec:\akf7g.exe12⤵
-
\??\c:\6i0848.exec:\6i0848.exe13⤵
-
\??\c:\5196e.exec:\5196e.exe14⤵
-
\??\c:\0uv1a5.exec:\0uv1a5.exe15⤵
-
\??\c:\r54e6an.exec:\r54e6an.exe16⤵
-
\??\c:\5564ad7.exec:\5564ad7.exe17⤵
-
\??\c:\86b6i.exec:\86b6i.exe18⤵
-
\??\c:\kr6mkg.exec:\kr6mkg.exe19⤵
-
\??\c:\wd937.exec:\wd937.exe20⤵
-
\??\c:\8x32cur.exec:\8x32cur.exe21⤵
-
\??\c:\35tpa5.exec:\35tpa5.exe22⤵
-
\??\c:\716r8.exec:\716r8.exe23⤵
-
\??\c:\i5727.exec:\i5727.exe24⤵
-
\??\c:\0g8lpg2.exec:\0g8lpg2.exe25⤵
-
\??\c:\2q17q56.exec:\2q17q56.exe26⤵
-
\??\c:\ftu74.exec:\ftu74.exe27⤵
-
\??\c:\smsv991.exec:\smsv991.exe28⤵
-
\??\c:\sw78i.exec:\sw78i.exe29⤵
-
\??\c:\4dq764i.exec:\4dq764i.exe30⤵
-
\??\c:\t1vsfc0.exec:\t1vsfc0.exe31⤵
-
\??\c:\709hc6i.exec:\709hc6i.exe32⤵
-
\??\c:\rs75751.exec:\rs75751.exe33⤵
-
\??\c:\g52p90.exec:\g52p90.exe34⤵
-
\??\c:\13617q.exec:\13617q.exe35⤵
-
\??\c:\m26oe63.exec:\m26oe63.exe36⤵
-
\??\c:\gtk2911.exec:\gtk2911.exe37⤵
-
\??\c:\11577.exec:\11577.exe38⤵
-
\??\c:\6t6nb1.exec:\6t6nb1.exe39⤵
-
\??\c:\99933.exec:\99933.exe40⤵
-
\??\c:\mmfpx5l.exec:\mmfpx5l.exe41⤵
-
\??\c:\9d481ts.exec:\9d481ts.exe42⤵
-
\??\c:\ugkw5.exec:\ugkw5.exe43⤵
-
\??\c:\94k950.exec:\94k950.exe44⤵
-
\??\c:\2o18w.exec:\2o18w.exe45⤵
-
\??\c:\99nt01b.exec:\99nt01b.exe46⤵
-
\??\c:\ofm697.exec:\ofm697.exe47⤵
-
\??\c:\ufjko68.exec:\ufjko68.exe48⤵
-
\??\c:\2eb30.exec:\2eb30.exe49⤵
-
\??\c:\4t2dh.exec:\4t2dh.exe50⤵
-
\??\c:\u5057.exec:\u5057.exe51⤵
-
\??\c:\omr53ww.exec:\omr53ww.exe52⤵
-
\??\c:\8a917q.exec:\8a917q.exe53⤵
-
\??\c:\se30ul.exec:\se30ul.exe54⤵
-
\??\c:\93eu9.exec:\93eu9.exe55⤵
-
\??\c:\xt122.exec:\xt122.exe56⤵
-
\??\c:\0g866q3.exec:\0g866q3.exe57⤵
-
\??\c:\v17w5.exec:\v17w5.exe58⤵
-
\??\c:\133795.exec:\133795.exe59⤵
-
\??\c:\0qjjrp7.exec:\0qjjrp7.exe60⤵
-
\??\c:\8vjk0c.exec:\8vjk0c.exe61⤵
-
\??\c:\h3ke596.exec:\h3ke596.exe62⤵
-
\??\c:\n88a9.exec:\n88a9.exe63⤵
-
\??\c:\957t1c.exec:\957t1c.exe64⤵
-
\??\c:\qo77a35.exec:\qo77a35.exe65⤵
-
\??\c:\f6v4c9.exec:\f6v4c9.exe66⤵
-
\??\c:\i5aeic5.exec:\i5aeic5.exe67⤵
-
