Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05/04/2024, 21:33
Errors
Reason
Machine shutdown
General
-
Target
539162b8cb67fedd37b9a100ee4726f29e247b4508e38c7f15ecb0cf97854994.exe
-
Size
88KB
-
MD5
6cfc779b04fce1fdd01d26f556ce007b
-
SHA1
42cf6538f8ba94392183890f98041d23674c3caa
-
SHA256
539162b8cb67fedd37b9a100ee4726f29e247b4508e38c7f15ecb0cf97854994
-
SHA512
382ec0b9cf8623a806e54e5008d610d7dd7b87182783ac7674e62a0b5a281531b15c11f148959c50af14f4044ec799469abc2be522c937cfb59ed027fa1a98d4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDISoFGDvPGB1haZJK:ymb3NkkiQ3mdBjFIk7+czK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
UPX dump on OEP (original entry point) 60 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 60 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\539162b8cb67fedd37b9a100ee4726f29e247b4508e38c7f15ecb0cf97854994.exe"C:\Users\Admin\AppData\Local\Temp\539162b8cb67fedd37b9a100ee4726f29e247b4508e38c7f15ecb0cf97854994.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\45u3a.exec:\45u3a.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fq64jcb.exec:\fq64jcb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5h9emf6.exec:\5h9emf6.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w8ki1.exec:\w8ki1.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c8hr4.exec:\c8hr4.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d33c3e5.exec:\d33c3e5.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxw0jl2.exec:\jxw0jl2.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\62wh5x.exec:\62wh5x.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\79q5e.exec:\79q5e.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hu3b2.exec:\hu3b2.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\85v479h.exec:\85v479h.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5g76q.exec:\5g76q.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4678u.exec:\4678u.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1w7ajo.exec:\1w7ajo.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p3ub9s1.exec:\p3ub9s1.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\487sp8.exec:\487sp8.exe17⤵
- Executes dropped EXE
-
\??\c:\492c1.exec:\492c1.exe18⤵
- Executes dropped EXE
-
\??\c:\fj4c8.exec:\fj4c8.exe19⤵
- Executes dropped EXE
-
\??\c:\8993ax5.exec:\8993ax5.exe20⤵
- Executes dropped EXE
-
\??\c:\5qfhs.exec:\5qfhs.exe21⤵
- Executes dropped EXE
-
\??\c:\4040x5h.exec:\4040x5h.exe22⤵
- Executes dropped EXE
-
\??\c:\454e9.exec:\454e9.exe23⤵
- Executes dropped EXE
-
\??\c:\9p166v.exec:\9p166v.exe24⤵
- Executes dropped EXE
-
\??\c:\ri1vr1a.exec:\ri1vr1a.exe25⤵
- Executes dropped EXE
-
\??\c:\s2ac18.exec:\s2ac18.exe26⤵
- Executes dropped EXE
-
\??\c:\6au627.exec:\6au627.exe27⤵
- Executes dropped EXE
-
\??\c:\ps0mc3s.exec:\ps0mc3s.exe28⤵
- Executes dropped EXE
-
\??\c:\3c9q9g.exec:\3c9q9g.exe29⤵
- Executes dropped EXE
-
\??\c:\l916sq.exec:\l916sq.exe30⤵
- Executes dropped EXE
-
\??\c:\1h9u6.exec:\1h9u6.exe31⤵
- Executes dropped EXE
-
\??\c:\xp1cq5h.exec:\xp1cq5h.exe32⤵
- Executes dropped EXE
-
\??\c:\wg4084.exec:\wg4084.exe33⤵
- Executes dropped EXE
-
\??\c:\1ip79.exec:\1ip79.exe34⤵
- Executes dropped EXE
-
\??\c:\fc6c5.exec:\fc6c5.exe35⤵
- Executes dropped EXE
-
\??\c:\esw4x.exec:\esw4x.exe36⤵
- Executes dropped EXE
-
\??\c:\v7848v.exec:\v7848v.exe37⤵
- Executes dropped EXE
-
\??\c:\7qowq.exec:\7qowq.exe38⤵
- Executes dropped EXE
-
\??\c:\2nq80.exec:\2nq80.exe39⤵
- Executes dropped EXE
-
\??\c:\g2iapi.exec:\g2iapi.exe40⤵
- Executes dropped EXE
-
\??\c:\506jh6.exec:\506jh6.exe41⤵
