Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
167s -
max time network
175s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
09/04/2024, 22:31
General
-
Target
4ce1cd0e655f19f9eed6a0a4a0132f12.exe
-
Size
421KB
-
MD5
4ce1cd0e655f19f9eed6a0a4a0132f12
-
SHA1
539b98f34c901653e3b3f5e9746d5f3a59d36d13
-
SHA256
29470fdd6e5dfdbd04340a8ac2d21eaf7d43f6363f03335a6d70d82b83f49ff1
-
SHA512
c8297995fa743cc9eaf5f5c1b991d70fd8a0b7492ca56be6db13c525c1c44fb3760551f2c780e9aba788d683142e9a1423967dac8673c7d477a1943cbca0283e
-
SSDEEP
12288:94wFHoSI1zBR/pMT9XvEhdfLzDIxwuUcJ/KE2eSgJ5xsbG2kgSziP3OM:KtBR/O9XvEhdfLzDIxwuUcJ/KE2eSgJQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 62 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4ce1cd0e655f19f9eed6a0a4a0132f12.exe"C:\Users\Admin\AppData\Local\Temp\4ce1cd0e655f19f9eed6a0a4a0132f12.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\k1o39ed.exec:\k1o39ed.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\skkgu53.exec:\skkgu53.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tqqo34.exec:\tqqo34.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xqimo.exec:\3xqimo.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\agx9gl4.exec:\agx9gl4.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ti5397.exec:\ti5397.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7353p.exec:\7353p.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i68pu.exec:\i68pu.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ho17g51.exec:\ho17g51.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fnooe.exec:\5fnooe.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p5ip509.exec:\p5ip509.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u7532w.exec:\u7532w.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\89q6mdu.exec:\89q6mdu.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t5c32x.exec:\t5c32x.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\09b0k62.exec:\09b0k62.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hgn5acw.exec:\hgn5acw.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xl3gf.exec:\xl3gf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\57cb8f9.exec:\57cb8f9.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o6a3i.exec:\o6a3i.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\59ag5.exec:\59ag5.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h1uif7a.exec:\h1uif7a.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\27i9kd9.exec:\27i9kd9.exe23⤵
- Executes dropped EXE
-
\??\c:\r590o.exec:\r590o.exe24⤵
- Executes dropped EXE
-
\??\c:\6h9wwg.exec:\6h9wwg.exe25⤵
- Executes dropped EXE
-
\??\c:\fi76h.exec:\fi76h.exe26⤵
- Executes dropped EXE
-
\??\c:\9q13wor.exec:\9q13wor.exe27⤵
- Executes dropped EXE
-
\??\c:\250i50.exec:\250i50.exe28⤵
- Executes dropped EXE
-
\??\c:\3r9n50.exec:\3r9n50.exe29⤵
- Executes dropped EXE
-
\??\c:\pxe896.exec:\pxe896.exe30⤵
- Executes dropped EXE
-
\??\c:\8l3csm.exec:\8l3csm.exe31⤵
- Executes dropped EXE
-
\??\c:\3kqiaam.exec:\3kqiaam.exe32⤵
- Executes dropped EXE
-
\??\c:\4ij1gd.exec:\4ij1gd.exe33⤵
- Executes dropped EXE
-
\??\c:\u92s32.exec:\u92s32.exe34⤵
- Executes dropped EXE
-
\??\c:\iwt1s.exec:\iwt1s.exe35⤵
- Executes dropped EXE
-
\??\c:\au37mt1.exec:\au37mt1.exe36⤵
- Executes dropped EXE
-
\??\c:\08h0po.exec:\08h0po.exe37⤵
- Executes dropped EXE
-
\??\c:\5ja5375.exec:\5ja5375.exe38⤵
- Executes dropped EXE
-
\??\c:\9emuc92.exec:\9emuc92.exe39⤵
- Executes dropped EXE
-
\??\c:\j12qn70.exec:\j12qn70.exe40⤵
- Executes dropped EXE
-
