Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
106s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
14/03/2024, 22:53
General
-
Target
b836001a2f5c37c12c6704fe0024d536e99f4bd57e932a40ab567bf312adb8ee.exe
-
Size
303KB
-
MD5
c0fdbd33fde9dcabe183c82e712d339b
-
SHA1
55d5193de622d96fc4f76d0e0bf1f8d2d9e16119
-
SHA256
b836001a2f5c37c12c6704fe0024d536e99f4bd57e932a40ab567bf312adb8ee
-
SHA512
1e53dff5d988eb816133100f82523c9e8e03c7086a45ff58f0a647c2ff1d35a3a45c6c1fc9fb5978bf9d9f4d2c443dedb71bfbe02aed32c8c407f41d08a4ba01
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LAIRUohDLS0k+sLiiBVS0ILlMcGGW7sRCl9g:n3C9BRo/AIuunS3+sOiBVSXxMxTsm9g
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
UPX dump on OEP (original entry point) 50 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 50 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b836001a2f5c37c12c6704fe0024d536e99f4bd57e932a40ab567bf312adb8ee.exe"C:\Users\Admin\AppData\Local\Temp\b836001a2f5c37c12c6704fe0024d536e99f4bd57e932a40ab567bf312adb8ee.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\q68gve0.exec:\q68gve0.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\59ago.exec:\59ago.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e8519.exec:\e8519.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wjx73i.exec:\wjx73i.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\emsogw.exec:\emsogw.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h58q7.exec:\h58q7.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k3175.exec:\k3175.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\91ws95.exec:\91ws95.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f246g.exec:\f246g.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tk511.exec:\tk511.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n8uwk.exec:\n8uwk.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e37937.exec:\e37937.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qgowm.exec:\qgowm.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1479513.exec:\1479513.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w2os9u8.exec:\w2os9u8.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\84911.exec:\84911.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k9nhr.exec:\k9nhr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\35kmoc.exec:\35kmoc.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6ip7339.exec:\6ip7339.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\sr7ov9u.exec:\sr7ov9u.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffscg.exec:\ffscg.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u2h00.exec:\u2h00.exe23⤵
- Executes dropped EXE
-
\??\c:\01063.exec:\01063.exe24⤵
- Executes dropped EXE
-
\??\c:\f8p3a.exec:\f8p3a.exe25⤵
- Executes dropped EXE
-
\??\c:\ta1vt.exec:\ta1vt.exe26⤵
- Executes dropped EXE
-
\??\c:\i397b5.exec:\i397b5.exe27⤵
- Executes dropped EXE
-
\??\c:\rnf8u26.exec:\rnf8u26.exe28⤵
- Executes dropped EXE
-
\??\c:\952f3m.exec:\952f3m.exe29⤵
- Executes dropped EXE
-
\??\c:\18e11m.exec:\18e11m.exe30⤵
- Executes dropped EXE
-
\??\c:\9ciwkc.exec:\9ciwkc.exe31⤵
- Executes dropped EXE
-
\??\c:\0ec4q.exec:\0ec4q.exe32⤵
- Executes dropped EXE
-
\??\c:\6h4kx70.exec:\6h4kx70.exe33⤵
- Executes dropped EXE
-
\??\c:\295jd.exec:\295jd.exe34⤵
- Executes dropped EXE
-
\??\c:\3rxd49k.exec:\3rxd49k.exe35⤵
- Executes dropped EXE
-
\??\c:\8iqu8.exec:\8iqu8.exe36⤵
- Executes dropped EXE
-
\??\c:\qmg291.exec:\qmg291.exe37⤵
- Executes dropped EXE
-
\??\c:\sa555.exec:\sa555.exe38⤵
- Executes dropped EXE
-
\??\c:\k34l9k1.exec:\k34l9k1.exe39⤵
- Executes dropped EXE
-
