Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
02/05/2024, 23:37
General
-
Target
793632157603644d1b23242a491db899720d4625393f18e3360fa70a604e84b3.exe
-
Size
94KB
-
MD5
97441b8669bdeebe70131d85721081e0
-
SHA1
89b2573357fce1c3928d91d0371965b67979c798
-
SHA256
793632157603644d1b23242a491db899720d4625393f18e3360fa70a604e84b3
-
SHA512
a8167dda9c6621077c04d88c156ca6564f3b4211f8fc2c0bfbc45337d6855c538d9da9ae6ead38e14528d73784ad43d7da02d03c1c904c3fd7ebd1663beba732
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7NANTBuQG1np24+2OXRY:ymb3NkkiQ3mdBjFo7NguQG1n0USu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
UPX dump on OEP (original entry point) 32 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\793632157603644d1b23242a491db899720d4625393f18e3360fa70a604e84b3.exe"C:\Users\Admin\AppData\Local\Temp\793632157603644d1b23242a491db899720d4625393f18e3360fa70a604e84b3.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbtn.exec:\nnnbtn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhtn.exec:\tnnhtn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdj.exec:\pdjdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrxff.exec:\xxlrxff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtnh.exec:\htbtnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbbt.exec:\tnbbbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdp.exec:\djjdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvj.exec:\dvjvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnbb.exec:\bttnbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdjp.exec:\jpdjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllrrr.exec:\ffllrrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnntnn.exec:\tnntnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdv.exec:\djjdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrllrl.exec:\xrrllrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbtb.exec:\hnnbtb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjd.exec:\djpjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpj.exec:\vpvpj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ffxrlf.exec:\9ffxrlf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrxlrr.exec:\rxrxlrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnhb.exec:\hbtnhb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvdv.exec:\djvdv.exe23⤵
- Executes dropped EXE
-
\??\c:\lrxxlff.exec:\lrxxlff.exe24⤵
- Executes dropped EXE
-
\??\c:\lxxxlxx.exec:\lxxxlxx.exe25⤵
- Executes dropped EXE
-
\??\c:\hthtbt.exec:\hthtbt.exe26⤵
- Executes dropped EXE
-
\??\c:\pppdv.exec:\pppdv.exe27⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe28⤵
- Executes dropped EXE
-
\??\c:\5rlfxrr.exec:\5rlfxrr.exe29⤵
- Executes dropped EXE
-
\??\c:\tnhbbt.exec:\tnhbbt.exe30⤵
- Executes dropped EXE
-
\??\c:\vvpdd.exec:\vvpdd.exe31⤵
- Executes dropped EXE
-
\??\c:\3rxlxrl.exec:\3rxlxrl.exe32⤵
- Executes dropped EXE
-
\??\c:\flxrxxx.exec:\flxrxxx.exe33⤵
- Executes dropped EXE
-
\??\c:\5thbtn.exec:\5thbtn.exe34⤵
- Executes dropped EXE
-
\??\c:\tnhbnn.exec:\tnhbnn.exe35⤵
- Executes dropped EXE
-
\??\c:\3pvjd.exec:\3pvjd.exe36⤵
- Executes dropped EXE
-
\??\c:\xrxlxrf.exec:\xrxlxrf.exe37⤵
- Executes dropped EXE
-
\??\c:\frxxxff.exec:\frxxxff.exe38⤵
- Executes dropped EXE
-
\??\c:\nbbthb.exec:\nbbthb.exe39⤵
- Executes dropped EXE
-
\??\c:\7ttbtn.exec:\7ttbtn.exe40⤵
- Executes dropped EXE
-
\??\c:\vjpdd.exec:\vjpdd.exe41⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe42⤵
- Executes dropped EXE
-
\??\c:\rrfxfxf.exec:\rrfxfxf.exe43⤵
- Executes dropped EXE
-
\??\c:\rlffrrr.exec:\rlffrrr.exe44⤵
- Executes dropped EXE
-
