Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
18/09/2023, 19:24
General
-
Target
f86b7599b09ad4efbf902a782bc85ab0_JC.exe
-
Size
472KB
-
MD5
f86b7599b09ad4efbf902a782bc85ab0
-
SHA1
836e08ae37e5ddfba4cf4699a9e3e7346b099cf3
-
SHA256
ecf9aba40ce3a9353a396ecb294b8407e98efbc00e7f76a50d2ca3e6cb4e49b6
-
SHA512
315d759423e2bcd5748c1416f2562198c1eaca6ace6a52143d7da64240acb31f6e860f56b5cb67eee069fa22b7126cf8bb832a9943676e267d4139a8513f6657
-
SSDEEP
6144:mcm7ImGddXv/VWrXD486jCpoAhlq1mEjBqLyOSlhNFF2a:I7TcfNWj168w1VjsyvhNFF2a
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f86b7599b09ad4efbf902a782bc85ab0_JC.exe"C:\Users\Admin\AppData\Local\Temp\f86b7599b09ad4efbf902a782bc85ab0_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rbhrxn.exec:\rbhrxn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\plnxdjn.exec:\plnxdjn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dnltp.exec:\dnltp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rvxjxr.exec:\rvxjxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ndltp.exec:\ndltp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hlbrbbb.exec:\hlbrbbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbxbxtl.exec:\tbxbxtl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdjjh.exec:\xdjjh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbxxvp.exec:\rbxxvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnfpxvr.exec:\tnfpxvr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfbvffx.exec:\xfbvffx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\txtjvrd.exec:\txtjvrd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ftjnbp.exec:\ftjnbp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fftfdl.exec:\fftfdl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hflrp.exec:\hflrp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fntdx.exec:\fntdx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\xxvhhp.exec:\xxvhhp.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jplthf.exec:\jplthf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbvf.exec:\nnbvf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbtntb.exec:\ntbtntb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrnpvtp.exec:\hrnpvtp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnjpd.exec:\btnjpd.exe6⤵
- Executes dropped EXE
-
\??\c:\plnnt.exec:\plnnt.exe7⤵
- Executes dropped EXE
-
\??\c:\fpjdn.exec:\fpjdn.exe8⤵
- Executes dropped EXE
-
\??\c:\hvfpv.exec:\hvfpv.exe9⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
\??\c:\lnntrtp.exec:\lnntrtp.exe1⤵
- Executes dropped EXE
-
