Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
156s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
29/02/2024, 07:35
General
-
Target
HEUR-Trojan.Win32.exe
-
Size
97KB
-
MD5
af137148b99c151fe89203ad957221b6
-
SHA1
98038184cb81771b878b8b4a19eac482341dca5d
-
SHA256
17a19d14feaebd3df9b7f67f0bda0caac371147ffd2dd4862bec2ae7460068ff
-
SHA512
5129db855802485f5698500e6b8e3b503fd818c5d1081e201267649a7d1b2c173ee848675aed0b0f18a5b45a21ecf3f4c485ed02dad6de380b2fe85aa2ce1ec3
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7xCkTsIRwnoh2UzSNuhH:ymb3NkkiQ3mdBjFo7LAIRUohT2Ng
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
UPX dump on OEP (original entry point) 59 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 60 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.exe"C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\2rr0464.exec:\2rr0464.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\87539i.exec:\87539i.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ps426xx.exec:\ps426xx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\13js178.exec:\13js178.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\87op74e.exec:\87op74e.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2o1hn6.exec:\2o1hn6.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i8mao.exec:\i8mao.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o6a9ou.exec:\o6a9ou.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9n53d.exec:\9n53d.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e0c9ol.exec:\e0c9ol.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\93u43.exec:\93u43.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wcohig.exec:\wcohig.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g14x9o9.exec:\g14x9o9.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\919gqku.exec:\919gqku.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\238i55u.exec:\238i55u.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9n5mquu.exec:\9n5mquu.exe17⤵
- Executes dropped EXE
-
\??\c:\7576x.exec:\7576x.exe18⤵
- Executes dropped EXE
-
\??\c:\130vn80.exec:\130vn80.exe19⤵
- Executes dropped EXE
-
\??\c:\uc34g.exec:\uc34g.exe20⤵
- Executes dropped EXE
-
\??\c:\9w821.exec:\9w821.exe21⤵
- Executes dropped EXE
-
\??\c:\1v50311.exec:\1v50311.exe22⤵
- Executes dropped EXE
-
\??\c:\pih2ode.exec:\pih2ode.exe23⤵
- Executes dropped EXE
-
\??\c:\45oa78i.exec:\45oa78i.exe24⤵
- Executes dropped EXE
-
\??\c:\fq855d5.exec:\fq855d5.exe25⤵
- Executes dropped EXE
-
\??\c:\05713m1.exec:\05713m1.exe26⤵
- Executes dropped EXE
-
\??\c:\5p9g3.exec:\5p9g3.exe27⤵
- Executes dropped EXE
-
\??\c:\85o440.exec:\85o440.exe28⤵
- Executes dropped EXE
-
\??\c:\4p8vk8b.exec:\4p8vk8b.exe29⤵
- Executes dropped EXE
-
\??\c:\xq79q.exec:\xq79q.exe30⤵
- Executes dropped EXE
-
\??\c:\csd8q.exec:\csd8q.exe31⤵
- Executes dropped EXE
-
\??\c:\3937e.exec:\3937e.exe32⤵
- Executes dropped EXE
-
\??\c:\2lj22.exec:\2lj22.exe33⤵
- Executes dropped EXE
-
\??\c:\ex505.exec:\ex505.exe34⤵
- Executes dropped EXE
-
\??\c:\5c72u9.exec:\5c72u9.exe35⤵
- Executes dropped EXE
-
\??\c:\u36q99c.exec:\u36q99c.exe36⤵
- Executes dropped EXE
-
\??\c:\49k16.exec:\49k16.exe37⤵
- Executes dropped EXE
-
\??\c:\kqck39.exec:\kqck39.exe38⤵
- Executes dropped EXE
-
\??\c:\aaq05u7.exec:\aaq05u7.exe39⤵
- Executes dropped EXE
-
\??\c:\5203e.exec:\5203e.exe40⤵
- Executes dropped EXE
-
\??\c:\ma5mg.exec:\ma5mg.exe41⤵
- Executes dropped EXE
-
\??\c:\o4cu5.exec:\o4cu5.exe42⤵
