Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
29/02/2024, 08:02
General
-
Target
HEUR-Trojan.Win32.exe
-
Size
441KB
-
MD5
d6ca2cae19a63047b1ba881b667a657a
-
SHA1
e83c8250333e3300b4d3448b12a489c8913ff5a2
-
SHA256
d72d920b00750016a2e3f61662cc48a3acdc6ee26e83b3604362b246fdfe8eb5
-
SHA512
b05d99a0e674ce290e0aacb928e8996888525b0bafe739a9e1dff902f41eaaae7e71a85129633751c63002cb427fbe8d300a5862b2e6f04e5714178a14ad379e
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/T4i37K3BoKg0p5WI09JW:n3C9ytvn8whkb4i3e3GFO6JW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 44 IoCs
-
UPX dump on OEP (original entry point) 53 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 53 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.exe"C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\8660448.exec:\8660448.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrxrxr.exec:\5rrxrxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48400.exec:\48400.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxll.exec:\rfffxll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhhhh.exec:\bhhhhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\64484f.exec:\64484f.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
\??\c:\djvpp.exec:\djvpp.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnthh.exec:\btnthh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlllff.exec:\fxlllff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\684448.exec:\684448.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\84488.exec:\84488.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvpp.exec:\1pvpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jdvp.exec:\9jdvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxffx.exec:\fxfxffx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjd.exec:\vjpjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbnhh.exec:\htbnhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\202648.exec:\202648.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
\??\c:\644848.exec:\644848.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\600844.exec:\600844.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffrxx.exec:\fxffrxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllflxl.exec:\rllflxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w28480.exec:\w28480.exe5⤵
- Executes dropped EXE
-
\??\c:\xfllxxr.exec:\xfllxxr.exe6⤵
- Executes dropped EXE
-
\??\c:\u626482.exec:\u626482.exe7⤵
- Executes dropped EXE
-
\??\c:\pjjpj.exec:\pjjpj.exe8⤵
- Executes dropped EXE
-
\??\c:\0622600.exec:\0622600.exe9⤵
- Executes dropped EXE
-
\??\c:\8060448.exec:\8060448.exe10⤵
- Executes dropped EXE
-
\??\c:\244866.exec:\244866.exe11⤵
- Executes dropped EXE
-
\??\c:\2022222.exec:\2022222.exe12⤵
- Executes dropped EXE
-
\??\c:\420004.exec:\420004.exe13⤵
- Executes dropped EXE
-
\??\c:\hthnhb.exec:\hthnhb.exe14⤵
- Executes dropped EXE
-
\??\c:\8466004.exec:\8466004.exe15⤵
- Executes dropped EXE
-
\??\c:\jpvvp.exec:\jpvvp.exe16⤵
- Executes dropped EXE
-
\??\c:\7ffxlfx.exec:\7ffxlfx.exe17⤵
- Executes dropped EXE
-
\??\c:\68826.exec:\68826.exe18⤵
- Executes dropped EXE
-
\??\c:\o664226.exec:\o664226.exe19⤵
- Executes dropped EXE
-
\??\c:\88048.exec:\88048.exe20⤵
- Executes dropped EXE
-
\??\c:\djjvp.exec:\djjvp.exe21⤵
- Executes dropped EXE
-
\??\c:\nbbtnn.exec:\nbbtnn.exe22⤵
- Executes dropped EXE
-
\??\c:\vvjjj.exec:\vvjjj.exe23⤵
- Executes dropped EXE
-
\??\c:\48486.exec:\48486.exe24⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe25⤵
- Executes dropped EXE
-
\??\c:\4686448.exec:\4686448.exe26⤵
- Executes dropped EXE
-
\??\c:\rxfxxxf.exec:\rxfxxxf.exe27⤵
- Executes dropped EXE
-
\??\c:\486008.exec:\486008.exe28⤵
- Executes dropped EXE
-
\??\c:\q44820.exec:\q44820.exe29⤵
- Executes dropped EXE
-
\??\c:\7xffxxr.exec:\7xffxxr.exe30⤵
- Executes dropped EXE
-
