Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
161s -
max time network
173s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
24/06/2024, 22:11
General
-
Target
63c3010ed6f7badd46914efe5167ec52fc5933244bc6b943f3bbfc99e9c3f790.exe
-
Size
57KB
-
MD5
2e756b8f6120f9284cc85b08bfb15f9d
-
SHA1
b36854304104b8b31811cc68cb03e76b100880e5
-
SHA256
63c3010ed6f7badd46914efe5167ec52fc5933244bc6b943f3bbfc99e9c3f790
-
SHA512
9e749952eb1990c523e7f0b25ddbbf0b7deb923e092192d95165cbcea1b0a7f4834008bfc77a98c56ca4eacf89a39e8899e21af447742c6351283b5b02029d25
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chVVA:ymb3NkkiQ3mdBjF0crVA
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 32 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\63c3010ed6f7badd46914efe5167ec52fc5933244bc6b943f3bbfc99e9c3f790.exe"C:\Users\Admin\AppData\Local\Temp\63c3010ed6f7badd46914efe5167ec52fc5933244bc6b943f3bbfc99e9c3f790.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xnj06.exec:\xnj06.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3246x.exec:\3246x.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4u1tc31.exec:\4u1tc31.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lva4r.exec:\lva4r.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\op30m.exec:\op30m.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o4b7o7r.exec:\o4b7o7r.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qr2p24m.exec:\qr2p24m.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8o5olgj.exec:\8o5olgj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\813p1w.exec:\813p1w.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3qxpntb.exec:\3qxpntb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\veoip.exec:\veoip.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\39c8wh.exec:\39c8wh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\473m32.exec:\473m32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3i052.exec:\3i052.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v800r.exec:\v800r.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g60i2ot.exec:\g60i2ot.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w38lo.exec:\w38lo.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8k3176q.exec:\8k3176q.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1g2gn.exec:\1g2gn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\088xgi.exec:\088xgi.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3q055.exec:\3q055.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t39u7.exec:\t39u7.exe23⤵
- Executes dropped EXE
-
\??\c:\aa71rx.exec:\aa71rx.exe24⤵
- Executes dropped EXE
-
\??\c:\watbr1.exec:\watbr1.exe25⤵
- Executes dropped EXE
-
\??\c:\04ec6.exec:\04ec6.exe26⤵
- Executes dropped EXE
-
\??\c:\ve77uf.exec:\ve77uf.exe27⤵
- Executes dropped EXE
-
\??\c:\717jvw5.exec:\717jvw5.exe28⤵
- Executes dropped EXE
-
\??\c:\2u85u.exec:\2u85u.exe29⤵
- Executes dropped EXE
-
\??\c:\d7i4jg.exec:\d7i4jg.exe30⤵
- Executes dropped EXE
-
\??\c:\axmw27v.exec:\axmw27v.exe31⤵
- Executes dropped EXE
-
\??\c:\35349.exec:\35349.exe32⤵
- Executes dropped EXE
-
\??\c:\4wl15i.exec:\4wl15i.exe33⤵
- Executes dropped EXE
-
\??\c:\3a34k.exec:\3a34k.exe34⤵
- Executes dropped EXE
-
\??\c:\b56880.exec:\b56880.exe35⤵
- Executes dropped EXE
-
\??\c:\0x3qia4.exec:\0x3qia4.exe36⤵
- Executes dropped EXE
-
\??\c:\227k0.exec:\227k0.exe37⤵
- Executes dropped EXE
-
\??\c:\9d473ek.exec:\9d473ek.exe38⤵
- Executes dropped EXE
-
\??\c:\w3o0m.exec:\w3o0m.exe39⤵
- Executes dropped EXE
-
\??\c:\v83ku.exec:\v83ku.exe40⤵
- Executes dropped EXE
-
