Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
02/05/2024, 05:56
General
-
Target
fde1db7cb69fb22b8b7421d61ac8bc58bfd7fd2ad13daf614299441dc0302cce.exe
-
Size
61KB
-
MD5
d7efd1ba109c208083f1ade1bdd94323
-
SHA1
5c6825e692d6249541683b012499498ee6d3f351
-
SHA256
fde1db7cb69fb22b8b7421d61ac8bc58bfd7fd2ad13daf614299441dc0302cce
-
SHA512
a45b2cd51c76b23a4b86b1f8a48c76f3fb88fdef61ff97edfa650d17acba5678a77e0ca0f4bad3f9f56b4fbecb3b32c5952b5c9316ad37997a01e8c860ea6c64
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDII9ZvHKEo:ymb3NkkiQ3mdBjFII9ZvHKEo
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
UPX dump on OEP (original entry point) 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fde1db7cb69fb22b8b7421d61ac8bc58bfd7fd2ad13daf614299441dc0302cce.exe"C:\Users\Admin\AppData\Local\Temp\fde1db7cb69fb22b8b7421d61ac8bc58bfd7fd2ad13daf614299441dc0302cce.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxxrxx.exec:\9lxxrxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnthhn.exec:\hnthhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vpdj.exec:\1vpdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvd.exec:\jvvvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrrxx.exec:\fxrrrxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhnnn.exec:\tbhnnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9djjp.exec:\9djjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfffff.exec:\xxfffff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnnt.exec:\bbnnnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvp.exec:\jjdvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrrxf.exec:\flrrrxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttth.exec:\hbttth.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtntn.exec:\bhtntn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvp.exec:\vvvvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrrffl.exec:\frrrffl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbnnt.exec:\bbbnnt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tttbh.exec:\3tttbh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddv.exec:\vvddv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllllr.exec:\rlllllr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttnn.exec:\ttttnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnhhb.exec:\5hnhhb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjd.exec:\jpjjd.exe23⤵
- Executes dropped EXE
-
\??\c:\frxxrrl.exec:\frxxrrl.exe24⤵
- Executes dropped EXE
-
\??\c:\nnnnbb.exec:\nnnnbb.exe25⤵
- Executes dropped EXE
-
\??\c:\bthhhn.exec:\bthhhn.exe26⤵
- Executes dropped EXE
-
\??\c:\ppvdj.exec:\ppvdj.exe27⤵
- Executes dropped EXE
-
\??\c:\xfrflrx.exec:\xfrflrx.exe28⤵
- Executes dropped EXE
-
\??\c:\thnbhb.exec:\thnbhb.exe29⤵
- Executes dropped EXE
-
\??\c:\pddvv.exec:\pddvv.exe30⤵
- Executes dropped EXE
-
\??\c:\rflffff.exec:\rflffff.exe31⤵
- Executes dropped EXE
-
\??\c:\frfxxxx.exec:\frfxxxx.exe32⤵
- Executes dropped EXE
-
\??\c:\3hhnnn.exec:\3hhnnn.exe33⤵
- Executes dropped EXE
-
\??\c:\jjvvv.exec:\jjvvv.exe34⤵
- Executes dropped EXE
-
\??\c:\rrxrlrf.exec:\rrxrlrf.exe35⤵
- Executes dropped EXE
-
\??\c:\xlrrlrr.exec:\xlrrlrr.exe36⤵
- Executes dropped EXE
-
\??\c:\3htnnt.exec:\3htnnt.exe37⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe38⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe39⤵
- Executes dropped EXE
-
\??\c:\xlffrfx.exec:\xlffrfx.exe40⤵
- Executes dropped EXE
-
\??\c:\lffffff.exec:\lffffff.exe41⤵
- Executes dropped EXE
-
\??\c:\hbntnb.exec:\hbntnb.exe42⤵
- Executes dropped EXE
-
\??\c:\jvdvj.exec:\jvdvj.exe43⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe44⤵
