Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
03/05/2024, 20:32
General
-
Target
37a558f0bdcbcf158df20f0f0e32f532774cb91f05a4c06e11e1ce6ec04ab4f9.exe
-
Size
93KB
-
MD5
c594efd69a4ad1586e3aa2f1e48e6f7c
-
SHA1
00c1f171670367fe20f7a496b0f4c8ef17c2d270
-
SHA256
37a558f0bdcbcf158df20f0f0e32f532774cb91f05a4c06e11e1ce6ec04ab4f9
-
SHA512
419f9cc27c85170d9dea63a54e7c6a61c3e6d2a385fd153eb7af51114da531896998283b8409a808bf3bc0004c3f48e48ce926347392d47767c709b32cd881f5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP1hvZo66Ox4oq2SQwfTrB:ymb3NkkiQ3mdBjFIj+qNhvZuHQYfB
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\37a558f0bdcbcf158df20f0f0e32f532774cb91f05a4c06e11e1ce6ec04ab4f9.exe"C:\Users\Admin\AppData\Local\Temp\37a558f0bdcbcf158df20f0f0e32f532774cb91f05a4c06e11e1ce6ec04ab4f9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\q464p.exec:\q464p.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4ku04.exec:\4ku04.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ew957f.exec:\ew957f.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t14424f.exec:\t14424f.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22on8l.exec:\22on8l.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\cpnr8n6.exec:\cpnr8n6.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qo44s.exec:\qo44s.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0u8a0a.exec:\0u8a0a.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\73i3ab.exec:\73i3ab.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8w8xq.exec:\8w8xq.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q4466b.exec:\q4466b.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8l49gb.exec:\8l49gb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hu5de.exec:\hu5de.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wio52.exec:\wio52.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48p0i94.exec:\48p0i94.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\73e59.exec:\73e59.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6638g.exec:\6638g.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffi966g.exec:\ffi966g.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jp0x0w2.exec:\jp0x0w2.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u8nno3.exec:\u8nno3.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4hl844.exec:\4hl844.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppui3f.exec:\ppui3f.exe23⤵
- Executes dropped EXE
-
\??\c:\44m54.exec:\44m54.exe24⤵
- Executes dropped EXE
-
\??\c:\k6p4700.exec:\k6p4700.exe25⤵
- Executes dropped EXE
-
\??\c:\ls39q6.exec:\ls39q6.exe26⤵
- Executes dropped EXE
-
\??\c:\lf189.exec:\lf189.exe27⤵
- Executes dropped EXE
-
\??\c:\egqgx.exec:\egqgx.exe28⤵
- Executes dropped EXE
-
\??\c:\j3mv5.exec:\j3mv5.exe29⤵
- Executes dropped EXE
-
\??\c:\4ope418.exec:\4ope418.exe30⤵
- Executes dropped EXE
-
\??\c:\0n1e794.exec:\0n1e794.exe31⤵
- Executes dropped EXE
-
\??\c:\n2qwei.exec:\n2qwei.exe32⤵
- Executes dropped EXE
-
\??\c:\8420486.exec:\8420486.exe33⤵
- Executes dropped EXE
-
\??\c:\e2s78ug.exec:\e2s78ug.exe34⤵
- Executes dropped EXE
-
\??\c:\t2l23.exec:\t2l23.exe35⤵
- Executes dropped EXE
-
\??\c:\08ec0k.exec:\08ec0k.exe36⤵
- Executes dropped EXE
-
\??\c:\m6sdr6.exec:\m6sdr6.exe37⤵
- Executes dropped EXE
-
\??\c:\753c05.exec:\753c05.exe38⤵
- Executes dropped EXE
-
\??\c:\3dnx1b.exec:\3dnx1b.exe39⤵
- Executes dropped EXE
-
\??\c:\96m9u7.exec:\96m9u7.exe40⤵
- Executes dropped EXE
-
\??\c:\6w715.exec:\6w715.exe41⤵
- Executes dropped EXE
-
