Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
07/05/2024, 18:55
General
-
Target
04e85ca84fc0e7d49b3ad74c82c63810_NEAS.exe
-
Size
228KB
-
MD5
04e85ca84fc0e7d49b3ad74c82c63810
-
SHA1
8ceda241548906245ead9f4d74ba07809d7a5686
-
SHA256
64cc8920142782bc7e652c6034957767ad445a8557284a4a393f40640f6c02fe
-
SHA512
00c886c93e2aa8d7da324f535b6e9e4d9fb629d777821ee12179f32b24187a53925323a8649756966f51b66e521479dd6a9acaf5760e317fd63cf4ce5f744e56
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLn/cX:n3C9BRo7MlrWKo+lxKkX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\04e85ca84fc0e7d49b3ad74c82c63810_NEAS.exe"C:\Users\Admin\AppData\Local\Temp\04e85ca84fc0e7d49b3ad74c82c63810_NEAS.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7flxrrr.exec:\7flxrrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnnh.exec:\tttnnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddv.exec:\jvddv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthtnn.exec:\nthtnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlfxx.exec:\xlrlfxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhtn.exec:\btnhtn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rlxlrf.exec:\5rlxlrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhnt.exec:\bbhhnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jpjp.exec:\1jpjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxxxx.exec:\lffxxxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbtnh.exec:\1bbtnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxffl.exec:\fffxffl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxrrr.exec:\fffxrrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbttn.exec:\7tbttn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdd.exec:\vpjdd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbb.exec:\nhnhbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvpj.exec:\1dvpj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbbb.exec:\tnhbbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrlrr.exec:\flrrlrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnhb.exec:\nnnnhb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdpj.exec:\jpdpj.exe23⤵
- Executes dropped EXE
-
\??\c:\rfrllff.exec:\rfrllff.exe24⤵
- Executes dropped EXE
-
\??\c:\nhhnhh.exec:\nhhnhh.exe25⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe26⤵
- Executes dropped EXE
-
\??\c:\rrllrlr.exec:\rrllrlr.exe27⤵
- Executes dropped EXE
-
\??\c:\nttnnh.exec:\nttnnh.exe28⤵
- Executes dropped EXE
-
\??\c:\7rrlffx.exec:\7rrlffx.exe29⤵
- Executes dropped EXE
-
\??\c:\hnthbt.exec:\hnthbt.exe30⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe31⤵
- Executes dropped EXE
-
\??\c:\ddvjd.exec:\ddvjd.exe32⤵
- Executes dropped EXE
-
\??\c:\nbtttt.exec:\nbtttt.exe33⤵
- Executes dropped EXE
-
\??\c:\7jjdd.exec:\7jjdd.exe34⤵
- Executes dropped EXE
-
\??\c:\lfxrlff.exec:\lfxrlff.exe35⤵
- Executes dropped EXE
-
\??\c:\bthbtn.exec:\bthbtn.exe36⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe37⤵
- Executes dropped EXE
-
\??\c:\3rflffr.exec:\3rflffr.exe38⤵
- Executes dropped EXE
-
\??\c:\tbhhnb.exec:\tbhhnb.exe39⤵
- Executes dropped EXE
-
\??\c:\nbbhbh.exec:\nbbhbh.exe40⤵
-
\??\c:\djpjd.exec:\djpjd.exe41⤵
- Executes dropped EXE
-
\??\c:\5frlffl.exec:\5frlffl.exe42⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe43⤵
- Executes dropped EXE
-
\??\c:\ddjpj.exec:\ddjpj.exe44⤵
- Executes dropped EXE
-
\??\c:\vdjjj.exec:\vdjjj.exe45⤵
- Executes dropped EXE
-
\??\c:\1xfffff.exec:\1xfffff.exe46⤵
- Executes dropped EXE
-
