Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
26/07/2024, 01:14
General
-
Target
155d8d055891320990d7d1e3d772e920.exe
-
Size
129KB
-
MD5
155d8d055891320990d7d1e3d772e920
-
SHA1
da7224f626a680a87208a267f2cfbe92aa9fd820
-
SHA256
ea6511db93188d09deef5f347e0b62bec1fe7186c342563ae09d1e5e8d38fd7a
-
SHA512
025c3636d821c8ac2125d490f3248ee918e9639585658e84c03aa5e82c8a1e97c8ae781c7547057c5c60a764cebbadff8dae6610ded44c72b465718d4b7b5966
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73oYUCD7R2F2UVbyy0NgmfF9y:ymb3NkkiQ3mdBjFo73HUoMsAbrxmtE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\155d8d055891320990d7d1e3d772e920.exe"C:\Users\Admin\AppData\Local\Temp\155d8d055891320990d7d1e3d772e920.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\488868.exec:\488868.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q44888.exec:\q44888.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a0600.exec:\a0600.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0460662.exec:\0460662.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\402266.exec:\402266.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s2226.exec:\s2226.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\486062.exec:\486062.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\06260.exec:\06260.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48482.exec:\48482.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8220002.exec:\8220002.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\664226.exec:\664226.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04226.exec:\04226.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0848844.exec:\0848844.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0404468.exec:\0404468.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\862648.exec:\862648.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\88062.exec:\88062.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\048846.exec:\048846.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q28882.exec:\q28882.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\68448.exec:\68448.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2426660.exec:\2426660.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04828.exec:\04828.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\24226.exec:\24226.exe23⤵
- Executes dropped EXE
-
\??\c:\0222882.exec:\0222882.exe24⤵
- Executes dropped EXE
-
\??\c:\800606.exec:\800606.exe25⤵
- Executes dropped EXE
-
\??\c:\62266.exec:\62266.exe26⤵
- Executes dropped EXE
-
\??\c:\6244444.exec:\6244444.exe27⤵
- Executes dropped EXE
-
\??\c:\o660000.exec:\o660000.exe28⤵
- Executes dropped EXE
-
\??\c:\282888.exec:\282888.exe29⤵
- Executes dropped EXE
-
\??\c:\64000.exec:\64000.exe30⤵
- Executes dropped EXE
-
\??\c:\c000882.exec:\c000882.exe31⤵
- Executes dropped EXE
-
\??\c:\640402.exec:\640402.exe32⤵
- Executes dropped EXE
-
\??\c:\m6444.exec:\m6444.exe33⤵
- Executes dropped EXE
-
\??\c:\s8442.exec:\s8442.exe34⤵
- Executes dropped EXE
-
\??\c:\6022884.exec:\6022884.exe35⤵
- Executes dropped EXE
-
\??\c:\886462.exec:\886462.exe36⤵
- Executes dropped EXE
-
\??\c:\48042.exec:\48042.exe37⤵
- Executes dropped EXE
-
\??\c:\68246.exec:\68246.exe38⤵
- Executes dropped EXE
-
\??\c:\4686026.exec:\4686026.exe39⤵
- Executes dropped EXE
-
\??\c:\286284.exec:\286284.exe40⤵
- Executes dropped EXE
-
\??\c:\08664.exec:\08664.exe41⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\28008.exec:\28008.exe42⤵
- Executes dropped EXE
