Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    146s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/04/2024, 01:21

General

  • Target

    2a94bef55dd9fa7692bb27739a510e434c8a87d4c0661c8a70854bacdcf4ea67.exe

  • Size

    113KB

  • MD5

    7f1724a7f154d9be81887ef065dce1b1

  • SHA1

    0a060d513d209075c4d914b94ef1bbe6285b995d

  • SHA256

    2a94bef55dd9fa7692bb27739a510e434c8a87d4c0661c8a70854bacdcf4ea67

  • SHA512

    ff170925ff666c5558d4619c4ee133ec4a5ac5b2b23c188f280fea9b8d32bf7e81f584a5a445226e7ccdc62f7cd0fbb406a711173b0b48d7ef5a35de15350a46

  • SSDEEP

    1536:bViMsvI+AQX1OdBaKpVllHG/fdt+fV3JbB5OPnDE5+QDJ4rX27qTrf:bav9OdPx8wJ4rm7qn

Score
10/10

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

  • Detect Blackmoon payload 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a94bef55dd9fa7692bb27739a510e434c8a87d4c0661c8a70854bacdcf4ea67.exe
    "C:\Users\Admin\AppData\Local\Temp\2a94bef55dd9fa7692bb27739a510e434c8a87d4c0661c8a70854bacdcf4ea67.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2224
    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
      C:\Windows\system32\svhost.exe -k RPC
      2⤵
      • Executes dropped EXE
      PID:4552
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1304 --field-trial-handle=2256,i,16750283575152780128,2524258836761969159,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4452

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      113KB

      MD5

      ecf858c7bf0c606b2e0e628abf96c73c

      SHA1

      a7094d9003bc2154ca57b7bbc426148ded5d91c2

      SHA256

      65e9e2f41cc7dca16b3bf4d8b783c489bd89cad673c630022545658ad4dcbc90

      SHA512

      723c7b89caf1a35d38d77f1e577603bdb0b79b850a6e3341b94c6dece3f4263df6719f818a07269725910835f4e84a3c8694acf8e9dab57119a587449803eec2

    • C:\Users\Admin\AppData\Local\Temp\~pidtemp.TMP

      Filesize

      102B

      MD5

      a31557fe968d2762b715ba204f748a2a

      SHA1

      e9cfe2011cf6f454e05b07eda648d62af35ad173

      SHA256

      8085f108970ed0120c23e425d383f11e4ab9e549ae212ac7046d653d175b671c

      SHA512

      cff2212c3f75d73aab32cbcb61923294f6fd934d19142f507d244cd94e2bfc21d73c88ff102824e44714d4417c0dce79ac9d48a8d8524acbe92a231494647b4e