Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

09482539cf...cf.exe

windows7-x64

10

09482539cf...cf.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 17:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09482539cfcf5ded8c3e0f16fc180078bb99389da48b65d2ab37063fc6181ccf.exe

  • Size

    8.7MB

  • MD5

    402ef2e8fac48e6af137f2c540bc8eac

  • SHA1

    c00a7938bf35253b1bc146a6f16d4812ef783786

  • SHA256

    09482539cfcf5ded8c3e0f16fc180078bb99389da48b65d2ab37063fc6181ccf

  • SHA512

    4061d001d6abc3b1d1390b3bff916ba2383c7fb78cd02d9286166d534b973314406c90a90f15b92f5b478751c524b7683900ea8bfe416e1e336f735e5ef7b624

  • SSDEEP

    196608:rdYHQzq4mFo8XSoYsIafX8la5FTgIqqiq55wJ6A5bgISC7lma:rsQW4gDXSoYsR8lmgAv+bTblma

Score
10/10
blackmoonbankerdiscoverytrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 3 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09482539cfcf5ded8c3e0f16fc180078bb99389da48b65d2ab37063fc6181ccf.exe
    "C:\Users\Admin\AppData\Local\Temp\09482539cfcf5ded8c3e0f16fc180078bb99389da48b65d2ab37063fc6181ccf.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\ÍËÐÝ´«Ææ\09482539cfcf5ded8c3e0f16fc180078bb99389da48b65d2ab37063fc6181ccf.exe
      C:\ÍËÐÝ´«Ææ\09482539cfcf5ded8c3e0f16fc180078bb99389da48b65d2ab37063fc6181ccf.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:580
      • C:\ÍËÐÝ´«Ææ\CEFEBDCCFDECE.exe
        "C:\ÍËÐÝ´«Ææ\CEFEBDCCFDECE.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2492
        • C:\CEFEBDCCFDECE\CEFEBDCCFDECE.exe
          C:\CEFEBDCCFDECE\CEFEBDCCFDECE.exe C:\ÍËÐÝ´«Ææ\CEFEBDCCFDECE.exe init
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1932
          • C:\CEFEBDCCFDECE\CEFEBDCCFDECE.exe
            C:\CEFEBDCCFDECE\CEFEBDCCFDECE.exe C:\¨ª?DY¡ä???\CEFEBDCCFDECE.exe init *215721*60751952*968954*67502120*1932
            5⤵
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Loads dropped DLL
            • Enumerates connected drives
            • System Location Discovery: System Language Discovery
            • Checks processor information in registry
            • Enumerates system info in registry
            • Suspicious use of SetWindowsHookEx
            PID:2344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\CEFEBDCCFDECE\Wav\sound2.lst
    Filesize

    34KB

    MD5

    6251840525dbbdf62f5ed0037b0434c0

    SHA1

    d0465e97ab6523327246217569222ddb4590d6d2

    SHA256

    e68da26d180d8543720c2d1b3c986dbed4d9af7ab9e80b278c9053b4d8dc7d1b

    SHA512

    87304f0781c550ca0b8a0e01684a93892427411a092a878611dd759f9414562ae4e598a966c05d11ba4537c262feba906c76a4226b0b8d2449955a70501c37c1

    Download Submit

  • C:\CEFEBDCCFDECE\data\imeSkin.skn
    Filesize

    134KB

    MD5

    ce058ead71175aff0053366a5abd7c7e

    SHA1

    48b09595b2f470bdeefb3b98efe1de7ad6206dbe

    SHA256

    e0619062451a156ed55fdb65cc8f628940b5dde333b759ee8b9f2dbd0d00efd2

    SHA512

    d81b40f42864558b2c8dc9e4dfcbaea8c56664d4989526e38daba05eb7fc97babb185a27871925f991898bf0964a417d1fa98848e867cad36982b5881ab43d66

    Download Submit

  • C:\ÍËÐÝ´«Ææ\GameAppr.ini
    Filesize

    120B

    MD5

    2f7f8665d7eb43d1cd2b342a9dee3fa6

    SHA1

    801e3bcbcee861d5176e6e197a21fac09c9285de

    SHA256

    f159a921b3ea3352ba52c1f529a274f5e34302ad223e48e0d535d54b3865badf

    SHA512

    12943d408049042d1d653d2f675a5f58a7e9aeb39fe6a1bfb7e3b44ef79166a7d05708eaa375d4c1f44861355c446e479b83cce8e29cb2b77472c44b0b26c46a

    Download Submit

  • \CEFEBDCCFDECE\libeay32.dll
    Filesize

    1.3MB

    MD5

    8cb6dd895e718df6512b993bdaf693a0

    SHA1

    844796bf5b2b7274595000adc1c91d08860e6ac8

    SHA256

    a7c1e7cb1aed70e4867f9b167e4f3848c82717022a23aec86c131222f45d01da

    SHA512

    9715cb8fe948e16b5df51ad423b8794e5e4a9a7d63b730167ba572c5212d7d362e35f9be450851c1c3c8896f9a988ce3d395c8e88d2b79bc7dcbf5e332cc8b2c

