Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
69s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
09/04/2024, 23:11
General
-
Target
c4b7ee6a2163b116d839f72ff38c6c0774ed6e83324664966a371fd416480de8.exe
-
Size
312KB
-
MD5
affbbe9b24f78ab4da6fdb9a52e56667
-
SHA1
9d482d2ccdf1ebb5d23e92f026b1da1994fff423
-
SHA256
c4b7ee6a2163b116d839f72ff38c6c0774ed6e83324664966a371fd416480de8
-
SHA512
e9ce8f7d5785b1527bff05c809ca00a49ca1624ec448d88759cfc2bf6ad7c539fc0e4b3a183a1bd2ee1af77cbfd8e2fac1ad7835c88c8b9c9d27a680c243c5f8
-
SSDEEP
6144:n3C9BRo/AIX2h97aUzpbBj3+b2ziJC39QS8hDJd+Q7ZLbjwu:n3C9uDC97aUFbZ42ziM39QS8hDJd+Q77
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 47 IoCs
-
UPX dump on OEP (original entry point) 60 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 61 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c4b7ee6a2163b116d839f72ff38c6c0774ed6e83324664966a371fd416480de8.exe"C:\Users\Admin\AppData\Local\Temp\c4b7ee6a2163b116d839f72ff38c6c0774ed6e83324664966a371fd416480de8.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrllf.exec:\fxxrllf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdv.exec:\ppjdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbbh.exec:\bthbbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhhb.exec:\htnhhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdd.exec:\vdjdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbbh.exec:\htbbbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrrxx.exec:\rlrrrxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1btnnb.exec:\1btnnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrllf.exec:\rlrrllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpp.exec:\vjvpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhhh.exec:\hhbhhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfxxx.exec:\rflfxxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvv.exec:\dpvvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthnh.exec:\hbthnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvd.exec:\djvvd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttth.exec:\ttttth.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lrlllr.exec:\9lrlllr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtnn.exec:\hbbtnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrlxr.exec:\ffxrlxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthbn.exec:\hbthbn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3flxlrr.exec:\3flxlrr.exe23⤵
- Executes dropped EXE
-
\??\c:\rrrfxlx.exec:\rrrfxlx.exe24⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe25⤵
- Executes dropped EXE
-
\??\c:\bbbbbb.exec:\bbbbbb.exe26⤵
- Executes dropped EXE
-
\??\c:\rrlllxf.exec:\rrlllxf.exe27⤵
- Executes dropped EXE
-
\??\c:\tbttnh.exec:\tbttnh.exe28⤵
- Executes dropped EXE
-
\??\c:\bnhbbb.exec:\bnhbbb.exe29⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe30⤵
- Executes dropped EXE
-
\??\c:\tbnhhn.exec:\tbnhhn.exe31⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe32⤵
- Executes dropped EXE
-
\??\c:\3dpjj.exec:\3dpjj.exe33⤵
- Executes dropped EXE
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe34⤵
- Executes dropped EXE
-
\??\c:\9ppjj.exec:\9ppjj.exe35⤵
- Executes dropped EXE
-
\??\c:\rrrlffx.exec:\rrrlffx.exe36⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe37⤵
- Executes dropped EXE
-
\??\c:\bnnnnn.exec:\bnnnnn.exe38⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe39⤵
- Executes dropped EXE
-
\??\c:\lxflflr.exec:\lxflflr.exe40⤵
- Executes dropped EXE
-
\??\c:\1vdvp.exec:\1vdvp.exe41⤵
- Executes dropped EXE
-
\??\c:\3lrlllr.exec:\3lrlllr.exe42⤵
- Executes dropped EXE