\??\c:\835tc37.exec:\835tc37.exe42⤵
- Executes dropped EXE
-
\??\c:\bs3837.exec:\bs3837.exe43⤵
- Executes dropped EXE
-
\??\c:\v9ov9.exec:\v9ov9.exe44⤵
- Executes dropped EXE
-
\??\c:\8d16g.exec:\8d16g.exe45⤵
- Executes dropped EXE
-
\??\c:\d9nx9s.exec:\d9nx9s.exe46⤵
- Executes dropped EXE
-
\??\c:\n0f5s.exec:\n0f5s.exe47⤵
- Executes dropped EXE
-
\??\c:\m8fn59d.exec:\m8fn59d.exe48⤵
- Executes dropped EXE
-
\??\c:\ne04o9.exec:\ne04o9.exe49⤵
- Executes dropped EXE
-
\??\c:\k0ajv0.exec:\k0ajv0.exe50⤵
- Executes dropped EXE
-
\??\c:\2a067p.exec:\2a067p.exe51⤵
- Executes dropped EXE
-
\??\c:\c3cakn.exec:\c3cakn.exe52⤵
- Executes dropped EXE
-
\??\c:\u3jw38.exec:\u3jw38.exe53⤵
- Executes dropped EXE
-
\??\c:\rcw16v2.exec:\rcw16v2.exe54⤵
- Executes dropped EXE
-
\??\c:\w8x90e.exec:\w8x90e.exe55⤵
- Executes dropped EXE
-
\??\c:\fp1ufm4.exec:\fp1ufm4.exe56⤵
- Executes dropped EXE
-
\??\c:\o14n39q.exec:\o14n39q.exe57⤵
- Executes dropped EXE
-
\??\c:\2200688.exec:\2200688.exe58⤵
- Executes dropped EXE
-
\??\c:\wv11j49.exec:\wv11j49.exe59⤵
- Executes dropped EXE
-
\??\c:\r02c3.exec:\r02c3.exe60⤵
- Executes dropped EXE
-
\??\c:\bxgl3.exec:\bxgl3.exe61⤵
- Executes dropped EXE
-
\??\c:\6u5eexw.exec:\6u5eexw.exe62⤵
- Executes dropped EXE
-
\??\c:\09j06.exec:\09j06.exe63⤵
- Executes dropped EXE
-
\??\c:\5b2vrh6.exec:\5b2vrh6.exe64⤵
- Executes dropped EXE
-
\??\c:\9m69c.exec:\9m69c.exe65⤵
- Executes dropped EXE
-
\??\c:\q410u1.exec:\q410u1.exe66⤵
-
\??\c:\0bc111.exec:\0bc111.exe67⤵
-
\??\c:\9qlgc.exec:\9qlgc.exe68⤵
-
\??\c:\9v7k7.exec:\9v7k7.exe69⤵
-
\??\c:\fvhc891.exec:\fvhc891.exe70⤵
-
\??\c:\rtum2.exec:\rtum2.exe71⤵
-
\??\c:\2vnc97.exec:\2vnc97.exe72⤵
-
\??\c:\sec67r.exec:\sec67r.exe73⤵
-
\??\c:\2d766.exec:\2d766.exe74⤵
-
\??\c:\4s7a7.exec:\4s7a7.exe75⤵
-
\??\c:\o46g9g.exec:\o46g9g.exe76⤵
-
\??\c:\34r5juq.exec:\34r5juq.exe77⤵
-
\??\c:\32ak5.exec:\32ak5.exe78⤵
-
\??\c:\q11i21s.exec:\q11i21s.exe79⤵
-
\??\c:\x575m47.exec:\x575m47.exe80⤵
-
\??\c:\05n18.exec:\05n18.exe81⤵
-
\??\c:\96usq.exec:\96usq.exe82⤵
-
\??\c:\63q2f4.exec:\63q2f4.exe83⤵
-
\??\c:\pq14s8d.exec:\pq14s8d.exe84⤵
-
\??\c:\iu571v.exec:\iu571v.exe85⤵
-
\??\c:\u1tqu0.exec:\u1tqu0.exe86⤵
-
\??\c:\8a28mg.exec:\8a28mg.exe87⤵
-
\??\c:\3x5qn.exec:\3x5qn.exe88⤵
-
\??\c:\qk5a35a.exec:\qk5a35a.exe89⤵
-
\??\c:\nn6224x.exec:\nn6224x.exe90⤵
-
\??\c:\k27mnt.exec:\k27mnt.exe91⤵
-
\??\c:\q29qiae.exec:\q29qiae.exe92⤵
-
\??\c:\k9f89.exec:\k9f89.exe93⤵
-
\??\c:\69k7m1o.exec:\69k7m1o.exe94⤵
-
\??\c:\p48i6.exec:\p48i6.exe95⤵
-
\??\c:\wbe9o.exec:\wbe9o.exe96⤵
-
\??\c:\to56i4.exec:\to56i4.exe97⤵
-
\??\c:\481co7.exec:\481co7.exe98⤵
-
\??\c:\1rop8i2.exec:\1rop8i2.exe99⤵
-
\??\c:\3pqov.exec:\3pqov.exe100⤵
-
\??\c:\i7e5krm.exec:\i7e5krm.exe101⤵
-
\??\c:\uani0b.exec:\uani0b.exe102⤵
-
\??\c:\933fnr.exec:\933fnr.exe103⤵
-
\??\c:\602816c.exec:\602816c.exe104⤵
-
\??\c:\k4l424.exec:\k4l424.exe105⤵
-
\??\c:\40824.exec:\40824.exe106⤵
-
\??\c:\45j9c6.exec:\45j9c6.exe107⤵
-
\??\c:\ubm6bj1.exec:\ubm6bj1.exe108⤵
-
\??\c:\m089w.exec:\m089w.exe109⤵
-
\??\c:\8u13d3i.exec:\8u13d3i.exe110⤵
-
\??\c:\u50x4.exec:\u50x4.exe111⤵
-
\??\c:\p1opo1.exec:\p1opo1.exe112⤵
-
\??\c:\wajtc3f.exec:\wajtc3f.exe113⤵
-
\??\c:\65e74n7.exec:\65e74n7.exe114⤵
-
\??\c:\8n4k73.exec:\8n4k73.exe115⤵
-
\??\c:\842042.exec:\842042.exe116⤵
-
\??\c:\ti79nch.exec:\ti79nch.exe117⤵
-
\??\c:\7cm5tp.exec:\7cm5tp.exe118⤵
-
\??\c:\4a72k6.exec:\4a72k6.exe119⤵
-
\??\c:\ejkvg.exec:\ejkvg.exe120⤵
-
\??\c:\50q3q6a.exec:\50q3q6a.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-