\??\c:\2slmwk.exec:\2slmwk.exe68⤵
-
\??\c:\ach8cd4.exec:\ach8cd4.exe69⤵
-
\??\c:\kd5qq.exec:\kd5qq.exe70⤵
-
\??\c:\93378g.exec:\93378g.exe71⤵
-
\??\c:\4ksqqu.exec:\4ksqqu.exe72⤵
-
\??\c:\639x7am.exec:\639x7am.exe73⤵
-
\??\c:\82dw0.exec:\82dw0.exe74⤵
-
\??\c:\0mt577.exec:\0mt577.exe75⤵
-
\??\c:\0cl1sju.exec:\0cl1sju.exe76⤵
-
\??\c:\r0oe5mi.exec:\r0oe5mi.exe77⤵
-
\??\c:\ng37st3.exec:\ng37st3.exe78⤵
-
\??\c:\15s3113.exec:\15s3113.exe79⤵
-
\??\c:\4ih7u.exec:\4ih7u.exe80⤵
-
\??\c:\gcj92.exec:\gcj92.exe81⤵
-
\??\c:\pmjb31a.exec:\pmjb31a.exe82⤵
-
\??\c:\ks7cb35.exec:\ks7cb35.exe83⤵
-
\??\c:\2q31997.exec:\2q31997.exe84⤵
-
\??\c:\ewgaems.exec:\ewgaems.exe85⤵
-
\??\c:\7170un3.exec:\7170un3.exe86⤵
-
\??\c:\48ts92.exec:\48ts92.exe87⤵
-
\??\c:\go4a359.exec:\go4a359.exe88⤵
-
\??\c:\50m6sg9.exec:\50m6sg9.exe89⤵
-
\??\c:\2aomi7.exec:\2aomi7.exe90⤵
-
\??\c:\qu143.exec:\qu143.exe91⤵
-
\??\c:\12cp1c.exec:\12cp1c.exe92⤵
-
\??\c:\4if5ej5.exec:\4if5ej5.exe93⤵
-
\??\c:\4agka54.exec:\4agka54.exe94⤵
-
\??\c:\92955w.exec:\92955w.exe95⤵
-
\??\c:\268n3l.exec:\268n3l.exe96⤵
-
\??\c:\6iv9ix.exec:\6iv9ix.exe97⤵
-
\??\c:\wa38q.exec:\wa38q.exe98⤵
-
\??\c:\awp36s.exec:\awp36s.exe99⤵
-
\??\c:\50c3a9.exec:\50c3a9.exe100⤵
-
\??\c:\l94q71.exec:\l94q71.exe101⤵
-
\??\c:\x9a7k15.exec:\x9a7k15.exe102⤵
-
\??\c:\27cps.exec:\27cps.exe103⤵
-
\??\c:\4x30u3.exec:\4x30u3.exe104⤵
-
\??\c:\39570b.exec:\39570b.exe105⤵
-
\??\c:\793s75.exec:\793s75.exe106⤵
-
\??\c:\79u79.exec:\79u79.exe107⤵
-
\??\c:\75k70m.exec:\75k70m.exe108⤵
-
\??\c:\33w9h.exec:\33w9h.exe109⤵
-
\??\c:\0ij3k52.exec:\0ij3k52.exe110⤵
-
\??\c:\112864.exec:\112864.exe111⤵
-
\??\c:\89wnw.exec:\89wnw.exe112⤵
-
\??\c:\63559.exec:\63559.exe113⤵
-
\??\c:\8k530ud.exec:\8k530ud.exe114⤵
-
\??\c:\2u9os.exec:\2u9os.exe115⤵
-
\??\c:\a36ge.exec:\a36ge.exe116⤵
-
\??\c:\cp91io1.exec:\cp91io1.exe117⤵
-
\??\c:\4x21tf.exec:\4x21tf.exe118⤵
-
\??\c:\0k7p75w.exec:\0k7p75w.exe119⤵
-
\??\c:\2s3g1.exec:\2s3g1.exe120⤵
-
\??\c:\3ni3gj1.exec:\3ni3gj1.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-