\??\c:\ttbttt.exec:\ttbttt.exe47⤵
- Executes dropped EXE
-
\??\c:\5jpdd.exec:\5jpdd.exe48⤵
- Executes dropped EXE
-
\??\c:\lrfxlfl.exec:\lrfxlfl.exe49⤵
- Executes dropped EXE
-
\??\c:\5bbbtn.exec:\5bbbtn.exe50⤵
- Executes dropped EXE
-
\??\c:\9ttnhb.exec:\9ttnhb.exe51⤵
- Executes dropped EXE
-
\??\c:\vvdvd.exec:\vvdvd.exe52⤵
- Executes dropped EXE
-
\??\c:\fxxrlff.exec:\fxxrlff.exe53⤵
- Executes dropped EXE
-
\??\c:\hhnnhh.exec:\hhnnhh.exe54⤵
- Executes dropped EXE
-
\??\c:\jvpvv.exec:\jvpvv.exe55⤵
- Executes dropped EXE
-
\??\c:\xrffrlr.exec:\xrffrlr.exe56⤵
- Executes dropped EXE
-
\??\c:\bnbbtb.exec:\bnbbtb.exe57⤵
- Executes dropped EXE
-
\??\c:\tbtnbb.exec:\tbtnbb.exe58⤵
- Executes dropped EXE
-
\??\c:\pvvjv.exec:\pvvjv.exe59⤵
- Executes dropped EXE
-
\??\c:\lfxxrlr.exec:\lfxxrlr.exe60⤵
- Executes dropped EXE
-
\??\c:\bhntbh.exec:\bhntbh.exe61⤵
- Executes dropped EXE
-
\??\c:\pdjpv.exec:\pdjpv.exe62⤵
- Executes dropped EXE
-
\??\c:\djjdd.exec:\djjdd.exe63⤵
- Executes dropped EXE
-
\??\c:\9xlxfxl.exec:\9xlxfxl.exe64⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe65⤵
- Executes dropped EXE
-
\??\c:\1pdvj.exec:\1pdvj.exe66⤵
- Executes dropped EXE
-
\??\c:\lrxxrlf.exec:\lrxxrlf.exe67⤵
-
\??\c:\5xlfxff.exec:\5xlfxff.exe68⤵
-
\??\c:\thhtbt.exec:\thhtbt.exe69⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe70⤵
-
\??\c:\pppjd.exec:\pppjd.exe71⤵
-
\??\c:\xllfrlf.exec:\xllfrlf.exe72⤵
-
\??\c:\xxfxrlf.exec:\xxfxrlf.exe73⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe74⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe75⤵
-
\??\c:\dppjp.exec:\dppjp.exe76⤵
-
\??\c:\xffxxfx.exec:\xffxxfx.exe77⤵
-
\??\c:\flrlrff.exec:\flrlrff.exe78⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe79⤵
-
\??\c:\ntttnb.exec:\ntttnb.exe80⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe81⤵
-
\??\c:\rlfxrll.exec:\rlfxrll.exe82⤵
-
\??\c:\3xlxfxl.exec:\3xlxfxl.exe83⤵
-
\??\c:\ntnbbb.exec:\ntnbbb.exe84⤵
-
\??\c:\bthhnh.exec:\bthhnh.exe85⤵
-
\??\c:\7ppjd.exec:\7ppjd.exe86⤵
-
\??\c:\xlllffx.exec:\xlllffx.exe87⤵
-
\??\c:\ffxxlfr.exec:\ffxxlfr.exe88⤵
-
\??\c:\tnbnhb.exec:\tnbnhb.exe89⤵
-
\??\c:\9jdpp.exec:\9jdpp.exe90⤵
-
\??\c:\vddvv.exec:\vddvv.exe91⤵
-
\??\c:\tthhnt.exec:\tthhnt.exe92⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe93⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe94⤵
-
\??\c:\rffrxrr.exec:\rffrxrr.exe95⤵
-
\??\c:\hbnbhb.exec:\hbnbhb.exe96⤵
-
\??\c:\thtnbb.exec:\thtnbb.exe97⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe98⤵
-
\??\c:\vjpjp.exec:\vjpjp.exe99⤵
-
\??\c:\xflffrl.exec:\xflffrl.exe100⤵
-
\??\c:\nttnhh.exec:\nttnhh.exe101⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe102⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe103⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe104⤵
-
\??\c:\1rfxrlf.exec:\1rfxrlf.exe105⤵
-
\??\c:\btnnhh.exec:\btnnhh.exe106⤵
-
\??\c:\ttnhbh.exec:\ttnhbh.exe107⤵
-
\??\c:\7pjdp.exec:\7pjdp.exe108⤵
-
\??\c:\vppvp.exec:\vppvp.exe109⤵
-
\??\c:\ffrrxxf.exec:\ffrrxxf.exe110⤵
-
\??\c:\3lllllf.exec:\3lllllf.exe111⤵
-
\??\c:\ttbtbt.exec:\ttbtbt.exe112⤵
-
\??\c:\dpjvj.exec:\dpjvj.exe113⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe114⤵
-
\??\c:\rlffxxr.exec:\rlffxxr.exe115⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe116⤵
-
\??\c:\hnnttt.exec:\hnnttt.exe117⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe118⤵
-
\??\c:\djvdv.exec:\djvdv.exe119⤵
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe120⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-