\??\c:\0350j3.exec:\0350j3.exe40⤵
- Executes dropped EXE
-
\??\c:\wn2089.exec:\wn2089.exe41⤵
- Executes dropped EXE
-
\??\c:\og12cs8.exec:\og12cs8.exe42⤵
- Executes dropped EXE
-
\??\c:\s0isx.exec:\s0isx.exe43⤵
- Executes dropped EXE
-
\??\c:\12n2kd.exec:\12n2kd.exe44⤵
- Executes dropped EXE
-
\??\c:\8ul9aw.exec:\8ul9aw.exe45⤵
- Executes dropped EXE
-
\??\c:\lueeu.exec:\lueeu.exe46⤵
- Executes dropped EXE
-
\??\c:\5bjw8p.exec:\5bjw8p.exe47⤵
- Executes dropped EXE
-
\??\c:\86ko8.exec:\86ko8.exe48⤵
- Executes dropped EXE
-
\??\c:\2x1qu.exec:\2x1qu.exe49⤵
- Executes dropped EXE
-
\??\c:\99393q.exec:\99393q.exe50⤵
- Executes dropped EXE
-
\??\c:\h1ocg.exec:\h1ocg.exe51⤵
- Executes dropped EXE
-
\??\c:\b339p.exec:\b339p.exe52⤵
- Executes dropped EXE
-
\??\c:\12l7c.exec:\12l7c.exe53⤵
- Executes dropped EXE
-
\??\c:\x6t0t.exec:\x6t0t.exe54⤵
- Executes dropped EXE
-
\??\c:\89im9.exec:\89im9.exe55⤵
- Executes dropped EXE
-
\??\c:\g0u747.exec:\g0u747.exe56⤵
- Executes dropped EXE
-
\??\c:\15317gj.exec:\15317gj.exe57⤵
- Executes dropped EXE
-
\??\c:\715s93.exec:\715s93.exe58⤵
- Executes dropped EXE
-
\??\c:\gsqggi.exec:\gsqggi.exe59⤵
- Executes dropped EXE
-
\??\c:\90wsiok.exec:\90wsiok.exe60⤵
- Executes dropped EXE
-
\??\c:\gu78mp6.exec:\gu78mp6.exe61⤵
- Executes dropped EXE
-
\??\c:\6v9v6e.exec:\6v9v6e.exe62⤵
- Executes dropped EXE
-
\??\c:\l167c.exec:\l167c.exe63⤵
- Executes dropped EXE
-
\??\c:\rqgca1.exec:\rqgca1.exe64⤵
- Executes dropped EXE
-
\??\c:\p32s972.exec:\p32s972.exe65⤵
- Executes dropped EXE
-
\??\c:\h19715.exec:\h19715.exe66⤵
-
\??\c:\7h7u993.exec:\7h7u993.exe67⤵
-
\??\c:\moc95.exec:\moc95.exe68⤵
-
\??\c:\71v38.exec:\71v38.exe69⤵
-
\??\c:\r7knuoi.exec:\r7knuoi.exe70⤵
-
\??\c:\0m9mc.exec:\0m9mc.exe71⤵
-
\??\c:\btm8e18.exec:\btm8e18.exe72⤵
-
\??\c:\x97594.exec:\x97594.exe73⤵
-
\??\c:\2cq8j6m.exec:\2cq8j6m.exe74⤵
-
\??\c:\08k6n26.exec:\08k6n26.exe75⤵
-
\??\c:\mmgw3v8.exec:\mmgw3v8.exe76⤵
-
\??\c:\x8moucs.exec:\x8moucs.exe77⤵
-
\??\c:\4twwkw8.exec:\4twwkw8.exe78⤵
-
\??\c:\2ud1cl1.exec:\2ud1cl1.exe79⤵
-
\??\c:\h2wpd.exec:\h2wpd.exe80⤵
-
\??\c:\3kr1a.exec:\3kr1a.exe81⤵
-
\??\c:\pmh8e.exec:\pmh8e.exe82⤵
-
\??\c:\0931rl.exec:\0931rl.exe83⤵
-
\??\c:\135x5.exec:\135x5.exe84⤵
-
\??\c:\r5k331.exec:\r5k331.exe85⤵
-
\??\c:\22w8b3.exec:\22w8b3.exe86⤵
-
\??\c:\054x9on.exec:\054x9on.exe87⤵
-
\??\c:\iigv3.exec:\iigv3.exe88⤵
-
\??\c:\ve14qmi.exec:\ve14qmi.exe89⤵
-
\??\c:\ful1k.exec:\ful1k.exe90⤵
-
\??\c:\44717.exec:\44717.exe91⤵
-
\??\c:\2kqes.exec:\2kqes.exe92⤵
-
\??\c:\d52qj.exec:\d52qj.exe93⤵
-
\??\c:\2wn42.exec:\2wn42.exe94⤵
-
\??\c:\9aqc0.exec:\9aqc0.exe95⤵
-
\??\c:\f76t70.exec:\f76t70.exe96⤵
-
\??\c:\2siiage.exec:\2siiage.exe97⤵
-
\??\c:\8k759.exec:\8k759.exe98⤵
-
\??\c:\8mn27.exec:\8mn27.exe99⤵
-
\??\c:\puqs73.exec:\puqs73.exe100⤵
-
\??\c:\f39939o.exec:\f39939o.exe101⤵
-
\??\c:\x1v0qn.exec:\x1v0qn.exe102⤵
-
\??\c:\s1n5x65.exec:\s1n5x65.exe103⤵
-
\??\c:\eooxs.exec:\eooxs.exe104⤵
-
\??\c:\mko16o.exec:\mko16o.exe105⤵
-
\??\c:\x2t9mf.exec:\x2t9mf.exe106⤵
-
\??\c:\q03m12m.exec:\q03m12m.exe107⤵
-
\??\c:\8awgi.exec:\8awgi.exe108⤵
-
\??\c:\973wr77.exec:\973wr77.exe109⤵
-
\??\c:\is1iq.exec:\is1iq.exe110⤵
-
\??\c:\95ej7.exec:\95ej7.exe111⤵
-
\??\c:\q39mb9.exec:\q39mb9.exe112⤵
-
\??\c:\1sai4nf.exec:\1sai4nf.exe113⤵
-
\??\c:\0hqmw.exec:\0hqmw.exe114⤵
-
\??\c:\i7m5gq7.exec:\i7m5gq7.exe115⤵
-
\??\c:\fx90g.exec:\fx90g.exe116⤵
-
\??\c:\cm958j.exec:\cm958j.exe117⤵
-
\??\c:\h5g14l5.exec:\h5g14l5.exe118⤵
-
\??\c:\vammb89.exec:\vammb89.exe119⤵
-
\??\c:\11u5x.exec:\11u5x.exe120⤵
-
\??\c:\gh8o7c.exec:\gh8o7c.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-