Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
126s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19/03/2024, 08:24
General
-
Target
9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8.exe
-
Size
184KB
-
MD5
d35cf1672bef20f1a0d6442879741abf
-
SHA1
80f6635dc1e65f6930d7779ad56ddd136067211d
-
SHA256
9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8
-
SHA512
5c9f563abbad726887bc2c7809ea10af6633a31aa3a97413bb2b4adcddbdada4fee246a34cf39655acdc95a3a38f6ca16c1dbc53056e7820596becff73bb2479
-
SSDEEP
3072:3hOmTsF93UYfwC6GIoutw8YcvrqrE66kropO6BWlPFH4tw1D43eMM:3cm4FmowdHoSzhraHcpOFltH4twl43vM
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 44 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8.exe"C:\Users\Admin\AppData\Local\Temp\9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3r3g56h.exec:\3r3g56h.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xi78v3.exec:\xi78v3.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jh8a0.exec:\jh8a0.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6k08kg8.exec:\6k08kg8.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rw9cw.exec:\rw9cw.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5sb5i.exec:\5sb5i.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q53aj5.exec:\q53aj5.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7598n.exec:\7598n.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\cc71ajc.exec:\cc71ajc.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04xsse2.exec:\04xsse2.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\81u59i.exec:\81u59i.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\450o3.exec:\450o3.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pmx4v.exec:\pmx4v.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fmceao.exec:\fmceao.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\71240.exec:\71240.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\113w9a.exec:\113w9a.exe17⤵
- Executes dropped EXE
-
\??\c:\x9b8m98.exec:\x9b8m98.exe18⤵
- Executes dropped EXE
-
\??\c:\0w72r8.exec:\0w72r8.exe19⤵
- Executes dropped EXE
-
\??\c:\3mick.exec:\3mick.exe20⤵
- Executes dropped EXE
-
\??\c:\b93s54.exec:\b93s54.exe21⤵
- Executes dropped EXE
-
\??\c:\88fmmn1.exec:\88fmmn1.exe22⤵
- Executes dropped EXE
-
\??\c:\e56vsqb.exec:\e56vsqb.exe23⤵
- Executes dropped EXE
-
\??\c:\1lhmi8.exec:\1lhmi8.exe24⤵
- Executes dropped EXE
-
\??\c:\0ch9g7.exec:\0ch9g7.exe25⤵
- Executes dropped EXE
-
\??\c:\f9151a3.exec:\f9151a3.exe26⤵
- Executes dropped EXE
-
\??\c:\8cu77ix.exec:\8cu77ix.exe27⤵
- Executes dropped EXE
-
\??\c:\47u9e4k.exec:\47u9e4k.exe28⤵
- Executes dropped EXE
-
\??\c:\69auuww.exec:\69auuww.exe29⤵
- Executes dropped EXE
-
\??\c:\qew03.exec:\qew03.exe30⤵
- Executes dropped EXE
-
\??\c:\6wqadqs.exec:\6wqadqs.exe31⤵
- Executes dropped EXE
-
\??\c:\j761wsu.exec:\j761wsu.exe32⤵
- Executes dropped EXE
-
\??\c:\6377m.exec:\6377m.exe33⤵
- Executes dropped EXE
-
\??\c:\h53j50.exec:\h53j50.exe34⤵
- Executes dropped EXE
-
\??\c:\vu2i10o.exec:\vu2i10o.exe35⤵
- Executes dropped EXE
-
\??\c:\vusmg.exec:\vusmg.exe36⤵
- Executes dropped EXE
-
\??\c:\j1e755.exec:\j1e755.exe37⤵
- Executes dropped EXE
-
\??\c:\47ggoga.exec:\47ggoga.exe38⤵
- Executes dropped EXE
-
\??\c:\g6f80q.exec:\g6f80q.exe39⤵
- Executes dropped EXE
-
\??\c:\a7uo78o.exec:\a7uo78o.exe40⤵
- Executes dropped EXE
-
\??\c:\jd7w93w.exec:\jd7w93w.exe41⤵
- Executes dropped EXE
-
\??\c:\3l13e.exec:\3l13e.exe42⤵
- Executes dropped EXE
-
