Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
98s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
15/10/2023, 19:50
General
-
Target
f45623acbabbf29e34ad8fab16e4d3a0_exe32.exe
-
Size
182KB
-
MD5
f45623acbabbf29e34ad8fab16e4d3a0
-
SHA1
2e7af3874d4ebcbbf448cca3825fce050db7c7d1
-
SHA256
d0d8132c69781a69cb370143c763ae2731d82e8658d8b1d58f9ecceb5a416db2
-
SHA512
4f52a110e9256db85e3308e8e4d01fd358455a2dfb63b5116cec0fcdf536ff79fd20725634b698d0d87beeb45c27c1af133fd2de8e92cfdd3fe746c24565184e
-
SSDEEP
3072:8hOmTsF93UYfwC6GIoutKHrpi8rY9AABa1U+a8+9JwHJqw2QvGlzFLIQ//OPpZqd:8cm4FmowdHoS8rddWX+a/rkJqw2QvGJ5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f45623acbabbf29e34ad8fab16e4d3a0_exe32.exe"C:\Users\Admin\AppData\Local\Temp\f45623acbabbf29e34ad8fab16e4d3a0_exe32.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vdxfl.exec:\vdxfl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vlbtdvp.exec:\vlbtdvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvtfdd.exec:\hvtfdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xpnvn.exec:\xpnvn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnvtl.exec:\nnvtl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdrvn.exec:\vdrvn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvtt.exec:\pdvtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfxnhr.exec:\pfxnhr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\drrplr.exec:\drrplr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhxbbll.exec:\rhxbbll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfxhdb.exec:\pfxhdb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnfhxbf.exec:\tnfhxbf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bfrtj.exec:\bfrtj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tlnnnt.exec:\tlnnnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dlvrblh.exec:\dlvrblh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdbrpd.exec:\bdbrpd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rblfb.exec:\rblfb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpptjnl.exec:\vpptjnl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpthd.exec:\jjpthd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ftvjb.exec:\ftvjb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bpftvnp.exec:\bpftvnp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvbfhtd.exec:\jvbfhtd.exe23⤵
- Executes dropped EXE
-
\??\c:\xbllbbr.exec:\xbllbbr.exe24⤵
- Executes dropped EXE
-