- Executes dropped EXE
-
\??\c:\a4b2eu1.exec:\a4b2eu1.exe43⤵
- Executes dropped EXE
-
\??\c:\o5qk3m5.exec:\o5qk3m5.exe44⤵
- Executes dropped EXE
-
\??\c:\858mn.exec:\858mn.exe45⤵
- Executes dropped EXE
-
\??\c:\q4k71.exec:\q4k71.exe46⤵
- Executes dropped EXE
-
\??\c:\09eje.exec:\09eje.exe47⤵
- Executes dropped EXE
-
\??\c:\81g9211.exec:\81g9211.exe48⤵
- Executes dropped EXE
-
\??\c:\dx9m18.exec:\dx9m18.exe49⤵
- Executes dropped EXE
-
\??\c:\wm5cu1b.exec:\wm5cu1b.exe50⤵
- Executes dropped EXE
-
\??\c:\4aj3r.exec:\4aj3r.exe51⤵
- Executes dropped EXE
-
\??\c:\i6711u.exec:\i6711u.exe52⤵
- Executes dropped EXE
-
\??\c:\1fko1u8.exec:\1fko1u8.exe53⤵
- Executes dropped EXE
-
\??\c:\mosk3ri.exec:\mosk3ri.exe54⤵
- Executes dropped EXE
-
\??\c:\cqe1s.exec:\cqe1s.exe55⤵
- Executes dropped EXE
-
\??\c:\7733wa1.exec:\7733wa1.exe56⤵
- Executes dropped EXE
-
\??\c:\6mnfe.exec:\6mnfe.exe57⤵
- Executes dropped EXE
-
\??\c:\43ca5c.exec:\43ca5c.exe58⤵
- Executes dropped EXE
-
\??\c:\bd114.exec:\bd114.exe59⤵
- Executes dropped EXE
-
\??\c:\5n074w0.exec:\5n074w0.exe60⤵
- Executes dropped EXE
-
\??\c:\0edkm5.exec:\0edkm5.exe61⤵
- Executes dropped EXE
-
\??\c:\c7kw1.exec:\c7kw1.exe62⤵
- Executes dropped EXE
-
\??\c:\vi3s9.exec:\vi3s9.exe63⤵
- Executes dropped EXE
-
\??\c:\k5c7ui1.exec:\k5c7ui1.exe64⤵
- Executes dropped EXE
-
\??\c:\9r573q.exec:\9r573q.exe65⤵
- Executes dropped EXE
-
\??\c:\8gvt8.exec:\8gvt8.exe66⤵
-
\??\c:\m9um9wu.exec:\m9um9wu.exe67⤵
-
\??\c:\t3115d9.exec:\t3115d9.exe68⤵
-
\??\c:\02j30.exec:\02j30.exe69⤵
-
\??\c:\g2ie5mj.exec:\g2ie5mj.exe70⤵
-
\??\c:\2xx55.exec:\2xx55.exe71⤵
-
\??\c:\gpoqr.exec:\gpoqr.exe72⤵
-
\??\c:\g4w73oj.exec:\g4w73oj.exe73⤵
-
\??\c:\2xfb7od.exec:\2xfb7od.exe74⤵
-
\??\c:\22m13.exec:\22m13.exe75⤵
-
\??\c:\gi79en5.exec:\gi79en5.exe76⤵
-
\??\c:\i1kud.exec:\i1kud.exe77⤵
-
\??\c:\0711p.exec:\0711p.exe78⤵
-
\??\c:\5v71g.exec:\5v71g.exe79⤵
-
\??\c:\c1hdu3.exec:\c1hdu3.exe80⤵
-
\??\c:\x704668.exec:\x704668.exe81⤵
-
\??\c:\luv991e.exec:\luv991e.exe82⤵
-
\??\c:\lc1oq76.exec:\lc1oq76.exe83⤵
-
\??\c:\8354f5.exec:\8354f5.exe84⤵
-
\??\c:\1139a0r.exec:\1139a0r.exe85⤵
-
\??\c:\176qd8w.exec:\176qd8w.exe86⤵
-
\??\c:\7x99a9.exec:\7x99a9.exe87⤵
-
\??\c:\wp616.exec:\wp616.exe88⤵
-
\??\c:\7972j8c.exec:\7972j8c.exe89⤵
-
\??\c:\i8h8o.exec:\i8h8o.exe90⤵
-
\??\c:\6315np.exec:\6315np.exe91⤵
-
\??\c:\5ql5w.exec:\5ql5w.exe92⤵
-
\??\c:\nil9jp.exec:\nil9jp.exe93⤵
-
\??\c:\97371.exec:\97371.exe94⤵
-
\??\c:\oumo6v.exec:\oumo6v.exe95⤵
-
\??\c:\6i7ie.exec:\6i7ie.exe96⤵
-
\??\c:\m8w530x.exec:\m8w530x.exe97⤵
-
\??\c:\r4btbk.exec:\r4btbk.exe98⤵
-
\??\c:\i36q7.exec:\i36q7.exe99⤵
-
\??\c:\1b70r9.exec:\1b70r9.exe100⤵
-
\??\c:\912s0q5.exec:\912s0q5.exe101⤵
-
\??\c:\m79hv5.exec:\m79hv5.exe102⤵
-
\??\c:\31cf6u.exec:\31cf6u.exe103⤵
-
\??\c:\l2sdc.exec:\l2sdc.exe104⤵
-
\??\c:\7oc8gg.exec:\7oc8gg.exe105⤵
-
\??\c:\bgt37.exec:\bgt37.exe106⤵
-
\??\c:\88g3d1.exec:\88g3d1.exe107⤵
-
\??\c:\e8g54i.exec:\e8g54i.exe108⤵
-
\??\c:\wfn70.exec:\wfn70.exe109⤵
-
\??\c:\nm5nwq.exec:\nm5nwq.exe110⤵
-
\??\c:\09pgiu.exec:\09pgiu.exe111⤵
-
\??\c:\5ivluq.exec:\5ivluq.exe112⤵
-
\??\c:\a9ja7xm.exec:\a9ja7xm.exe113⤵
-
\??\c:\1u9k9.exec:\1u9k9.exe114⤵
-
\??\c:\99819w.exec:\99819w.exe115⤵
-
\??\c:\psp9sa9.exec:\psp9sa9.exe116⤵
-
\??\c:\u8780.exec:\u8780.exe117⤵
-
\??\c:\41ee3.exec:\41ee3.exe118⤵
-
\??\c:\sqnur64.exec:\sqnur64.exe119⤵
-
\??\c:\3542o.exec:\3542o.exe120⤵
-
\??\c:\39bg61a.exec:\39bg61a.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-