Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
07/05/2024, 14:06
General
-
Target
b32243da2822ead3b36bd8bafc7072d0_NEAS.exe
-
Size
82KB
-
MD5
b32243da2822ead3b36bd8bafc7072d0
-
SHA1
1a098c8765ea939579f10bb7138b75924adf319f
-
SHA256
9ee28a5943547a5740f75427b869e4a3bf2888df89b71bbadbbf06d9969ec28b
-
SHA512
9bca1009d3ba289957c1cfc04f3ec1501cc20f1ad99296c6deb8b1b0694c46492bb89269d8a0c2204fba6dedf907bae93ef6725cc2909b7a3904792e12be02d5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JkZPsvg:ymb3NkkiQ3mdBjFIWeFGyA9PJ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b32243da2822ead3b36bd8bafc7072d0_NEAS.exe"C:\Users\Admin\AppData\Local\Temp\b32243da2822ead3b36bd8bafc7072d0_NEAS.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhtbt.exec:\3nhtbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbntb.exec:\thbntb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjj.exec:\dvvjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jdpd.exec:\5jdpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlxfxl.exec:\rxlxfxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnthnh.exec:\tnthnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbth.exec:\hnnbth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdj.exec:\dppdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrfrlr.exec:\rxrfrlr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththtn.exec:\ththtn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpdj.exec:\pdpdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvp.exec:\ppjvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrfxlx.exec:\xlrfxlx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnbt.exec:\tnbnbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tthtn.exec:\7tthtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpdp.exec:\djpdp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrfxl.exec:\xlfrfxl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrxrf.exec:\xlfrxrf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbth.exec:\nhnbth.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdj.exec:\jdpdj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvjd.exec:\9dvjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxfrfr.exec:\xxxfrfr.exe23⤵
- Executes dropped EXE
-
\??\c:\tnhtht.exec:\tnhtht.exe24⤵
- Executes dropped EXE
-
\??\c:\htnthb.exec:\htnthb.exe25⤵
- Executes dropped EXE
-
\??\c:\vjvjv.exec:\vjvjv.exe26⤵
- Executes dropped EXE
-
\??\c:\9dpdj.exec:\9dpdj.exe27⤵
- Executes dropped EXE
-
\??\c:\rfrflfl.exec:\rfrflfl.exe28⤵
- Executes dropped EXE
-
\??\c:\hnhbnh.exec:\hnhbnh.exe29⤵
- Executes dropped EXE
-
\??\c:\1tnbht.exec:\1tnbht.exe30⤵
- Executes dropped EXE
-
\??\c:\pjjvp.exec:\pjjvp.exe31⤵
- Executes dropped EXE
-
\??\c:\pvpdj.exec:\pvpdj.exe32⤵
- Executes dropped EXE
-
\??\c:\llflfxl.exec:\llflfxl.exe33⤵
- Executes dropped EXE
-
\??\c:\nhnbnb.exec:\nhnbnb.exe34⤵
- Executes dropped EXE
-
\??\c:\nnhthb.exec:\nnhthb.exe35⤵
- Executes dropped EXE
-
\??\c:\vdpdj.exec:\vdpdj.exe36⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe37⤵
- Executes dropped EXE
-
\??\c:\rxlfrlf.exec:\rxlfrlf.exe38⤵
- Executes dropped EXE
-
\??\c:\xrfrllx.exec:\xrfrllx.exe39⤵
- Executes dropped EXE
-
\??\c:\bnhtnb.exec:\bnhtnb.exe40⤵
- Executes dropped EXE
-
\??\c:\ntntnb.exec:\ntntnb.exe41⤵
- Executes dropped EXE
-
\??\c:\vjdjv.exec:\vjdjv.exe42⤵
- Executes dropped EXE
-
\??\c:\frrfrlx.exec:\frrfrlx.exe43⤵
- Executes dropped EXE
-
\??\c:\flxllrx.exec:\flxllrx.exe44⤵
- Executes dropped EXE
-
