Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
12/10/2023, 22:23
General
-
Target
3b35262312b6cb645ee2aceadf1834e0_JC.exe
-
Size
82KB
-
MD5
3b35262312b6cb645ee2aceadf1834e0
-
SHA1
7174e0a7da7ff64bbd97729daada61cf40008689
-
SHA256
9aa87d39fe7cb770699a9c5e214d15839f48e4b86ba15267ebb67276c5ad2e67
-
SHA512
a3340bcb60f135432915926314c1d1611b52ede61645be457bfd19eb705860d113eee04585481c5e05c58152aa450b7ca6b99de3e5f8e4cd6e5941b6f903ba17
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1g1t/lBnzI:ymb3NkkiQ3mdBjFoLkGt/lBE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 34 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 60 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3b35262312b6cb645ee2aceadf1834e0_JC.exe"C:\Users\Admin\AppData\Local\Temp\3b35262312b6cb645ee2aceadf1834e0_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xa95o05.exec:\xa95o05.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lnxqs7.exec:\lnxqs7.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lx3m9w.exec:\lx3m9w.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\aglvk9x.exec:\aglvk9x.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\le170.exec:\le170.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8hcf93.exec:\8hcf93.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bj7dv.exec:\bj7dv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r08690.exec:\r08690.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7c1jg6e.exec:\7c1jg6e.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9u2s6x.exec:\9u2s6x.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4qt9lf.exec:\4qt9lf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i851c0.exec:\i851c0.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\69da9wi.exec:\69da9wi.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ip31n3.exec:\ip31n3.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5966x95.exec:\5966x95.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20c6r64.exec:\20c6r64.exe17⤵
- Executes dropped EXE
-
\??\c:\3lop8n7.exec:\3lop8n7.exe18⤵
- Executes dropped EXE
-
\??\c:\p63jpmj.exec:\p63jpmj.exe19⤵
- Executes dropped EXE
-
\??\c:\ed217.exec:\ed217.exe20⤵
- Executes dropped EXE
-
\??\c:\9ah1d.exec:\9ah1d.exe21⤵
- Executes dropped EXE
-
\??\c:\956is.exec:\956is.exe22⤵
- Executes dropped EXE
-
\??\c:\u4ru696.exec:\u4ru696.exe23⤵
- Executes dropped EXE
-
\??\c:\6xldm.exec:\6xldm.exe24⤵
- Executes dropped EXE
-
\??\c:\09r080f.exec:\09r080f.exe25⤵
- Executes dropped EXE
-
\??\c:\wf8jm.exec:\wf8jm.exe26⤵
- Executes dropped EXE
-
\??\c:\arr2a.exec:\arr2a.exe27⤵
- Executes dropped EXE
-
\??\c:\469rbwh.exec:\469rbwh.exe28⤵
- Executes dropped EXE
-
\??\c:\ua48ulg.exec:\ua48ulg.exe29⤵
- Executes dropped EXE
-
\??\c:\b6s0h3.exec:\b6s0h3.exe30⤵
- Executes dropped EXE
-
\??\c:\j0r2b6u.exec:\j0r2b6u.exe31⤵
- Executes dropped EXE
-
\??\c:\252ff0.exec:\252ff0.exe32⤵
- Executes dropped EXE
-
\??\c:\6h5xv86.exec:\6h5xv86.exe33⤵
- Executes dropped EXE
-
\??\c:\g265065.exec:\g265065.exe34⤵
- Executes dropped EXE
-
\??\c:\hi9fc.exec:\hi9fc.exe35⤵
- Executes dropped EXE
-
\??\c:\5b39579.exec:\5b39579.exe36⤵
- Executes dropped EXE
-
\??\c:\2o03tk.exec:\2o03tk.exe37⤵
- Executes dropped EXE
-
\??\c:\ihl1j88.exec:\ihl1j88.exe38⤵
- Executes dropped EXE
-
\??\c:\rs3k9.exec:\rs3k9.exe39⤵
- Executes dropped EXE
-
\??\c:\001vs54.exec:\001vs54.exe40⤵
- Executes dropped EXE
-
\??\c:\vxpha12.exec:\vxpha12.exe41⤵
- Executes dropped EXE
-
\??\c:\e1g59w.exec:\e1g59w.exe42⤵
