Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
21s -
max time network
37s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
26/03/2024, 20:10
General
-
Target
538304a2d2a3cd7df1a65c58c0aff5d8a9af3fb6927fb7585b1c56bac23563d7.exe
-
Size
66KB
-
MD5
06e34745e99bfca497f02c077302053c
-
SHA1
8b53741dcd22f671ee8fd41b6644b40a4b6822ac
-
SHA256
538304a2d2a3cd7df1a65c58c0aff5d8a9af3fb6927fb7585b1c56bac23563d7
-
SHA512
e0a75f66d7f986af50ce656c449abe2408f893c1ce68247da7973c7926e1e6f346b8615e707dd6c02630c226201a0a352cb9c08241157c51c969b6825035fbbb
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2HhvjRZbQ6:ymb3NkkiQ3mdBjF+3TU2HhvV66
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
UPX dump on OEP (original entry point) 52 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 52 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\538304a2d2a3cd7df1a65c58c0aff5d8a9af3fb6927fb7585b1c56bac23563d7.exe"C:\Users\Admin\AppData\Local\Temp\538304a2d2a3cd7df1a65c58c0aff5d8a9af3fb6927fb7585b1c56bac23563d7.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ecj7ml.exec:\ecj7ml.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b2o550u.exec:\b2o550u.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kaui6r.exec:\kaui6r.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5799d99.exec:\5799d99.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1n6uf.exec:\1n6uf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\21915.exec:\21915.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0o013u.exec:\0o013u.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\798ip0.exec:\798ip0.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6ej50q.exec:\6ej50q.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2f671.exec:\2f671.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qmx7q5.exec:\qmx7q5.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\430v9.exec:\430v9.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5917939.exec:\5917939.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8w2qn9.exec:\8w2qn9.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\818it31.exec:\818it31.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6811wf.exec:\6811wf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5kb5qb1.exec:\5kb5qb1.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mwuksk.exec:\mwuksk.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r7oakeq.exec:\r7oakeq.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jdhh.exec:\9jdhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\59i768t.exec:\59i768t.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4oskg.exec:\4oskg.exe23⤵
- Executes dropped EXE
-
\??\c:\8oap7m.exec:\8oap7m.exe24⤵
- Executes dropped EXE
-
\??\c:\va32o9c.exec:\va32o9c.exe25⤵
- Executes dropped EXE
-
\??\c:\212k7.exec:\212k7.exe26⤵
- Executes dropped EXE
-
\??\c:\950ka.exec:\950ka.exe27⤵
- Executes dropped EXE
-
\??\c:\h91939.exec:\h91939.exe28⤵
- Executes dropped EXE
-
\??\c:\iwsom95.exec:\iwsom95.exe29⤵
- Executes dropped EXE
-
\??\c:\gauwu.exec:\gauwu.exe30⤵
- Executes dropped EXE
-
\??\c:\nv12p70.exec:\nv12p70.exe31⤵
- Executes dropped EXE
-
\??\c:\hx09e.exec:\hx09e.exe32⤵
- Executes dropped EXE
-
\??\c:\37w6a.exec:\37w6a.exe33⤵
- Executes dropped EXE
-
\??\c:\l50sc.exec:\l50sc.exe34⤵
- Executes dropped EXE
-
\??\c:\276ix.exec:\276ix.exe35⤵
- Executes dropped EXE
-
\??\c:\35j17wr.exec:\35j17wr.exe36⤵
- Executes dropped EXE
-
\??\c:\o6en13.exec:\o6en13.exe37⤵
- Executes dropped EXE
-
\??\c:\s6599.exec:\s6599.exe38⤵
- Executes dropped EXE
-
\??\c:\28ox1gm.exec:\28ox1gm.exe39⤵
- Executes dropped EXE
-
