Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
21/05/2024, 04:29
General
-
Target
d2f474ef9b410286f8a3dc2c34b20157316a8e2bf31a2940f26914a0922410c7.exe
-
Size
72KB
-
MD5
d7a2280a20fc42b31221e24e04820a1a
-
SHA1
322539a70b809797e5c9bc3d3b5fc930d80edc6a
-
SHA256
d2f474ef9b410286f8a3dc2c34b20157316a8e2bf31a2940f26914a0922410c7
-
SHA512
c521d7caa0fce662b45b1a047fef41d6712ca9d8084b0a1e4575056325d0aacbfd9c37d422435108892726fa034cf2077a4c34ce922881d56fce7e61ceb5134a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIjaQkPcy8WTeAw4PS:ymb3NkkiQ3mdBjFIpkPcy8qs4PS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
UPX dump on OEP (original entry point) 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d2f474ef9b410286f8a3dc2c34b20157316a8e2bf31a2940f26914a0922410c7.exe"C:\Users\Admin\AppData\Local\Temp\d2f474ef9b410286f8a3dc2c34b20157316a8e2bf31a2940f26914a0922410c7.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3fd0p8n.exec:\3fd0p8n.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ab1odt5.exec:\ab1odt5.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ek7e35.exec:\ek7e35.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6j7d9.exec:\6j7d9.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2s3op.exec:\2s3op.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jacf.exec:\1jacf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qfoia.exec:\qfoia.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\84e52.exec:\84e52.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1411133.exec:\1411133.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v49oo.exec:\v49oo.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0s14ix.exec:\0s14ix.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kefa5s.exec:\kefa5s.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\foaj3g.exec:\foaj3g.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ao5i6.exec:\ao5i6.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\400th48.exec:\400th48.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nv4f3.exec:\nv4f3.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\79o9im6.exec:\79o9im6.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xp14i.exec:\xp14i.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mm4pn55.exec:\mm4pn55.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\611c1m3.exec:\611c1m3.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q950q.exec:\q950q.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c0qwwlk.exec:\c0qwwlk.exe23⤵
- Executes dropped EXE
-
\??\c:\5083b4i.exec:\5083b4i.exe24⤵
- Executes dropped EXE
-
\??\c:\q8ss8a.exec:\q8ss8a.exe25⤵
- Executes dropped EXE
-
\??\c:\pp9f6.exec:\pp9f6.exe26⤵
- Executes dropped EXE
-
\??\c:\i61gjm.exec:\i61gjm.exe27⤵
- Executes dropped EXE
-
\??\c:\j192r.exec:\j192r.exe28⤵
- Executes dropped EXE
-
\??\c:\2b2171c.exec:\2b2171c.exe29⤵
- Executes dropped EXE
-
\??\c:\1prs2.exec:\1prs2.exe30⤵
- Executes dropped EXE
-
\??\c:\287xuoc.exec:\287xuoc.exe31⤵
- Executes dropped EXE
-
\??\c:\4aboi82.exec:\4aboi82.exe32⤵
- Executes dropped EXE
-
\??\c:\17j0bv.exec:\17j0bv.exe33⤵
- Executes dropped EXE
-
\??\c:\nqwu17.exec:\nqwu17.exe34⤵
- Executes dropped EXE
-
\??\c:\0s717.exec:\0s717.exe35⤵
- Executes dropped EXE
-
\??\c:\7fv1ci.exec:\7fv1ci.exe36⤵
- Executes dropped EXE
-
\??\c:\9hcc5.exec:\9hcc5.exe37⤵
- Executes dropped EXE
-
\??\c:\eqn5u47.exec:\eqn5u47.exe38⤵
- Executes dropped EXE
-
\??\c:\lxfto.exec:\lxfto.exe39⤵
- Executes dropped EXE
-
\??\c:\492qi8.exec:\492qi8.exe40⤵
- Executes dropped EXE
-
