Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
29/05/2024, 20:00
General
-
Target
2b3a15f041630e6c111da68ecf3878aa42a49f18116f6aa1642b6ed749013dd4.exe
-
Size
64KB
-
MD5
94d3f8eaa9f291bf002105b6f9b572b1
-
SHA1
85785395bc21bf763bdcdde850446fc94eab1f72
-
SHA256
2b3a15f041630e6c111da68ecf3878aa42a49f18116f6aa1642b6ed749013dd4
-
SHA512
d9cb8dcc30b4479dee9d3a666ee970072a5bf702eb623f1b0f05e9ef0b260e51d2570bb5ab71c235ede7d7fc453b5a14eb56d588ff8e879ce3dda2c47fce0e6d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6Mu/ePS3AK:ymb3NkkiQ3mdBjFI46TQK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
UPX dump on OEP (original entry point) 32 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2b3a15f041630e6c111da68ecf3878aa42a49f18116f6aa1642b6ed749013dd4.exe"C:\Users\Admin\AppData\Local\Temp\2b3a15f041630e6c111da68ecf3878aa42a49f18116f6aa1642b6ed749013dd4.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\88s5wo8.exec:\88s5wo8.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3u34fo.exec:\3u34fo.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\31snu1.exec:\31snu1.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b5148qn.exec:\b5148qn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r75a920.exec:\r75a920.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ou120.exec:\ou120.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8694bh.exec:\8694bh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1c428.exec:\1c428.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fo194ri.exec:\fo194ri.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\28255k.exec:\28255k.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lo313.exec:\lo313.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d8el48.exec:\d8el48.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7q9h762.exec:\7q9h762.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\cl0ak09.exec:\cl0ak09.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s4oo0x5.exec:\s4oo0x5.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1p08i.exec:\1p08i.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6fg18cd.exec:\6fg18cd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\583l16.exec:\583l16.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g40neu.exec:\g40neu.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\64186.exec:\64186.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7848m4e.exec:\7848m4e.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i32j5.exec:\i32j5.exe23⤵
- Executes dropped EXE
-
\??\c:\6hoaw91.exec:\6hoaw91.exe24⤵
- Executes dropped EXE
-
\??\c:\qo5j1er.exec:\qo5j1er.exe25⤵
- Executes dropped EXE
-
\??\c:\4u750.exec:\4u750.exe26⤵
- Executes dropped EXE
-
\??\c:\9m434f6.exec:\9m434f6.exe27⤵
- Executes dropped EXE
-
\??\c:\5m58q6.exec:\5m58q6.exe28⤵
- Executes dropped EXE
-
\??\c:\p6n09.exec:\p6n09.exe29⤵
- Executes dropped EXE
-
\??\c:\fj1ava.exec:\fj1ava.exe30⤵
- Executes dropped EXE
-
\??\c:\6m5w1.exec:\6m5w1.exe31⤵
- Executes dropped EXE
-
\??\c:\j9io7.exec:\j9io7.exe32⤵
- Executes dropped EXE
-
\??\c:\et9k39r.exec:\et9k39r.exe33⤵
- Executes dropped EXE
-
\??\c:\xm16s17.exec:\xm16s17.exe34⤵
- Executes dropped EXE
-
\??\c:\x60q4uo.exec:\x60q4uo.exe35⤵
- Executes dropped EXE
-
\??\c:\n67hni6.exec:\n67hni6.exe36⤵
- Executes dropped EXE
-
\??\c:\6ags6t.exec:\6ags6t.exe37⤵
- Executes dropped EXE
-
\??\c:\16k40a0.exec:\16k40a0.exe38⤵
- Executes dropped EXE
-
\??\c:\g95r69v.exec:\g95r69v.exe39⤵
- Executes dropped EXE
-
\??\c:\896ap1.exec:\896ap1.exe40⤵
- Executes dropped EXE
-
