Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

a9a6ae77b9...b4.exe

windows7-x64

10

a9a6ae77b9...b4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2023, 04:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4.exe

  • Size

    7.3MB

  • MD5

    f80dadc61dd4a914ce96139252df0aba

  • SHA1

    ad8785e358f14f80083ca386b9505fbfa066c4b4

  • SHA256

    a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4

  • SHA512

    084a10db94dedf772f6ac6b964f13c0279b7fddcaadd69187ca50d994a7a83b143d02d3b5d0cd9c9102b34b5ef7f48a5db355cd97eddfb6e28ae22e3433f963e

  • SSDEEP

    196608:H+23b3ntL9L2M8VKXGqIeP3ljBBFNzi3RPKLxhnZKW:H1Xd9L2M8VcIe1jARPKLxhnQW

Score
10/10
blackmoonbankerthemidatrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 6 IoCs
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 2 IoCs
  • Themida packer 10 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • UPX packed file 15 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4.exe
    "C:\Users\Admin\AppData\Local\Temp\a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1512
    • C:\Users\Admin\Documents\BinGo\mgiibjcj.exe
      "C:\Users\Admin\Documents\BinGo\mgiibjcj.exe" rest
      2⤵
      • Loads dropped DLL
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2568
      • C:\Users\Admin\Documents\BinGo\runes\7z.exe
        C:\Users\Admin\Documents\BinGo\runes\7z.exe x "C:\Users\Admin\Documents\BinGo\runes\\13.16.1-v1692500306000.tgz" -y -p -o"C:\Users\Admin\Documents\BinGo\runes\"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2696
      • C:\Users\Admin\Documents\BinGo\runes\7z.exe
        C:\Users\Admin\Documents\BinGo\runes\7z.exe x "C:\Users\Admin\Documents\BinGo\runes\\13.16.1-v1692500306000.tar" -y -p -o"C:\Users\Admin\Documents\BinGo\runes\"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2040
      • C:\Users\Admin\Documents\BinGo\runes\7z.exe
        C:\Users\Admin\Documents\BinGo\runes\7z.exe x "C:\Users\Admin\Documents\BinGo\runes\\13.16.1-v1692500306000.tar" -y -p -o"C:\Users\Admin\Documents\BinGo\runes\"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2972
      • C:\Users\Admin\Documents\BinGo\runes\7z.exe
        C:\Users\Admin\Documents\BinGo\runes\7z.exe x "C:\Users\Admin\Documents\BinGo\runes\\13.16.1-v1692500306000.tgz" -y -p -o"C:\Users\Admin\Documents\BinGo\runes\"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Desktop\BinGoÍâ·þ°æ13.16.2.lnk
    Filesize

    1KB

    MD5

    3c44682a2b88c7fb58cffcc3d2111ed7

    SHA1

    ef33304da3047c0110c304373058749c96921094

    SHA256

    6e2bbdfcb1e2c97cc1e56d310b0e018565ab898da57dd6ac5d40be507ca719c3

    SHA512

    1a66b7b66f0525c7fe5c11891152e26d3ffbc3465292831741d5a624e299208e9e540248ee522c2be39284fa520c70ffa55a9581969a44e59e83f0e629f81cb7

    Download Submit

  • C:\Users\Admin\Documents\BinGo\runes\13.16.1-v1692500306000.tar
    Filesize

    673KB

    MD5

    c56b9e4c865fe1d28adec521600a0003

    SHA1

    21f71a5f95827a406223dce2a0226b03b7768d76

    SHA256

    23774bd5dcd902b57572da10fd1eef676ee578dbcc543e063def3daae415b592

    SHA512

    ce2fde4012f04d6146110957e6df761027728e3f066c0ee99f1a333ebe1960764116f48b89e3f8fcc9ed01117cb9947f23d69c73d4ff6e5b496ffc2cbfddfe85

    Download Submit

  • C:\Users\Admin\Documents\BinGo\runes\13.16.1-v1692500306000.tar
    Filesize

    550KB

    MD5

    46d8b7d28fe3316385c6e16b2cbb5327

    SHA1

    0602d8a5abf32a12c3085570fb6ecab9cf4062bc

    SHA256

    5d8f9e336740488ad27b06c9eff4051cc2a5f62458b75b423a4383b7995d9412

    SHA512

    5f5f842470737a331231ec705cb0dbf1360448f36e6572d0e8177fa2cc9e894e3e2020c4399a57498ae82208f31a2ba4b58d2e394deffbf35f1e17ebe8d2a4ea

    Download Submit

  • C:\Users\Admin\Documents\BinGo\runes\13.16.1-v1692500306000.tgz
    Filesize

    54KB

    MD5

    411423301601a7f63641a0879c25137d

    SHA1

    293cf0dc82bc67bc9d963773ba634737fbc64da8

    SHA256

    c3624b81d0889821978fe0e01544a2f56cae892187facda4b181735948cb383a

    SHA512

    d75477976b16d59737f66629bfcefc26e4fdf4a041be50bd6d8501ee89fb2255c84a47b559a8cfc78cd0b775ecc355a128a9a3fae792eb99ed233af75955bc36