- Executes dropped EXE
-
\??\c:\9ri510c.exec:\9ri510c.exe43⤵
- Executes dropped EXE
-
\??\c:\4xv2k57.exec:\4xv2k57.exe44⤵
- Executes dropped EXE
-
\??\c:\cahp06.exec:\cahp06.exe45⤵
- Executes dropped EXE
-
\??\c:\tp2nb.exec:\tp2nb.exe46⤵
- Executes dropped EXE
-
\??\c:\21pxcu.exec:\21pxcu.exe47⤵
- Executes dropped EXE
-
\??\c:\5932ue.exec:\5932ue.exe48⤵
- Executes dropped EXE
-
\??\c:\hmxp9.exec:\hmxp9.exe49⤵
- Executes dropped EXE
-
\??\c:\dm179.exec:\dm179.exe50⤵
- Executes dropped EXE
-
\??\c:\90h48o.exec:\90h48o.exe51⤵
- Executes dropped EXE
-
\??\c:\5r6q0r.exec:\5r6q0r.exe52⤵
- Executes dropped EXE
-
\??\c:\8x2438j.exec:\8x2438j.exe53⤵
- Executes dropped EXE
-
\??\c:\89f4hww.exec:\89f4hww.exe54⤵
- Executes dropped EXE
-
\??\c:\ao56asj.exec:\ao56asj.exe55⤵
- Executes dropped EXE
-
\??\c:\rb1l00.exec:\rb1l00.exe56⤵
- Executes dropped EXE
-
\??\c:\r460wh.exec:\r460wh.exe57⤵
- Executes dropped EXE
-
\??\c:\mrjt27r.exec:\mrjt27r.exe58⤵
- Executes dropped EXE
-
\??\c:\21v6m.exec:\21v6m.exe59⤵
- Executes dropped EXE
-
\??\c:\4l4mj1.exec:\4l4mj1.exe60⤵
- Executes dropped EXE
-
\??\c:\2hur2.exec:\2hur2.exe61⤵
- Executes dropped EXE
-
\??\c:\b23iw.exec:\b23iw.exe62⤵
- Executes dropped EXE
-
\??\c:\t309m.exec:\t309m.exe63⤵
- Executes dropped EXE
-
\??\c:\n09t94.exec:\n09t94.exe64⤵
- Executes dropped EXE
-
\??\c:\5x8540.exec:\5x8540.exe65⤵
- Executes dropped EXE
-
\??\c:\7b6eml.exec:\7b6eml.exe66⤵
-
\??\c:\b9ir6.exec:\b9ir6.exe67⤵
-
\??\c:\k3554.exec:\k3554.exe68⤵
-
\??\c:\t6780f.exec:\t6780f.exe69⤵
-
\??\c:\l29icdq.exec:\l29icdq.exe70⤵
-
\??\c:\qjll95.exec:\qjll95.exe71⤵
-
\??\c:\3903a9.exec:\3903a9.exe72⤵
-
\??\c:\n1490.exec:\n1490.exe73⤵
-
\??\c:\3sffu.exec:\3sffu.exe74⤵
-
\??\c:\9djxqe.exec:\9djxqe.exe75⤵
-
\??\c:\wv697x.exec:\wv697x.exe76⤵
-
\??\c:\059ht.exec:\059ht.exe77⤵
-
\??\c:\30f6cu8.exec:\30f6cu8.exe78⤵
-
\??\c:\x87vpve.exec:\x87vpve.exe79⤵
-
\??\c:\5j446w.exec:\5j446w.exe80⤵
-
\??\c:\65gm6.exec:\65gm6.exe81⤵
-
\??\c:\l2992b.exec:\l2992b.exe82⤵
-
\??\c:\2xwegt6.exec:\2xwegt6.exe83⤵
-
\??\c:\o43d3m8.exec:\o43d3m8.exe84⤵
-
\??\c:\7748q.exec:\7748q.exe85⤵
-
\??\c:\0hsn32p.exec:\0hsn32p.exe86⤵
-
\??\c:\t94951.exec:\t94951.exe87⤵
-
\??\c:\p927j68.exec:\p927j68.exe88⤵
-
\??\c:\165gh.exec:\165gh.exe89⤵
-
\??\c:\ev0mp0.exec:\ev0mp0.exe90⤵
-
\??\c:\0ql8e.exec:\0ql8e.exe91⤵
-
\??\c:\11444v.exec:\11444v.exe92⤵
-
\??\c:\g9eh5.exec:\g9eh5.exe93⤵
-
\??\c:\ss49k.exec:\ss49k.exe94⤵
-
\??\c:\x8b6hw.exec:\x8b6hw.exe95⤵
-
\??\c:\62563.exec:\62563.exe96⤵
-
\??\c:\vp8n56h.exec:\vp8n56h.exe97⤵
-
\??\c:\9026j.exec:\9026j.exe98⤵
-
\??\c:\76973.exec:\76973.exe99⤵
-
\??\c:\aw02b6.exec:\aw02b6.exe100⤵
-
\??\c:\w0dsd.exec:\w0dsd.exe101⤵
-
\??\c:\3p73dqq.exec:\3p73dqq.exe102⤵
-
\??\c:\533em.exec:\533em.exe103⤵
-
\??\c:\91aru.exec:\91aru.exe104⤵
-
\??\c:\2594o3p.exec:\2594o3p.exe105⤵
-
\??\c:\wjb027.exec:\wjb027.exe106⤵
-
\??\c:\tjvaqb.exec:\tjvaqb.exe107⤵
-
\??\c:\t8g5e.exec:\t8g5e.exe108⤵
-
\??\c:\vn5g14.exec:\vn5g14.exe109⤵
-
\??\c:\18n8r70.exec:\18n8r70.exe110⤵
-
\??\c:\7fr56.exec:\7fr56.exe111⤵
-
\??\c:\80ts47.exec:\80ts47.exe112⤵
-
\??\c:\g638606.exec:\g638606.exe113⤵
-
\??\c:\q941m.exec:\q941m.exe114⤵
-
\??\c:\7244461.exec:\7244461.exe115⤵
-
\??\c:\v6k88.exec:\v6k88.exe116⤵
-
\??\c:\oje294u.exec:\oje294u.exe117⤵
-
\??\c:\rla3bte.exec:\rla3bte.exe118⤵
-
\??\c:\vlk7ug1.exec:\vlk7ug1.exe119⤵
-
\??\c:\sq30v8g.exec:\sq30v8g.exe120⤵
-
\??\c:\57t4l.exec:\57t4l.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-