\??\c:\pdfhhp.exec:\pdfhhp.exe2⤵
- Executes dropped EXE
-
\??\c:\xjhpdh.exec:\xjhpdh.exe3⤵
- Executes dropped EXE
-
-
-
\??\c:\rbftpx.exec:\rbftpx.exe1⤵
- Executes dropped EXE
-
\??\c:\pfrpphf.exec:\pfrpphf.exe2⤵
- Executes dropped EXE
-
\??\c:\nhltxrt.exec:\nhltxrt.exe3⤵
- Executes dropped EXE
-
\??\c:\rdblnjt.exec:\rdblnjt.exe4⤵
- Executes dropped EXE
-
\??\c:\fbvhvn.exec:\fbvhvn.exe5⤵
- Executes dropped EXE
-
\??\c:\jphdvr.exec:\jphdvr.exe6⤵
- Executes dropped EXE
-
\??\c:\hdhvdl.exec:\hdhvdl.exe7⤵
- Executes dropped EXE
-
-
-
-
-
-
-
\??\c:\vjnjjn.exec:\vjnjjn.exe1⤵
- Executes dropped EXE
-
\??\c:\dtrrhbp.exec:\dtrrhbp.exe1⤵
- Executes dropped EXE
-
\??\c:\rxffpd.exec:\rxffpd.exe2⤵
- Executes dropped EXE
-
\??\c:\bvjdjx.exec:\bvjdjx.exe3⤵
- Executes dropped EXE
-
\??\c:\dpvhff.exec:\dpvhff.exe4⤵
- Executes dropped EXE
-
\??\c:\jxhfbjd.exec:\jxhfbjd.exe5⤵
- Executes dropped EXE
-
\??\c:\pvxpbx.exec:\pvxpbx.exe6⤵
- Executes dropped EXE
-
\??\c:\xfflrpf.exec:\xfflrpf.exe7⤵
- Executes dropped EXE
-
\??\c:\hblbvhf.exec:\hblbvhf.exe8⤵
- Executes dropped EXE
-
\??\c:\ndjtntx.exec:\ndjtntx.exe9⤵
- Executes dropped EXE
-
\??\c:\pbrvlj.exec:\pbrvlj.exe10⤵
- Executes dropped EXE
-
\??\c:\llbxdrp.exec:\llbxdrp.exe11⤵
- Executes dropped EXE
-
\??\c:\xbpff.exec:\xbpff.exe12⤵
- Executes dropped EXE
-
\??\c:\hvltjxd.exec:\hvltjxd.exe13⤵
- Executes dropped EXE
-
\??\c:\fvxtj.exec:\fvxtj.exe14⤵
- Executes dropped EXE
-
\??\c:\fvjjpb.exec:\fvjjpb.exe15⤵
- Executes dropped EXE
-
\??\c:\jnvpdjv.exec:\jnvpdjv.exe16⤵
- Executes dropped EXE
-
\??\c:\jtxlhxd.exec:\jtxlhxd.exe17⤵
- Executes dropped EXE
-
\??\c:\jrvplv.exec:\jrvplv.exe18⤵
- Executes dropped EXE
-
\??\c:\blvbff.exec:\blvbff.exe19⤵
- Executes dropped EXE
-
\??\c:\vfrtpvr.exec:\vfrtpvr.exe20⤵
- Executes dropped EXE
-
\??\c:\prnldl.exec:\prnldl.exe21⤵
- Executes dropped EXE
-
\??\c:\dndflx.exec:\dndflx.exe22⤵
- Executes dropped EXE
-
\??\c:\rrblnf.exec:\rrblnf.exe23⤵
- Executes dropped EXE
-
\??\c:\rjfxbbr.exec:\rjfxbbr.exe24⤵
- Executes dropped EXE
-
\??\c:\nxtbrhb.exec:\nxtbrhb.exe25⤵
- Executes dropped EXE
-
\??\c:\fblpfrl.exec:\fblpfrl.exe26⤵
- Executes dropped EXE
-
\??\c:\lhvtv.exec:\lhvtv.exe27⤵
- Executes dropped EXE
-
\??\c:\fjfxdj.exec:\fjfxdj.exe28⤵
- Executes dropped EXE
-
\??\c:\btfbjlf.exec:\btfbjlf.exe29⤵
-
\??\c:\vfxhhn.exec:\vfxhhn.exe30⤵
-
\??\c:\ltptd.exec:\ltptd.exe31⤵
-
\??\c:\jjlpvn.exec:\jjlpvn.exe32⤵
-
\??\c:\lfjffb.exec:\lfjffb.exe33⤵
-
\??\c:\lxfrrd.exec:\lxfrrd.exe34⤵
-
\??\c:\bfrpf.exec:\bfrpf.exe35⤵
-
\??\c:\jpntvtv.exec:\jpntvtv.exe36⤵
-
\??\c:\vxhrbp.exec:\vxhrbp.exe37⤵