-
\??\c:\o026060.exec:\o026060.exe43⤵
- Executes dropped EXE
-
\??\c:\684606.exec:\684606.exe44⤵
- Executes dropped EXE
-
\??\c:\000820.exec:\000820.exe45⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\2624880.exec:\2624880.exe46⤵
- Executes dropped EXE
-
\??\c:\4848882.exec:\4848882.exe47⤵
- Executes dropped EXE
-
\??\c:\462822.exec:\462822.exe48⤵
- Executes dropped EXE
-
\??\c:\g8064.exec:\g8064.exe49⤵
- Executes dropped EXE
-
\??\c:\80422.exec:\80422.exe50⤵
- Executes dropped EXE
-
\??\c:\4488480.exec:\4488480.exe51⤵
- Executes dropped EXE
-
\??\c:\806000.exec:\806000.exe52⤵
- Executes dropped EXE
-
\??\c:\64048.exec:\64048.exe53⤵
- Executes dropped EXE
-
\??\c:\s2044.exec:\s2044.exe54⤵
- Executes dropped EXE
-
\??\c:\2248282.exec:\2248282.exe55⤵
- Executes dropped EXE
-
\??\c:\6206684.exec:\6206684.exe56⤵
- Executes dropped EXE
-
\??\c:\068822.exec:\068822.exe57⤵
- Executes dropped EXE
-
\??\c:\e64606.exec:\e64606.exe58⤵
- Executes dropped EXE
-
\??\c:\64844.exec:\64844.exe59⤵
- Executes dropped EXE
-
\??\c:\28088.exec:\28088.exe60⤵
- Executes dropped EXE
-
\??\c:\4804808.exec:\4804808.exe61⤵
- Executes dropped EXE
-
\??\c:\4468626.exec:\4468626.exe62⤵
- Executes dropped EXE
-
\??\c:\284826.exec:\284826.exe63⤵
- Executes dropped EXE
-
\??\c:\602682.exec:\602682.exe64⤵
- Executes dropped EXE
-
\??\c:\64460.exec:\64460.exe65⤵
- Executes dropped EXE
-
\??\c:\6822622.exec:\6822622.exe66⤵
-
\??\c:\2224822.exec:\2224822.exe67⤵
-
\??\c:\480420.exec:\480420.exe68⤵
-
\??\c:\82226.exec:\82226.exe69⤵
-
\??\c:\0888846.exec:\0888846.exe70⤵
-
\??\c:\6482608.exec:\6482608.exe71⤵
-
\??\c:\i622226.exec:\i622226.exe72⤵
-
\??\c:\628828.exec:\628828.exe73⤵
-
\??\c:\m2268.exec:\m2268.exe74⤵
-
\??\c:\i844260.exec:\i844260.exe75⤵
-
\??\c:\0488666.exec:\0488666.exe76⤵
-
\??\c:\020662.exec:\020662.exe77⤵
-
\??\c:\046662.exec:\046662.exe78⤵
-
\??\c:\86448.exec:\86448.exe79⤵
-
\??\c:\0642244.exec:\0642244.exe80⤵
-
\??\c:\4020022.exec:\4020022.exe81⤵
-
\??\c:\662280.exec:\662280.exe82⤵
-
\??\c:\80662.exec:\80662.exe83⤵
-
\??\c:\02468.exec:\02468.exe84⤵
-
\??\c:\8866266.exec:\8866266.exe85⤵
-
\??\c:\260264.exec:\260264.exe86⤵
-
\??\c:\628228.exec:\628228.exe87⤵
-
\??\c:\g8826.exec:\g8826.exe88⤵
-
\??\c:\0444822.exec:\0444822.exe89⤵
-
\??\c:\082608.exec:\082608.exe90⤵
-
\??\c:\866806.exec:\866806.exe91⤵
-
\??\c:\48400.exec:\48400.exe92⤵
-
\??\c:\28004.exec:\28004.exe93⤵
-
\??\c:\0400000.exec:\0400000.exe94⤵
-
\??\c:\e68282.exec:\e68282.exe95⤵
-
\??\c:\k24844.exec:\k24844.exe96⤵
-
\??\c:\g8668.exec:\g8668.exe97⤵
-
\??\c:\40266.exec:\40266.exe98⤵
-
\??\c:\o882604.exec:\o882604.exe99⤵
-
\??\c:\4824882.exec:\4824882.exe100⤵
-
\??\c:\q88266.exec:\q88266.exe101⤵
-
\??\c:\22488.exec:\22488.exe102⤵
-
\??\c:\82826.exec:\82826.exe103⤵
-
\??\c:\i224808.exec:\i224808.exe104⤵
-
\??\c:\2466600.exec:\2466600.exe105⤵
-
\??\c:\266044.exec:\266044.exe106⤵
-
\??\c:\64880.exec:\64880.exe107⤵
-
\??\c:\82826.exec:\82826.exe108⤵
-
\??\c:\2604882.exec:\2604882.exe109⤵
-
\??\c:\8622666.exec:\8622666.exe110⤵
-
\??\c:\062608.exec:\062608.exe111⤵
-
\??\c:\k60486.exec:\k60486.exe112⤵
-
\??\c:\22886.exec:\22886.exe113⤵
-
\??\c:\2844006.exec:\2844006.exe114⤵
-
\??\c:\24406.exec:\24406.exe115⤵
-
\??\c:\4244026.exec:\4244026.exe116⤵
-
\??\c:\200008.exec:\200008.exe117⤵
-
\??\c:\060246.exec:\060246.exe118⤵
-
\??\c:\04646.exec:\04646.exe119⤵
-
\??\c:\u448260.exec:\u448260.exe120⤵
-
\??\c:\068642.exec:\068642.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-