\??\c:\pu9ewp.exec:\pu9ewp.exe43⤵
- Executes dropped EXE
-
\??\c:\2366v.exec:\2366v.exe44⤵
- Executes dropped EXE
-
\??\c:\rul53c3.exec:\rul53c3.exe45⤵
- Executes dropped EXE
-
\??\c:\es1en72.exec:\es1en72.exe46⤵
- Executes dropped EXE
-
\??\c:\9cr3or.exec:\9cr3or.exe47⤵
- Executes dropped EXE
-
\??\c:\6ng842n.exec:\6ng842n.exe48⤵
- Executes dropped EXE
-
\??\c:\6399g5e.exec:\6399g5e.exe49⤵
- Executes dropped EXE
-
\??\c:\86w58m1.exec:\86w58m1.exe50⤵
- Executes dropped EXE
-
\??\c:\78wxc0.exec:\78wxc0.exe51⤵
- Executes dropped EXE
-
\??\c:\5h6ug.exec:\5h6ug.exe52⤵
- Executes dropped EXE
-
\??\c:\87v72s3.exec:\87v72s3.exe53⤵
- Executes dropped EXE
-
\??\c:\asg4042.exec:\asg4042.exe54⤵
- Executes dropped EXE
-
\??\c:\5240l6u.exec:\5240l6u.exe55⤵
- Executes dropped EXE
-
\??\c:\4bdfbui.exec:\4bdfbui.exe56⤵
- Executes dropped EXE
-
\??\c:\aa84f.exec:\aa84f.exe57⤵
- Executes dropped EXE
-
\??\c:\r73o7d1.exec:\r73o7d1.exe58⤵
- Executes dropped EXE
-
\??\c:\814r7.exec:\814r7.exe59⤵
- Executes dropped EXE
-
\??\c:\qj36j5f.exec:\qj36j5f.exe60⤵
- Executes dropped EXE
-
\??\c:\k8sm86v.exec:\k8sm86v.exe61⤵
- Executes dropped EXE
-
\??\c:\w6wxa31.exec:\w6wxa31.exe62⤵
- Executes dropped EXE
-
\??\c:\q9oq52.exec:\q9oq52.exe63⤵
- Executes dropped EXE
-
\??\c:\gn1m1c.exec:\gn1m1c.exe64⤵
- Executes dropped EXE
-
\??\c:\n3799.exec:\n3799.exe65⤵
- Executes dropped EXE
-
\??\c:\x2204nc.exec:\x2204nc.exe66⤵
-
\??\c:\bw83u14.exec:\bw83u14.exe67⤵
-
\??\c:\21mw1wq.exec:\21mw1wq.exe68⤵
-
\??\c:\g90u57.exec:\g90u57.exe69⤵
-
\??\c:\5sggq3i.exec:\5sggq3i.exe70⤵
-
\??\c:\353lbe.exec:\353lbe.exe71⤵
-
\??\c:\x2p8w.exec:\x2p8w.exe72⤵
-
\??\c:\2skai.exec:\2skai.exe73⤵
-
\??\c:\pr31i73.exec:\pr31i73.exe74⤵
-
\??\c:\uo1ik2.exec:\uo1ik2.exe75⤵
-
\??\c:\9575375.exec:\9575375.exe76⤵
-
\??\c:\00q9wo.exec:\00q9wo.exe77⤵
-
\??\c:\r3jc47q.exec:\r3jc47q.exe78⤵
-
\??\c:\vgqkcg7.exec:\vgqkcg7.exe79⤵
-
\??\c:\7kgko.exec:\7kgko.exe80⤵
-
\??\c:\65e7hdk.exec:\65e7hdk.exe81⤵
-
\??\c:\1ah39k.exec:\1ah39k.exe82⤵
-
\??\c:\xcr9a77.exec:\xcr9a77.exe83⤵
-
\??\c:\2w29ik.exec:\2w29ik.exe84⤵
-
\??\c:\x2955.exec:\x2955.exe85⤵
-
\??\c:\6n0k28.exec:\6n0k28.exe86⤵
-
\??\c:\87c5ma2.exec:\87c5ma2.exe87⤵
-
\??\c:\9fooo.exec:\9fooo.exe88⤵
-
\??\c:\bcv8ev.exec:\bcv8ev.exe89⤵
-
\??\c:\2ud5mg.exec:\2ud5mg.exe90⤵
-
\??\c:\bob3q.exec:\bob3q.exe91⤵
-
\??\c:\4g4p9.exec:\4g4p9.exe92⤵
-
\??\c:\c3uamg.exec:\c3uamg.exe93⤵
-
\??\c:\x77wx6e.exec:\x77wx6e.exe94⤵
-
\??\c:\u35a1i.exec:\u35a1i.exe95⤵
-
\??\c:\jw95wx.exec:\jw95wx.exe96⤵
-
\??\c:\0cj92.exec:\0cj92.exe97⤵
-
\??\c:\69mc1.exec:\69mc1.exe98⤵
-
\??\c:\60qn45.exec:\60qn45.exe99⤵
-
\??\c:\5i5aoei.exec:\5i5aoei.exe100⤵
-
\??\c:\f5gka7.exec:\f5gka7.exe101⤵
-
\??\c:\bccq5.exec:\bccq5.exe102⤵
-
\??\c:\v59552p.exec:\v59552p.exe103⤵
-
\??\c:\jg58b92.exec:\jg58b92.exe104⤵
-
\??\c:\83eh0ij.exec:\83eh0ij.exe105⤵
-
\??\c:\0wf0c78.exec:\0wf0c78.exe106⤵
-
\??\c:\22333.exec:\22333.exe107⤵
-
\??\c:\i14w57.exec:\i14w57.exe108⤵
-
\??\c:\09kt5.exec:\09kt5.exe109⤵
-
\??\c:\69m1ia.exec:\69m1ia.exe110⤵
-
\??\c:\4j378.exec:\4j378.exe111⤵
-
\??\c:\1t16v.exec:\1t16v.exe112⤵
-
\??\c:\m5m115.exec:\m5m115.exe113⤵
-
\??\c:\414ew.exec:\414ew.exe114⤵
-
\??\c:\3gai9u.exec:\3gai9u.exe115⤵
-
\??\c:\vad6w51.exec:\vad6w51.exe116⤵
-
\??\c:\09g5k1.exec:\09g5k1.exe117⤵
-
\??\c:\l7133.exec:\l7133.exe118⤵
-
\??\c:\m0ol3kg.exec:\m0ol3kg.exe119⤵
-
\??\c:\p9wl2i3.exec:\p9wl2i3.exe120⤵
-
\??\c:\u3aj1ua.exec:\u3aj1ua.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-