Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

b16f7b2881...1a.exe

windows7-x64

10

b16f7b2881...1a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/08/2023, 05:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b16f7b2881866796100a1767fcd49c351ac0cd2953d9846d4a76745b1351601a.exe

  • Size

    590KB

  • MD5

    c9f1b96c2d48fc6ed5b1042c12e68c01

  • SHA1

    76f8ebacaf908971bcc53a3f32523109066ee6f4

  • SHA256

    b16f7b2881866796100a1767fcd49c351ac0cd2953d9846d4a76745b1351601a

  • SHA512

    88669d01241ea98185a13b67cf4f8067bcab6d6224748a0f66d42dcc870b2f89f745e4f5bd0d7d1fe45047dba56ef4a98118aa032730ffcedd9b02e8da3a9112

  • SSDEEP

    12288:GND9yMNMoLWB7ZowJjSEurznuNEX3lYPzWVp4cRu:GND9D6oLWB7HtSEurzUGmbDp

Score
10/10
blackmoonbankertrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b16f7b2881866796100a1767fcd49c351ac0cd2953d9846d4a76745b1351601a.exe
    "C:\Users\Admin\AppData\Local\Temp\b16f7b2881866796100a1767fcd49c351ac0cd2953d9846d4a76745b1351601a.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Users\Admin\AppData\Local\Temp\aow_dr.exe
      C:\Users\Admin\AppData\Local\Temp\aow_dr.exe
      2⤵
      • Executes dropped EXE
      PID:4308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\aow_dr.exe
    Filesize

    13KB

    MD5

    dc0afe131cc346ca405a2afce6ea0d25

    SHA1

    a485647cbeb3cb9204445499d76b8bb0d466ab5a

    SHA256

    6cfbe0885a7a811534e170d1f532535467e568895cf535ee5d19511100212f79

    SHA512

    b0d9920d41b6b76a6cd4cd8ac182dc0612054fc0b6e45ec3ffa064bf92d4bd981aaf21a6e74e5bda17abae484688f4dcf0fcf90f27cc797ee08372b7bf4549f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\aow_dr.exe
    Filesize

    13KB

    MD5

    dc0afe131cc346ca405a2afce6ea0d25

    SHA1

    a485647cbeb3cb9204445499d76b8bb0d466ab5a

    SHA256

    6cfbe0885a7a811534e170d1f532535467e568895cf535ee5d19511100212f79

    SHA512

    b0d9920d41b6b76a6cd4cd8ac182dc0612054fc0b6e45ec3ffa064bf92d4bd981aaf21a6e74e5bda17abae484688f4dcf0fcf90f27cc797ee08372b7bf4549f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dr.dll
    Filesize

    192B

    MD5

    ce912ff06805ad9c47b62e1fd1399b07

    SHA1

    7e63bb8a91926de90c359fda2a70f17f447a80fd

    SHA256

    c7c8a6731a557325dc4fc2a9357e6575d03c46f5b256c66c7652d3bf957718c7

    SHA512

    c47977fb4cb7b7d45ef8cf048adc83bff5da8fbc508c857fa3d64f1bcf6787ec1fa1f6e4eec8520399ee1c956eafee356a7760d716c18c7b20dbf7cdd1908932

    Download Submit

  • memory/2000-133-0x0000000000400000-0x00000000005A3000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2000-141-0x0000000000400000-0x00000000005A3000-memory.dmp

    Filesize

    1.6MB

    Download