Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
28/03/2024, 18:57
General
-
Target
30b29aeee76428a87d880ca97a330f626d35b9640fab9c0b5e291311d7604fc9.exe
-
Size
70KB
-
MD5
3f61e232e98fef2ecd373a417e4ced9e
-
SHA1
a3889a600f362cea47e91a7f3c23b6e908f111a3
-
SHA256
30b29aeee76428a87d880ca97a330f626d35b9640fab9c0b5e291311d7604fc9
-
SHA512
4842336a4424b5083c853e64cb1bb9c2ae2579c842da200db34ae1251aead0849c9af60c702781d7df35f0dcecb84c30d501a41fe85021824642cd5adb101b56
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60LbB:ymb3NkkiQ3mdBjFIIp9LV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 46 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 63 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\30b29aeee76428a87d880ca97a330f626d35b9640fab9c0b5e291311d7604fc9.exe"C:\Users\Admin\AppData\Local\Temp\30b29aeee76428a87d880ca97a330f626d35b9640fab9c0b5e291311d7604fc9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfxxr.exec:\rrlfxxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjv.exec:\vjjjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrrfx.exec:\rfxrrfx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3djvp.exec:\3djvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjv.exec:\pjpjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhbt.exec:\hnnhbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdv.exec:\dpjdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbnn.exec:\tbhbnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdd.exec:\vpjdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhbtt.exec:\1bhbtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpv.exec:\ppvpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnnn.exec:\tnnnnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppp.exec:\vpppp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3httnn.exec:\3httnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjv.exec:\jpjjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbht.exec:\htbbht.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdd.exec:\pdjdd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxxlll.exec:\9lxxlll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhbb.exec:\bnnhbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrffx.exec:\xrxrffx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbhhh.exec:\ttbhhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfflr.exec:\xrxfflr.exe23⤵
- Executes dropped EXE
-
\??\c:\nhttbb.exec:\nhttbb.exe24⤵
- Executes dropped EXE
-
\??\c:\xrxxlll.exec:\xrxxlll.exe25⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe26⤵
- Executes dropped EXE
-
\??\c:\hhtnnb.exec:\hhtnnb.exe27⤵
- Executes dropped EXE
-
\??\c:\dpjvj.exec:\dpjvj.exe28⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe29⤵
- Executes dropped EXE
-
\??\c:\fxxxllf.exec:\fxxxllf.exe30⤵
- Executes dropped EXE
-
\??\c:\htnhbt.exec:\htnhbt.exe31⤵
- Executes dropped EXE
-
\??\c:\frfxllf.exec:\frfxllf.exe32⤵
- Executes dropped EXE
-
\??\c:\nbbbnn.exec:\nbbbnn.exe33⤵
- Executes dropped EXE
-
\??\c:\lrrfrrl.exec:\lrrfrrl.exe34⤵
- Executes dropped EXE
-
\??\c:\hbnhth.exec:\hbnhth.exe35⤵
- Executes dropped EXE
-
\??\c:\7lxxlll.exec:\7lxxlll.exe36⤵
- Executes dropped EXE
-
\??\c:\tnhtnn.exec:\tnhtnn.exe37⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe38⤵
- Executes dropped EXE
-
\??\c:\nhnhbh.exec:\nhnhbh.exe39⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe40⤵
- Executes dropped EXE
-
\??\c:\bttnhh.exec:\bttnhh.exe41⤵
- Executes dropped EXE
-
\??\c:\pdddv.exec:\pdddv.exe42⤵
- Executes dropped EXE
-
\??\c:\btnhhb.exec:\btnhhb.exe43⤵
- Executes dropped EXE
-
