Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
01/05/2024, 20:20
General
-
Target
34ec01f1e7203721896295bccd79a737962db6e47d9090fb6b78234a91be5cb5.exe
-
Size
213KB
-
MD5
270bf9fb320cfc6ef65e5266e2cf2474
-
SHA1
d11a9e1661afca4b1803272436b500c266c13f6b
-
SHA256
34ec01f1e7203721896295bccd79a737962db6e47d9090fb6b78234a91be5cb5
-
SHA512
4724997b647bd7a1cf75c58be0da4f5019af46878b3b004c1378ca3bb3474c9087b907b625958ffbfc11454b6c439d94d7232b47d84297a947374138f23a270b
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmc51+GqekBJCvr6zJBUmABvc:n3C9BRIG0asYFm71m8+GdkB9EBE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
UPX dump on OEP (original entry point) 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\34ec01f1e7203721896295bccd79a737962db6e47d9090fb6b78234a91be5cb5.exe"C:\Users\Admin\AppData\Local\Temp\34ec01f1e7203721896295bccd79a737962db6e47d9090fb6b78234a91be5cb5.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1djvd.exec:\1djvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ttnnb.exec:\1ttnnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjdd.exec:\3pjdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjd.exec:\pdpjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvp.exec:\dpvvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxlll.exec:\lffxlll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrlll.exec:\xlxrlll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpj.exec:\dvjpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrllf.exec:\llxrllf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdv.exec:\vvjdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxxxf.exec:\lfxxxxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxlf.exec:\rllfxlf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppj.exec:\jvppj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fffxrl.exec:\9fffxrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttnn.exec:\bnttnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvjj.exec:\jvvjj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlrlf.exec:\xrrlrlf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lrlffx.exec:\9lrlffx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvj.exec:\vjdvj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfrlx.exec:\fllfrlx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrlxx.exec:\ffrrlxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhbbb.exec:\1hhbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\1ppjj.exec:\1ppjj.exe24⤵
- Executes dropped EXE
-
\??\c:\9rrllll.exec:\9rrllll.exe25⤵
- Executes dropped EXE
-
\??\c:\7bbttn.exec:\7bbttn.exe26⤵
- Executes dropped EXE
-
\??\c:\5dvjd.exec:\5dvjd.exe27⤵
- Executes dropped EXE
-
\??\c:\lxlfffl.exec:\lxlfffl.exe28⤵
- Executes dropped EXE
-
\??\c:\flxxxxx.exec:\flxxxxx.exe29⤵
- Executes dropped EXE
-
\??\c:\hbhbtn.exec:\hbhbtn.exe30⤵
- Executes dropped EXE
-
\??\c:\3djdj.exec:\3djdj.exe31⤵
- Executes dropped EXE
-
\??\c:\xrllrfl.exec:\xrllrfl.exe32⤵
- Executes dropped EXE
-
\??\c:\bhhbtt.exec:\bhhbtt.exe33⤵
- Executes dropped EXE
-
\??\c:\xxrfrxf.exec:\xxrfrxf.exe34⤵
- Executes dropped EXE
-
\??\c:\7frlffx.exec:\7frlffx.exe35⤵
- Executes dropped EXE
-
\??\c:\hbntnb.exec:\hbntnb.exe36⤵
- Executes dropped EXE
-
\??\c:\dppvj.exec:\dppvj.exe37⤵
- Executes dropped EXE
-
\??\c:\5vpjv.exec:\5vpjv.exe38⤵
- Executes dropped EXE
-
\??\c:\xxrxflx.exec:\xxrxflx.exe39⤵
- Executes dropped EXE
-
\??\c:\tntnnt.exec:\tntnnt.exe40⤵
- Executes dropped EXE
-
\??\c:\nhhbhb.exec:\nhhbhb.exe41⤵
- Executes dropped EXE
-
\??\c:\7jjdv.exec:\7jjdv.exe42⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe43⤵