\??\c:\r5chk.exec:\r5chk.exe41⤵
- Executes dropped EXE
-
\??\c:\l19hs9.exec:\l19hs9.exe42⤵
- Executes dropped EXE
-
\??\c:\18gn1ix.exec:\18gn1ix.exe43⤵
- Executes dropped EXE
-
\??\c:\w9og1q.exec:\w9og1q.exe44⤵
- Executes dropped EXE
-
\??\c:\brcmk2o.exec:\brcmk2o.exe45⤵
- Executes dropped EXE
-
\??\c:\e2ql0.exec:\e2ql0.exe46⤵
- Executes dropped EXE
-
\??\c:\djmp6.exec:\djmp6.exe47⤵
- Executes dropped EXE
-
\??\c:\eupwuwr.exec:\eupwuwr.exe48⤵
- Executes dropped EXE
-
\??\c:\4ow8b52.exec:\4ow8b52.exe49⤵
- Executes dropped EXE
-
\??\c:\x5nj8i.exec:\x5nj8i.exe50⤵
- Executes dropped EXE
-
\??\c:\sqgbw7.exec:\sqgbw7.exe51⤵
- Executes dropped EXE
-
\??\c:\g3k1p.exec:\g3k1p.exe52⤵
- Executes dropped EXE
-
\??\c:\ko5f3p9.exec:\ko5f3p9.exe53⤵
- Executes dropped EXE
-
\??\c:\hhptlhh.exec:\hhptlhh.exe54⤵
- Executes dropped EXE
-
\??\c:\lxdll.exec:\lxdll.exe55⤵
- Executes dropped EXE
-
\??\c:\fa84s5.exec:\fa84s5.exe56⤵
- Executes dropped EXE
-
\??\c:\1a7tj6.exec:\1a7tj6.exe57⤵
- Executes dropped EXE
-
\??\c:\02ex329.exec:\02ex329.exe58⤵
- Executes dropped EXE
-
\??\c:\v4e13v.exec:\v4e13v.exe59⤵
- Executes dropped EXE
-
\??\c:\ltxdt.exec:\ltxdt.exe60⤵
- Executes dropped EXE
-
\??\c:\p40c77j.exec:\p40c77j.exe61⤵
- Executes dropped EXE
-
\??\c:\341um5.exec:\341um5.exe62⤵
- Executes dropped EXE
-
\??\c:\s0o29.exec:\s0o29.exe63⤵
- Executes dropped EXE
-
\??\c:\r00745.exec:\r00745.exe64⤵
- Executes dropped EXE
-
\??\c:\5301lp.exec:\5301lp.exe65⤵
- Executes dropped EXE
-
\??\c:\4713k.exec:\4713k.exe66⤵
-
\??\c:\1l5t78.exec:\1l5t78.exe67⤵
-
\??\c:\0e7oq9.exec:\0e7oq9.exe68⤵
-
\??\c:\8x13t53.exec:\8x13t53.exe69⤵
-
\??\c:\73r65a.exec:\73r65a.exe70⤵
-
\??\c:\6s99pw.exec:\6s99pw.exe71⤵
-
\??\c:\7wqi9uc.exec:\7wqi9uc.exe72⤵
-
\??\c:\p8g49of.exec:\p8g49of.exe73⤵
-
\??\c:\2mpsk5.exec:\2mpsk5.exe74⤵
-
\??\c:\kstw3f.exec:\kstw3f.exe75⤵
-
\??\c:\65p0dd.exec:\65p0dd.exe76⤵
-
\??\c:\pcoo9v9.exec:\pcoo9v9.exe77⤵
-
\??\c:\ur8bd.exec:\ur8bd.exe78⤵
-
\??\c:\0kb8ss8.exec:\0kb8ss8.exe79⤵
-
\??\c:\lcumenu.exec:\lcumenu.exe80⤵
-
\??\c:\815w0.exec:\815w0.exe81⤵
-
\??\c:\0ms13fc.exec:\0ms13fc.exe82⤵
-
\??\c:\43xc7m.exec:\43xc7m.exe83⤵
-
\??\c:\2r7pc.exec:\2r7pc.exe84⤵
-
\??\c:\708p5jp.exec:\708p5jp.exe85⤵
-
\??\c:\8tk0da.exec:\8tk0da.exe86⤵
-
\??\c:\25v85.exec:\25v85.exe87⤵
-
\??\c:\2vc55.exec:\2vc55.exe88⤵
-
\??\c:\01tl48.exec:\01tl48.exe89⤵
-
\??\c:\2119u.exec:\2119u.exe90⤵
-
\??\c:\14g4ten.exec:\14g4ten.exe91⤵
-
\??\c:\il6r9.exec:\il6r9.exe92⤵
-
\??\c:\aicldn.exec:\aicldn.exe93⤵
-
\??\c:\41m3h.exec:\41m3h.exe94⤵
-
\??\c:\g4q85.exec:\g4q85.exe95⤵
-
\??\c:\je8w508.exec:\je8w508.exe96⤵
-
\??\c:\644e8.exec:\644e8.exe97⤵
-
\??\c:\j11r1v.exec:\j11r1v.exe98⤵
-
\??\c:\ercd6k.exec:\ercd6k.exe99⤵
-
\??\c:\7b50p.exec:\7b50p.exe100⤵
-
\??\c:\ajh48.exec:\ajh48.exe101⤵
-
\??\c:\h31bo83.exec:\h31bo83.exe102⤵
-
\??\c:\2i9fd.exec:\2i9fd.exe103⤵
-
\??\c:\35q3593.exec:\35q3593.exe104⤵
-
\??\c:\0f46f5.exec:\0f46f5.exe105⤵
-
\??\c:\43j85hb.exec:\43j85hb.exe106⤵
-
\??\c:\2vthr3.exec:\2vthr3.exe107⤵
-
\??\c:\db38d.exec:\db38d.exe108⤵
-
\??\c:\5mmec5o.exec:\5mmec5o.exe109⤵
-
\??\c:\d41ird.exec:\d41ird.exe110⤵
-
\??\c:\q7kfmv5.exec:\q7kfmv5.exe111⤵
-
\??\c:\99uo19.exec:\99uo19.exe112⤵
-
\??\c:\g55p3.exec:\g55p3.exe113⤵
-
\??\c:\142gtkr.exec:\142gtkr.exe114⤵
-
\??\c:\nwhkx1.exec:\nwhkx1.exe115⤵
-
\??\c:\p1jmm57.exec:\p1jmm57.exe116⤵
-
\??\c:\x9nuh9p.exec:\x9nuh9p.exe117⤵
-
\??\c:\cj542.exec:\cj542.exe118⤵
-
\??\c:\69928w.exec:\69928w.exe119⤵
-
\??\c:\5d3r2fp.exec:\5d3r2fp.exe120⤵
-
\??\c:\cpf8j.exec:\cpf8j.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-