\??\c:\26822.exec:\26822.exe31⤵
- Executes dropped EXE
-
\??\c:\866000.exec:\866000.exe32⤵
- Executes dropped EXE
-
\??\c:\484844.exec:\484844.exe33⤵
- Executes dropped EXE
-
\??\c:\880400.exec:\880400.exe34⤵
- Executes dropped EXE
-
\??\c:\8422682.exec:\8422682.exe35⤵
- Executes dropped EXE
-
\??\c:\dvpjj.exec:\dvpjj.exe36⤵
- Executes dropped EXE
-
\??\c:\tbbbtt.exec:\tbbbtt.exe37⤵
- Executes dropped EXE
-
\??\c:\860848.exec:\860848.exe38⤵
- Executes dropped EXE
-
\??\c:\8626484.exec:\8626484.exe39⤵
- Executes dropped EXE
-
\??\c:\tttntt.exec:\tttntt.exe40⤵
- Executes dropped EXE
-
\??\c:\46820.exec:\46820.exe41⤵
- Executes dropped EXE
-
\??\c:\a6260.exec:\a6260.exe42⤵
- Executes dropped EXE
-
\??\c:\8288882.exec:\8288882.exe43⤵
- Executes dropped EXE
-
\??\c:\xllfxxf.exec:\xllfxxf.exe44⤵
- Executes dropped EXE
-
\??\c:\vjjpj.exec:\vjjpj.exe45⤵
- Executes dropped EXE
-
\??\c:\0200004.exec:\0200004.exe46⤵
- Executes dropped EXE
-
\??\c:\5ddpd.exec:\5ddpd.exe47⤵
- Executes dropped EXE
-
\??\c:\2884882.exec:\2884882.exe48⤵
-
\??\c:\xxfxrlx.exec:\xxfxrlx.exe49⤵
-
\??\c:\1nhbnn.exec:\1nhbnn.exe50⤵
-
\??\c:\4060826.exec:\4060826.exe51⤵
-
\??\c:\408266.exec:\408266.exe52⤵
-
\??\c:\0660484.exec:\0660484.exe53⤵
-
\??\c:\820606.exec:\820606.exe54⤵
-
\??\c:\8460604.exec:\8460604.exe55⤵
-
\??\c:\7hhtnn.exec:\7hhtnn.exe56⤵
-
\??\c:\60604.exec:\60604.exe57⤵
-
\??\c:\3rxlfxx.exec:\3rxlfxx.exe58⤵
-
\??\c:\028222.exec:\028222.exe59⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe60⤵
-
\??\c:\5btnhh.exec:\5btnhh.exe61⤵
-
\??\c:\bthbbt.exec:\bthbbt.exe62⤵
-
\??\c:\o028226.exec:\o028226.exe63⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe64⤵
-
\??\c:\k02604.exec:\k02604.exe65⤵
-
\??\c:\60008.exec:\60008.exe66⤵
-
\??\c:\bnntnn.exec:\bnntnn.exe67⤵
-
\??\c:\1nbttt.exec:\1nbttt.exe68⤵
-
\??\c:\6264604.exec:\6264604.exe69⤵
-
\??\c:\66260.exec:\66260.exe70⤵
-
\??\c:\1dpdv.exec:\1dpdv.exe71⤵
-
\??\c:\628640.exec:\628640.exe72⤵
-
\??\c:\bbtbnn.exec:\bbtbnn.exe73⤵
-
\??\c:\4622628.exec:\4622628.exe74⤵
-
\??\c:\lxxrlll.exec:\lxxrlll.exe75⤵
-
\??\c:\9rrrrrl.exec:\9rrrrrl.exe76⤵
-
\??\c:\60000.exec:\60000.exe77⤵
-
\??\c:\4260666.exec:\4260666.exe78⤵
-
\??\c:\3nhhhn.exec:\3nhhhn.exe79⤵
-
\??\c:\8240066.exec:\8240066.exe80⤵
-
\??\c:\7frrlll.exec:\7frrlll.exe81⤵
-
\??\c:\htnhtn.exec:\htnhtn.exe82⤵
-
\??\c:\82220.exec:\82220.exe83⤵
-
\??\c:\022666.exec:\022666.exe84⤵
-
\??\c:\djvpd.exec:\djvpd.exe85⤵
-
\??\c:\26222.exec:\26222.exe86⤵
-
\??\c:\7nhttt.exec:\7nhttt.exe87⤵
-
\??\c:\8682660.exec:\8682660.exe88⤵
-
\??\c:\hntthb.exec:\hntthb.exe89⤵
-
\??\c:\08822.exec:\08822.exe90⤵
-
\??\c:\9fllffx.exec:\9fllffx.exe91⤵
-
\??\c:\6662622.exec:\6662622.exe92⤵
-
\??\c:\6886040.exec:\6886040.exe93⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe94⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe95⤵
-
\??\c:\6660482.exec:\6660482.exe96⤵
-
\??\c:\06226.exec:\06226.exe97⤵
-
\??\c:\frrllll.exec:\frrllll.exe98⤵
-
\??\c:\20486.exec:\20486.exe99⤵
-
\??\c:\a2204.exec:\a2204.exe100⤵
-
\??\c:\200400.exec:\200400.exe101⤵
-
\??\c:\g8422.exec:\g8422.exe102⤵
-
\??\c:\84482.exec:\84482.exe103⤵
-
\??\c:\0626448.exec:\0626448.exe104⤵
-
\??\c:\20000.exec:\20000.exe105⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe106⤵
-
\??\c:\0822660.exec:\0822660.exe107⤵
-
\??\c:\dppdp.exec:\dppdp.exe108⤵
-
\??\c:\888648.exec:\888648.exe109⤵
-
\??\c:\w88660.exec:\w88660.exe110⤵
-
\??\c:\c666448.exec:\c666448.exe111⤵
-
\??\c:\xlfxlfl.exec:\xlfxlfl.exe112⤵
-
\??\c:\822628.exec:\822628.exe113⤵
-
\??\c:\8408882.exec:\8408882.exe114⤵
-
\??\c:\djjdv.exec:\djjdv.exe115⤵
-
\??\c:\6626448.exec:\6626448.exe116⤵
-
\??\c:\486840.exec:\486840.exe117⤵
-
\??\c:\ntbntn.exec:\ntbntn.exe118⤵
-
\??\c:\6260860.exec:\6260860.exe119⤵
-
\??\c:\86086.exec:\86086.exe120⤵
-
\??\c:\xrfxxxr.exec:\xrfxxxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-