\??\c:\bnnhbb.exec:\bnnhbb.exe45⤵
- Executes dropped EXE
-
\??\c:\5vppv.exec:\5vppv.exe46⤵
- Executes dropped EXE
-
\??\c:\vdppp.exec:\vdppp.exe47⤵
- Executes dropped EXE
-
\??\c:\rflffff.exec:\rflffff.exe48⤵
- Executes dropped EXE
-
\??\c:\xrlfrlf.exec:\xrlfrlf.exe49⤵
- Executes dropped EXE
-
\??\c:\frxlxrl.exec:\frxlxrl.exe50⤵
- Executes dropped EXE
-
\??\c:\bnhnnh.exec:\bnhnnh.exe51⤵
- Executes dropped EXE
-
\??\c:\tbbnbn.exec:\tbbnbn.exe52⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe53⤵
- Executes dropped EXE
-
\??\c:\jvjdp.exec:\jvjdp.exe54⤵
- Executes dropped EXE
-
\??\c:\xrrxxrf.exec:\xrrxxrf.exe55⤵
- Executes dropped EXE
-
\??\c:\rxlrffx.exec:\rxlrffx.exe56⤵
- Executes dropped EXE
-
\??\c:\btnbnh.exec:\btnbnh.exe57⤵
- Executes dropped EXE
-
\??\c:\bbbbbb.exec:\bbbbbb.exe58⤵
- Executes dropped EXE
-
\??\c:\9pdjv.exec:\9pdjv.exe59⤵
- Executes dropped EXE
-
\??\c:\jvvjp.exec:\jvvjp.exe60⤵
- Executes dropped EXE
-
\??\c:\frfrfxr.exec:\frfrfxr.exe61⤵
- Executes dropped EXE
-
\??\c:\rllllxx.exec:\rllllxx.exe62⤵
- Executes dropped EXE
-
\??\c:\btbtth.exec:\btbtth.exe63⤵
- Executes dropped EXE
-
\??\c:\hbthtn.exec:\hbthtn.exe64⤵
- Executes dropped EXE
-
\??\c:\dpjvd.exec:\dpjvd.exe65⤵
- Executes dropped EXE
-
\??\c:\jvpdp.exec:\jvpdp.exe66⤵
-
\??\c:\fffrlxl.exec:\fffrlxl.exe67⤵
-
\??\c:\1lxrxrx.exec:\1lxrxrx.exe68⤵
-
\??\c:\fffrfxx.exec:\fffrfxx.exe69⤵
-
\??\c:\nnnhtn.exec:\nnnhtn.exe70⤵
-
\??\c:\hnhtht.exec:\hnhtht.exe71⤵
-
\??\c:\pppjj.exec:\pppjj.exe72⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe73⤵
-
\??\c:\lrrflrr.exec:\lrrflrr.exe74⤵
-
\??\c:\bnhbnh.exec:\bnhbnh.exe75⤵
-
\??\c:\htnbnb.exec:\htnbnb.exe76⤵
-
\??\c:\5dvjp.exec:\5dvjp.exe77⤵
-
\??\c:\pddjp.exec:\pddjp.exe78⤵
-
\??\c:\3xxlrlx.exec:\3xxlrlx.exe79⤵
-
\??\c:\rfrflfr.exec:\rfrflfr.exe80⤵
-
\??\c:\bhbtnb.exec:\bhbtnb.exe81⤵
-
\??\c:\3nnbnh.exec:\3nnbnh.exe82⤵
-
\??\c:\vjvjp.exec:\vjvjp.exe83⤵
-
\??\c:\vdjvj.exec:\vdjvj.exe84⤵
-
\??\c:\5ppvd.exec:\5ppvd.exe85⤵
-
\??\c:\rxlfxlf.exec:\rxlfxlf.exe86⤵
-
\??\c:\hthnht.exec:\hthnht.exe87⤵
-
\??\c:\bnhnhb.exec:\bnhnhb.exe88⤵
-
\??\c:\nbbnbt.exec:\nbbnbt.exe89⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe90⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe91⤵
-
\??\c:\rxrflfr.exec:\rxrflfr.exe92⤵
-
\??\c:\nhbthb.exec:\nhbthb.exe93⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe94⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe95⤵
-
\??\c:\3xxlrxl.exec:\3xxlrxl.exe96⤵
-
\??\c:\xffrfxl.exec:\xffrfxl.exe97⤵
-
\??\c:\9btnbb.exec:\9btnbb.exe98⤵
-
\??\c:\ntbtbt.exec:\ntbtbt.exe99⤵
-
\??\c:\5hthth.exec:\5hthth.exe100⤵
-
\??\c:\vppjp.exec:\vppjp.exe101⤵
-
\??\c:\7rrxfxl.exec:\7rrxfxl.exe102⤵
-
\??\c:\3flrlxl.exec:\3flrlxl.exe103⤵
-
\??\c:\9hhtnn.exec:\9hhtnn.exe104⤵
-
\??\c:\1pjvv.exec:\1pjvv.exe105⤵
-
\??\c:\lfxlxrl.exec:\lfxlxrl.exe106⤵
-
\??\c:\9rrlxrf.exec:\9rrlxrf.exe107⤵
-
\??\c:\hthbnh.exec:\hthbnh.exe108⤵
-
\??\c:\nnbbbb.exec:\nnbbbb.exe109⤵
-
\??\c:\vjdpv.exec:\vjdpv.exe110⤵
-
\??\c:\rfrxxlf.exec:\rfrxxlf.exe111⤵
-
\??\c:\fffrfrf.exec:\fffrfrf.exe112⤵
-
\??\c:\7bthtn.exec:\7bthtn.exe113⤵
-
\??\c:\nbbnnb.exec:\nbbnnb.exe114⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe115⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe116⤵
-
\??\c:\lrlxlfr.exec:\lrlxlfr.exe117⤵
-
\??\c:\thttbn.exec:\thttbn.exe118⤵
-
\??\c:\9hbnnb.exec:\9hbnnb.exe119⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe120⤵
-
\??\c:\pvpdp.exec:\pvpdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-