Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
166s -
max time network
179s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
09/04/2024, 23:30
General
-
Target
d1b3eb950001496ed4f7a05f5bc2f5b1.exe
-
Size
246KB
-
MD5
d1b3eb950001496ed4f7a05f5bc2f5b1
-
SHA1
e2b2793b017e358fb1e5731947c67e35cc5ee52d
-
SHA256
18a4a95585340aa6c9e7cfd70ac005e87abb1b35b7944112ef33ae37c888ded8
-
SHA512
6a7e5a1b0f93cb4e71aa61dbd2e463a8e1dd3d43c0bb53a4657a060a57a17e935001edaca6e245030ee11b17df45d1d426b4896e9c51b2ebd777e93e890c30f3
-
SSDEEP
3072:chOmTsF93UYfwC6GIoutieyhC2lbgGi5yLpcgDE4JBuItR8pTsgZ9WT4iaz+s:ccm4FmowdHoSi9EIBftapTs4WZazp
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d1b3eb950001496ed4f7a05f5bc2f5b1.exe"C:\Users\Admin\AppData\Local\Temp\d1b3eb950001496ed4f7a05f5bc2f5b1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\4xu905.exec:\4xu905.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2ai611.exec:\2ai611.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d0026n6.exec:\d0026n6.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\loisj.exec:\loisj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\57p1q.exec:\57p1q.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7414svt.exec:\7414svt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\971co.exec:\971co.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\83ks16.exec:\83ks16.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t7uld6k.exec:\t7uld6k.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04xosw.exec:\04xosw.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1g3t6o.exec:\1g3t6o.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1u5918.exec:\1u5918.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s6mnte7.exec:\s6mnte7.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\11xo8r.exec:\11xo8r.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x577e53.exec:\x577e53.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ol5wb2.exec:\3ol5wb2.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\431f9.exec:\431f9.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\37rk7so.exec:\37rk7so.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g3kb2o4.exec:\g3kb2o4.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tj0395.exec:\tj0395.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\400188j.exec:\400188j.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u3t13.exec:\u3t13.exe23⤵
- Executes dropped EXE
-
\??\c:\82q90u.exec:\82q90u.exe24⤵
- Executes dropped EXE
-
\??\c:\cas97a5.exec:\cas97a5.exe25⤵
- Executes dropped EXE
-
\??\c:\s37563.exec:\s37563.exe26⤵
- Executes dropped EXE
-
\??\c:\2c6gneq.exec:\2c6gneq.exe27⤵
- Executes dropped EXE
-
\??\c:\t33m74.exec:\t33m74.exe28⤵
- Executes dropped EXE
-
\??\c:\dkw1k7u.exec:\dkw1k7u.exe29⤵
- Executes dropped EXE
-
\??\c:\52g90g.exec:\52g90g.exe30⤵
- Executes dropped EXE
-
\??\c:\7a73101.exec:\7a73101.exe31⤵
- Executes dropped EXE
-
\??\c:\hb39qe.exec:\hb39qe.exe32⤵
- Executes dropped EXE
-
\??\c:\01wet.exec:\01wet.exe33⤵
- Executes dropped EXE
-
\??\c:\vv43l.exec:\vv43l.exe34⤵
- Executes dropped EXE
-
\??\c:\2g83p.exec:\2g83p.exe35⤵
- Executes dropped EXE
-
\??\c:\v0tcx7.exec:\v0tcx7.exe36⤵
- Executes dropped EXE
-
\??\c:\6uxa8.exec:\6uxa8.exe37⤵
- Executes dropped EXE
-
\??\c:\m6363b0.exec:\m6363b0.exe38⤵
- Executes dropped EXE
-
\??\c:\6224466.exec:\6224466.exe39⤵
- Executes dropped EXE
-
\??\c:\51wr0k0.exec:\51wr0k0.exe40⤵
- Executes dropped EXE
-
\??\c:\84i67b.exec:\84i67b.exe41⤵
- Executes dropped EXE
-