-
\??\c:\jbbvxtb.exec:\jbbvxtb.exe38⤵
-
\??\c:\bhvhvd.exec:\bhvhvd.exe39⤵
-
\??\c:\ffvvvt.exec:\ffvvvt.exe40⤵
-
\??\c:\btvflb.exec:\btvflb.exe41⤵
-
\??\c:\ndxbrv.exec:\ndxbrv.exe42⤵
-
\??\c:\btrdj.exec:\btrdj.exe43⤵
-
\??\c:\rrbplv.exec:\rrbplv.exe44⤵
-
\??\c:\rrdljf.exec:\rrdljf.exe45⤵
-
\??\c:\vbdvpb.exec:\vbdvpb.exe46⤵
-
\??\c:\pnnxf.exec:\pnnxf.exe47⤵
-
\??\c:\bxrtd.exec:\bxrtd.exe48⤵
-
\??\c:\fjthbj.exec:\fjthbj.exe49⤵
-
\??\c:\fxhlft.exec:\fxhlft.exe50⤵
-
\??\c:\jnrdhh.exec:\jnrdhh.exe51⤵
-
\??\c:\dpnrl.exec:\dpnrl.exe52⤵
-
\??\c:\djbfbx.exec:\djbfbx.exe53⤵
-
\??\c:\pbdtnpb.exec:\pbdtnpb.exe54⤵
-
\??\c:\pfxvvr.exec:\pfxvvr.exe55⤵
-
\??\c:\bnfnpp.exec:\bnfnpp.exe56⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\dpbvf.exec:\dpbvf.exe1⤵
-
\??\c:\hpntfh.exec:\hpntfh.exe2⤵
-
\??\c:\xndlp.exec:\xndlp.exe3⤵
-
\??\c:\jrrhd.exec:\jrrhd.exe4⤵
-
\??\c:\phljplf.exec:\phljplf.exe5⤵
-
\??\c:\xbprt.exec:\xbprt.exe6⤵
-
\??\c:\jxvdf.exec:\jxvdf.exe7⤵
-
\??\c:\dvfvn.exec:\dvfvn.exe8⤵
-
\??\c:\jtljp.exec:\jtljp.exe9⤵
-
\??\c:\ptjldtl.exec:\ptjldtl.exe10⤵
-
\??\c:\vhffp.exec:\vhffp.exe11⤵
-
\??\c:\nttxd.exec:\nttxd.exe12⤵
-
\??\c:\bpfnvrj.exec:\bpfnvrj.exe13⤵
-
\??\c:\ndxtxr.exec:\ndxtxr.exe14⤵
-
\??\c:\bbfbx.exec:\bbfbx.exe15⤵
-
\??\c:\flrbv.exec:\flrbv.exe16⤵
-
\??\c:\nbjlv.exec:\nbjlv.exe17⤵
-
\??\c:\vvxtbbl.exec:\vvxtbbl.exe18⤵
-
\??\c:\pfrnn.exec:\pfrnn.exe19⤵
-
\??\c:\ftbvv.exec:\ftbvv.exe20⤵
-
\??\c:\thffh.exec:\thffh.exe21⤵
-
\??\c:\ldvffb.exec:\ldvffb.exe22⤵
-
\??\c:\trjhhrh.exec:\trjhhrh.exe23⤵
-
\??\c:\rdbnx.exec:\rdbnx.exe24⤵
-
\??\c:\xnxjj.exec:\xnxjj.exe25⤵
-
\??\c:\vfvtxvl.exec:\vfvtxvl.exe26⤵
-
\??\c:\dljllvt.exec:\dljllvt.exe27⤵
-
\??\c:\dphxvf.exec:\dphxvf.exe28⤵
-
\??\c:\fdnxb.exec:\fdnxb.exe29⤵
-
\??\c:\xbrrbpd.exec:\xbrrbpd.exe30⤵
-
\??\c:\rrxhjt.exec:\rrxhjt.exe31⤵
-
\??\c:\djxxb.exec:\djxxb.exe32⤵
-
\??\c:\rjxnt.exec:\rjxnt.exe33⤵
-
\??\c:\htltvrn.exec:\htltvrn.exe34⤵
-
\??\c:\dlxbv.exec:\dlxbv.exe35⤵
-
\??\c:\dvvvth.exec:\dvvvth.exe36⤵
-
\??\c:\dbxrv.exec:\dbxrv.exe37⤵
-
\??\c:\jttrrl.exec:\jttrrl.exe38⤵
-
\??\c:\vvxbvxn.exec:\vvxbvxn.exe39⤵
-
\??\c:\pdpbbd.exec:\pdpbbd.exe40⤵
-
\??\c:\ljhth.exec:\ljhth.exe41⤵
-
\??\c:\phnhb.exec:\phnhb.exe42⤵
-
\??\c:\xhfpp.exec:\xhfpp.exe43⤵
-
\??\c:\nxttvf.exec:\nxttvf.exe44⤵
-
\??\c:\drlrbd.exec:\drlrbd.exe45⤵
-
\??\c:\dnfjfj.exec:\dnfjfj.exe46⤵
-
\??\c:\lhtxr.exec:\lhtxr.exe47⤵
-
\??\c:\fvhtbv.exec:\fvhtbv.exe48⤵
-
\??\c:\jnrnl.exec:\jnrnl.exe49⤵
-
\??\c:\tftpv.exec:\tftpv.exe50⤵
-
\??\c:\hxbdnn.exec:\hxbdnn.exe51⤵
-
\??\c:\pfrljl.exec:\pfrljl.exe52⤵