    Download Submit

  • \CEFEBDCCFDECE\ssleay32.dll
    Filesize

    333KB

    MD5

    212f6dcd2ff82d32dbe8b89fce9e218e

    SHA1

    bf3d68c44faaa8792de46be47ccfaa280da60d90

    SHA256

    bbbe7278d8786be2fa24336bb381b00c617e251593c62c68df61e321d866b86b

    SHA512

    683dae69b1c48289797c22874b0703aa7326c0e889c91b8f13a9df02ce0c81b09d19e86f09f84eb466f921e352e664822112b4cd5a02301c0ba039772ec2bfe5

    Download Submit

  • \ÍËÐÝ´«Ææ\09482539cfcf5ded8c3e0f16fc180078bb99389da48b65d2ab37063fc6181ccf.exe
    Filesize

    8.7MB

    MD5

    402ef2e8fac48e6af137f2c540bc8eac

    SHA1

    c00a7938bf35253b1bc146a6f16d4812ef783786

    SHA256

    09482539cfcf5ded8c3e0f16fc180078bb99389da48b65d2ab37063fc6181ccf

    SHA512

    4061d001d6abc3b1d1390b3bff916ba2383c7fb78cd02d9286166d534b973314406c90a90f15b92f5b478751c524b7683900ea8bfe416e1e336f735e5ef7b624

    Download Submit

  • \ÍËÐÝ´«Ææ\CEFEBDCCFDECE.exe
    Filesize

    7.1MB

    MD5

    ce7fe5b9242dc29c661f293de58702ce

    SHA1

    034f7e837563420cfccceb6680e538c493b5c522

    SHA256

    89c0cbcca2c92af50c66fdb935934f8021061ba9de4ac3561c5865534e109fc1

    SHA512

    9199139a4f5fbe0c466460b69f657fc7ae3d635076be38b49999b7ce1f2d20dd1a4cdceca622268a3559b5800efd5fa08317a218c5f1e8ced0d25377033ca074

    Download Submit

  • memory/580-101-0x0000000008440000-0x00000000093BE000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/580-34-0x0000000000920000-0x000000000092B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/580-31-0x0000000000400000-0x00000000008BD000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/580-22-0x0000000000400000-0x00000000008BD000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/580-33-0x0000000000920000-0x000000000092B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/580-40-0x0000000000400000-0x00000000008BD000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/580-46-0x0000000008440000-0x00000000093BE000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/1932-81-0x0000000000400000-0x000000000137E000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/1932-70-0x0000000000300000-0x000000000036D000-memory.dmp

    Filesize

    436KB

    Download

  • memory/1932-67-0x0000000000300000-0x000000000036D000-memory.dmp

    Filesize

    436KB

    Download

  • memory/1932-73-0x00000000045F0000-0x0000000004A81000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/1932-64-0x0000000000300000-0x000000000036D000-memory.dmp

    Filesize

    436KB

    Download

  • memory/1932-62-0x0000000000400000-0x000000000137E000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/2344-75-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2344-79-0x0000000000250000-0x000000000025B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2344-121-0x0000000002E00000-0x0000000002FF5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2344-119-0x0000000002E00000-0x0000000002FF5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2344-118-0x0000000000400000-0x0000000000C19000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/2344-78-0x0000000000400000-0x0000000000C19000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/2344-116-0x0000000005430000-0x0000000005570000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2344-115-0x0000000005430000-0x0000000005570000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2344-114-0x0000000002E00000-0x0000000002FF5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2344-86-0x0000000000400000-0x0000000000C19000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/2344-85-0x0000000000400000-0x0000000000C19000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/2344-82-0x0000000002E00000-0x0000000002FF5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2344-74-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2388-14-0x0000000078010000-0x0000000078011000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2388-0-0x0000000000400000-0x00000000008BD000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/2388-39-0x0000000000330000-0x000000000033B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2388-37-0x0000000000400000-0x00000000008BD000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/2388-12-0x0000000000330000-0x000000000033B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2388-9-0x0000000000400000-0x00000000008BD000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/2388-7-0x0000000076AC0000-0x0000000076AC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2388-3-0x0000000078010000-0x0000000078011000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2388-1-0x0000000078010000-0x0000000078011000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2388-11-0x0000000076AC0000-0x0000000076AC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2388-20-0x0000000005810000-0x0000000005CCD000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/2388-38-0x0000000000400000-0x00000000008BD000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/2388-13-0x0000000000330000-0x000000000033B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2492-113-0x0000000005390000-0x000000000630E000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/2492-60-0x0000000005390000-0x000000000630E000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/2492-59-0x0000000000400000-0x000000000137E000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/2492-48-0x0000000000400000-0x000000000137E000-memory.dmp

    Filesize

    15.5MB

    Download