Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
07/11/2022, 05:37
General
-
Target
ddce74347d53f88c83beaeb75991284c9fca6dbfe90e3839774256f74909fd0d.exe
-
Size
74KB
-
MD5
13015d8663a6504d2e772c5f9c47bb30
-
SHA1
9b981d550564494fe2d7274475cb6e71390178a0
-
SHA256
ddce74347d53f88c83beaeb75991284c9fca6dbfe90e3839774256f74909fd0d
-
SHA512
3ec821ccdd19420c5dd63d6a7c9607e45a4e80a7536cf21bd8da0799f66e638cbd38b6420ebc485a4408f90fda281f33b33a7e45c6a0b1d48b4ef61d6604c1b0
-
SSDEEP
1536:0vQBeOGtrYS3srx93UBWfwC6Ggnouy8CUYj7FHVNK+tRlBkRU7:0hOmTsF93UYfwC6GIoutXwjPRlBk4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 61 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ddce74347d53f88c83beaeb75991284c9fca6dbfe90e3839774256f74909fd0d.exe"C:\Users\Admin\AppData\Local\Temp\ddce74347d53f88c83beaeb75991284c9fca6dbfe90e3839774256f74909fd0d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\182ql76.exec:\182ql76.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wm794n.exec:\wm794n.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7o121.exec:\7o121.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i9h39d.exec:\i9h39d.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wlwopdu.exec:\wlwopdu.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0npbbe8.exec:\0npbbe8.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b731s11.exec:\b731s11.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gq0v54.exec:\gq0v54.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\68v9p3k.exec:\68v9p3k.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k8gj4.exec:\k8gj4.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m265te.exec:\m265te.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a6t9wb0.exec:\a6t9wb0.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3i9vt.exec:\3i9vt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\367je.exec:\367je.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\56xvwl5.exec:\56xvwl5.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a1o56h.exec:\a1o56h.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s7as6.exec:\s7as6.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qg7b70.exec:\qg7b70.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q92p199.exec:\q92p199.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\11xdfx.exec:\11xdfx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kv8kp7.exec:\kv8kp7.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mn72r1.exec:\mn72r1.exe23⤵
- Executes dropped EXE
-
\??\c:\1111w.exec:\1111w.exe24⤵
- Executes dropped EXE
-
\??\c:\n2469.exec:\n2469.exe25⤵
- Executes dropped EXE
-
\??\c:\7s31h.exec:\7s31h.exe26⤵
- Executes dropped EXE
-
\??\c:\x93m5.exec:\x93m5.exe27⤵
- Executes dropped EXE
-
\??\c:\ejm400.exec:\ejm400.exe28⤵
- Executes dropped EXE
-
\??\c:\l3979aa.exec:\l3979aa.exe29⤵
- Executes dropped EXE
-
\??\c:\j7e9aj0.exec:\j7e9aj0.exe30⤵
- Executes dropped EXE
-
\??\c:\vi3u3eb.exec:\vi3u3eb.exe31⤵
- Executes dropped EXE
-
\??\c:\g4n9a9.exec:\g4n9a9.exe32⤵
- Executes dropped EXE
-
\??\c:\ru05i.exec:\ru05i.exe33⤵
- Executes dropped EXE
-
\??\c:\18i22.exec:\18i22.exe34⤵
- Executes dropped EXE
-
\??\c:\0o1f996.exec:\0o1f996.exe35⤵
- Executes dropped EXE
-
\??\c:\6ms54.exec:\6ms54.exe36⤵
- Executes dropped EXE
-
\??\c:\o8u5r33.exec:\o8u5r33.exe37⤵
- Executes dropped EXE
-
\??\c:\1517337.exec:\1517337.exe38⤵
- Executes dropped EXE
-
\??\c:\h3q2k10.exec:\h3q2k10.exe39⤵
- Executes dropped EXE
-
\??\c:\971777m.exec:\971777m.exe40⤵
- Executes dropped EXE
-
\??\c:\jic4fa2.exec:\jic4fa2.exe41⤵
