Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
07/05/2024, 11:18
General
-
Target
55f561719d8c1c230446d304a8dc6cc0_NEAS.exe
-
Size
463KB
-
MD5
55f561719d8c1c230446d304a8dc6cc0
-
SHA1
3acd91b33e23f8e46f8a52bc0192b16d402d9cb3
-
SHA256
b04619375c603a0087c03cfd14994081818487f7b1d685d18e68820da7b9d335
-
SHA512
b8750ca9980cc0750f9a724301b65955e958f5693310f2261dc3358efbd5b99d6b46927678c3c2725434ae9bfaf62c9b6a9027dda8d85f0d58240515cc10045a
-
SSDEEP
12288:J4wFHoSTeR0oQRkay+eFp3IDvSbh5nPVP+OKaf1V9:VeR0oykayRFp3lztP+OKaf1V9
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Malware Dropper & Backdoor - Berbew 64 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\55f561719d8c1c230446d304a8dc6cc0_NEAS.exe"C:\Users\Admin\AppData\Local\Temp\55f561719d8c1c230446d304a8dc6cc0_NEAS.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbhb.exec:\bbhbhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rfxflx.exec:\5rfxflx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdjp.exec:\7pdjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvdv.exec:\vjvdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbbb.exec:\tnbbbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppd.exec:\jdppd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxflfl.exec:\xlxflfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvv.exec:\pjpvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrxff.exec:\ffrrxff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnt.exec:\bntnnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjp.exec:\pdpjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxxlr.exec:\fxlxxlr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppv.exec:\ddppv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdp.exec:\pdvdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rflxlr.exec:\7rflxlr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbthh.exec:\htbthh.exe17⤵
- Executes dropped EXE
-
\??\c:\3djjv.exec:\3djjv.exe18⤵
- Executes dropped EXE
-
\??\c:\rflffff.exec:\rflffff.exe19⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe20⤵
- Executes dropped EXE
-
\??\c:\pdpjj.exec:\pdpjj.exe21⤵
- Executes dropped EXE
-
\??\c:\lflffxr.exec:\lflffxr.exe22⤵
- Executes dropped EXE
-
\??\c:\btbthh.exec:\btbthh.exe23⤵
- Executes dropped EXE
-
\??\c:\5vdvp.exec:\5vdvp.exe24⤵
- Executes dropped EXE
-
\??\c:\lxllrlr.exec:\lxllrlr.exe25⤵
- Executes dropped EXE
-
\??\c:\3dvvd.exec:\3dvvd.exe26⤵
- Executes dropped EXE
-
\??\c:\flrxfrr.exec:\flrxfrr.exe27⤵
- Executes dropped EXE
-
\??\c:\nhthnn.exec:\nhthnn.exe28⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe29⤵
- Executes dropped EXE
-
\??\c:\7xlflxx.exec:\7xlflxx.exe30⤵
- Executes dropped EXE
-
\??\c:\hbtbht.exec:\hbtbht.exe31⤵
- Executes dropped EXE
-
\??\c:\pvjpv.exec:\pvjpv.exe32⤵
- Executes dropped EXE
-
\??\c:\lrxflll.exec:\lrxflll.exe33⤵
- Executes dropped EXE
-
\??\c:\hbnthn.exec:\hbnthn.exe34⤵
- Executes dropped EXE
-
\??\c:\vvpvp.exec:\vvpvp.exe35⤵
- Executes dropped EXE
-
\??\c:\rfxrxfx.exec:\rfxrxfx.exe36⤵
- Executes dropped EXE
-
\??\c:\fxfffxf.exec:\fxfffxf.exe37⤵
- Executes dropped EXE
-
\??\c:\thbbhb.exec:\thbbhb.exe38⤵
- Executes dropped EXE
-
\??\c:\9jvpv.exec:\9jvpv.exe39⤵
- Executes dropped EXE
-
\??\c:\7llxllr.exec:\7llxllr.exe40⤵
- Executes dropped EXE
-
\??\c:\llxlfxl.exec:\llxlfxl.exe41⤵
- Executes dropped EXE
-
\??\c:\1htbht.exec:\1htbht.exe42⤵
- Executes dropped EXE
-
\??\c:\dvvvd.exec:\dvvvd.exe43⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe44⤵
