Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

e3ba5bb057...c6.dll

windows7-x64

10

e3ba5bb057...c6.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    35s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2022, 20:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e3ba5bb057ea8d27bd39fc4d8b607c8c51c5021ec10d5bcf011866317fdc16c6.dll

  • Size

    3.9MB

  • MD5

    9a05d32a9e7fedce9c4fc8cb0afa966c

  • SHA1

    46791e12d3471d9ccd012a9ed52be43dd7a2b8a9

  • SHA256

    e3ba5bb057ea8d27bd39fc4d8b607c8c51c5021ec10d5bcf011866317fdc16c6

  • SHA512

    ef643a5ef313505a0f6b5ca5f4e9635b7d8534b507f129aad61b0b31e2011a44248dd50f7f808544c7c06e8783954d510ba1de175332607a067486d59119c074

  • SSDEEP

    98304:ziSacGY85ycuvTZ6Er4v/YBYSnFP1GashgyiIqoXKkV6:zPZG3y9lEvsYS51ZshgyiIDXKkV

Score
10/10
blackmoonaspackv2bankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 5 IoCs
  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e3ba5bb057ea8d27bd39fc4d8b607c8c51c5021ec10d5bcf011866317fdc16c6.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1340
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\e3ba5bb057ea8d27bd39fc4d8b607c8c51c5021ec10d5bcf011866317fdc16c6.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\987561.bmd
    Filesize

    1.9MB

    MD5

    aae2c15f00256d1a50cd72665e267f36

    SHA1

    de15c39b155a45782313d5523f93e4dcdefe59ac

    SHA256

    691feff90464a118c8390a8d366d6ab407a0642e6d0c937a293f639e23eabe2f

    SHA512

    9fb4751b44e279a3e73131ce5debeb1cac9805a31063cdc265c3cd945db1e7f14dc62a38595bc2311d110467fcb898023a158cf6063cde7939e1fd97ff0a8122

    Download Submit

  • memory/1736-55-0x0000000076411000-0x0000000076413000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1736-56-0x0000000010000000-0x000000001043D000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/1736-57-0x0000000010000000-0x000000001043D000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/1736-58-0x0000000010000000-0x000000001043D000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/1736-61-0x0000000000574000-0x0000000000578000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1736-60-0x0000000000574000-0x0000000000578000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1736-62-0x0000000010000000-0x000000001043D000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/1736-63-0x00000000749C0000-0x0000000074E48000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/1736-64-0x0000000000230000-0x000000000027B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/1736-65-0x0000000010000000-0x000000001043D000-memory.dmp

    Filesize

    4.2MB

    Download