Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
85s -
max time network
78s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
07/03/2024, 19:44
General
-
Target
4c31a848fc556ee78e8c3966349a2ed28083316d09134b794f2dad65e36f7c84.exe
-
Size
92KB
-
MD5
1658c60369d01179657c8c0b0658d07f
-
SHA1
d4ad848cf2d23c0928e763ecba17778eb9275fbc
-
SHA256
4c31a848fc556ee78e8c3966349a2ed28083316d09134b794f2dad65e36f7c84
-
SHA512
6adecbc41a8224e51ab68381c5c61fcad72e8d9d489d606c6035ba88a94a825e1e1f62737a88730431b0c8f11c875314335fe7a345d7381c67c587b7d496b90b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxEPOfPrA3:ymb3NkkiQ3mdBjFo73PYP1lri3KuOnrI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 43 IoCs
-
UPX dump on OEP (original entry point) 59 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 59 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4c31a848fc556ee78e8c3966349a2ed28083316d09134b794f2dad65e36f7c84.exe"C:\Users\Admin\AppData\Local\Temp\4c31a848fc556ee78e8c3966349a2ed28083316d09134b794f2dad65e36f7c84.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrrll.exec:\xxxrrll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlfxf.exec:\ffrlfxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbbbt.exec:\5bbbbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvj.exec:\jdvvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrllf.exec:\frxrllf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvdj.exec:\ppvdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hhhbh.exec:\7hhhbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlrrf.exec:\xlrlrrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnntb.exec:\bbnntb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9flfxxx.exec:\9flfxxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jpjd.exec:\7jpjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttnn.exec:\btttnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxrxx.exec:\rrrxrxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbtt.exec:\ntbbtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpd.exec:\ppvpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxxxx.exec:\fffxxxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttnn.exec:\hbttnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7frrllf.exec:\7frrllf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvdj.exec:\jjvdj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlffxxx.exec:\xlffxxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhhbb.exec:\3hhhbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbtt.exec:\nhbbtt.exe23⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe24⤵
- Executes dropped EXE
-
\??\c:\nhtbtt.exec:\nhtbtt.exe25⤵
- Executes dropped EXE
-
\??\c:\jddvd.exec:\jddvd.exe26⤵
- Executes dropped EXE
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe27⤵
- Executes dropped EXE
-
\??\c:\tnntnn.exec:\tnntnn.exe28⤵
- Executes dropped EXE
-
\??\c:\7djdp.exec:\7djdp.exe29⤵
- Executes dropped EXE
-
\??\c:\3tnhtn.exec:\3tnhtn.exe30⤵
- Executes dropped EXE
-
\??\c:\jpjjj.exec:\jpjjj.exe31⤵
- Executes dropped EXE
-
\??\c:\nhbtbb.exec:\nhbtbb.exe32⤵
- Executes dropped EXE
-
\??\c:\rrrrxxr.exec:\rrrrxxr.exe33⤵
- Executes dropped EXE
-
\??\c:\tbnnnh.exec:\tbnnnh.exe34⤵
- Executes dropped EXE
-
\??\c:\djjpj.exec:\djjpj.exe35⤵
- Executes dropped EXE
-
\??\c:\bnnnhh.exec:\bnnnhh.exe36⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe37⤵
- Executes dropped EXE
-
\??\c:\bbbbbb.exec:\bbbbbb.exe38⤵
- Executes dropped EXE
-
\??\c:\3fxrfxl.exec:\3fxrfxl.exe39⤵
- Executes dropped EXE
-
\??\c:\9htnnh.exec:\9htnnh.exe40⤵
- Executes dropped EXE
-
\??\c:\3rxrrll.exec:\3rxrrll.exe41⤵
- Executes dropped EXE
-
\??\c:\ppvvv.exec:\ppvvv.exe42⤵