-
\??\c:\lntfxv.exec:\lntfxv.exe53⤵
-
\??\c:\jrfvrx.exec:\jrfvrx.exe54⤵
-
\??\c:\jbpvd.exec:\jbpvd.exe55⤵
-
\??\c:\rrvvtld.exec:\rrvvtld.exe56⤵
-
\??\c:\nrhbf.exec:\nrhbf.exe57⤵
-
\??\c:\rhbrh.exec:\rhbrh.exe58⤵
-
\??\c:\jpbbr.exec:\jpbbr.exe59⤵
-
\??\c:\xbtbbpb.exec:\xbtbbpb.exe60⤵
-
\??\c:\xhdhrrh.exec:\xhdhrrh.exe61⤵
-
\??\c:\nfhfxld.exec:\nfhfxld.exe62⤵
-
\??\c:\btntvtn.exec:\btntvtn.exe63⤵
-
\??\c:\xljdl.exec:\xljdl.exe64⤵
-
\??\c:\bdfhn.exec:\bdfhn.exe65⤵
-
\??\c:\npjjl.exec:\npjjl.exe66⤵
-
\??\c:\nfrftd.exec:\nfrftd.exe67⤵
-
\??\c:\rllnbr.exec:\rllnbr.exe68⤵
-
\??\c:\rfprvt.exec:\rfprvt.exe69⤵
-
\??\c:\dlbjl.exec:\dlbjl.exe70⤵
-
\??\c:\jtlhdjr.exec:\jtlhdjr.exe71⤵
-
\??\c:\bpfnxpn.exec:\bpfnxpn.exe72⤵
-
\??\c:\xrxxxdl.exec:\xrxxxdl.exe73⤵
-
\??\c:\tvjjddv.exec:\tvjjddv.exe74⤵
-
\??\c:\fttdlt.exec:\fttdlt.exe75⤵
-
\??\c:\hjpjnx.exec:\hjpjnx.exe76⤵
-
\??\c:\pdtpn.exec:\pdtpn.exe77⤵
-
\??\c:\pljfbl.exec:\pljfbl.exe78⤵
-
\??\c:\rfnppxh.exec:\rfnppxh.exe79⤵
-
\??\c:\plrjl.exec:\plrjl.exe80⤵
-
\??\c:\dtfpnfh.exec:\dtfpnfh.exe81⤵
-
\??\c:\vhxhf.exec:\vhxhf.exe82⤵
-
\??\c:\rbttr.exec:\rbttr.exe83⤵
-
\??\c:\bxbbtd.exec:\bxbbtd.exe84⤵
-
\??\c:\rlnllxv.exec:\rlnllxv.exe85⤵
-
\??\c:\nrhvr.exec:\nrhvr.exe86⤵
-
\??\c:\bjbnjdp.exec:\bjbnjdp.exe87⤵
-
\??\c:\flvbjrv.exec:\flvbjrv.exe88⤵
-
\??\c:\frpfdn.exec:\frpfdn.exe89⤵
-
\??\c:\nhbpr.exec:\nhbpr.exe90⤵
-
\??\c:\bbfvbbh.exec:\bbfvbbh.exe91⤵
-
\??\c:\ddfxrjn.exec:\ddfxrjn.exe92⤵
-
\??\c:\fffdp.exec:\fffdp.exe93⤵
-
\??\c:\tbblxdr.exec:\tbblxdr.exe94⤵
-
\??\c:\hfrttnh.exec:\hfrttnh.exe95⤵
-
\??\c:\blvlj.exec:\blvlj.exe96⤵
-
\??\c:\prnfv.exec:\prnfv.exe97⤵
-
\??\c:\vnhxpb.exec:\vnhxpb.exe98⤵
-
\??\c:\tbbpb.exec:\tbbpb.exe99⤵
-
\??\c:\pdnbrrn.exec:\pdnbrrn.exe100⤵
-
\??\c:\jrlbx.exec:\jrlbx.exe101⤵
-
\??\c:\nfhvp.exec:\nfhvp.exe102⤵
-
\??\c:\llndvbd.exec:\llndvbd.exe103⤵
-
\??\c:\lfrtjjh.exec:\lfrtjjh.exe104⤵
-
\??\c:\nxhxvrv.exec:\nxhxvrv.exe105⤵
-
\??\c:\jhhltf.exec:\jhhltf.exe106⤵
-
\??\c:\vdbhhdl.exec:\vdbhhdl.exe107⤵
-
\??\c:\xxxljf.exec:\xxxljf.exe108⤵
-
\??\c:\nfvlr.exec:\nfvlr.exe109⤵
-
\??\c:\btrvbp.exec:\btrvbp.exe110⤵
-
\??\c:\jbjbd.exec:\jbjbd.exe111⤵
-
\??\c:\fjlpj.exec:\fjlpj.exe112⤵
-
\??\c:\xlnxhn.exec:\xlnxhn.exe113⤵
-
\??\c:\brxdn.exec:\brxdn.exe114⤵
-
\??\c:\hdljtn.exec:\hdljtn.exe115⤵
-
\??\c:\tfjtd.exec:\tfjtd.exe116⤵
-
\??\c:\frltbdr.exec:\frltbdr.exe117⤵
-
\??\c:\jjfptff.exec:\jjfptff.exe118⤵
-
\??\c:\rljldhv.exec:\rljldhv.exe119⤵
-
\??\c:\ffbjddx.exec:\ffbjddx.exe120⤵
-
\??\c:\vdfttbt.exec:\vdfttbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-