\??\c:\tnhbbb.exec:\tnhbbb.exe45⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe46⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe47⤵
- Executes dropped EXE
-
\??\c:\rrlxrrl.exec:\rrlxrrl.exe48⤵
- Executes dropped EXE
-
\??\c:\1fllffx.exec:\1fllffx.exe49⤵
- Executes dropped EXE
-
\??\c:\htthtb.exec:\htthtb.exe50⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe51⤵
- Executes dropped EXE
-
\??\c:\3ppjj.exec:\3ppjj.exe52⤵
- Executes dropped EXE
-
\??\c:\xrlxfxl.exec:\xrlxfxl.exe53⤵
- Executes dropped EXE
-
\??\c:\rrlxrxx.exec:\rrlxrxx.exe54⤵
- Executes dropped EXE
-
\??\c:\htnnhn.exec:\htnnhn.exe55⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe56⤵
- Executes dropped EXE
-
\??\c:\rxxrlfx.exec:\rxxrlfx.exe57⤵
- Executes dropped EXE
-
\??\c:\rflxrrx.exec:\rflxrrx.exe58⤵
- Executes dropped EXE
-
\??\c:\hhbthb.exec:\hhbthb.exe59⤵
- Executes dropped EXE
-
\??\c:\5tnnhb.exec:\5tnnhb.exe60⤵
- Executes dropped EXE
-
\??\c:\djdpp.exec:\djdpp.exe61⤵
- Executes dropped EXE
-
\??\c:\7xrlxrl.exec:\7xrlxrl.exe62⤵
- Executes dropped EXE
-
\??\c:\frffxxr.exec:\frffxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\9bbthh.exec:\9bbthh.exe64⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe65⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe66⤵
-
\??\c:\rflfxxx.exec:\rflfxxx.exe67⤵
-
\??\c:\fxrlxxl.exec:\fxrlxxl.exe68⤵
-
\??\c:\thbtnh.exec:\thbtnh.exe69⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe70⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe71⤵
-
\??\c:\llrrxxx.exec:\llrrxxx.exe72⤵
-
\??\c:\9hnnnn.exec:\9hnnnn.exe73⤵
-
\??\c:\htttnn.exec:\htttnn.exe74⤵
-
\??\c:\9djjv.exec:\9djjv.exe75⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe76⤵
-
\??\c:\9lfxlfx.exec:\9lfxlfx.exe77⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe78⤵
-
\??\c:\hbnhnt.exec:\hbnhnt.exe79⤵
-
\??\c:\jdddp.exec:\jdddp.exe80⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe81⤵
-
\??\c:\rxxrlff.exec:\rxxrlff.exe82⤵
-
\??\c:\bbbbhh.exec:\bbbbhh.exe83⤵
-
\??\c:\nttthh.exec:\nttthh.exe84⤵
-
\??\c:\jpvdv.exec:\jpvdv.exe85⤵
-
\??\c:\fxrfrlx.exec:\fxrfrlx.exe86⤵
-
\??\c:\ttbtnh.exec:\ttbtnh.exe87⤵
-
\??\c:\9ttnhh.exec:\9ttnhh.exe88⤵
-
\??\c:\pppjv.exec:\pppjv.exe89⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe90⤵
-
\??\c:\rrrllll.exec:\rrrllll.exe91⤵
-
\??\c:\tbbbbt.exec:\tbbbbt.exe92⤵
-
\??\c:\nttthh.exec:\nttthh.exe93⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe94⤵
-
\??\c:\dpppj.exec:\dpppj.exe95⤵
-
\??\c:\frrfrlf.exec:\frrfrlf.exe96⤵
-
\??\c:\rlllffx.exec:\rlllffx.exe97⤵
-
\??\c:\3ntttt.exec:\3ntttt.exe98⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe99⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe100⤵
-
\??\c:\xlfxfxr.exec:\xlfxfxr.exe101⤵
-
\??\c:\lxfrrrl.exec:\lxfrrrl.exe102⤵
-
\??\c:\ttttnt.exec:\ttttnt.exe103⤵
-
\??\c:\tthhbh.exec:\tthhbh.exe104⤵
-
\??\c:\djvdv.exec:\djvdv.exe105⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe106⤵
-
\??\c:\lrrfxrx.exec:\lrrfxrx.exe107⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe108⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe109⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe110⤵
-
\??\c:\xfxrlrl.exec:\xfxrlrl.exe111⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe112⤵
-
\??\c:\ntnbht.exec:\ntnbht.exe113⤵
-
\??\c:\jddvv.exec:\jddvv.exe114⤵
-
\??\c:\3flxrrl.exec:\3flxrrl.exe115⤵
-
\??\c:\xxlfxxl.exec:\xxlfxxl.exe116⤵
-
\??\c:\hbbbhb.exec:\hbbbhb.exe117⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe118⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe119⤵
-
\??\c:\llrrrxx.exec:\llrrrxx.exe120⤵
-
\??\c:\9fxxxxr.exec:\9fxxxxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-