\??\c:\rlrlffl.exec:\rlrlffl.exe44⤵
- Executes dropped EXE
-
\??\c:\htthbt.exec:\htthbt.exe45⤵
- Executes dropped EXE
-
\??\c:\pvjjj.exec:\pvjjj.exe46⤵
- Executes dropped EXE
-
\??\c:\tnhttn.exec:\tnhttn.exe47⤵
- Executes dropped EXE
-
\??\c:\ddpjp.exec:\ddpjp.exe48⤵
- Executes dropped EXE
-
\??\c:\ntthbn.exec:\ntthbn.exe49⤵
- Executes dropped EXE
-
\??\c:\vvjpj.exec:\vvjpj.exe50⤵
- Executes dropped EXE
-
\??\c:\bthtnn.exec:\bthtnn.exe51⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe52⤵
- Executes dropped EXE
-
\??\c:\xffrfxl.exec:\xffrfxl.exe53⤵
- Executes dropped EXE
-
\??\c:\hbhbbb.exec:\hbhbbb.exe54⤵
- Executes dropped EXE
-
\??\c:\xrxrlll.exec:\xrxrlll.exe55⤵
- Executes dropped EXE
-
\??\c:\btnhtn.exec:\btnhtn.exe56⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe57⤵
- Executes dropped EXE
-
\??\c:\xllfrrl.exec:\xllfrrl.exe58⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe59⤵
- Executes dropped EXE
-
\??\c:\1xrlrlx.exec:\1xrlrlx.exe60⤵
- Executes dropped EXE
-
\??\c:\htbnbt.exec:\htbnbt.exe61⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe62⤵
- Executes dropped EXE
-
\??\c:\5llxfxf.exec:\5llxfxf.exe63⤵
- Executes dropped EXE
-
\??\c:\jjvpp.exec:\jjvpp.exe64⤵
- Executes dropped EXE
-
\??\c:\ffrfrlr.exec:\ffrfrlr.exe65⤵
- Executes dropped EXE
-
\??\c:\jpvvp.exec:\jpvvp.exe66⤵
-
\??\c:\xrlrflf.exec:\xrlrflf.exe67⤵
-
\??\c:\hnnhbt.exec:\hnnhbt.exe68⤵
-
\??\c:\1fllfff.exec:\1fllfff.exe69⤵
-
\??\c:\hhtbtt.exec:\hhtbtt.exe70⤵
-
\??\c:\rxfxlll.exec:\rxfxlll.exe71⤵
-
\??\c:\dddvv.exec:\dddvv.exe72⤵
-
\??\c:\5lrflfx.exec:\5lrflfx.exe73⤵
-
\??\c:\nhhhtt.exec:\nhhhtt.exe74⤵
-
\??\c:\jdddv.exec:\jdddv.exe75⤵
-
\??\c:\lflxlxr.exec:\lflxlxr.exe76⤵
-
\??\c:\bbbnhh.exec:\bbbnhh.exe77⤵
-
\??\c:\xlrrlfr.exec:\xlrrlfr.exe78⤵
-
\??\c:\3tbbhb.exec:\3tbbhb.exe79⤵
-
\??\c:\9jdvp.exec:\9jdvp.exe80⤵
-
\??\c:\jddvj.exec:\jddvj.exe81⤵
-
\??\c:\5lllxxx.exec:\5lllxxx.exe82⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe83⤵
-
\??\c:\3xffrxr.exec:\3xffrxr.exe84⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe85⤵
-
\??\c:\ppppp.exec:\ppppp.exe86⤵
-
\??\c:\1flrlxx.exec:\1flrlxx.exe87⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe88⤵
-
\??\c:\9llfxxx.exec:\9llfxxx.exe89⤵
-
\??\c:\tthhbh.exec:\tthhbh.exe90⤵
-
\??\c:\rfffxxx.exec:\rfffxxx.exe91⤵
-
\??\c:\ntbbhh.exec:\ntbbhh.exe92⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe93⤵
-
\??\c:\btbttt.exec:\btbttt.exe94⤵
-
\??\c:\xrxrllf.exec:\xrxrllf.exe95⤵
-
\??\c:\bbbbtb.exec:\bbbbtb.exe96⤵
-
\??\c:\fxrlffx.exec:\fxrlffx.exe97⤵
-
\??\c:\ttnbtt.exec:\ttnbtt.exe98⤵
-
\??\c:\lrffrrr.exec:\lrffrrr.exe99⤵
-
\??\c:\nbbbbb.exec:\nbbbbb.exe100⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe101⤵
-
\??\c:\5ntnhh.exec:\5ntnhh.exe102⤵
-
\??\c:\5hhbtt.exec:\5hhbtt.exe103⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe104⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe105⤵
-
\??\c:\ttnnbb.exec:\ttnnbb.exe106⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe107⤵
-
\??\c:\1htnbb.exec:\1htnbb.exe108⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe109⤵
-
\??\c:\7htnht.exec:\7htnht.exe110⤵
-
\??\c:\vjddv.exec:\vjddv.exe111⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe112⤵
-
\??\c:\xrxrlrl.exec:\xrxrlrl.exe113⤵
-
\??\c:\ddddv.exec:\ddddv.exe114⤵
-
\??\c:\fxxrlrl.exec:\fxxrlrl.exe115⤵
-
\??\c:\bbhhbb.exec:\bbhhbb.exe116⤵
-
\??\c:\1dppp.exec:\1dppp.exe117⤵
-
\??\c:\5bhthn.exec:\5bhthn.exe118⤵
-
\??\c:\9thtnn.exec:\9thtnn.exe119⤵
-
\??\c:\lllfxxr.exec:\lllfxxr.exe120⤵
-
\??\c:\ffxrlll.exec:\ffxrlll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-