Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

50b3156576...c3.exe

windows7-x64

10

50b3156576...c3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    23/10/2023, 08:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    50b315657669f9157fe06128b14de78c4240982ec75dd908cc864ec1d15850c3.exe

  • Size

    10.9MB

  • MD5

    4d6d0398b9a770be699aa7c27d726f16

  • SHA1

    e1bf65e99387d4537ed78f081332f54df30f32e4

  • SHA256

    50b315657669f9157fe06128b14de78c4240982ec75dd908cc864ec1d15850c3

  • SHA512

    c48faccd2a4ae68421275afce84f6d1aa241ac8fcef36deb061a50c7aa1d7900a7c1c5388220e5b2d73ad453761de5be5e78f5bd80b4c4bf917cca4f1c0cffe2

  • SSDEEP

    196608:oDuVQYymGTH1Jw5oHCgXV/EOC3iw7+arCFT7t0K7l5eBf:HQYymGTH1Jw9gNaPkTeVB

Score
10/10
blackmoonbankertrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 2 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetWindowsHookEx 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\50b315657669f9157fe06128b14de78c4240982ec75dd908cc864ec1d15850c3.exe
    "C:\Users\Admin\AppData\Local\Temp\50b315657669f9157fe06128b14de78c4240982ec75dd908cc864ec1d15850c3.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\f763f90.tmp
    Filesize

    1.1MB

    MD5

    2fe14842d419762d7f8a7e63b0ddece7

    SHA1

    be44c93e1d758568d95c583aa24b18b0ad47acd2

    SHA256

    1b9c31bba96d9ed28b3d649ee8071aaba2fdb15119b7a204c093e84956e6715b

    SHA512

    9feef224304d8aee5915a0163340c67a6e22ec41bf766471382a82c540c99616600e21c9a87312ce8eaff7ea46a0576155c17e6532321aa0f664ce6ee89b71ec

    Download Submit

  • memory/2204-0-0x0000000010000000-0x000000001052F000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2204-1-0x0000000000400000-0x0000000000F47000-memory.dmp

    Filesize

    11.3MB

    Download

  • memory/2204-10-0x0000000002AB0000-0x0000000002BDD000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2204-13-0x0000000000400000-0x0000000000F47000-memory.dmp

    Filesize

    11.3MB

    Download