Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
15/04/2024, 02:18
General
-
Target
b9fb48963b32c73b9364cd32daec47767777caf84b947466fc591422f4430f6a.exe
-
Size
139KB
-
MD5
78e8705be8c17f1ca1d8bbdca4c976e9
-
SHA1
22c53c6c9901edc845ec78c81bbc5521901db949
-
SHA256
b9fb48963b32c73b9364cd32daec47767777caf84b947466fc591422f4430f6a
-
SHA512
2936cbafa3a94b8a1481032a5af5095579d7b0340a920762a5f91f360ccbcaabbad5875732ee0d564b2adfc270374c360279f26ef14d71b5f362e14a22e7936f
-
SSDEEP
3072:ymb3NkkiQ3mdBjFomR7UsyJC+n0Gsgyek1a:n3C9BRomRph+0GsgyeYa
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
UPX dump on OEP (original entry point) 53 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 53 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b9fb48963b32c73b9364cd32daec47767777caf84b947466fc591422f4430f6a.exe"C:\Users\Admin\AppData\Local\Temp\b9fb48963b32c73b9364cd32daec47767777caf84b947466fc591422f4430f6a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\6b754a.exec:\6b754a.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2ah3b11.exec:\2ah3b11.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ug92cq2.exec:\ug92cq2.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0kiwqw.exec:\0kiwqw.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\97nb0ma.exec:\97nb0ma.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\sqd5v7g.exec:\sqd5v7g.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8o15571.exec:\8o15571.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\11puwv.exec:\11puwv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mr10sd.exec:\mr10sd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nr5q3.exec:\nr5q3.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t8995.exec:\t8995.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tq3mq.exec:\5tq3mq.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\67551.exec:\67551.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4ql17or.exec:\4ql17or.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lbajd.exec:\lbajd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qt51g50.exec:\qt51g50.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9915531.exec:\9915531.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gu753g3.exec:\gu753g3.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hh24.exec:\5hh24.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8a8l915.exec:\8a8l915.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rvq6rb.exec:\3rvq6rb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a91kg13.exec:\a91kg13.exe23⤵
- Executes dropped EXE
-
\??\c:\x8u39.exec:\x8u39.exe24⤵
- Executes dropped EXE
-
\??\c:\b4ro6.exec:\b4ro6.exe25⤵
- Executes dropped EXE
-
\??\c:\m72jaq.exec:\m72jaq.exe26⤵
- Executes dropped EXE
-
\??\c:\oubkl.exec:\oubkl.exe27⤵
- Executes dropped EXE
-
\??\c:\37kkf.exec:\37kkf.exe28⤵
- Executes dropped EXE
-
\??\c:\391159.exec:\391159.exe29⤵
- Executes dropped EXE
-
\??\c:\xbf7tn.exec:\xbf7tn.exe30⤵
- Executes dropped EXE
-
\??\c:\4dq8ase.exec:\4dq8ase.exe31⤵
- Executes dropped EXE
-
\??\c:\8a72sh.exec:\8a72sh.exe32⤵
- Executes dropped EXE
-
\??\c:\v0s70.exec:\v0s70.exe33⤵
- Executes dropped EXE
-
\??\c:\94qoh3t.exec:\94qoh3t.exe34⤵
- Executes dropped EXE
-
\??\c:\uuco375.exec:\uuco375.exe35⤵
- Executes dropped EXE
-
\??\c:\155919j.exec:\155919j.exe36⤵
- Executes dropped EXE
-
\??\c:\xn563kq.exec:\xn563kq.exe37⤵
- Executes dropped EXE
-
\??\c:\513559.exec:\513559.exe38⤵
- Executes dropped EXE
-
\??\c:\s0q9279.exec:\s0q9279.exe39⤵
- Executes dropped EXE
-
\??\c:\1g39735.exec:\1g39735.exe40⤵
- Executes dropped EXE
