Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
65s -
max time network
80s -
platform
windows10-2004_x64 -
resource
win10v2004-20231025-en -
resource tags
-
submitted
18/11/2023, 06:47
General
-
Target
NEAS.7d495cfa46da01675ec7c0ffaf7aa6f0.exe
-
Size
79KB
-
MD5
7d495cfa46da01675ec7c0ffaf7aa6f0
-
SHA1
cfad90c16b64867619a85c6c79fbb16b91770182
-
SHA256
275626e57c65a72d6e50a4b07a7282b0ee4d88bae0cfe2555a1c897ae55d8db3
-
SHA512
e6edae30858f0000dcc5b492e62890ed5ef957f9427d6edb963ab1cac79eadc69e3d06cbfbcebc444badcff2a92f203e33978b943f0563cf21d38dc8598d0964
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWekMCKeILsLiq+avrHs:ymb3NkkiQ3mdBjFIWeU8pSrM
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 50 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.7d495cfa46da01675ec7c0ffaf7aa6f0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.7d495cfa46da01675ec7c0ffaf7aa6f0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ug7s36.exec:\ug7s36.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\74v15.exec:\74v15.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4qkmqg.exec:\4qkmqg.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nu5cw.exec:\nu5cw.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\35gu5.exec:\35gu5.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6r4o93.exec:\6r4o93.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r7gx92.exec:\r7gx92.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0o1wem.exec:\0o1wem.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s9177kb.exec:\s9177kb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\swwou.exec:\swwou.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\so54q74.exec:\so54q74.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ah9at6i.exec:\ah9at6i.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l176w.exec:\l176w.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gih9e9.exec:\gih9e9.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3qi7128.exec:\3qi7128.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3e7i7i.exec:\3e7i7i.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9t93u.exec:\9t93u.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3e94uc.exec:\3e94uc.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\818omo.exec:\818omo.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4jev7.exec:\4jev7.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8h98ab.exec:\8h98ab.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gcir11.exec:\gcir11.exe23⤵
- Executes dropped EXE
-
\??\c:\157m7.exec:\157m7.exe24⤵
- Executes dropped EXE
-
\??\c:\19n315.exec:\19n315.exe25⤵
- Executes dropped EXE
-
\??\c:\e22e22.exec:\e22e22.exe26⤵
- Executes dropped EXE
-
\??\c:\59159m.exec:\59159m.exe27⤵
- Executes dropped EXE
-
\??\c:\ne9qbq.exec:\ne9qbq.exe28⤵
- Executes dropped EXE
-
\??\c:\x9s757e.exec:\x9s757e.exe29⤵
- Executes dropped EXE
-
\??\c:\1wl6x1.exec:\1wl6x1.exe30⤵
- Executes dropped EXE
-
\??\c:\eqiosoe.exec:\eqiosoe.exe31⤵
- Executes dropped EXE
-
\??\c:\8lp4lb4.exec:\8lp4lb4.exe32⤵
- Executes dropped EXE
-
\??\c:\ev14mv.exec:\ev14mv.exe33⤵
- Executes dropped EXE
-
\??\c:\qj52kd.exec:\qj52kd.exe34⤵
- Executes dropped EXE
-
\??\c:\qf4b0.exec:\qf4b0.exe35⤵
- Executes dropped EXE
-
\??\c:\ki12x1.exec:\ki12x1.exe36⤵
- Executes dropped EXE
-
\??\c:\0qv9w99.exec:\0qv9w99.exe37⤵
- Executes dropped EXE
-
\??\c:\p2935.exec:\p2935.exe38⤵
- Executes dropped EXE
-
\??\c:\nqwacu.exec:\nqwacu.exe39⤵
- Executes dropped EXE
-
\??\c:\0wd5ioq.exec:\0wd5ioq.exe40⤵
- Executes dropped EXE
-