- Executes dropped EXE
-
\??\c:\lxrffrx.exec:\lxrffrx.exe45⤵
- Executes dropped EXE
-
\??\c:\nbttbb.exec:\nbttbb.exe46⤵
- Executes dropped EXE
-
\??\c:\bhntht.exec:\bhntht.exe47⤵
- Executes dropped EXE
-
\??\c:\pdpvv.exec:\pdpvv.exe48⤵
- Executes dropped EXE
-
\??\c:\ffxlxxl.exec:\ffxlxxl.exe49⤵
- Executes dropped EXE
-
\??\c:\btbbtb.exec:\btbbtb.exe50⤵
- Executes dropped EXE
-
\??\c:\hhbnht.exec:\hhbnht.exe51⤵
- Executes dropped EXE
-
\??\c:\3jjvv.exec:\3jjvv.exe52⤵
- Executes dropped EXE
-
\??\c:\5fxflfl.exec:\5fxflfl.exe53⤵
- Executes dropped EXE
-
\??\c:\9lfxxrr.exec:\9lfxxrr.exe54⤵
- Executes dropped EXE
-
\??\c:\hbtbnn.exec:\hbtbnn.exe55⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe56⤵
- Executes dropped EXE
-
\??\c:\xlflflx.exec:\xlflflx.exe57⤵
- Executes dropped EXE
-
\??\c:\hbnnhn.exec:\hbnnhn.exe58⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe59⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe60⤵
- Executes dropped EXE
-
\??\c:\lxxxflx.exec:\lxxxflx.exe61⤵
- Executes dropped EXE
-
\??\c:\thhnhn.exec:\thhnhn.exe62⤵
- Executes dropped EXE
-
\??\c:\jpdpj.exec:\jpdpj.exe63⤵
- Executes dropped EXE
-
\??\c:\7dvdv.exec:\7dvdv.exe64⤵
- Executes dropped EXE
-
\??\c:\xxxflxf.exec:\xxxflxf.exe65⤵
- Executes dropped EXE
-
\??\c:\hhhtht.exec:\hhhtht.exe66⤵
-
\??\c:\tbtnhh.exec:\tbtnhh.exe67⤵
-
\??\c:\1jvdd.exec:\1jvdd.exe68⤵
-
\??\c:\xrfrxlx.exec:\xrfrxlx.exe69⤵
-
\??\c:\btnntn.exec:\btnntn.exe70⤵
-
\??\c:\nbthbh.exec:\nbthbh.exe71⤵
-
\??\c:\jvppd.exec:\jvppd.exe72⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe73⤵
-
\??\c:\fxrlrlx.exec:\fxrlrlx.exe74⤵
-
\??\c:\5tnnhh.exec:\5tnnhh.exe75⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe76⤵
-
\??\c:\vjppv.exec:\vjppv.exe77⤵
-
\??\c:\rllrffr.exec:\rllrffr.exe78⤵
-
\??\c:\3btthn.exec:\3btthn.exe79⤵
-
\??\c:\hthhnn.exec:\hthhnn.exe80⤵
-
\??\c:\vppvj.exec:\vppvj.exe81⤵
-
\??\c:\frflrrx.exec:\frflrrx.exe82⤵
-
\??\c:\rfflxxf.exec:\rfflxxf.exe83⤵
-
\??\c:\7tbbhn.exec:\7tbbhn.exe84⤵
-
\??\c:\jdppv.exec:\jdppv.exe85⤵
-
\??\c:\1fxxlrl.exec:\1fxxlrl.exe86⤵
-
\??\c:\hhhtnt.exec:\hhhtnt.exe87⤵
-
\??\c:\nnnbhh.exec:\nnnbhh.exe88⤵
-
\??\c:\3vvvj.exec:\3vvvj.exe89⤵
-
\??\c:\rrlrflr.exec:\rrlrflr.exe90⤵
-
\??\c:\frllrrx.exec:\frllrrx.exe91⤵
-
\??\c:\tbhhnt.exec:\tbhhnt.exe92⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe93⤵
-
\??\c:\lxfxxxf.exec:\lxfxxxf.exe94⤵
-
\??\c:\lxxfxxr.exec:\lxxfxxr.exe95⤵
-
\??\c:\hnnbth.exec:\hnnbth.exe96⤵
-
\??\c:\vddpp.exec:\vddpp.exe97⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe98⤵
-
\??\c:\rfrllfl.exec:\rfrllfl.exe99⤵
-
\??\c:\nnnhtt.exec:\nnnhtt.exe100⤵
-
\??\c:\vvppv.exec:\vvppv.exe101⤵
-
\??\c:\pdppp.exec:\pdppp.exe102⤵
-
\??\c:\xxrrflr.exec:\xxrrflr.exe103⤵
-
\??\c:\hhbbhh.exec:\hhbbhh.exe104⤵
-
\??\c:\9pdjp.exec:\9pdjp.exe105⤵
-
\??\c:\3pjvv.exec:\3pjvv.exe106⤵
-
\??\c:\ffrfxff.exec:\ffrfxff.exe107⤵
-
\??\c:\tnhnbn.exec:\tnhnbn.exe108⤵
-
\??\c:\tnhhnt.exec:\tnhhnt.exe109⤵
-
\??\c:\djvdv.exec:\djvdv.exe110⤵
-
\??\c:\xrrflrl.exec:\xrrflrl.exe111⤵
-
\??\c:\xrlrxrx.exec:\xrlrxrx.exe112⤵
-
\??\c:\tnbhbb.exec:\tnbhbb.exe113⤵
-
\??\c:\dpvdp.exec:\dpvdp.exe114⤵
-
\??\c:\llflffr.exec:\llflffr.exe115⤵
-
\??\c:\5nnhbt.exec:\5nnhbt.exe116⤵
-
\??\c:\bhthnh.exec:\bhthnh.exe117⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe118⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe119⤵
-
\??\c:\tttbnb.exec:\tttbnb.exe120⤵
-
\??\c:\5pjjp.exec:\5pjjp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-