- Executes dropped EXE
-
\??\c:\rlffxrx.exec:\rlffxrx.exe45⤵
- Executes dropped EXE
-
\??\c:\lxxllfr.exec:\lxxllfr.exe46⤵
- Executes dropped EXE
-
\??\c:\tnnntt.exec:\tnnntt.exe47⤵
- Executes dropped EXE
-
\??\c:\7hnhbh.exec:\7hnhbh.exe48⤵
- Executes dropped EXE
-
\??\c:\vjvvp.exec:\vjvvp.exe49⤵
- Executes dropped EXE
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe50⤵
- Executes dropped EXE
-
\??\c:\lxxrfll.exec:\lxxrfll.exe51⤵
- Executes dropped EXE
-
\??\c:\tbhhhh.exec:\tbhhhh.exe52⤵
- Executes dropped EXE
-
\??\c:\pppdd.exec:\pppdd.exe53⤵
- Executes dropped EXE
-
\??\c:\bbbtnn.exec:\bbbtnn.exe54⤵
- Executes dropped EXE
-
\??\c:\dvppp.exec:\dvppp.exe55⤵
- Executes dropped EXE
-
\??\c:\jjppd.exec:\jjppd.exe56⤵
- Executes dropped EXE
-
\??\c:\rfrlrrx.exec:\rfrlrrx.exe57⤵
- Executes dropped EXE
-
\??\c:\lrrrxxx.exec:\lrrrxxx.exe58⤵
- Executes dropped EXE
-
\??\c:\hnbbhh.exec:\hnbbhh.exe59⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe60⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe61⤵
- Executes dropped EXE
-
\??\c:\fflfffl.exec:\fflfffl.exe62⤵
- Executes dropped EXE
-
\??\c:\rlllfrr.exec:\rlllfrr.exe63⤵
- Executes dropped EXE
-
\??\c:\hhhhhn.exec:\hhhhhn.exe64⤵
- Executes dropped EXE
-
\??\c:\vvdpv.exec:\vvdpv.exe65⤵
- Executes dropped EXE
-
\??\c:\jjjjj.exec:\jjjjj.exe66⤵
-
\??\c:\7llrrxx.exec:\7llrrxx.exe67⤵
-
\??\c:\xrrxxfx.exec:\xrrxxfx.exe68⤵
-
\??\c:\bthnnt.exec:\bthnnt.exe69⤵
-
\??\c:\nnbbbh.exec:\nnbbbh.exe70⤵
-
\??\c:\pdjpj.exec:\pdjpj.exe71⤵
-
\??\c:\xrfxfxf.exec:\xrfxfxf.exe72⤵
-
\??\c:\llxxxff.exec:\llxxxff.exe73⤵
-
\??\c:\tbnhhh.exec:\tbnhhh.exe74⤵
-
\??\c:\htnnnn.exec:\htnnnn.exe75⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe76⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe77⤵
-
\??\c:\xlrlxxr.exec:\xlrlxxr.exe78⤵
-
\??\c:\fxflfll.exec:\fxflfll.exe79⤵
-
\??\c:\tntntt.exec:\tntntt.exe80⤵
-
\??\c:\3jddv.exec:\3jddv.exe81⤵
-
\??\c:\9vdvj.exec:\9vdvj.exe82⤵
-
\??\c:\frxrxxr.exec:\frxrxxr.exe83⤵
-
\??\c:\5bnnnt.exec:\5bnnnt.exe84⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe85⤵
-
\??\c:\9pddv.exec:\9pddv.exe86⤵
-
\??\c:\5lrrrlr.exec:\5lrrrlr.exe87⤵
-
\??\c:\nthhnb.exec:\nthhnb.exe88⤵
-
\??\c:\5bbnbh.exec:\5bbnbh.exe89⤵
-
\??\c:\ppddv.exec:\ppddv.exe90⤵
-
\??\c:\xrfxrxx.exec:\xrfxrxx.exe91⤵
-
\??\c:\hnnhht.exec:\hnnhht.exe92⤵
-
\??\c:\vdpvv.exec:\vdpvv.exe93⤵
-
\??\c:\lxffflf.exec:\lxffflf.exe94⤵
-
\??\c:\xlrrlll.exec:\xlrrlll.exe95⤵
-
\??\c:\thbttt.exec:\thbttt.exe96⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe97⤵
-
\??\c:\9dpjj.exec:\9dpjj.exe98⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe99⤵
-
\??\c:\xrrllll.exec:\xrrllll.exe100⤵
-
\??\c:\lflrrrx.exec:\lflrrrx.exe101⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe102⤵
-
\??\c:\tbbbtb.exec:\tbbbtb.exe103⤵
-
\??\c:\9jvjv.exec:\9jvjv.exe104⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe105⤵
-
\??\c:\lxxrlll.exec:\lxxrlll.exe106⤵
-
\??\c:\xrllfrr.exec:\xrllfrr.exe107⤵
-
\??\c:\xrxrlrl.exec:\xrxrlrl.exe108⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe109⤵
-
\??\c:\nbhhtt.exec:\nbhhtt.exe110⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe111⤵
-
\??\c:\pjppj.exec:\pjppj.exe112⤵
-
\??\c:\ffrlrrf.exec:\ffrlrrf.exe113⤵
-
\??\c:\xrxffff.exec:\xrxffff.exe114⤵
-
\??\c:\hbntht.exec:\hbntht.exe115⤵
-
\??\c:\nnhbbh.exec:\nnhbbh.exe116⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe117⤵
-
\??\c:\rlrxllr.exec:\rlrxllr.exe118⤵
-
\??\c:\frrxrrr.exec:\frrxrrr.exe119⤵
-
\??\c:\tbhhbh.exec:\tbhhbh.exe120⤵
-
\??\c:\tthnbb.exec:\tthnbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-