-
\??\c:\vjjvp.exec:\vjjvp.exe43⤵
- Executes dropped EXE
-
\??\c:\rllxrlf.exec:\rllxrlf.exe44⤵
- Executes dropped EXE
-
\??\c:\jpvjd.exec:\jpvjd.exe45⤵
- Executes dropped EXE
-
\??\c:\frxrfrf.exec:\frxrfrf.exe46⤵
- Executes dropped EXE
-
\??\c:\dvpdv.exec:\dvpdv.exe47⤵
- Executes dropped EXE
-
\??\c:\3xrlxrf.exec:\3xrlxrf.exe48⤵
- Executes dropped EXE
-
\??\c:\hnthth.exec:\hnthth.exe49⤵
- Executes dropped EXE
-
\??\c:\rrfxllf.exec:\rrfxllf.exe50⤵
- Executes dropped EXE
-
\??\c:\jjpjv.exec:\jjpjv.exe51⤵
- Executes dropped EXE
-
\??\c:\rfrfffr.exec:\rfrfffr.exe52⤵
- Executes dropped EXE
-
\??\c:\hhhbtt.exec:\hhhbtt.exe53⤵
- Executes dropped EXE
-
\??\c:\lxxrffx.exec:\lxxrffx.exe54⤵
- Executes dropped EXE
-
\??\c:\1pjdv.exec:\1pjdv.exe55⤵
- Executes dropped EXE
-
\??\c:\flrlflx.exec:\flrlflx.exe56⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe57⤵
- Executes dropped EXE
-
\??\c:\rxrfrlf.exec:\rxrfrlf.exe58⤵
- Executes dropped EXE
-
\??\c:\tnthnt.exec:\tnthnt.exe59⤵
- Executes dropped EXE
-
\??\c:\rlrrlrl.exec:\rlrrlrl.exe60⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe61⤵
- Executes dropped EXE
-
\??\c:\1nnbnn.exec:\1nnbnn.exe62⤵
- Executes dropped EXE
-
\??\c:\lxxlxrf.exec:\lxxlxrf.exe63⤵
- Executes dropped EXE
-
\??\c:\hbhttn.exec:\hbhttn.exe64⤵
- Executes dropped EXE
-
\??\c:\ffxrfrl.exec:\ffxrfrl.exe65⤵
- Executes dropped EXE
-
\??\c:\5bthth.exec:\5bthth.exe66⤵
-
\??\c:\lrxlxxl.exec:\lrxlxxl.exe67⤵
-
\??\c:\tbbthb.exec:\tbbthb.exe68⤵
-
\??\c:\lxlffxl.exec:\lxlffxl.exe69⤵
-
\??\c:\pvjvj.exec:\pvjvj.exe70⤵
-
\??\c:\lxrxlfr.exec:\lxrxlfr.exe71⤵
-
\??\c:\bhnhtn.exec:\bhnhtn.exe72⤵
-
\??\c:\7lrlfff.exec:\7lrlfff.exe73⤵
-
\??\c:\hbtbtb.exec:\hbtbtb.exe74⤵
-
\??\c:\lrllfrf.exec:\lrllfrf.exe75⤵
-
\??\c:\bhnbtn.exec:\bhnbtn.exe76⤵
-
\??\c:\5ddvv.exec:\5ddvv.exe77⤵
-
\??\c:\ntnhtn.exec:\ntnhtn.exe78⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe79⤵
-
\??\c:\3htnhb.exec:\3htnhb.exe80⤵
-
\??\c:\7jpvv.exec:\7jpvv.exe81⤵
-
\??\c:\lrxfrrf.exec:\lrxfrrf.exe82⤵
-
\??\c:\3hnbtn.exec:\3hnbtn.exe83⤵
-
\??\c:\ffxlfrl.exec:\ffxlfrl.exe84⤵
-
\??\c:\thbttn.exec:\thbttn.exe85⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe86⤵
-
\??\c:\9rlrfrf.exec:\9rlrfrf.exe87⤵
-
\??\c:\nttnbt.exec:\nttnbt.exe88⤵
-
\??\c:\1tnhtn.exec:\1tnhtn.exe89⤵
-
\??\c:\7rlfxxr.exec:\7rlfxxr.exe90⤵
-
\??\c:\hnbtht.exec:\hnbtht.exe91⤵
-
\??\c:\jvpvp.exec:\jvpvp.exe92⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe93⤵
-
\??\c:\3pjvp.exec:\3pjvp.exe94⤵
-
\??\c:\xffxlfx.exec:\xffxlfx.exe95⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe96⤵
-
\??\c:\llxfxrr.exec:\llxfxrr.exe97⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe98⤵
-
\??\c:\rffxlfx.exec:\rffxlfx.exe99⤵
-
\??\c:\3vvpd.exec:\3vvpd.exe100⤵
-
\??\c:\rrrfxrl.exec:\rrrfxrl.exe101⤵
-
\??\c:\5nbbtt.exec:\5nbbtt.exe102⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe103⤵
-
\??\c:\xfxlflf.exec:\xfxlflf.exe104⤵
-
\??\c:\thhbnh.exec:\thhbnh.exe105⤵
-
\??\c:\rrxlxrr.exec:\rrxlxrr.exe106⤵
-
\??\c:\thhbnh.exec:\thhbnh.exe107⤵
-
\??\c:\dvvdv.exec:\dvvdv.exe108⤵
-
\??\c:\xlxlrlx.exec:\xlxlrlx.exe109⤵
-
\??\c:\3tbnbt.exec:\3tbnbt.exe110⤵
-
\??\c:\ffxlxxr.exec:\ffxlxxr.exe111⤵
-
\??\c:\bnnbtn.exec:\bnnbtn.exe112⤵
-
\??\c:\dpjvj.exec:\dpjvj.exe113⤵
-
\??\c:\rrlfrlx.exec:\rrlfrlx.exe114⤵
-
\??\c:\djpdv.exec:\djpdv.exe115⤵
-
\??\c:\lrxrrxx.exec:\lrxrrxx.exe116⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe117⤵
-
\??\c:\xrffxrl.exec:\xrffxrl.exe118⤵
-
\??\c:\jvpjj.exec:\jvpjj.exe119⤵
-
\??\c:\3vpdp.exec:\3vpdp.exe120⤵
-
\??\c:\rffrfxr.exec:\rffrfxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-