-
\??\c:\55o5e.exec:\55o5e.exe41⤵
- Executes dropped EXE
-
\??\c:\bu175.exec:\bu175.exe42⤵
- Executes dropped EXE
-
\??\c:\x5573c.exec:\x5573c.exe43⤵
- Executes dropped EXE
-
\??\c:\rvi61.exec:\rvi61.exe44⤵
- Executes dropped EXE
-
\??\c:\7725f55.exec:\7725f55.exe45⤵
- Executes dropped EXE
-
\??\c:\8cmg4d5.exec:\8cmg4d5.exe46⤵
- Executes dropped EXE
-
\??\c:\d5752j9.exec:\d5752j9.exe47⤵
- Executes dropped EXE
-
\??\c:\tj8o5nq.exec:\tj8o5nq.exe48⤵
- Executes dropped EXE
-
\??\c:\1u705d1.exec:\1u705d1.exe49⤵
- Executes dropped EXE
-
\??\c:\bfoscm.exec:\bfoscm.exe50⤵
- Executes dropped EXE
-
\??\c:\923i9o.exec:\923i9o.exe51⤵
- Executes dropped EXE
-
\??\c:\v1o8qm4.exec:\v1o8qm4.exe52⤵
- Executes dropped EXE
-
\??\c:\81ege.exec:\81ege.exe53⤵
- Executes dropped EXE
-
\??\c:\s5757.exec:\s5757.exe54⤵
- Executes dropped EXE
-
\??\c:\m9sf30.exec:\m9sf30.exe55⤵
- Executes dropped EXE
-
\??\c:\cc109.exec:\cc109.exe56⤵
- Executes dropped EXE
-
\??\c:\12fwr2.exec:\12fwr2.exe57⤵
- Executes dropped EXE
-
\??\c:\25ud10.exec:\25ud10.exe58⤵
- Executes dropped EXE
-
\??\c:\7u56n0a.exec:\7u56n0a.exe59⤵
- Executes dropped EXE
-
\??\c:\fb7174a.exec:\fb7174a.exe60⤵
- Executes dropped EXE
-
\??\c:\f169337.exec:\f169337.exe61⤵
- Executes dropped EXE
-
\??\c:\9uiaq6.exec:\9uiaq6.exe62⤵
- Executes dropped EXE
-
\??\c:\p4w397.exec:\p4w397.exe63⤵
- Executes dropped EXE
-
\??\c:\7v4cce.exec:\7v4cce.exe64⤵
- Executes dropped EXE
-
\??\c:\xlqm450.exec:\xlqm450.exe65⤵
- Executes dropped EXE
-
\??\c:\x9335s.exec:\x9335s.exe66⤵
-
\??\c:\9n76r9.exec:\9n76r9.exe67⤵
-
\??\c:\352ur.exec:\352ur.exe68⤵
-
\??\c:\dw55n9.exec:\dw55n9.exe69⤵
-
\??\c:\cod7a.exec:\cod7a.exe70⤵
-
\??\c:\7svami2.exec:\7svami2.exe71⤵
-
\??\c:\tse2ok.exec:\tse2ok.exe72⤵
-
\??\c:\csaeu97.exec:\csaeu97.exe73⤵
-
\??\c:\579379m.exec:\579379m.exe74⤵
-
\??\c:\d958mn.exec:\d958mn.exe75⤵
-
\??\c:\3tmi78.exec:\3tmi78.exe76⤵
-
\??\c:\lil70.exec:\lil70.exe77⤵
-
\??\c:\eub97o.exec:\eub97o.exe78⤵
-
\??\c:\65aog.exec:\65aog.exe79⤵
-
\??\c:\e983578.exec:\e983578.exe80⤵
-
\??\c:\s2g2gb1.exec:\s2g2gb1.exe81⤵
-
\??\c:\av8sv4.exec:\av8sv4.exe82⤵
-
\??\c:\fmun5.exec:\fmun5.exe83⤵
-
\??\c:\07317.exec:\07317.exe84⤵
-
\??\c:\9bj55n0.exec:\9bj55n0.exe85⤵
-
\??\c:\d5saw.exec:\d5saw.exe86⤵
-
\??\c:\13sd4ik.exec:\13sd4ik.exe87⤵
-
\??\c:\0u799.exec:\0u799.exe88⤵
-
\??\c:\53q33uo.exec:\53q33uo.exe89⤵
-
\??\c:\7977kw.exec:\7977kw.exe90⤵
-
\??\c:\4coi687.exec:\4coi687.exe91⤵
-
\??\c:\q8kdh20.exec:\q8kdh20.exe92⤵
-
\??\c:\h550wri.exec:\h550wri.exe93⤵
-
\??\c:\2ui99c.exec:\2ui99c.exe94⤵
-
\??\c:\99115.exec:\99115.exe95⤵
-
\??\c:\4mx6or.exec:\4mx6or.exe96⤵
-
\??\c:\v3mkm.exec:\v3mkm.exe97⤵
-
\??\c:\4i3qq.exec:\4i3qq.exe98⤵
-
\??\c:\tu9tn.exec:\tu9tn.exe99⤵
-
\??\c:\g4955.exec:\g4955.exe100⤵
-
\??\c:\99wuw.exec:\99wuw.exe101⤵
-
\??\c:\5x393.exec:\5x393.exe102⤵
-
\??\c:\1wwu33.exec:\1wwu33.exe103⤵
-
\??\c:\578uo.exec:\578uo.exe104⤵
-
\??\c:\9i6j6.exec:\9i6j6.exe105⤵
-
\??\c:\772smw7.exec:\772smw7.exe106⤵
-
\??\c:\j4c34w7.exec:\j4c34w7.exe107⤵
-
\??\c:\5954j71.exec:\5954j71.exe108⤵
-
\??\c:\et70s.exec:\et70s.exe109⤵
-
\??\c:\jwpw64.exec:\jwpw64.exe110⤵
-
\??\c:\v996j6u.exec:\v996j6u.exe111⤵
-
\??\c:\11v9w72.exec:\11v9w72.exe112⤵
-
\??\c:\v5it1.exec:\v5it1.exe113⤵
-
\??\c:\1140p6.exec:\1140p6.exe114⤵
-
\??\c:\x3822a.exec:\x3822a.exe115⤵
-
\??\c:\vv96ii.exec:\vv96ii.exe116⤵
-
\??\c:\290xhx.exec:\290xhx.exe117⤵
-
\??\c:\99k349.exec:\99k349.exe118⤵
-
\??\c:\778n76k.exec:\778n76k.exe119⤵
-
\??\c:\73agsm.exec:\73agsm.exe120⤵
-
\??\c:\u4ba26.exec:\u4ba26.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-