\??\c:\lnhlh.exec:\lnhlh.exe25⤵
- Executes dropped EXE
-
\??\c:\jdrdjbl.exec:\jdrdjbl.exe26⤵
- Executes dropped EXE
-
\??\c:\rjrbxjr.exec:\rjrbxjr.exe27⤵
- Executes dropped EXE
-
\??\c:\rdxblxf.exec:\rdxblxf.exe28⤵
- Executes dropped EXE
-
\??\c:\hbtrn.exec:\hbtrn.exe29⤵
- Executes dropped EXE
-
\??\c:\njxdx.exec:\njxdx.exe30⤵
- Executes dropped EXE
-
\??\c:\nxdlr.exec:\nxdlr.exe31⤵
- Executes dropped EXE
-
\??\c:\xdjlb.exec:\xdjlb.exe32⤵
- Executes dropped EXE
-
\??\c:\vptrbvt.exec:\vptrbvt.exe33⤵
- Executes dropped EXE
-
\??\c:\xrddp.exec:\xrddp.exe34⤵
- Executes dropped EXE
-
\??\c:\fvrjn.exec:\fvrjn.exe35⤵
- Executes dropped EXE
-
\??\c:\jbvhlpr.exec:\jbvhlpr.exe36⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\ldhnpbr.exec:\ldhnpbr.exe1⤵
- Executes dropped EXE
-
\??\c:\ntrxt.exec:\ntrxt.exe2⤵
- Executes dropped EXE
-
\??\c:\npnbnbx.exec:\npnbnbx.exe3⤵
- Executes dropped EXE
-
\??\c:\hhjfvl.exec:\hhjfvl.exe4⤵
- Executes dropped EXE
-
\??\c:\fxjnrhf.exec:\fxjnrhf.exe5⤵
- Executes dropped EXE
-
\??\c:\pnjvj.exec:\pnjvj.exe6⤵
- Executes dropped EXE
-
\??\c:\rdbbh.exec:\rdbbh.exe7⤵
- Executes dropped EXE
-
\??\c:\nhlhbfb.exec:\nhlhbfb.exe8⤵
- Executes dropped EXE
-
\??\c:\dlpfbj.exec:\dlpfbj.exe9⤵
- Executes dropped EXE
-
\??\c:\nvrrd.exec:\nvrrd.exe10⤵
- Executes dropped EXE
-
\??\c:\dhprvb.exec:\dhprvb.exe11⤵
- Executes dropped EXE
-
\??\c:\btnlf.exec:\btnlf.exe12⤵
- Executes dropped EXE
-
\??\c:\dbflpr.exec:\dbflpr.exe13⤵
- Executes dropped EXE
-
\??\c:\bjjpjb.exec:\bjjpjb.exe14⤵
- Executes dropped EXE
-
\??\c:\bthjx.exec:\bthjx.exe15⤵
- Executes dropped EXE
-
\??\c:\rnbvf.exec:\rnbvf.exe16⤵
- Executes dropped EXE
-
\??\c:\dvtrlj.exec:\dvtrlj.exe17⤵
- Executes dropped EXE
-
\??\c:\bjbtbv.exec:\bjbtbv.exe18⤵
- Executes dropped EXE
-
\??\c:\fpfvrd.exec:\fpfvrd.exe19⤵
- Executes dropped EXE
-
\??\c:\nhjxp.exec:\nhjxp.exe20⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\nnhnj.exec:\nnhnj.exe1⤵
- Executes dropped EXE
-
\??\c:\ltdttxf.exec:\ltdttxf.exe2⤵
- Executes dropped EXE
-
\??\c:\jnhvfpj.exec:\jnhvfpj.exe3⤵
- Executes dropped EXE
-
\??\c:\rfhnddn.exec:\rfhnddn.exe4⤵
- Executes dropped EXE
-
\??\c:\tbrdjj.exec:\tbrdjj.exe5⤵
- Executes dropped EXE
-
\??\c:\ndjllbx.exec:\ndjllbx.exe6⤵
- Executes dropped EXE
-
\??\c:\txhtfrh.exec:\txhtfrh.exe7⤵
- Executes dropped EXE
-
\??\c:\lfrjj.exec:\lfrjj.exe8⤵
- Executes dropped EXE
-
\??\c:\lxxbbt.exec:\lxxbbt.exe9⤵
- Executes dropped EXE
-
\??\c:\lfjfpjj.exec:\lfjfpjj.exe10⤵