\??\c:\qqula2w.exec:\qqula2w.exe41⤵
- Executes dropped EXE
-
\??\c:\994r34.exec:\994r34.exe42⤵
- Executes dropped EXE
-
\??\c:\3ifa18.exec:\3ifa18.exe43⤵
- Executes dropped EXE
-
\??\c:\95ugq8w.exec:\95ugq8w.exe44⤵
- Executes dropped EXE
-
\??\c:\0woo9.exec:\0woo9.exe45⤵
- Executes dropped EXE
-
\??\c:\ioxavw.exec:\ioxavw.exe46⤵
- Executes dropped EXE
-
\??\c:\595h9ri.exec:\595h9ri.exe47⤵
- Executes dropped EXE
-
\??\c:\dgfgv8.exec:\dgfgv8.exe48⤵
- Executes dropped EXE
-
\??\c:\136qeo.exec:\136qeo.exe49⤵
- Executes dropped EXE
-
\??\c:\9i2a19h.exec:\9i2a19h.exe50⤵
- Executes dropped EXE
-
\??\c:\5nfjg.exec:\5nfjg.exe51⤵
- Executes dropped EXE
-
\??\c:\2f2wq.exec:\2f2wq.exe52⤵
- Executes dropped EXE
-
\??\c:\r6rjd06.exec:\r6rjd06.exe53⤵
- Executes dropped EXE
-
\??\c:\l0b10mv.exec:\l0b10mv.exe54⤵
- Executes dropped EXE
-
\??\c:\984pv.exec:\984pv.exe55⤵
- Executes dropped EXE
-
\??\c:\v9t62l.exec:\v9t62l.exe56⤵
- Executes dropped EXE
-
\??\c:\s7pkm.exec:\s7pkm.exe57⤵
- Executes dropped EXE
-
\??\c:\h2u0e4u.exec:\h2u0e4u.exe58⤵
- Executes dropped EXE
-
\??\c:\68k93c8.exec:\68k93c8.exe59⤵
- Executes dropped EXE
-
\??\c:\962jga9.exec:\962jga9.exe60⤵
- Executes dropped EXE
-
\??\c:\0tk3k5f.exec:\0tk3k5f.exe61⤵
- Executes dropped EXE
-
\??\c:\73a629.exec:\73a629.exe62⤵
- Executes dropped EXE
-
\??\c:\60991.exec:\60991.exe63⤵
- Executes dropped EXE
-
\??\c:\7kc06.exec:\7kc06.exe64⤵
- Executes dropped EXE
-
\??\c:\lrd02.exec:\lrd02.exe65⤵
- Executes dropped EXE
-
\??\c:\6r5x01s.exec:\6r5x01s.exe66⤵
-
\??\c:\nwoe305.exec:\nwoe305.exe67⤵
-
\??\c:\ae9w76.exec:\ae9w76.exe68⤵
-
\??\c:\0696868.exec:\0696868.exe69⤵
-
\??\c:\0e016.exec:\0e016.exe70⤵
-
\??\c:\ffmqo9.exec:\ffmqo9.exe71⤵
-
\??\c:\sqku6m.exec:\sqku6m.exe72⤵
-
\??\c:\b8t5hex.exec:\b8t5hex.exe73⤵
-
\??\c:\7w347.exec:\7w347.exe74⤵
-
\??\c:\66o4d1.exec:\66o4d1.exe75⤵
-
\??\c:\46953f.exec:\46953f.exe76⤵
-
\??\c:\urljj5d.exec:\urljj5d.exe77⤵
-
\??\c:\01fcv90.exec:\01fcv90.exe78⤵
-
\??\c:\7p1jjp.exec:\7p1jjp.exe79⤵
-
\??\c:\1ss6a.exec:\1ss6a.exe80⤵
-
\??\c:\wo000.exec:\wo000.exe81⤵
-
\??\c:\w5kg5ug.exec:\w5kg5ug.exe82⤵
-
\??\c:\uml6jf.exec:\uml6jf.exe83⤵
-
\??\c:\x4x73.exec:\x4x73.exe84⤵
-
\??\c:\7w0w9.exec:\7w0w9.exe85⤵
-
\??\c:\t7i84.exec:\t7i84.exe86⤵
-
\??\c:\9od5jd.exec:\9od5jd.exe87⤵
-
\??\c:\4c58i1.exec:\4c58i1.exe88⤵
-
\??\c:\4n6o9.exec:\4n6o9.exe89⤵
-
\??\c:\23o585.exec:\23o585.exe90⤵
-
\??\c:\j686f.exec:\j686f.exe91⤵
-
\??\c:\jswt5e9.exec:\jswt5e9.exe92⤵
-
\??\c:\77k30w.exec:\77k30w.exe93⤵
-
\??\c:\6r155.exec:\6r155.exe94⤵
-
\??\c:\8b71i.exec:\8b71i.exe95⤵
-
\??\c:\m6enpm.exec:\m6enpm.exe96⤵
-
\??\c:\v317wi.exec:\v317wi.exe97⤵
-
\??\c:\04189.exec:\04189.exe98⤵
-
\??\c:\5fc1m.exec:\5fc1m.exe99⤵
-
\??\c:\wr91923.exec:\wr91923.exe100⤵
-
\??\c:\1e612.exec:\1e612.exe101⤵
-
\??\c:\k9xu48.exec:\k9xu48.exe102⤵
-
\??\c:\8660468.exec:\8660468.exe103⤵
-
\??\c:\8h547f4.exec:\8h547f4.exe104⤵
-
\??\c:\133agaq.exec:\133agaq.exe105⤵
-
\??\c:\ocsei1.exec:\ocsei1.exe106⤵
-
\??\c:\x0b21h.exec:\x0b21h.exe107⤵
-
\??\c:\2ip4psn.exec:\2ip4psn.exe108⤵
-
\??\c:\jwo11.exec:\jwo11.exe109⤵
-
\??\c:\70b5cow.exec:\70b5cow.exe110⤵
-
\??\c:\8rj78.exec:\8rj78.exe111⤵
-
\??\c:\919ktg.exec:\919ktg.exe112⤵
-
\??\c:\dme9f04.exec:\dme9f04.exe113⤵
-
\??\c:\06h65.exec:\06h65.exe114⤵
-
\??\c:\j451h5.exec:\j451h5.exe115⤵
-
\??\c:\qc662.exec:\qc662.exe116⤵
-
\??\c:\wqtl5.exec:\wqtl5.exe117⤵
-
\??\c:\adskps.exec:\adskps.exe118⤵
-
\??\c:\cs3s8ws.exec:\cs3s8ws.exe119⤵
-
\??\c:\68liq.exec:\68liq.exe120⤵
-
\??\c:\e9q58k.exec:\e9q58k.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-