- Executes dropped EXE
-
\??\c:\xxlfrrf.exec:\xxlfrrf.exe44⤵
- Executes dropped EXE
-
\??\c:\7bnhbb.exec:\7bnhbb.exe45⤵
- Executes dropped EXE
-
\??\c:\5thnbb.exec:\5thnbb.exe46⤵
- Executes dropped EXE
-
\??\c:\jjjdp.exec:\jjjdp.exe47⤵
- Executes dropped EXE
-
\??\c:\ddpjv.exec:\ddpjv.exe48⤵
- Executes dropped EXE
-
\??\c:\xflfrll.exec:\xflfrll.exe49⤵
- Executes dropped EXE
-
\??\c:\xrrlxrf.exec:\xrrlxrf.exe50⤵
- Executes dropped EXE
-
\??\c:\bhnbnt.exec:\bhnbnt.exe51⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe52⤵
- Executes dropped EXE
-
\??\c:\rllfrlr.exec:\rllfrlr.exe53⤵
- Executes dropped EXE
-
\??\c:\fxlrxxr.exec:\fxlrxxr.exe54⤵
- Executes dropped EXE
-
\??\c:\btthtb.exec:\btthtb.exe55⤵
- Executes dropped EXE
-
\??\c:\5ntbnh.exec:\5ntbnh.exe56⤵
- Executes dropped EXE
-
\??\c:\pvvjj.exec:\pvvjj.exe57⤵
- Executes dropped EXE
-
\??\c:\vjvjj.exec:\vjvjj.exe58⤵
- Executes dropped EXE
-
\??\c:\lrxllxr.exec:\lrxllxr.exe59⤵
- Executes dropped EXE
-
\??\c:\5ffrfxx.exec:\5ffrfxx.exe60⤵
- Executes dropped EXE
-
\??\c:\thnbhb.exec:\thnbhb.exe61⤵
- Executes dropped EXE
-
\??\c:\btnhtt.exec:\btnhtt.exe62⤵
- Executes dropped EXE
-
\??\c:\3pppp.exec:\3pppp.exe63⤵
- Executes dropped EXE
-
\??\c:\5jjdv.exec:\5jjdv.exe64⤵
- Executes dropped EXE
-
\??\c:\9rxfrfx.exec:\9rxfrfx.exe65⤵
- Executes dropped EXE
-
\??\c:\hhhbtn.exec:\hhhbtn.exe66⤵
-
\??\c:\hnnnht.exec:\hnnnht.exe67⤵
-
\??\c:\vdddv.exec:\vdddv.exe68⤵
-
\??\c:\1xrfrrl.exec:\1xrfrrl.exe69⤵
-
\??\c:\3nnhnh.exec:\3nnhnh.exe70⤵
-
\??\c:\nnhbnn.exec:\nnhbnn.exe71⤵
-
\??\c:\3vpdp.exec:\3vpdp.exe72⤵
-
\??\c:\7vdpp.exec:\7vdpp.exe73⤵
-
\??\c:\xxllxxx.exec:\xxllxxx.exe74⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe75⤵
-
\??\c:\nnbthb.exec:\nnbthb.exe76⤵
-
\??\c:\7djdp.exec:\7djdp.exe77⤵
-
\??\c:\5ddpj.exec:\5ddpj.exe78⤵
-
\??\c:\lffxrrf.exec:\lffxrrf.exe79⤵
-
\??\c:\bnnhtt.exec:\bnnhtt.exe80⤵
-
\??\c:\5jvpd.exec:\5jvpd.exe81⤵
-
\??\c:\flrlxrl.exec:\flrlxrl.exe82⤵
-
\??\c:\bbnnhb.exec:\bbnnhb.exe83⤵
-
\??\c:\bnbthb.exec:\bnbthb.exe84⤵
-
\??\c:\1vddj.exec:\1vddj.exe85⤵
-
\??\c:\tthbhh.exec:\tthbhh.exe86⤵
-
\??\c:\httttn.exec:\httttn.exe87⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe88⤵
-
\??\c:\ddjvp.exec:\ddjvp.exe89⤵
-
\??\c:\ffxxxll.exec:\ffxxxll.exe90⤵
-
\??\c:\bnnbtt.exec:\bnnbtt.exe91⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe92⤵
-
\??\c:\vppjv.exec:\vppjv.exe93⤵
-
\??\c:\lxxxrrr.exec:\lxxxrrr.exe94⤵
-
\??\c:\1ttnhb.exec:\1ttnhb.exe95⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe96⤵
-
\??\c:\xrxrlfl.exec:\xrxrlfl.exe97⤵
-
\??\c:\bhnbth.exec:\bhnbth.exe98⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe99⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe100⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe101⤵
-
\??\c:\vdpjp.exec:\vdpjp.exe102⤵
-
\??\c:\frrlxxf.exec:\frrlxxf.exe103⤵
-
\??\c:\lrflxrl.exec:\lrflxrl.exe104⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe105⤵
-
\??\c:\btnbnh.exec:\btnbnh.exe106⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe107⤵
-
\??\c:\fxxllfl.exec:\fxxllfl.exe108⤵
-
\??\c:\rfxrxrr.exec:\rfxrxrr.exe109⤵
-
\??\c:\htbttn.exec:\htbttn.exe110⤵
-
\??\c:\ddddp.exec:\ddddp.exe111⤵
-
\??\c:\pvjvp.exec:\pvjvp.exe112⤵
-
\??\c:\xrfrlfx.exec:\xrfrlfx.exe113⤵
-
\??\c:\5hnbnn.exec:\5hnbnn.exe114⤵
-
\??\c:\nnhtnb.exec:\nnhtnb.exe115⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe116⤵
-
\??\c:\vjjjp.exec:\vjjjp.exe117⤵
-
\??\c:\lxrfrlf.exec:\lxrfrlf.exe118⤵
-
\??\c:\thnnnh.exec:\thnnnh.exe119⤵
-
\??\c:\nhhtbt.exec:\nhhtbt.exe120⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-