-
\??\c:\ljvbvlp.exec:\ljvbvlp.exe11⤵
-
\??\c:\ptjbxb.exec:\ptjbxb.exe12⤵
-
\??\c:\fhppt.exec:\fhppt.exe13⤵
-
\??\c:\xtndr.exec:\xtndr.exe14⤵
-
\??\c:\dvlnblt.exec:\dvlnblt.exe15⤵
-
\??\c:\xpjvnjv.exec:\xpjvnjv.exe16⤵
-
\??\c:\rjffhlx.exec:\rjffhlx.exe17⤵
-
\??\c:\bbxfhvf.exec:\bbxfhvf.exe18⤵
-
\??\c:\lxbvtj.exec:\lxbvtj.exe19⤵
-
\??\c:\tjhhx.exec:\tjhhx.exe20⤵
-
\??\c:\jfbpb.exec:\jfbpb.exe21⤵
-
\??\c:\bdbjfb.exec:\bdbjfb.exe22⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\phdlxv.exec:\phdlxv.exe1⤵
-
\??\c:\vtbdbp.exec:\vtbdbp.exe2⤵
-
\??\c:\njlfh.exec:\njlfh.exe3⤵
-
\??\c:\bxxnlf.exec:\bxxnlf.exe4⤵
-
\??\c:\tftlh.exec:\tftlh.exe5⤵
-
\??\c:\vlbxlr.exec:\vlbxlr.exe6⤵
-
\??\c:\fxbjl.exec:\fxbjl.exe7⤵
-
\??\c:\tnbjf.exec:\tnbjf.exe8⤵
-
\??\c:\pnfpfh.exec:\pnfpfh.exe9⤵
-
\??\c:\pxrbxn.exec:\pxrbxn.exe10⤵
-
\??\c:\jhflb.exec:\jhflb.exe11⤵
-
\??\c:\fpllbxn.exec:\fpllbxn.exe12⤵
-
\??\c:\hfthffh.exec:\hfthffh.exe13⤵
-
\??\c:\dbbbrv.exec:\dbbbrv.exe14⤵
-
\??\c:\nxnpt.exec:\nxnpt.exe15⤵
-
\??\c:\jvbpn.exec:\jvbpn.exe16⤵
-
\??\c:\bnvpnnr.exec:\bnvpnnr.exe17⤵
-
\??\c:\xnrnnbb.exec:\xnrnnbb.exe18⤵
-
\??\c:\brxdfx.exec:\brxdfx.exe19⤵
-
\??\c:\jdvtj.exec:\jdvtj.exe20⤵
-
\??\c:\vpbjtd.exec:\vpbjtd.exe21⤵
-
\??\c:\xrprtb.exec:\xrprtb.exe22⤵
-
\??\c:\rthrp.exec:\rthrp.exe23⤵
-
\??\c:\tfvlxx.exec:\tfvlxx.exe24⤵
-
\??\c:\xxftd.exec:\xxftd.exe25⤵
-
\??\c:\bpnxv.exec:\bpnxv.exe26⤵
-
\??\c:\dpjphx.exec:\dpjphx.exe27⤵
-
\??\c:\ntdhtv.exec:\ntdhtv.exe28⤵
-
\??\c:\dtxfpv.exec:\dtxfpv.exe29⤵
-
\??\c:\fxxdn.exec:\fxxdn.exe30⤵
-
\??\c:\jrxbbf.exec:\jrxbbf.exe31⤵
-
\??\c:\prjhxh.exec:\prjhxh.exe32⤵
-
\??\c:\lfvjnx.exec:\lfvjnx.exe33⤵
-
\??\c:\vrnbrhr.exec:\vrnbrhr.exe34⤵
-
\??\c:\lxhtfv.exec:\lxhtfv.exe35⤵
-
\??\c:\lxlfvpt.exec:\lxlfvpt.exe36⤵
-
\??\c:\hfbjr.exec:\hfbjr.exe37⤵
-
\??\c:\frjfvpn.exec:\frjfvpn.exe38⤵
-
\??\c:\bdbjjj.exec:\bdbjjj.exe39⤵
-
\??\c:\vlrfj.exec:\vlrfj.exe40⤵
-
\??\c:\npxtjfx.exec:\npxtjfx.exe41⤵
-
\??\c:\vtpdtj.exec:\vtpdtj.exe42⤵
-
\??\c:\vxttj.exec:\vxttj.exe43⤵
-
\??\c:\jjhvxp.exec:\jjhvxp.exe44⤵
-
\??\c:\brxpdrb.exec:\brxpdrb.exe45⤵
-
\??\c:\jbhlr.exec:\jbhlr.exe46⤵
-
\??\c:\lldrxxd.exec:\lldrxxd.exe47⤵
-
\??\c:\lxpth.exec:\lxpth.exe48⤵
-
\??\c:\dfjxtj.exec:\dfjxtj.exe49⤵
-
\??\c:\ptndtd.exec:\ptndtd.exe50⤵
-
\??\c:\vlpvx.exec:\vlpvx.exe51⤵
-
\??\c:\dxfdtp.exec:\dxfdtp.exe52⤵
-
\??\c:\fnjjnxj.exec:\fnjjnxj.exe53⤵
-
\??\c:\npfnf.exec:\npfnf.exe54⤵
-
\??\c:\rfbvn.exec:\rfbvn.exe55⤵
