Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
129s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
08/05/2024, 22:36
General
-
Target
527a9a708007ddea3f39606f236aa202bd9b47ac39d5ee3f47c86d31f6b56309.exe
-
Size
125KB
-
MD5
1128b026863c6de50b8bbe24c5eb5855
-
SHA1
7e379d733b3996c276e207553baee9612cc755e3
-
SHA256
527a9a708007ddea3f39606f236aa202bd9b47ac39d5ee3f47c86d31f6b56309
-
SHA512
2e8054abc187f0b8c5b94e4ece538d6dc111d8c5c61c443cc38e5eb0fb748e8c4d4f4ae6df1df2bbd7224959404fd68a0ee2b5731bd8d5a5210156db7ead7119
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73oYUCD7R2F2UVbyy0NgVyFsZq:ymb3NkkiQ3mdBjFo73HUoMsAbrxVBc
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 35 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\527a9a708007ddea3f39606f236aa202bd9b47ac39d5ee3f47c86d31f6b56309.exe"C:\Users\Admin\AppData\Local\Temp\527a9a708007ddea3f39606f236aa202bd9b47ac39d5ee3f47c86d31f6b56309.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfxlf.exec:\xflfxlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbnbn.exec:\nhbnbn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdjj.exec:\vvdjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1frlxrl.exec:\1frlxrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflxlfr.exec:\rflxlfr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbnh.exec:\nhtbnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jdvd.exec:\5jdvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrlfx.exec:\xlxrlfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxlxfr.exec:\5xxlxfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbnh.exec:\nbnbnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtthh.exec:\hhtthh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjv.exec:\vvjjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xrfrlr.exec:\5xrfrlr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrrlf.exec:\rxxrrlf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbtt.exec:\thnbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhhtn.exec:\hnhhtn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppj.exec:\dpppj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffllfl.exec:\rffllfl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrfrr.exec:\fxrrfrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbtb.exec:\thbbtb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhthb.exec:\tnhthb.exe23⤵
- Executes dropped EXE
-
\??\c:\jvdpv.exec:\jvdpv.exe24⤵
- Executes dropped EXE
-
\??\c:\lxfrffx.exec:\lxfrffx.exe25⤵
- Executes dropped EXE
-
\??\c:\9ffrfxf.exec:\9ffrfxf.exe26⤵
- Executes dropped EXE
-
\??\c:\9tnhtn.exec:\9tnhtn.exe27⤵
- Executes dropped EXE
-
\??\c:\1bhtnt.exec:\1bhtnt.exe28⤵
- Executes dropped EXE
-
\??\c:\vdpvp.exec:\vdpvp.exe29⤵
- Executes dropped EXE
-
\??\c:\3vjvj.exec:\3vjvj.exe30⤵
- Executes dropped EXE
-
\??\c:\lfxrfxr.exec:\lfxrfxr.exe31⤵
- Executes dropped EXE
-
\??\c:\htnhtn.exec:\htnhtn.exe32⤵
- Executes dropped EXE
-
\??\c:\1bbnnh.exec:\1bbnnh.exe33⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe34⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe35⤵
- Executes dropped EXE
-
\??\c:\frlxlfr.exec:\frlxlfr.exe36⤵
- Executes dropped EXE
-
\??\c:\fllxlfr.exec:\fllxlfr.exe37⤵
- Executes dropped EXE
-
\??\c:\hnnbtn.exec:\hnnbtn.exe38⤵
- Executes dropped EXE
-
\??\c:\bbtbtn.exec:\bbtbtn.exe39⤵
- Executes dropped EXE
-