\??\c:\e9337.exec:\e9337.exe41⤵
- Executes dropped EXE
-
\??\c:\n8kmma.exec:\n8kmma.exe42⤵
- Executes dropped EXE
-
\??\c:\5ukcn1.exec:\5ukcn1.exe43⤵
- Executes dropped EXE
-
\??\c:\4b99ml.exec:\4b99ml.exe44⤵
- Executes dropped EXE
-
\??\c:\8t5w31o.exec:\8t5w31o.exe45⤵
- Executes dropped EXE
-
\??\c:\ga2c7eb.exec:\ga2c7eb.exe46⤵
- Executes dropped EXE
-
\??\c:\2kgcqi.exec:\2kgcqi.exe47⤵
- Executes dropped EXE
-
\??\c:\bt72k5.exec:\bt72k5.exe48⤵
- Executes dropped EXE
-
\??\c:\80tck.exec:\80tck.exe49⤵
- Executes dropped EXE
-
\??\c:\r9g3eh.exec:\r9g3eh.exe50⤵
- Executes dropped EXE
-
\??\c:\p50c38.exec:\p50c38.exe51⤵
- Executes dropped EXE
-
\??\c:\w1fgp.exec:\w1fgp.exe52⤵
- Executes dropped EXE
-
\??\c:\015197.exec:\015197.exe53⤵
- Executes dropped EXE
-
\??\c:\ad83du.exec:\ad83du.exe54⤵
- Executes dropped EXE
-
\??\c:\d875o.exec:\d875o.exe55⤵
- Executes dropped EXE
-
\??\c:\ds775.exec:\ds775.exe56⤵
- Executes dropped EXE
-
\??\c:\49qwm.exec:\49qwm.exe57⤵
- Executes dropped EXE
-
\??\c:\4dsiqc.exec:\4dsiqc.exe58⤵
- Executes dropped EXE
-
\??\c:\5x8eq.exec:\5x8eq.exe59⤵
- Executes dropped EXE
-
\??\c:\h60sa.exec:\h60sa.exe60⤵
- Executes dropped EXE
-
\??\c:\0s257.exec:\0s257.exe61⤵
- Executes dropped EXE
-
\??\c:\tsgi9.exec:\tsgi9.exe62⤵
- Executes dropped EXE
-
\??\c:\gx6cmw.exec:\gx6cmw.exe63⤵
-
\??\c:\5b1h3s.exec:\5b1h3s.exe64⤵
- Executes dropped EXE
-
\??\c:\2i75q94.exec:\2i75q94.exe65⤵
- Executes dropped EXE
-
\??\c:\41t18eb.exec:\41t18eb.exe66⤵
- Executes dropped EXE
-
\??\c:\85jk5.exec:\85jk5.exe67⤵
-
\??\c:\6bpceia.exec:\6bpceia.exe68⤵
-
\??\c:\t4ww34.exec:\t4ww34.exe69⤵
-
\??\c:\qxbn2xr.exec:\qxbn2xr.exe70⤵
-
\??\c:\22mlc87.exec:\22mlc87.exe71⤵
-
\??\c:\f04x1q.exec:\f04x1q.exe72⤵
-
\??\c:\o3w2j3w.exec:\o3w2j3w.exe73⤵
-
\??\c:\f13131.exec:\f13131.exe74⤵
-
\??\c:\9536m.exec:\9536m.exe75⤵
-
\??\c:\1n1737q.exec:\1n1737q.exe76⤵
-
\??\c:\jecow.exec:\jecow.exe77⤵
-
\??\c:\immc1.exec:\immc1.exe78⤵
-
\??\c:\85339.exec:\85339.exe79⤵
-
\??\c:\w1it3.exec:\w1it3.exe80⤵
-
\??\c:\1673717.exec:\1673717.exe81⤵
-
\??\c:\il6m33.exec:\il6m33.exe82⤵
-
\??\c:\59qt58.exec:\59qt58.exe83⤵
-
\??\c:\ag2mg.exec:\ag2mg.exe84⤵
-
\??\c:\894e7.exec:\894e7.exe85⤵
-
\??\c:\6dr96.exec:\6dr96.exe86⤵
-
\??\c:\hogok.exec:\hogok.exe87⤵
-
\??\c:\64gigk5.exec:\64gigk5.exe88⤵
-
\??\c:\g237rw.exec:\g237rw.exe89⤵
-
\??\c:\859179.exec:\859179.exe90⤵
-
\??\c:\0xd3q.exec:\0xd3q.exe91⤵
-
\??\c:\wvcic0a.exec:\wvcic0a.exe92⤵
-
\??\c:\4d0cx.exec:\4d0cx.exe93⤵
-
\??\c:\5t4gqmq.exec:\5t4gqmq.exe94⤵
-
\??\c:\8t773uv.exec:\8t773uv.exe95⤵
-
\??\c:\imp99uo.exec:\imp99uo.exe96⤵
-
\??\c:\6aux8q1.exec:\6aux8q1.exe97⤵
-
\??\c:\751t7q.exec:\751t7q.exe98⤵
-
\??\c:\io0t4sk.exec:\io0t4sk.exe99⤵
-
\??\c:\mig30u.exec:\mig30u.exe100⤵
-
\??\c:\no9im.exec:\no9im.exe101⤵
-
\??\c:\eoh8i8.exec:\eoh8i8.exe102⤵
-
\??\c:\n351pgg.exec:\n351pgg.exe103⤵
-
\??\c:\kct52.exec:\kct52.exe104⤵
-
\??\c:\8f5135.exec:\8f5135.exe105⤵
-
\??\c:\8cn2q.exec:\8cn2q.exe106⤵
-
\??\c:\m770kfj.exec:\m770kfj.exe107⤵
-
\??\c:\3195e.exec:\3195e.exe108⤵
-
\??\c:\xkiq9r.exec:\xkiq9r.exe109⤵
-
\??\c:\505jil9.exec:\505jil9.exe110⤵
-
\??\c:\9b35m.exec:\9b35m.exe111⤵
-
\??\c:\536wt.exec:\536wt.exe112⤵
-
\??\c:\kmnsa.exec:\kmnsa.exe113⤵
-
\??\c:\uaa5to.exec:\uaa5to.exe114⤵
-
\??\c:\7a9d5.exec:\7a9d5.exe115⤵
-
\??\c:\1gh7q.exec:\1gh7q.exe116⤵
-
\??\c:\rm9795.exec:\rm9795.exe117⤵
-
\??\c:\01595.exec:\01595.exe118⤵
-
\??\c:\8v78900.exec:\8v78900.exe119⤵
-
\??\c:\fkgwi.exec:\fkgwi.exe120⤵
-
\??\c:\npal3.exec:\npal3.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-