    Download Submit

  • C:\Users\Admin\Documents\BinGo\runes\13.16.1-v1692500306000.tgz
    Filesize

    41KB

    MD5

    49a1818298089983ddd60429a9973244

    SHA1

    fb607cb81f1c68dfd00629a5ec593ae1f8c690cc

    SHA256

    25cdd76451c2d0b1964a121fef788a32f9f375aea9c812bdf16a859ada616e47

    SHA512

    604614210e57755be1845537e95d36f1cc1fbbdc3041d52bd86e8c85422888221f2c63d4e8b0d82207cd2c297fafc03b8f2804ba201b166554a43733eeda14b0

    Download Submit

  • C:\Users\Admin\Documents\BinGo\runes\7z.exe
    Filesize

    354KB

    MD5

    1f0f641a53fe1535da96c6830ce20688

    SHA1

    247fd5f4ea18f3dbada32784d89c58f9ecb287db

    SHA256

    2151c021ec07eb8d2c1c08c884038e6606d8254d47e436f77fdf8be008891744

    SHA512

    3734dff5c4af534afc634daf2df14207c6d6b0280ab7e731aaff7e9722aed226682c531934e85fa8bca35b5a8aa24640418ffcaa52124f7bbd26f01d168305f3

    Download Submit

  • C:\Users\Admin\Documents\BinGo\runes\7z.exe
    Filesize

    354KB

    MD5

    1f0f641a53fe1535da96c6830ce20688

    SHA1

    247fd5f4ea18f3dbada32784d89c58f9ecb287db

    SHA256

    2151c021ec07eb8d2c1c08c884038e6606d8254d47e436f77fdf8be008891744

    SHA512

    3734dff5c4af534afc634daf2df14207c6d6b0280ab7e731aaff7e9722aed226682c531934e85fa8bca35b5a8aa24640418ffcaa52124f7bbd26f01d168305f3

    Download Submit

  • C:\Users\Admin\Documents\BinGo\runes\7z.exe
    Filesize

    354KB

    MD5

    1f0f641a53fe1535da96c6830ce20688

    SHA1

    247fd5f4ea18f3dbada32784d89c58f9ecb287db

    SHA256

    2151c021ec07eb8d2c1c08c884038e6606d8254d47e436f77fdf8be008891744

    SHA512

    3734dff5c4af534afc634daf2df14207c6d6b0280ab7e731aaff7e9722aed226682c531934e85fa8bca35b5a8aa24640418ffcaa52124f7bbd26f01d168305f3

    Download Submit

  • C:\Users\Admin\Documents\BinGo\runes\7z.exe
    Filesize

    354KB

    MD5

    1f0f641a53fe1535da96c6830ce20688

    SHA1

    247fd5f4ea18f3dbada32784d89c58f9ecb287db

    SHA256

    2151c021ec07eb8d2c1c08c884038e6606d8254d47e436f77fdf8be008891744

    SHA512

    3734dff5c4af534afc634daf2df14207c6d6b0280ab7e731aaff7e9722aed226682c531934e85fa8bca35b5a8aa24640418ffcaa52124f7bbd26f01d168305f3

    Download Submit

  • C:\Users\Admin\Documents\BinGo\runes\7z.exe
    Filesize

    354KB

    MD5

    1f0f641a53fe1535da96c6830ce20688

    SHA1

    247fd5f4ea18f3dbada32784d89c58f9ecb287db

    SHA256

    2151c021ec07eb8d2c1c08c884038e6606d8254d47e436f77fdf8be008891744

    SHA512

    3734dff5c4af534afc634daf2df14207c6d6b0280ab7e731aaff7e9722aed226682c531934e85fa8bca35b5a8aa24640418ffcaa52124f7bbd26f01d168305f3

    Download Submit

  • \Users\Admin\Documents\BinGo\libcurl.dll
    Filesize

    1.8MB

    MD5

    6fa08b52d88e7a4967764e099d33663b

    SHA1

    06d10ed3766bbaf56c7b6cb23821706dbadc025c

    SHA256

    e295b243ae3e45289b8bfaff537d99ca7039d08a48c4359294dacd753936a0c0

    SHA512

    14f21a29b1c69d82a4f00b9709549c996ab21a9f00e3bd553482110b93418a3c47fccee4cb2ad99f7213906c746a578c051e88b08f6cc3c2ac5ee8fe0a1b1bb0

