Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10/04/2024, 23:18
General
-
Target
7306dfaf84673f2db9fccdab2ee6b7baf118f208f8ee134a93f0bc215448b1c8.exe
-
Size
103KB
-
MD5
5c0cf48b202a45c512f07905ca72745d
-
SHA1
3c749115cd421e4d556114e0b7310f009e204de6
-
SHA256
7306dfaf84673f2db9fccdab2ee6b7baf118f208f8ee134a93f0bc215448b1c8
-
SHA512
87f58ba0c834baeba3cb9402d6bfaf3d64489e4004f77dffeddb64168c2cbb47e6edbaedf0e68f95344df5f567448cc5eb27e443e83015a67059a969bebb86ea
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoTNKDeS98hPUdHV7RNzfnLnN3o2:ymb3NkkiQ3mdBjFo5KDe88g1fRcu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 45 IoCs
-
UPX dump on OEP (original entry point) 60 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 60 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7306dfaf84673f2db9fccdab2ee6b7baf118f208f8ee134a93f0bc215448b1c8.exe"C:\Users\Admin\AppData\Local\Temp\7306dfaf84673f2db9fccdab2ee6b7baf118f208f8ee134a93f0bc215448b1c8.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ro1cig.exec:\ro1cig.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c0ifl.exec:\c0ifl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0e41wk.exec:\0e41wk.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h85kh.exec:\h85kh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k1x3gj.exec:\k1x3gj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v0gkoxm.exec:\v0gkoxm.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c3669d.exec:\c3669d.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\47ud3.exec:\47ud3.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wg9sm.exec:\wg9sm.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4tn39.exec:\4tn39.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q1vm943.exec:\q1vm943.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rg615xx.exec:\rg615xx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\37a7q.exec:\37a7q.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h7lv1e.exec:\h7lv1e.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2v5va.exec:\2v5va.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6euad.exec:\6euad.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j87922.exec:\j87922.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hoa1.exec:\1hoa1.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\anhuv8.exec:\anhuv8.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e0629.exec:\e0629.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b289rei.exec:\b289rei.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\098ge.exec:\098ge.exe23⤵
- Executes dropped EXE
-
\??\c:\8rbr5n.exec:\8rbr5n.exe24⤵
- Executes dropped EXE
-
\??\c:\wfsw75.exec:\wfsw75.exe25⤵
- Executes dropped EXE
-
\??\c:\ktlsh.exec:\ktlsh.exe26⤵
- Executes dropped EXE
-
\??\c:\87xnc69.exec:\87xnc69.exe27⤵
- Executes dropped EXE
-
\??\c:\x2f70jq.exec:\x2f70jq.exe28⤵
- Executes dropped EXE
-
\??\c:\md5d5.exec:\md5d5.exe29⤵
- Executes dropped EXE
-
\??\c:\91wtt.exec:\91wtt.exe30⤵
- Executes dropped EXE
-
\??\c:\9i639.exec:\9i639.exe31⤵
- Executes dropped EXE
-
\??\c:\8707q8.exec:\8707q8.exe32⤵
- Executes dropped EXE
-
\??\c:\w2551d.exec:\w2551d.exe33⤵
- Executes dropped EXE
-
\??\c:\h0r0a.exec:\h0r0a.exe34⤵
- Executes dropped EXE
-
\??\c:\835x871.exec:\835x871.exe35⤵
- Executes dropped EXE
-
\??\c:\q71fof.exec:\q71fof.exe36⤵
- Executes dropped EXE
-
\??\c:\uab1d33.exec:\uab1d33.exe37⤵
- Executes dropped EXE
-
\??\c:\hp1n9.exec:\hp1n9.exe38⤵
- Executes dropped EXE
-
\??\c:\4a8aap.exec:\4a8aap.exe39⤵
- Executes dropped EXE
-
\??\c:\9ntc1.exec:\9ntc1.exe40⤵