-
\??\c:\hbxjjxr.exec:\hbxjjxr.exe56⤵
-
\??\c:\fdbhdh.exec:\fdbhdh.exe57⤵
-
\??\c:\djpjbp.exec:\djpjbp.exe58⤵
-
\??\c:\frvtbd.exec:\frvtbd.exe59⤵
-
\??\c:\brdlndx.exec:\brdlndx.exe60⤵
-
\??\c:\nrjdddb.exec:\nrjdddb.exe61⤵
-
\??\c:\nxlbnb.exec:\nxlbnb.exe62⤵
-
\??\c:\bnltf.exec:\bnltf.exe63⤵
-
\??\c:\fxprn.exec:\fxprn.exe64⤵
-
\??\c:\pjlrrbp.exec:\pjlrrbp.exe65⤵
-
\??\c:\vrpjbpf.exec:\vrpjbpf.exe66⤵
-
\??\c:\flbrj.exec:\flbrj.exe67⤵
-
\??\c:\btrxbhj.exec:\btrxbhj.exe68⤵
-
\??\c:\trpbht.exec:\trpbht.exe69⤵
-
\??\c:\vtfbph.exec:\vtfbph.exe70⤵
-
\??\c:\dtprjf.exec:\dtprjf.exe71⤵
-
\??\c:\dlfjrl.exec:\dlfjrl.exe72⤵
-
\??\c:\hbfphd.exec:\hbfphd.exe73⤵
-
\??\c:\fltlrdx.exec:\fltlrdx.exe74⤵
-
\??\c:\tbxjdrj.exec:\tbxjdrj.exe75⤵
-
\??\c:\vvpdjvl.exec:\vvpdjvl.exe76⤵
-
\??\c:\xdjth.exec:\xdjth.exe77⤵
-
\??\c:\jthpp.exec:\jthpp.exe78⤵
-
\??\c:\nphvt.exec:\nphvt.exe79⤵
-
\??\c:\thxdxrx.exec:\thxdxrx.exe80⤵
-
\??\c:\jrhfb.exec:\jrhfb.exe81⤵
-
\??\c:\xjfrtn.exec:\xjfrtn.exe82⤵
-
\??\c:\rvjnf.exec:\rvjnf.exe83⤵
-
\??\c:\vbnhfh.exec:\vbnhfh.exe84⤵
-
\??\c:\pbjdp.exec:\pbjdp.exe85⤵
-
\??\c:\rrfbxxd.exec:\rrfbxxd.exe86⤵
-
\??\c:\dhvfjd.exec:\dhvfjd.exe87⤵
-
\??\c:\vhdvtv.exec:\vhdvtv.exe88⤵
-
\??\c:\dxxhjpn.exec:\dxxhjpn.exe89⤵
-
\??\c:\flfvfdv.exec:\flfvfdv.exe90⤵
-
\??\c:\rxnlrj.exec:\rxnlrj.exe91⤵
-
\??\c:\pllnn.exec:\pllnn.exe92⤵
-
\??\c:\ltplp.exec:\ltplp.exe93⤵
-
\??\c:\tnjdhd.exec:\tnjdhd.exe94⤵
-
\??\c:\ttnxl.exec:\ttnxl.exe95⤵
-
\??\c:\dfnxbp.exec:\dfnxbp.exe96⤵
-
\??\c:\rnbtdvr.exec:\rnbtdvr.exe97⤵
-
\??\c:\hntjvvt.exec:\hntjvvt.exe98⤵
-
\??\c:\plrrd.exec:\plrrd.exe99⤵
-
\??\c:\pxnvl.exec:\pxnvl.exe100⤵
-
\??\c:\bdjvr.exec:\bdjvr.exe101⤵
-
\??\c:\nfprb.exec:\nfprb.exe102⤵
-
\??\c:\nvrhlr.exec:\nvrhlr.exe103⤵
-
\??\c:\thxdxht.exec:\thxdxht.exe104⤵
-
\??\c:\tpvlpjj.exec:\tpvlpjj.exe105⤵
-
\??\c:\pfntdfj.exec:\pfntdfj.exe106⤵
-
\??\c:\rvfhntn.exec:\rvfhntn.exe107⤵
-
\??\c:\nlrdrp.exec:\nlrdrp.exe108⤵
-
\??\c:\hhjvj.exec:\hhjvj.exe109⤵
-
\??\c:\tlpff.exec:\tlpff.exe110⤵
-
\??\c:\jxbftjn.exec:\jxbftjn.exe111⤵
-
\??\c:\ffdjlll.exec:\ffdjlll.exe112⤵
-
\??\c:\lxfpd.exec:\lxfpd.exe113⤵
-
\??\c:\bfjvrxj.exec:\bfjvrxj.exe114⤵
-
\??\c:\bfnhl.exec:\bfnhl.exe115⤵
-
\??\c:\xvlrlx.exec:\xvlrlx.exe116⤵
-
\??\c:\lrthvl.exec:\lrthvl.exe117⤵
-
\??\c:\fbvvxj.exec:\fbvvxj.exe118⤵
-
\??\c:\hjrvj.exec:\hjrvj.exe119⤵
-
\??\c:\rfdvpbx.exec:\rfdvpbx.exe120⤵
-
\??\c:\trhbntj.exec:\trhbntj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-