Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
07/05/2024, 18:55
General
-
Target
04e85ca84fc0e7d49b3ad74c82c63810_NEAS.exe
-
Size
228KB
-
MD5
04e85ca84fc0e7d49b3ad74c82c63810
-
SHA1
8ceda241548906245ead9f4d74ba07809d7a5686
-
SHA256
64cc8920142782bc7e652c6034957767ad445a8557284a4a393f40640f6c02fe
-
SHA512
00c886c93e2aa8d7da324f535b6e9e4d9fb629d777821ee12179f32b24187a53925323a8649756966f51b66e521479dd6a9acaf5760e317fd63cf4ce5f744e56
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLn/cX:n3C9BRo7MlrWKo+lxKkX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\04e85ca84fc0e7d49b3ad74c82c63810_NEAS.exe"C:\Users\Admin\AppData\Local\Temp\04e85ca84fc0e7d49b3ad74c82c63810_NEAS.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpv.exec:\dvvpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xfxffl.exec:\1xfxffl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlxllx.exec:\xxlxllx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnthh.exec:\ttnthh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpj.exec:\ppjpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpdj.exec:\jjpdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlxfl.exec:\frrlxfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bththn.exec:\bththn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnnn.exec:\bbnnnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdj.exec:\dvpdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrrflr.exec:\3xrrflr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntthh.exec:\tntthh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tntbb.exec:\3tntbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjp.exec:\pdpjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjd.exec:\jjvjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxff.exec:\fxlrxff.exe17⤵
- Executes dropped EXE
-
\??\c:\bbbhnt.exec:\bbbhnt.exe18⤵
- Executes dropped EXE
-
\??\c:\hhthhn.exec:\hhthhn.exe19⤵
- Executes dropped EXE
-
\??\c:\ppdvp.exec:\ppdvp.exe20⤵
- Executes dropped EXE
-
\??\c:\xrflrfr.exec:\xrflrfr.exe21⤵
- Executes dropped EXE
-
\??\c:\rfrxlxf.exec:\rfrxlxf.exe22⤵
- Executes dropped EXE
-
\??\c:\hhnbnn.exec:\hhnbnn.exe23⤵
- Executes dropped EXE
-
\??\c:\7bnntt.exec:\7bnntt.exe24⤵
- Executes dropped EXE
-
\??\c:\vpvjv.exec:\vpvjv.exe25⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe26⤵
- Executes dropped EXE
-
\??\c:\lfffrxl.exec:\lfffrxl.exe27⤵
- Executes dropped EXE
-
\??\c:\1nbbhn.exec:\1nbbhn.exe28⤵
- Executes dropped EXE
-
\??\c:\1pjdj.exec:\1pjdj.exe29⤵
- Executes dropped EXE
-
\??\c:\7pjjv.exec:\7pjjv.exe30⤵
- Executes dropped EXE
-
\??\c:\rrflrxx.exec:\rrflrxx.exe31⤵
- Executes dropped EXE
-
\??\c:\5ffrxxl.exec:\5ffrxxl.exe32⤵
- Executes dropped EXE
-
\??\c:\frllrrx.exec:\frllrrx.exe33⤵
- Executes dropped EXE
-
\??\c:\nbbhtb.exec:\nbbhtb.exe34⤵
- Executes dropped EXE
-
\??\c:\tnhnhb.exec:\tnhnhb.exe35⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe36⤵
- Executes dropped EXE
-
\??\c:\5llrlrx.exec:\5llrlrx.exe37⤵
- Executes dropped EXE
-
\??\c:\rxlrxxl.exec:\rxlrxxl.exe38⤵
- Executes dropped EXE
-
\??\c:\hbnbtn.exec:\hbnbtn.exe39⤵
- Executes dropped EXE
-
\??\c:\nhnthn.exec:\nhnthn.exe40⤵
- Executes dropped EXE
-
\??\c:\dpdjd.exec:\dpdjd.exe41⤵
- Executes dropped EXE
-
\??\c:\pjvjp.exec:\pjvjp.exe42⤵
- Executes dropped EXE
-
\??\c:\frfxffl.exec:\frfxffl.exe43⤵
- Executes dropped EXE
-
\??\c:\ffrfrxf.exec:\ffrfrxf.exe44⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe45⤵