- Executes dropped EXE
-
\??\c:\9xrlffx.exec:\9xrlffx.exe43⤵
- Executes dropped EXE
-
\??\c:\dpppv.exec:\dpppv.exe44⤵
- Executes dropped EXE
-
\??\c:\rlfrfxr.exec:\rlfrfxr.exe45⤵
- Executes dropped EXE
-
\??\c:\tntnnn.exec:\tntnnn.exe46⤵
- Executes dropped EXE
-
\??\c:\fxrfrff.exec:\fxrfrff.exe47⤵
- Executes dropped EXE
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe48⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe49⤵
- Executes dropped EXE
-
\??\c:\xfrxxll.exec:\xfrxxll.exe50⤵
- Executes dropped EXE
-
\??\c:\hhbbtn.exec:\hhbbtn.exe51⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe52⤵
- Executes dropped EXE
-
\??\c:\htbtnt.exec:\htbtnt.exe53⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe54⤵
- Executes dropped EXE
-
\??\c:\rrxlxrf.exec:\rrxlxrf.exe55⤵
- Executes dropped EXE
-
\??\c:\hbhhhh.exec:\hbhhhh.exe56⤵
- Executes dropped EXE
-
\??\c:\lflxfxf.exec:\lflxfxf.exe57⤵
- Executes dropped EXE
-
\??\c:\bbttbb.exec:\bbttbb.exe58⤵
- Executes dropped EXE
-
\??\c:\5dddv.exec:\5dddv.exe59⤵
- Executes dropped EXE
-
\??\c:\bttnhb.exec:\bttnhb.exe60⤵
- Executes dropped EXE
-
\??\c:\3lffrrl.exec:\3lffrrl.exe61⤵
- Executes dropped EXE
-
\??\c:\bhbthb.exec:\bhbthb.exe62⤵
- Executes dropped EXE
-
\??\c:\lrrrllf.exec:\lrrrllf.exe63⤵
- Executes dropped EXE
-
\??\c:\hhtttn.exec:\hhtttn.exe64⤵
- Executes dropped EXE
-
\??\c:\frfxfrl.exec:\frfxfrl.exe65⤵
- Executes dropped EXE
-
\??\c:\9nbnbb.exec:\9nbnbb.exe66⤵
-
\??\c:\5pvvj.exec:\5pvvj.exe67⤵
-
\??\c:\ttnthb.exec:\ttnthb.exe68⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe69⤵
-
\??\c:\thbnnn.exec:\thbnnn.exe70⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe71⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe72⤵
-
\??\c:\dvppj.exec:\dvppj.exe73⤵
-
\??\c:\hnnbtn.exec:\hnnbtn.exe74⤵
-
\??\c:\rflfffx.exec:\rflfffx.exe75⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe76⤵
-
\??\c:\7bnntn.exec:\7bnntn.exe77⤵
-
\??\c:\xrxrrfx.exec:\xrxrrfx.exe78⤵
-
\??\c:\1nhhtn.exec:\1nhhtn.exe79⤵
-
\??\c:\1ppjd.exec:\1ppjd.exe80⤵
-
\??\c:\hhhhtb.exec:\hhhhtb.exe81⤵
-
\??\c:\5vjvd.exec:\5vjvd.exe82⤵
-
\??\c:\9tnbnh.exec:\9tnbnh.exe83⤵
-
\??\c:\3xrlrlx.exec:\3xrlrlx.exe84⤵
-
\??\c:\thbthb.exec:\thbthb.exe85⤵
-
\??\c:\dvppv.exec:\dvppv.exe86⤵
-
\??\c:\lxrfrlx.exec:\lxrfrlx.exe87⤵
-
\??\c:\tbtbbh.exec:\tbtbbh.exe88⤵
-
\??\c:\vddvv.exec:\vddvv.exe89⤵
-
\??\c:\tnhbnh.exec:\tnhbnh.exe90⤵
-
\??\c:\jvvdp.exec:\jvvdp.exe91⤵
-
\??\c:\xllflfr.exec:\xllflfr.exe92⤵
-
\??\c:\jdjvj.exec:\jdjvj.exe93⤵
-
\??\c:\bbbbhb.exec:\bbbbhb.exe94⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe95⤵
-
\??\c:\lxlrlxl.exec:\lxlrlxl.exe96⤵
-
\??\c:\5rlfxrf.exec:\5rlfxrf.exe97⤵
-
\??\c:\thbnnh.exec:\thbnnh.exe98⤵
-
\??\c:\jvvdp.exec:\jvvdp.exe99⤵
-
\??\c:\lxfxlrf.exec:\lxfxlrf.exe100⤵
-
\??\c:\htthtn.exec:\htthtn.exe101⤵
-
\??\c:\fllflfx.exec:\fllflfx.exe102⤵
-
\??\c:\btnbnh.exec:\btnbnh.exe103⤵
-
\??\c:\vjdpv.exec:\vjdpv.exe104⤵
-
\??\c:\tnbthb.exec:\tnbthb.exe105⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe106⤵
-
\??\c:\rxxlxrf.exec:\rxxlxrf.exe107⤵
-
\??\c:\hnttnh.exec:\hnttnh.exe108⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe109⤵
-
\??\c:\fxrlrrf.exec:\fxrlrrf.exe110⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe111⤵
-
\??\c:\rxxlrlx.exec:\rxxlrlx.exe112⤵
-
\??\c:\nbhbnn.exec:\nbhbnn.exe113⤵
-
\??\c:\pjpdj.exec:\pjpdj.exe114⤵
-
\??\c:\5fxlxrl.exec:\5fxlxrl.exe115⤵
-
\??\c:\tnnbtn.exec:\tnnbtn.exe116⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe117⤵
-
\??\c:\9nhbnn.exec:\9nhbnn.exe118⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe119⤵
-
\??\c:\fxrfrlf.exec:\fxrfrlf.exe120⤵
-
\??\c:\7djvp.exec:\7djvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-