- Executes dropped EXE
-
\??\c:\m94sx.exec:\m94sx.exe42⤵
- Executes dropped EXE
-
\??\c:\ge4on.exec:\ge4on.exe43⤵
- Executes dropped EXE
-
\??\c:\17h33u.exec:\17h33u.exe44⤵
- Executes dropped EXE
-
\??\c:\h1n072.exec:\h1n072.exe45⤵
- Executes dropped EXE
-
\??\c:\n6uuf.exec:\n6uuf.exe46⤵
- Executes dropped EXE
-
\??\c:\44ule.exec:\44ule.exe47⤵
- Executes dropped EXE
-
\??\c:\wcp5u.exec:\wcp5u.exe48⤵
- Executes dropped EXE
-
\??\c:\ksosc.exec:\ksosc.exe49⤵
- Executes dropped EXE
-
\??\c:\v71gi.exec:\v71gi.exe50⤵
- Executes dropped EXE
-
\??\c:\aco7r.exec:\aco7r.exe51⤵
- Executes dropped EXE
-
\??\c:\ewh939.exec:\ewh939.exe52⤵
- Executes dropped EXE
-
\??\c:\456q98.exec:\456q98.exe53⤵
- Executes dropped EXE
-
\??\c:\15k7k.exec:\15k7k.exe54⤵
- Executes dropped EXE
-
\??\c:\v33w93.exec:\v33w93.exe55⤵
- Executes dropped EXE
-
\??\c:\01dp3n.exec:\01dp3n.exe56⤵
- Executes dropped EXE
-
\??\c:\09mgm72.exec:\09mgm72.exe57⤵
- Executes dropped EXE
-
\??\c:\5d85n.exec:\5d85n.exe58⤵
- Executes dropped EXE
-
\??\c:\843752p.exec:\843752p.exe59⤵
- Executes dropped EXE
-
\??\c:\6v2m552.exec:\6v2m552.exe60⤵
- Executes dropped EXE
-
\??\c:\6s34k.exec:\6s34k.exe61⤵
- Executes dropped EXE
-
\??\c:\v29lk.exec:\v29lk.exe62⤵
- Executes dropped EXE
-
\??\c:\4stbxdn.exec:\4stbxdn.exe63⤵
- Executes dropped EXE
-
\??\c:\e08f46.exec:\e08f46.exe64⤵
- Executes dropped EXE
-
\??\c:\539k71i.exec:\539k71i.exe65⤵
- Executes dropped EXE
-
\??\c:\v95p7f.exec:\v95p7f.exe66⤵
-
\??\c:\4c1w5.exec:\4c1w5.exe67⤵
-
\??\c:\v739799.exec:\v739799.exe68⤵
-
\??\c:\j48vi.exec:\j48vi.exe69⤵
-
\??\c:\45f9wp.exec:\45f9wp.exe70⤵
-
\??\c:\0gl58.exec:\0gl58.exe71⤵
-
\??\c:\4a4f5.exec:\4a4f5.exe72⤵
-
\??\c:\86n38.exec:\86n38.exe73⤵
-
\??\c:\0uht4x1.exec:\0uht4x1.exe74⤵
-
\??\c:\s6q07.exec:\s6q07.exe75⤵
-
\??\c:\h1793.exec:\h1793.exe76⤵
-
\??\c:\4e7ix.exec:\4e7ix.exe77⤵
-
\??\c:\522l2.exec:\522l2.exe78⤵
-
\??\c:\663dq.exec:\663dq.exe79⤵
-
\??\c:\1c0p7.exec:\1c0p7.exe80⤵
-
\??\c:\io1l1n5.exec:\io1l1n5.exe81⤵
-
\??\c:\if287v7.exec:\if287v7.exe82⤵
-
\??\c:\07b8cx1.exec:\07b8cx1.exe83⤵
-
\??\c:\7xs2r78.exec:\7xs2r78.exe84⤵
-
\??\c:\0n7v5gl.exec:\0n7v5gl.exe85⤵
-
\??\c:\a1j3346.exec:\a1j3346.exe86⤵
-
\??\c:\9f880.exec:\9f880.exe87⤵
-
\??\c:\098x7.exec:\098x7.exe88⤵
-
\??\c:\759u73.exec:\759u73.exe89⤵
-
\??\c:\h8sn1mg.exec:\h8sn1mg.exe90⤵
-
\??\c:\93qo6w.exec:\93qo6w.exe91⤵
-
\??\c:\0e3xf5.exec:\0e3xf5.exe92⤵
-
\??\c:\953i2fd.exec:\953i2fd.exe93⤵
-
\??\c:\i6493.exec:\i6493.exe94⤵
-
\??\c:\5nljw82.exec:\5nljw82.exe95⤵
-
\??\c:\96orl5.exec:\96orl5.exe96⤵
-
\??\c:\se25b.exec:\se25b.exe97⤵
-
\??\c:\vv658d.exec:\vv658d.exe98⤵
-
\??\c:\f78q5g.exec:\f78q5g.exe99⤵
-
\??\c:\j2649x1.exec:\j2649x1.exe100⤵
-
\??\c:\07wj0x.exec:\07wj0x.exe101⤵
-
\??\c:\ase0u.exec:\ase0u.exe102⤵
-
\??\c:\87667r.exec:\87667r.exe103⤵
-
\??\c:\ht050v.exec:\ht050v.exe104⤵
-
\??\c:\646qc.exec:\646qc.exe105⤵
-
\??\c:\wcnsr.exec:\wcnsr.exe106⤵
-
\??\c:\lkt9u.exec:\lkt9u.exe107⤵
-
\??\c:\rm13971.exec:\rm13971.exe108⤵
-
\??\c:\85571.exec:\85571.exe109⤵
-
\??\c:\lquecmm.exec:\lquecmm.exe110⤵
-
\??\c:\vqi7kr8.exec:\vqi7kr8.exe111⤵
-
\??\c:\3551g.exec:\3551g.exe112⤵
-
\??\c:\r0mg0.exec:\r0mg0.exe113⤵
-
\??\c:\56n4qt.exec:\56n4qt.exe114⤵
-
\??\c:\iui0s56.exec:\iui0s56.exe115⤵
-
\??\c:\n29ssu.exec:\n29ssu.exe116⤵
-
\??\c:\jhrbxvj.exec:\jhrbxvj.exe117⤵
-
\??\c:\2grqo1.exec:\2grqo1.exe118⤵
-
\??\c:\87mj2a8.exec:\87mj2a8.exe119⤵
-
\??\c:\s06v8.exec:\s06v8.exe120⤵
-
\??\c:\5woj8u0.exec:\5woj8u0.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-