\??\c:\4ueceo1.exec:\4ueceo1.exe41⤵
- Executes dropped EXE
-
\??\c:\12nse.exec:\12nse.exe42⤵
- Executes dropped EXE
-
\??\c:\2b52k.exec:\2b52k.exe43⤵
- Executes dropped EXE
-
\??\c:\61cc76.exec:\61cc76.exe44⤵
- Executes dropped EXE
-
\??\c:\174n7.exec:\174n7.exe45⤵
- Executes dropped EXE
-
\??\c:\6gqegui.exec:\6gqegui.exe46⤵
- Executes dropped EXE
-
\??\c:\n05q3.exec:\n05q3.exe47⤵
- Executes dropped EXE
-
\??\c:\99md3gv.exec:\99md3gv.exe48⤵
- Executes dropped EXE
-
\??\c:\13754r1.exec:\13754r1.exe49⤵
- Executes dropped EXE
-
\??\c:\51q191.exec:\51q191.exe50⤵
- Executes dropped EXE
-
\??\c:\37975.exec:\37975.exe51⤵
- Executes dropped EXE
-
\??\c:\jj8gn.exec:\jj8gn.exe52⤵
- Executes dropped EXE
-
\??\c:\gul13.exec:\gul13.exe53⤵
- Executes dropped EXE
-
\??\c:\2v425w3.exec:\2v425w3.exe54⤵
- Executes dropped EXE
-
\??\c:\oss3g3u.exec:\oss3g3u.exe55⤵
- Executes dropped EXE
-
\??\c:\n8ggm.exec:\n8ggm.exe56⤵
- Executes dropped EXE
-
\??\c:\9b9753.exec:\9b9753.exe57⤵
- Executes dropped EXE
-
\??\c:\k58v0.exec:\k58v0.exe58⤵
- Executes dropped EXE
-
\??\c:\e5553.exec:\e5553.exe59⤵
- Executes dropped EXE
-
\??\c:\gmj5q1.exec:\gmj5q1.exe60⤵
- Executes dropped EXE
-
\??\c:\ap51512.exec:\ap51512.exe61⤵
- Executes dropped EXE
-
\??\c:\4ai1ss.exec:\4ai1ss.exe62⤵
- Executes dropped EXE
-
\??\c:\f8g38n.exec:\f8g38n.exe63⤵
- Executes dropped EXE
-
\??\c:\9175533.exec:\9175533.exe64⤵
- Executes dropped EXE
-
\??\c:\4771d.exec:\4771d.exe65⤵
- Executes dropped EXE
-
\??\c:\r94d54.exec:\r94d54.exe66⤵
-
\??\c:\5xm5t.exec:\5xm5t.exe67⤵
-
\??\c:\sv1ii.exec:\sv1ii.exe68⤵
-
\??\c:\1k536um.exec:\1k536um.exe69⤵
-
\??\c:\vd8u3g9.exec:\vd8u3g9.exe70⤵
-
\??\c:\r6mg59h.exec:\r6mg59h.exe71⤵
-
\??\c:\8u75q.exec:\8u75q.exe72⤵
-
\??\c:\4l1od.exec:\4l1od.exe73⤵
-
\??\c:\981755.exec:\981755.exe74⤵
-
\??\c:\gqesiq.exec:\gqesiq.exe75⤵
-
\??\c:\rhuemi.exec:\rhuemi.exe76⤵
-
\??\c:\27811.exec:\27811.exe77⤵
-
\??\c:\2q155.exec:\2q155.exe78⤵
-
\??\c:\j4915gb.exec:\j4915gb.exe79⤵
-
\??\c:\m32e4qa.exec:\m32e4qa.exe80⤵
-
\??\c:\smsgw.exec:\smsgw.exe81⤵
-
\??\c:\g5qi3.exec:\g5qi3.exe82⤵
-
\??\c:\3197975.exec:\3197975.exe83⤵
-
\??\c:\8mb36.exec:\8mb36.exe84⤵
-
\??\c:\4u9551m.exec:\4u9551m.exe85⤵
-
\??\c:\825n7.exec:\825n7.exe86⤵
-
\??\c:\p551c.exec:\p551c.exe87⤵
-
\??\c:\b0uf94j.exec:\b0uf94j.exe88⤵
-
\??\c:\85aea3.exec:\85aea3.exe89⤵
-
\??\c:\ts14uam.exec:\ts14uam.exe90⤵
-
\??\c:\evb68.exec:\evb68.exe91⤵
-
\??\c:\19uusm.exec:\19uusm.exe92⤵
-
\??\c:\sp7kx.exec:\sp7kx.exe93⤵
-
\??\c:\il38p3.exec:\il38p3.exe94⤵
-
\??\c:\2e32a.exec:\2e32a.exe95⤵
-
\??\c:\b337m.exec:\b337m.exe96⤵
-
\??\c:\f9c7qk.exec:\f9c7qk.exe97⤵
-
\??\c:\990c9.exec:\990c9.exe98⤵
-
\??\c:\ab6a70.exec:\ab6a70.exe99⤵
-
\??\c:\ia995.exec:\ia995.exe100⤵
-
\??\c:\incoqiu.exec:\incoqiu.exe101⤵
-
\??\c:\1919kaq.exec:\1919kaq.exe102⤵
-
\??\c:\c542pct.exec:\c542pct.exe103⤵
-
\??\c:\qx3gl.exec:\qx3gl.exe104⤵
-
\??\c:\qn375ge.exec:\qn375ge.exe105⤵
-
\??\c:\59moa.exec:\59moa.exe106⤵
-
\??\c:\qb1377.exec:\qb1377.exe107⤵
-
\??\c:\mc599kk.exec:\mc599kk.exe108⤵
-
\??\c:\17md1.exec:\17md1.exe109⤵
-
\??\c:\qbh0q.exec:\qbh0q.exe110⤵
-
\??\c:\cc57b3.exec:\cc57b3.exe111⤵
-
\??\c:\1779177.exec:\1779177.exe112⤵
-
\??\c:\x96b3.exec:\x96b3.exe113⤵
-
\??\c:\142775.exec:\142775.exe114⤵
-
\??\c:\64lh2k.exec:\64lh2k.exe115⤵
-
\??\c:\g78eu1.exec:\g78eu1.exe116⤵
-
\??\c:\c62sk.exec:\c62sk.exe117⤵
-
\??\c:\eex0sr.exec:\eex0sr.exe118⤵
-
\??\c:\6h98qsi.exec:\6h98qsi.exe119⤵
-
\??\c:\3keuqk.exec:\3keuqk.exe120⤵
-
\??\c:\57gkqa.exec:\57gkqa.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-