\??\c:\m3862.exec:\m3862.exe41⤵
- Executes dropped EXE
-
\??\c:\a2a5h3.exec:\a2a5h3.exe42⤵
- Executes dropped EXE
-
\??\c:\3u5m159.exec:\3u5m159.exe43⤵
- Executes dropped EXE
-
\??\c:\lj0e42.exec:\lj0e42.exe44⤵
- Executes dropped EXE
-
\??\c:\8r47t9.exec:\8r47t9.exe45⤵
- Executes dropped EXE
-
\??\c:\11l5biq.exec:\11l5biq.exe46⤵
- Executes dropped EXE
-
\??\c:\r0skpk.exec:\r0skpk.exe47⤵
- Executes dropped EXE
-
\??\c:\e1udm5f.exec:\e1udm5f.exe48⤵
- Executes dropped EXE
-
\??\c:\hnq79kh.exec:\hnq79kh.exe49⤵
- Executes dropped EXE
-
\??\c:\22nffu.exec:\22nffu.exe50⤵
- Executes dropped EXE
-
\??\c:\ft37s.exec:\ft37s.exe51⤵
- Executes dropped EXE
-
\??\c:\d1l779o.exec:\d1l779o.exe52⤵
- Executes dropped EXE
-
\??\c:\v3b5l1w.exec:\v3b5l1w.exe53⤵
- Executes dropped EXE
-
\??\c:\vc8i7.exec:\vc8i7.exe54⤵
- Executes dropped EXE
-
\??\c:\4sb6e76.exec:\4sb6e76.exe55⤵
- Executes dropped EXE
-
\??\c:\3e2jq.exec:\3e2jq.exe56⤵
- Executes dropped EXE
-
\??\c:\56291nw.exec:\56291nw.exe57⤵
- Executes dropped EXE
-
\??\c:\be081ko.exec:\be081ko.exe58⤵
- Executes dropped EXE
-
\??\c:\w9193ov.exec:\w9193ov.exe59⤵
- Executes dropped EXE
-
\??\c:\gei4i.exec:\gei4i.exe60⤵
- Executes dropped EXE
-
\??\c:\11g7i.exec:\11g7i.exe61⤵
- Executes dropped EXE
-
\??\c:\o8u6f80.exec:\o8u6f80.exe62⤵
- Executes dropped EXE
-
\??\c:\icxogm.exec:\icxogm.exe63⤵
- Executes dropped EXE
-
\??\c:\2m8io.exec:\2m8io.exe64⤵
- Executes dropped EXE
-
\??\c:\7dgjke.exec:\7dgjke.exe65⤵
- Executes dropped EXE
-
\??\c:\ov64c.exec:\ov64c.exe66⤵
-
\??\c:\a4g05.exec:\a4g05.exe67⤵
-
\??\c:\nv739tn.exec:\nv739tn.exe68⤵
-
\??\c:\ml8eoa.exec:\ml8eoa.exe69⤵
-
\??\c:\1s26u.exec:\1s26u.exe70⤵
-
\??\c:\870da.exec:\870da.exe71⤵
-
\??\c:\p7t1ere.exec:\p7t1ere.exe72⤵
-
\??\c:\xima17.exec:\xima17.exe73⤵
-
\??\c:\w565ri9.exec:\w565ri9.exe74⤵
-
\??\c:\41al1w1.exec:\41al1w1.exe75⤵
-
\??\c:\w45k84n.exec:\w45k84n.exe76⤵
-
\??\c:\l8f27q.exec:\l8f27q.exe77⤵
-
\??\c:\0ktus.exec:\0ktus.exe78⤵
-
\??\c:\j91a4.exec:\j91a4.exe79⤵
-
\??\c:\13xoj.exec:\13xoj.exe80⤵
-
\??\c:\9st8419.exec:\9st8419.exe81⤵
-
\??\c:\61odkka.exec:\61odkka.exe82⤵
-
\??\c:\3gm29.exec:\3gm29.exe83⤵
-
\??\c:\sp571.exec:\sp571.exe84⤵
-
\??\c:\j3o4h9.exec:\j3o4h9.exe85⤵
-
\??\c:\sqq18.exec:\sqq18.exe86⤵
-
\??\c:\6rsg5.exec:\6rsg5.exe87⤵
-
\??\c:\wwcg39.exec:\wwcg39.exe88⤵
-
\??\c:\te7kn.exec:\te7kn.exe89⤵
-
\??\c:\1n6iv.exec:\1n6iv.exe90⤵
-
\??\c:\rx8l4.exec:\rx8l4.exe91⤵
-
\??\c:\39roj.exec:\39roj.exe92⤵
-
\??\c:\8f3513.exec:\8f3513.exe93⤵
-
\??\c:\1026rvt.exec:\1026rvt.exe94⤵
-
\??\c:\t418m.exec:\t418m.exe95⤵
-
\??\c:\7l595x.exec:\7l595x.exe96⤵
-
\??\c:\nqcse.exec:\nqcse.exe97⤵
-
\??\c:\xrs83l.exec:\xrs83l.exe98⤵
-
\??\c:\0gfa1.exec:\0gfa1.exe99⤵
-
\??\c:\axsmw.exec:\axsmw.exe100⤵
-
\??\c:\i9o5s.exec:\i9o5s.exe101⤵
-
\??\c:\swnt0b.exec:\swnt0b.exe102⤵
-
\??\c:\18bbx.exec:\18bbx.exe103⤵
-
\??\c:\rf5099.exec:\rf5099.exe104⤵
-
\??\c:\uqqdec.exec:\uqqdec.exe105⤵
-
\??\c:\dnbx7vs.exec:\dnbx7vs.exe106⤵
-
\??\c:\581ek2.exec:\581ek2.exe107⤵
-
\??\c:\x8enq.exec:\x8enq.exe108⤵
-
\??\c:\x7905.exec:\x7905.exe109⤵
-
\??\c:\5ga90e4.exec:\5ga90e4.exe110⤵
-
\??\c:\g3mf8i.exec:\g3mf8i.exe111⤵
-
\??\c:\4rsp6t4.exec:\4rsp6t4.exe112⤵
-
\??\c:\mh1p5.exec:\mh1p5.exe113⤵
-
\??\c:\i5aa12.exec:\i5aa12.exe114⤵
-
\??\c:\10efhf.exec:\10efhf.exe115⤵
-
\??\c:\9l223m.exec:\9l223m.exe116⤵
-
\??\c:\i7517.exec:\i7517.exe117⤵
-
\??\c:\agw8d.exec:\agw8d.exe118⤵
-
\??\c:\ufm69l3.exec:\ufm69l3.exe119⤵
-
\??\c:\fjdh1x.exec:\fjdh1x.exe120⤵
-
\??\c:\c56u7.exec:\c56u7.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-