- Executes dropped EXE
-
\??\c:\w8ajd.exec:\w8ajd.exe41⤵
- Executes dropped EXE
-
\??\c:\7fm89.exec:\7fm89.exe42⤵
- Executes dropped EXE
-
\??\c:\m23nc1u.exec:\m23nc1u.exe43⤵
- Executes dropped EXE
-
\??\c:\2teo9m1.exec:\2teo9m1.exe44⤵
- Executes dropped EXE
-
\??\c:\8471579.exec:\8471579.exe45⤵
- Executes dropped EXE
-
\??\c:\q73fu72.exec:\q73fu72.exe46⤵
- Executes dropped EXE
-
\??\c:\na5h73l.exec:\na5h73l.exe47⤵
- Executes dropped EXE
-
\??\c:\sh7w9g2.exec:\sh7w9g2.exe48⤵
- Executes dropped EXE
-
\??\c:\n5qkf3.exec:\n5qkf3.exe49⤵
- Executes dropped EXE
-
\??\c:\fox14f5.exec:\fox14f5.exe50⤵
- Executes dropped EXE
-
\??\c:\47fxpk3.exec:\47fxpk3.exe51⤵
- Executes dropped EXE
-
\??\c:\5291h.exec:\5291h.exe52⤵
- Executes dropped EXE
-
\??\c:\8bq42r.exec:\8bq42r.exe53⤵
- Executes dropped EXE
-
\??\c:\11crg.exec:\11crg.exe54⤵
- Executes dropped EXE
-
\??\c:\84u6p8.exec:\84u6p8.exe55⤵
- Executes dropped EXE
-
\??\c:\r842gs.exec:\r842gs.exe56⤵
- Executes dropped EXE
-
\??\c:\t3t7o.exec:\t3t7o.exe57⤵
- Executes dropped EXE
-
\??\c:\511712.exec:\511712.exe58⤵
- Executes dropped EXE
-
\??\c:\u5m0r2.exec:\u5m0r2.exe59⤵
- Executes dropped EXE
-
\??\c:\3v15g.exec:\3v15g.exe60⤵
- Executes dropped EXE
-
\??\c:\fvvnbj.exec:\fvvnbj.exe61⤵
- Executes dropped EXE
-
\??\c:\qou43.exec:\qou43.exe62⤵
- Executes dropped EXE
-
\??\c:\6t1f9.exec:\6t1f9.exe63⤵
- Executes dropped EXE
-
\??\c:\59s3p.exec:\59s3p.exe64⤵
- Executes dropped EXE
-
\??\c:\k93ff.exec:\k93ff.exe65⤵
- Executes dropped EXE
-
\??\c:\37wt02.exec:\37wt02.exe66⤵
-
\??\c:\d53r3fp.exec:\d53r3fp.exe67⤵
-
\??\c:\f593v01.exec:\f593v01.exe68⤵
-
\??\c:\751v392.exec:\751v392.exe69⤵
-
\??\c:\3aq83qn.exec:\3aq83qn.exe70⤵
-
\??\c:\t3l6v8.exec:\t3l6v8.exe71⤵
-
\??\c:\kqfa3.exec:\kqfa3.exe72⤵
-
\??\c:\a9ufd.exec:\a9ufd.exe73⤵
-
\??\c:\24t7x.exec:\24t7x.exe74⤵
-
\??\c:\hi8ssb.exec:\hi8ssb.exe75⤵
-
\??\c:\m7e1jw.exec:\m7e1jw.exe76⤵
-
\??\c:\lla97.exec:\lla97.exe77⤵
-
\??\c:\pwq8i.exec:\pwq8i.exe78⤵
-
\??\c:\18299.exec:\18299.exe79⤵
-
\??\c:\k6gmm.exec:\k6gmm.exe80⤵
-
\??\c:\j2apc6c.exec:\j2apc6c.exe81⤵
-
\??\c:\465m07d.exec:\465m07d.exe82⤵
-
\??\c:\936vh.exec:\936vh.exe83⤵
-
\??\c:\59o2g.exec:\59o2g.exe84⤵
-
\??\c:\q7s1kq.exec:\q7s1kq.exe85⤵
-
\??\c:\n6297.exec:\n6297.exe86⤵
-
\??\c:\3i69j.exec:\3i69j.exe87⤵
-
\??\c:\931hqkr.exec:\931hqkr.exe88⤵
-
\??\c:\13fur.exec:\13fur.exe89⤵
-
\??\c:\x0848.exec:\x0848.exe90⤵
-
\??\c:\i3h121.exec:\i3h121.exe91⤵
-
\??\c:\4kqxa44.exec:\4kqxa44.exe92⤵
-
\??\c:\3sd1ico.exec:\3sd1ico.exe93⤵
-
\??\c:\626x3.exec:\626x3.exe94⤵
-
\??\c:\4oadqc.exec:\4oadqc.exe95⤵
-
\??\c:\7ev4eu.exec:\7ev4eu.exe96⤵
-
\??\c:\65d3g5l.exec:\65d3g5l.exe97⤵
-
\??\c:\us58e.exec:\us58e.exe98⤵
-
\??\c:\670if32.exec:\670if32.exe99⤵
-
\??\c:\jn0315.exec:\jn0315.exe100⤵
-
\??\c:\v65o0v.exec:\v65o0v.exe101⤵
-
\??\c:\c53f59r.exec:\c53f59r.exe102⤵
-
\??\c:\x4s9t98.exec:\x4s9t98.exe103⤵
-
\??\c:\h3781.exec:\h3781.exe104⤵
-
\??\c:\32u36.exec:\32u36.exe105⤵
-
\??\c:\e4nwi1.exec:\e4nwi1.exe106⤵
-
\??\c:\5clr1.exec:\5clr1.exe107⤵
-
\??\c:\clp20.exec:\clp20.exe108⤵
-
\??\c:\jh4uo25.exec:\jh4uo25.exe109⤵
-
\??\c:\rrfgw81.exec:\rrfgw81.exe110⤵
-
\??\c:\e1u96.exec:\e1u96.exe111⤵
-
\??\c:\103758r.exec:\103758r.exe112⤵
-
\??\c:\s1o3ix7.exec:\s1o3ix7.exe113⤵
-
\??\c:\93s632v.exec:\93s632v.exe114⤵
-
\??\c:\3w3mj3.exec:\3w3mj3.exe115⤵
-
\??\c:\3l53us.exec:\3l53us.exe116⤵
-
\??\c:\hur93cx.exec:\hur93cx.exe117⤵
-
\??\c:\5j519g2.exec:\5j519g2.exe118⤵
-
\??\c:\09vs5.exec:\09vs5.exe119⤵
-
\??\c:\g19u3.exec:\g19u3.exe120⤵
-
\??\c:\57u9c7.exec:\57u9c7.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-