\??\c:\x72g7.exec:\x72g7.exe40⤵
- Executes dropped EXE
-
\??\c:\17v2w.exec:\17v2w.exe41⤵
- Executes dropped EXE
-
\??\c:\sk54q3.exec:\sk54q3.exe42⤵
- Executes dropped EXE
-
\??\c:\5wb3eg7.exec:\5wb3eg7.exe43⤵
- Executes dropped EXE
-
\??\c:\61953.exec:\61953.exe44⤵
- Executes dropped EXE
-
\??\c:\b2qsq.exec:\b2qsq.exe45⤵
- Executes dropped EXE
-
\??\c:\qmpsu0.exec:\qmpsu0.exe46⤵
- Executes dropped EXE
-
\??\c:\380o7x0.exec:\380o7x0.exe47⤵
- Executes dropped EXE
-
\??\c:\15siu9.exec:\15siu9.exe48⤵
- Executes dropped EXE
-
\??\c:\le37s51.exec:\le37s51.exe49⤵
- Executes dropped EXE
-
\??\c:\ia54i3.exec:\ia54i3.exe50⤵
- Executes dropped EXE
-
\??\c:\39at58.exec:\39at58.exe51⤵
- Executes dropped EXE
-
\??\c:\5o9oei3.exec:\5o9oei3.exe52⤵
- Executes dropped EXE
-
\??\c:\73493ua.exec:\73493ua.exe53⤵
- Executes dropped EXE
-
\??\c:\0wigouo.exec:\0wigouo.exe54⤵
- Executes dropped EXE
-
\??\c:\8tqeq.exec:\8tqeq.exe55⤵
- Executes dropped EXE
-
\??\c:\6aoua.exec:\6aoua.exe56⤵
- Executes dropped EXE
-
\??\c:\119s97.exec:\119s97.exe57⤵
- Executes dropped EXE
-
\??\c:\us7775p.exec:\us7775p.exe58⤵
- Executes dropped EXE
-
\??\c:\fh6i31.exec:\fh6i31.exe59⤵
- Executes dropped EXE
-
\??\c:\sg3395.exec:\sg3395.exe60⤵
- Executes dropped EXE
-
\??\c:\m6c759.exec:\m6c759.exe61⤵
- Executes dropped EXE
-
\??\c:\596l1.exec:\596l1.exe62⤵
- Executes dropped EXE
-
\??\c:\0ic0rgj.exec:\0ic0rgj.exe63⤵
- Executes dropped EXE
-
\??\c:\n5w4e7.exec:\n5w4e7.exe64⤵
- Executes dropped EXE
-
\??\c:\4ieassj.exec:\4ieassj.exe65⤵
- Executes dropped EXE
-
\??\c:\j717p7.exec:\j717p7.exe66⤵
-
\??\c:\3r79751.exec:\3r79751.exe67⤵
-
\??\c:\h6q913.exec:\h6q913.exe68⤵
-
\??\c:\b0o1o.exec:\b0o1o.exe69⤵
-
\??\c:\qom50u.exec:\qom50u.exe70⤵
-
\??\c:\e25w1a.exec:\e25w1a.exe71⤵
-
\??\c:\13kj9.exec:\13kj9.exe72⤵
-
\??\c:\io3o55.exec:\io3o55.exe73⤵
-
\??\c:\6wcm0u.exec:\6wcm0u.exe74⤵
-
\??\c:\08933.exec:\08933.exe75⤵
-
\??\c:\t5s173.exec:\t5s173.exe76⤵
-
\??\c:\q7x7w.exec:\q7x7w.exe77⤵
-
\??\c:\177971.exec:\177971.exe78⤵
-
\??\c:\94kg33s.exec:\94kg33s.exe79⤵
-
\??\c:\4612pb4.exec:\4612pb4.exe80⤵
-
\??\c:\4v155.exec:\4v155.exe81⤵
-
\??\c:\1al7muw.exec:\1al7muw.exe82⤵
-
\??\c:\x0v1oc.exec:\x0v1oc.exe83⤵
-
\??\c:\iamuksg.exec:\iamuksg.exe84⤵
-
\??\c:\77ok90n.exec:\77ok90n.exe85⤵
-
\??\c:\4iicaiu.exec:\4iicaiu.exe86⤵
-
\??\c:\15sc9.exec:\15sc9.exe87⤵
-
\??\c:\qlcxv.exec:\qlcxv.exe88⤵
-
\??\c:\r4iiieo.exec:\r4iiieo.exe89⤵
-
\??\c:\9p2mqu.exec:\9p2mqu.exe90⤵
-
\??\c:\us0l3wa.exec:\us0l3wa.exe91⤵
-
\??\c:\km58d8.exec:\km58d8.exe92⤵
-
\??\c:\qe958wn.exec:\qe958wn.exe93⤵
-
\??\c:\umqcic.exec:\umqcic.exe94⤵
-
\??\c:\ockqm.exec:\ockqm.exe95⤵
-
\??\c:\swl5eo.exec:\swl5eo.exe96⤵
-
\??\c:\c0gd5.exec:\c0gd5.exe97⤵
-
\??\c:\mcwso.exec:\mcwso.exe98⤵
-
\??\c:\p94ko.exec:\p94ko.exe99⤵
-
\??\c:\294x4.exec:\294x4.exe100⤵
-
\??\c:\og54c.exec:\og54c.exe101⤵
-
\??\c:\l67u1.exec:\l67u1.exe102⤵
-
\??\c:\74h70w.exec:\74h70w.exe103⤵
-
\??\c:\xoawl6i.exec:\xoawl6i.exe104⤵
-
\??\c:\u6s90w.exec:\u6s90w.exe105⤵
-
\??\c:\f30m1.exec:\f30m1.exe106⤵
-
\??\c:\41960.exec:\41960.exe107⤵
-
\??\c:\5i91a.exec:\5i91a.exe108⤵
-
\??\c:\312a179.exec:\312a179.exe109⤵
-
\??\c:\d5951o.exec:\d5951o.exe110⤵
-
\??\c:\wics215.exec:\wics215.exe111⤵
-
\??\c:\098688.exec:\098688.exe112⤵
-
\??\c:\77skf1.exec:\77skf1.exe113⤵
-
\??\c:\93c34vo.exec:\93c34vo.exe114⤵
-
\??\c:\03ccm74.exec:\03ccm74.exe115⤵
-
\??\c:\okhsswq.exec:\okhsswq.exe116⤵
-
\??\c:\mcsuu.exec:\mcsuu.exe117⤵
-
\??\c:\9mp3op9.exec:\9mp3op9.exe118⤵
-
\??\c:\8j5957.exec:\8j5957.exe119⤵
-
\??\c:\55uf5.exec:\55uf5.exe120⤵
-
\??\c:\h19q37a.exec:\h19q37a.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-