\??\c:\h8vv7m.exec:\h8vv7m.exe42⤵
- Executes dropped EXE
-
\??\c:\c211r.exec:\c211r.exe43⤵
- Executes dropped EXE
-
\??\c:\406440.exec:\406440.exe44⤵
- Executes dropped EXE
-
\??\c:\j5g9g4.exec:\j5g9g4.exe45⤵
- Executes dropped EXE
-
\??\c:\3g8klu9.exec:\3g8klu9.exe46⤵
- Executes dropped EXE
-
\??\c:\982q3i1.exec:\982q3i1.exe47⤵
- Executes dropped EXE
-
\??\c:\fuc0ek.exec:\fuc0ek.exe48⤵
- Executes dropped EXE
-
\??\c:\u49q6l3.exec:\u49q6l3.exe49⤵
- Executes dropped EXE
-
\??\c:\96551lu.exec:\96551lu.exe50⤵
- Executes dropped EXE
-
\??\c:\2131i.exec:\2131i.exe51⤵
- Executes dropped EXE
-
\??\c:\oo91heo.exec:\oo91heo.exe52⤵
- Executes dropped EXE
-
\??\c:\s1q0k6.exec:\s1q0k6.exe53⤵
- Executes dropped EXE
-
\??\c:\5qh92l.exec:\5qh92l.exe54⤵
- Executes dropped EXE
-
\??\c:\7g9vv2.exec:\7g9vv2.exe55⤵
- Executes dropped EXE
-
\??\c:\l4qeu99.exec:\l4qeu99.exe56⤵
- Executes dropped EXE
-
\??\c:\4crf6a7.exec:\4crf6a7.exe57⤵
- Executes dropped EXE
-
\??\c:\6krmkl9.exec:\6krmkl9.exe58⤵
- Executes dropped EXE
-
\??\c:\5r910ql.exec:\5r910ql.exe59⤵
- Executes dropped EXE
-
\??\c:\ud401.exec:\ud401.exe60⤵
- Executes dropped EXE
-
\??\c:\658h74.exec:\658h74.exe61⤵
- Executes dropped EXE
-
\??\c:\61s0n.exec:\61s0n.exe62⤵
- Executes dropped EXE
-
\??\c:\7q7g9.exec:\7q7g9.exe63⤵
- Executes dropped EXE
-
\??\c:\m8l99r.exec:\m8l99r.exe64⤵
- Executes dropped EXE
-
\??\c:\h00e7l2.exec:\h00e7l2.exe65⤵
- Executes dropped EXE
-
\??\c:\05729l.exec:\05729l.exe66⤵
-
\??\c:\4e76uu.exec:\4e76uu.exe67⤵
-
\??\c:\8ww6d5x.exec:\8ww6d5x.exe68⤵
-
\??\c:\1o9s1q3.exec:\1o9s1q3.exe69⤵
-
\??\c:\45ge65g.exec:\45ge65g.exe70⤵
-
\??\c:\ns1kk.exec:\ns1kk.exe71⤵
-
\??\c:\39pg854.exec:\39pg854.exe72⤵
-
\??\c:\0cqwu.exec:\0cqwu.exe73⤵
-
\??\c:\l2tq3xa.exec:\l2tq3xa.exe74⤵
-
\??\c:\4460026.exec:\4460026.exe75⤵
-
\??\c:\64be8u.exec:\64be8u.exe76⤵
-
\??\c:\5expe.exec:\5expe.exe77⤵
-
\??\c:\cma3b.exec:\cma3b.exe78⤵
-
\??\c:\197ag.exec:\197ag.exe79⤵
-
\??\c:\r8f52.exec:\r8f52.exe80⤵
-
\??\c:\8flaw.exec:\8flaw.exe81⤵
-
\??\c:\4115s9.exec:\4115s9.exe82⤵
-
\??\c:\5t5ii77.exec:\5t5ii77.exe83⤵
-
\??\c:\2vn12.exec:\2vn12.exe84⤵
-
\??\c:\8473hk5.exec:\8473hk5.exe85⤵
-
\??\c:\7dwog67.exec:\7dwog67.exe86⤵
-
\??\c:\3o320fw.exec:\3o320fw.exe87⤵
-
\??\c:\87777.exec:\87777.exe88⤵
-
\??\c:\9mr901.exec:\9mr901.exe89⤵
-
\??\c:\66a51w9.exec:\66a51w9.exe90⤵
-
\??\c:\7p2643k.exec:\7p2643k.exe91⤵
-
\??\c:\gm9wgs2.exec:\gm9wgs2.exe92⤵
-
\??\c:\o2n01.exec:\o2n01.exe93⤵
-
\??\c:\471kk1.exec:\471kk1.exe94⤵
-
\??\c:\43j7e3.exec:\43j7e3.exe95⤵
-
\??\c:\16l27r.exec:\16l27r.exe96⤵
-
\??\c:\742gn4.exec:\742gn4.exe97⤵
-
\??\c:\6o0xa.exec:\6o0xa.exe98⤵
-
\??\c:\xga4ew.exec:\xga4ew.exe99⤵
-
\??\c:\3fs13.exec:\3fs13.exe100⤵
-
\??\c:\413904.exec:\413904.exe101⤵
-
\??\c:\3o13g.exec:\3o13g.exe102⤵
-
\??\c:\ko46p.exec:\ko46p.exe103⤵
-
\??\c:\mk57gxn.exec:\mk57gxn.exe104⤵
-
\??\c:\uec61p.exec:\uec61p.exe105⤵
-
\??\c:\ss4000.exec:\ss4000.exe106⤵
-
\??\c:\lw4f1s.exec:\lw4f1s.exe107⤵
-
\??\c:\d9b9371.exec:\d9b9371.exe108⤵
-
\??\c:\6oc3r13.exec:\6oc3r13.exe109⤵
-
\??\c:\084d7b1.exec:\084d7b1.exe110⤵
-
\??\c:\6m117.exec:\6m117.exe111⤵
-
\??\c:\sr61mc0.exec:\sr61mc0.exe112⤵
-
\??\c:\1o62s.exec:\1o62s.exe113⤵
-
\??\c:\23637n.exec:\23637n.exe114⤵
-
\??\c:\3fe5o1.exec:\3fe5o1.exe115⤵
-
\??\c:\1132s62.exec:\1132s62.exe116⤵
-
\??\c:\c8814.exec:\c8814.exe117⤵
-
\??\c:\pqee90q.exec:\pqee90q.exe118⤵
-
\??\c:\ir5r1.exec:\ir5r1.exe119⤵
-
\??\c:\d3159.exec:\d3159.exe120⤵
-
\??\c:\015174.exec:\015174.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-