    Download Submit

  • \Users\Admin\Documents\BinGo\runes\7z.exe
    Filesize

    354KB

    MD5

    1f0f641a53fe1535da96c6830ce20688

    SHA1

    247fd5f4ea18f3dbada32784d89c58f9ecb287db

    SHA256

    2151c021ec07eb8d2c1c08c884038e6606d8254d47e436f77fdf8be008891744

    SHA512

    3734dff5c4af534afc634daf2df14207c6d6b0280ab7e731aaff7e9722aed226682c531934e85fa8bca35b5a8aa24640418ffcaa52124f7bbd26f01d168305f3

    Download Submit

  • memory/1512-63-0x0000000010000000-0x000000001011B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1512-62-0x0000000010000000-0x000000001011B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1512-70-0x0000000010000000-0x000000001011B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1512-69-0x0000000005FE0000-0x0000000006CA6000-memory.dmp

    Filesize

    12.8MB

    Download

  • memory/1512-67-0x0000000000400000-0x00000000010C6000-memory.dmp

    Filesize

    12.8MB

    Download

  • memory/1512-66-0x0000000002F40000-0x0000000002F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1512-64-0x0000000010000000-0x000000001011B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1512-68-0x0000000002F40000-0x0000000002F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1512-53-0x0000000000400000-0x00000000010C6000-memory.dmp

    Filesize

    12.8MB

    Download

  • memory/1512-58-0x0000000010000000-0x000000001011B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1512-57-0x0000000000400000-0x00000000010C6000-memory.dmp

    Filesize

    12.8MB

    Download

  • memory/1512-56-0x0000000000400000-0x00000000010C6000-memory.dmp

    Filesize

    12.8MB

    Download

  • memory/1512-55-0x0000000000400000-0x00000000010C6000-memory.dmp

    Filesize

    12.8MB

    Download

  • memory/1512-54-0x0000000076EF0000-0x0000000076EF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2040-458-0x0000000000210000-0x0000000000213000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2040-119-0x0000000000CC0000-0x0000000000D97000-memory.dmp

    Filesize

    860KB

    Download

  • memory/2040-457-0x0000000000CC0000-0x0000000000D97000-memory.dmp

    Filesize

    860KB

    Download

  • memory/2040-120-0x0000000000210000-0x0000000000213000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2568-97-0x0000000007BB0000-0x0000000007BB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2568-88-0x0000000005B70000-0x0000000005B71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2568-108-0x0000000007A70000-0x0000000007B47000-memory.dmp

    Filesize

    860KB

    Download

  • memory/2568-73-0x0000000000400000-0x00000000010C6000-memory.dmp

    Filesize

    12.8MB

    Download

  • memory/2568-896-0x0000000007A70000-0x0000000007B47000-memory.dmp

    Filesize

    860KB

    Download

  • memory/2568-96-0x0000000073980000-0x0000000073DDF000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2568-815-0x0000000010000000-0x000000001011B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2568-118-0x0000000006DC0000-0x0000000006DC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2568-102-0x0000000073980000-0x0000000073DDF000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2568-100-0x0000000006D50000-0x0000000006D51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2568-95-0x0000000005B80000-0x0000000005B81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2568-98-0x0000000000400000-0x00000000010C6000-memory.dmp

    Filesize

    12.8MB

    Download

  • memory/2568-71-0x0000000000400000-0x00000000010C6000-memory.dmp

    Filesize

    12.8MB

    Download

  • memory/2568-158-0x0000000010000000-0x000000001011B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2568-218-0x0000000010000000-0x000000001011B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2568-233-0x0000000010000000-0x000000001011B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2568-238-0x0000000010000000-0x000000001011B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2568-101-0x0000000006D40000-0x0000000006D41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2568-87-0x0000000003950000-0x0000000003960000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2568-72-0x0000000000400000-0x00000000010C6000-memory.dmp

    Filesize

    12.8MB

    Download

  • memory/2568-81-0x0000000010000000-0x000000001011B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2568-74-0x0000000000400000-0x00000000010C6000-memory.dmp

    Filesize

    12.8MB

    Download

  • memory/2568-99-0x0000000010000000-0x000000001011B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2648-468-0x0000000000100000-0x0000000000103000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2648-464-0x0000000000100000-0x0000000000103000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2648-463-0x0000000000160000-0x0000000000237000-memory.dmp

    Filesize

    860KB

    Download

  • memory/2648-467-0x0000000000160000-0x0000000000237000-memory.dmp

    Filesize

    860KB

    Download

  • memory/2696-115-0x0000000000090000-0x0000000000093000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2696-114-0x0000000000C30000-0x0000000000D07000-memory.dmp

    Filesize

    860KB

    Download

  • memory/2696-111-0x0000000000090000-0x0000000000093000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2972-471-0x0000000000CB0000-0x0000000000D87000-memory.dmp

    Filesize

    860KB

    Download

  • memory/2972-472-0x0000000000100000-0x0000000000103000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2972-804-0x0000000000CB0000-0x0000000000D87000-memory.dmp

    Filesize

    860KB

    Download

  • memory/2972-805-0x0000000000100000-0x0000000000103000-memory.dmp

    Filesize

    12KB

    Download