- Executes dropped EXE
-
\??\c:\63igo.exec:\63igo.exe42⤵
- Executes dropped EXE
-
\??\c:\59b6r3.exec:\59b6r3.exe43⤵
- Executes dropped EXE
-
\??\c:\e87184.exec:\e87184.exe44⤵
- Executes dropped EXE
-
\??\c:\1an9175.exec:\1an9175.exe45⤵
- Executes dropped EXE
-
\??\c:\uat50c6.exec:\uat50c6.exe46⤵
- Executes dropped EXE
-
\??\c:\32k277q.exec:\32k277q.exe47⤵
- Executes dropped EXE
-
\??\c:\7cx78f6.exec:\7cx78f6.exe48⤵
- Executes dropped EXE
-
\??\c:\1u8968.exec:\1u8968.exe49⤵
- Executes dropped EXE
-
\??\c:\imo1so.exec:\imo1so.exe50⤵
- Executes dropped EXE
-
\??\c:\hck93.exec:\hck93.exe51⤵
- Executes dropped EXE
-
\??\c:\5xihbf.exec:\5xihbf.exe52⤵
- Executes dropped EXE
-
\??\c:\fo3lmr.exec:\fo3lmr.exe53⤵
- Executes dropped EXE
-
\??\c:\uqra5.exec:\uqra5.exe54⤵
- Executes dropped EXE
-
\??\c:\dl0sr2.exec:\dl0sr2.exe55⤵
- Executes dropped EXE
-
\??\c:\micw10.exec:\micw10.exe56⤵
- Executes dropped EXE
-
\??\c:\3g30m.exec:\3g30m.exe57⤵
- Executes dropped EXE
-
\??\c:\43sd50.exec:\43sd50.exe58⤵
- Executes dropped EXE
-
\??\c:\613315.exec:\613315.exe59⤵
- Executes dropped EXE
-
\??\c:\eiikw.exec:\eiikw.exe60⤵
- Executes dropped EXE
-
\??\c:\t61u7g7.exec:\t61u7g7.exe61⤵
- Executes dropped EXE
-
\??\c:\21ck11.exec:\21ck11.exe62⤵
- Executes dropped EXE
-
\??\c:\54l690r.exec:\54l690r.exe63⤵
- Executes dropped EXE
-
\??\c:\j6acb.exec:\j6acb.exe64⤵
- Executes dropped EXE
-
\??\c:\31pk0q.exec:\31pk0q.exe65⤵
- Executes dropped EXE
-
\??\c:\1c14i.exec:\1c14i.exe66⤵
-
\??\c:\imxvv76.exec:\imxvv76.exe67⤵
-
\??\c:\8j714s7.exec:\8j714s7.exe68⤵
-
\??\c:\m8ih0w.exec:\m8ih0w.exe69⤵
-
\??\c:\bmf8tu4.exec:\bmf8tu4.exe70⤵
-
\??\c:\0grkv.exec:\0grkv.exe71⤵
-
\??\c:\15smh.exec:\15smh.exe72⤵
-
\??\c:\w96k7o.exec:\w96k7o.exe73⤵
-
\??\c:\s57373.exec:\s57373.exe74⤵
-
\??\c:\77x17r.exec:\77x17r.exe75⤵
-
\??\c:\80jt6.exec:\80jt6.exe76⤵
-
\??\c:\jv28f.exec:\jv28f.exe77⤵
-
\??\c:\9p3i0.exec:\9p3i0.exe78⤵
-
\??\c:\0200o24.exec:\0200o24.exe79⤵
-
\??\c:\u44wm8r.exec:\u44wm8r.exe80⤵
-
\??\c:\9517ml.exec:\9517ml.exe81⤵
-
\??\c:\93mccoc.exec:\93mccoc.exe82⤵
-
\??\c:\q1xx2q.exec:\q1xx2q.exe83⤵
-
\??\c:\5qesw.exec:\5qesw.exe84⤵
-
\??\c:\i999l3r.exec:\i999l3r.exe85⤵
-
\??\c:\n5dllvu.exec:\n5dllvu.exe86⤵
-
\??\c:\1v9qf.exec:\1v9qf.exe87⤵
-
\??\c:\319m79.exec:\319m79.exe88⤵
-
\??\c:\t5l497x.exec:\t5l497x.exe89⤵
-
\??\c:\6s69ri.exec:\6s69ri.exe90⤵
-
\??\c:\h92gm.exec:\h92gm.exe91⤵
-
\??\c:\699eid6.exec:\699eid6.exe92⤵
-
\??\c:\33uv58g.exec:\33uv58g.exe93⤵
-
\??\c:\a0i25ux.exec:\a0i25ux.exe94⤵
-
\??\c:\u6q7c.exec:\u6q7c.exe95⤵
-
\??\c:\5bb73.exec:\5bb73.exe96⤵
-
\??\c:\3m9bai.exec:\3m9bai.exe97⤵
-
\??\c:\u55bf6.exec:\u55bf6.exe98⤵
-
\??\c:\ec7ka2u.exec:\ec7ka2u.exe99⤵
-
\??\c:\n51qip.exec:\n51qip.exe100⤵
-
\??\c:\v2ve354.exec:\v2ve354.exe101⤵
-
\??\c:\4688kp.exec:\4688kp.exe102⤵
-
\??\c:\ft9qx1.exec:\ft9qx1.exe103⤵
-
\??\c:\x7t1up.exec:\x7t1up.exe104⤵
-
\??\c:\3r73ih.exec:\3r73ih.exe105⤵
-
\??\c:\hms9ki9.exec:\hms9ki9.exe106⤵
-
\??\c:\8kig46.exec:\8kig46.exe107⤵
-
\??\c:\ggtuw.exec:\ggtuw.exe108⤵
-
\??\c:\3u7q9.exec:\3u7q9.exe109⤵
-
\??\c:\tc51ux9.exec:\tc51ux9.exe110⤵
-
\??\c:\e1q4fvo.exec:\e1q4fvo.exe111⤵
-
\??\c:\5e71qg.exec:\5e71qg.exe112⤵
-
\??\c:\hsh3gn1.exec:\hsh3gn1.exe113⤵
-
\??\c:\dw7wg.exec:\dw7wg.exe114⤵
-
\??\c:\ukaqioc.exec:\ukaqioc.exe115⤵
-
\??\c:\6qmq126.exec:\6qmq126.exe116⤵
-
\??\c:\wt2k6h.exec:\wt2k6h.exe117⤵
-
\??\c:\1i36iv.exec:\1i36iv.exe118⤵
-
\??\c:\9710x.exec:\9710x.exe119⤵
-
\??\c:\b2f189r.exec:\b2f189r.exe120⤵
-
\??\c:\a37777c.exec:\a37777c.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-