- Executes dropped EXE
-
\??\c:\7hbtbn.exec:\7hbtbn.exe46⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe47⤵
- Executes dropped EXE
-
\??\c:\jjdpv.exec:\jjdpv.exe48⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe49⤵
- Executes dropped EXE
-
\??\c:\flrxlrr.exec:\flrxlrr.exe50⤵
- Executes dropped EXE
-
\??\c:\rfllrrx.exec:\rfllrrx.exe51⤵
- Executes dropped EXE
-
\??\c:\hbhhnh.exec:\hbhhnh.exe52⤵
- Executes dropped EXE
-
\??\c:\pdjpv.exec:\pdjpv.exe53⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe54⤵
- Executes dropped EXE
-
\??\c:\7lxxrrl.exec:\7lxxrrl.exe55⤵
- Executes dropped EXE
-
\??\c:\rfxxllr.exec:\rfxxllr.exe56⤵
- Executes dropped EXE
-
\??\c:\nbnnnn.exec:\nbnnnn.exe57⤵
- Executes dropped EXE
-
\??\c:\nhtnbt.exec:\nhtnbt.exe58⤵
- Executes dropped EXE
-
\??\c:\tnbbhb.exec:\tnbbhb.exe59⤵
- Executes dropped EXE
-
\??\c:\5dvvv.exec:\5dvvv.exe60⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe61⤵
- Executes dropped EXE
-
\??\c:\7lffffl.exec:\7lffffl.exe62⤵
- Executes dropped EXE
-
\??\c:\rfrrrrf.exec:\rfrrrrf.exe63⤵
- Executes dropped EXE
-
\??\c:\htbttn.exec:\htbttn.exe64⤵
- Executes dropped EXE
-
\??\c:\7tbnnn.exec:\7tbnnn.exe65⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe66⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe67⤵
-
\??\c:\pdppp.exec:\pdppp.exe68⤵
-
\??\c:\1rxxxxl.exec:\1rxxxxl.exe69⤵
-
\??\c:\5htntt.exec:\5htntt.exe70⤵
-
\??\c:\bnbtbb.exec:\bnbtbb.exe71⤵
-
\??\c:\bntnnh.exec:\bntnnh.exe72⤵
-
\??\c:\1jddv.exec:\1jddv.exe73⤵
-
\??\c:\7xfxrll.exec:\7xfxrll.exe74⤵
-
\??\c:\1rrrlll.exec:\1rrrlll.exe75⤵
-
\??\c:\tnthhh.exec:\tnthhh.exe76⤵
-
\??\c:\nnhbnb.exec:\nnhbnb.exe77⤵
-
\??\c:\htbttt.exec:\htbttt.exe78⤵
-
\??\c:\3jjjp.exec:\3jjjp.exe79⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe80⤵
-
\??\c:\xxlxxlr.exec:\xxlxxlr.exe81⤵
-
\??\c:\lfrlrxr.exec:\lfrlrxr.exe82⤵
-
\??\c:\xxlrrll.exec:\xxlrrll.exe83⤵
-
\??\c:\hthttn.exec:\hthttn.exe84⤵
-
\??\c:\tthtbb.exec:\tthtbb.exe85⤵
-
\??\c:\pjddj.exec:\pjddj.exe86⤵
-
\??\c:\7vppd.exec:\7vppd.exe87⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe88⤵
-
\??\c:\lxxxrlr.exec:\lxxxrlr.exe89⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe90⤵
-
\??\c:\ttnhtb.exec:\ttnhtb.exe91⤵
-
\??\c:\bthhtb.exec:\bthhtb.exe92⤵
-
\??\c:\5vddd.exec:\5vddd.exe93⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe94⤵
-
\??\c:\lrxrrlr.exec:\lrxrrlr.exe95⤵
-
\??\c:\1lxrffr.exec:\1lxrffr.exe96⤵
-
\??\c:\tnbhnb.exec:\tnbhnb.exe97⤵
-
\??\c:\tnbbhb.exec:\tnbbhb.exe98⤵
-
\??\c:\vvppv.exec:\vvppv.exe99⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe100⤵
-
\??\c:\pjddj.exec:\pjddj.exe101⤵
-
\??\c:\7rxlfrr.exec:\7rxlfrr.exe102⤵
-
\??\c:\xlrllxf.exec:\xlrllxf.exe103⤵
-
\??\c:\tnttth.exec:\tnttth.exe104⤵
-
\??\c:\7bbnhb.exec:\7bbnhb.exe105⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe106⤵
-
\??\c:\5jvjd.exec:\5jvjd.exe107⤵
-
\??\c:\dpvdj.exec:\dpvdj.exe108⤵
-
\??\c:\rlxrllx.exec:\rlxrllx.exe109⤵
-
\??\c:\frxxffl.exec:\frxxffl.exe110⤵
-
\??\c:\hbtnnh.exec:\hbtnnh.exe111⤵
-
\??\c:\nbbnhh.exec:\nbbnhh.exe112⤵
-
\??\c:\1nbbtt.exec:\1nbbtt.exe113⤵
-
\??\c:\jvddd.exec:\jvddd.exe114⤵
-
\??\c:\1dppj.exec:\1dppj.exe115⤵
-
\??\c:\rfrflfx.exec:\rfrflfx.exe116⤵
-
\??\c:\3ffxxxx.exec:\3ffxxxx.exe117⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe118⤵
-
\??\c:\7thbtn.exec:\7thbtn.exe119⤵
-
\??\c:\hthhtt.exec:\hthhtt.exe120⤵
-
\??\c:\5djdd.exec:\5djdd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-