\??\c:\vppdj.exec:\vppdj.exe40⤵
- Executes dropped EXE
-
\??\c:\djpvj.exec:\djpvj.exe41⤵
- Executes dropped EXE
-
\??\c:\5rlrlxl.exec:\5rlrlxl.exe42⤵
- Executes dropped EXE
-
\??\c:\frlxxxx.exec:\frlxxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\ntbnbb.exec:\ntbnbb.exe44⤵
- Executes dropped EXE
-
\??\c:\9hhnht.exec:\9hhnht.exe45⤵
- Executes dropped EXE
-
\??\c:\pppdv.exec:\pppdv.exe46⤵
- Executes dropped EXE
-
\??\c:\lxfxfxr.exec:\lxfxfxr.exe47⤵
- Executes dropped EXE
-
\??\c:\lfxlfxl.exec:\lfxlfxl.exe48⤵
- Executes dropped EXE
-
\??\c:\nbbnbt.exec:\nbbnbt.exe49⤵
- Executes dropped EXE
-
\??\c:\pdvjv.exec:\pdvjv.exe50⤵
- Executes dropped EXE
-
\??\c:\ddjjp.exec:\ddjjp.exe51⤵
- Executes dropped EXE
-
\??\c:\3llxllx.exec:\3llxllx.exe52⤵
- Executes dropped EXE
-
\??\c:\nhbnnh.exec:\nhbnnh.exe53⤵
- Executes dropped EXE
-
\??\c:\nnnbth.exec:\nnnbth.exe54⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe55⤵
- Executes dropped EXE
-
\??\c:\3rlxlfr.exec:\3rlxlfr.exe56⤵
- Executes dropped EXE
-
\??\c:\3rlfxrl.exec:\3rlfxrl.exe57⤵
- Executes dropped EXE
-
\??\c:\hbtnnh.exec:\hbtnnh.exe58⤵
- Executes dropped EXE
-
\??\c:\9htnbh.exec:\9htnbh.exe59⤵
- Executes dropped EXE
-
\??\c:\pjdvd.exec:\pjdvd.exe60⤵
- Executes dropped EXE
-
\??\c:\3rrlfxl.exec:\3rrlfxl.exe61⤵
- Executes dropped EXE
-
\??\c:\fxxxlfr.exec:\fxxxlfr.exe62⤵
- Executes dropped EXE
-
\??\c:\9ttnnh.exec:\9ttnnh.exe63⤵
- Executes dropped EXE
-
\??\c:\tthhhn.exec:\tthhhn.exe64⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe65⤵
- Executes dropped EXE
-
\??\c:\flfrfxl.exec:\flfrfxl.exe66⤵
-
\??\c:\lrfxlfr.exec:\lrfxlfr.exe67⤵
-
\??\c:\nnhthb.exec:\nnhthb.exe68⤵
-
\??\c:\1ppjv.exec:\1ppjv.exe69⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe70⤵
-
\??\c:\lllxfxl.exec:\lllxfxl.exe71⤵
-
\??\c:\ttbnbt.exec:\ttbnbt.exe72⤵
-
\??\c:\7pdvj.exec:\7pdvj.exe73⤵
-
\??\c:\lllrxxl.exec:\lllrxxl.exe74⤵
-
\??\c:\bhnhtn.exec:\bhnhtn.exe75⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe76⤵
-
\??\c:\5pjvp.exec:\5pjvp.exe77⤵
-
\??\c:\xfrlxlx.exec:\xfrlxlx.exe78⤵
-
\??\c:\9bttnh.exec:\9bttnh.exe79⤵
-
\??\c:\nhhbnh.exec:\nhhbnh.exe80⤵
-
\??\c:\dppjv.exec:\dppjv.exe81⤵
-
\??\c:\pppdd.exec:\pppdd.exe82⤵
-
\??\c:\9rrlrlf.exec:\9rrlrlf.exe83⤵
-
\??\c:\tnhnbn.exec:\tnhnbn.exe84⤵
-
\??\c:\pdvdp.exec:\pdvdp.exe85⤵
-
\??\c:\7rfrflx.exec:\7rfrflx.exe86⤵
-
\??\c:\7nbtnh.exec:\7nbtnh.exe87⤵
-
\??\c:\jjdvd.exec:\jjdvd.exe88⤵
-
\??\c:\jvvdv.exec:\jvvdv.exe89⤵
-
\??\c:\rfrflfr.exec:\rfrflfr.exe90⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe91⤵
-
\??\c:\htbnbt.exec:\htbnbt.exe92⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe93⤵
-
\??\c:\rlrxfrf.exec:\rlrxfrf.exe94⤵
-
\??\c:\1xrfrxr.exec:\1xrfrxr.exe95⤵
-
\??\c:\nnnbnh.exec:\nnnbnh.exe96⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe97⤵
-
\??\c:\5pdpd.exec:\5pdpd.exe98⤵
-
\??\c:\7xlxxrx.exec:\7xlxxrx.exe99⤵
-
\??\c:\thbntn.exec:\thbntn.exe100⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe101⤵
-
\??\c:\rrrrflf.exec:\rrrrflf.exe102⤵
-
\??\c:\ffflfrl.exec:\ffflfrl.exe103⤵
-
\??\c:\bnhtbt.exec:\bnhtbt.exe104⤵
-
\??\c:\5tthnb.exec:\5tthnb.exe105⤵
-
\??\c:\3djdp.exec:\3djdp.exe106⤵
-
\??\c:\xxflrff.exec:\xxflrff.exe107⤵
-
\??\c:\xlfrfxl.exec:\xlfrfxl.exe108⤵
-
\??\c:\7hnhhb.exec:\7hnhhb.exe109⤵
-
\??\c:\bhbntt.exec:\bhbntt.exe110⤵
-
\??\c:\djpjd.exec:\djpjd.exe111⤵
-
\??\c:\lfxrflx.exec:\lfxrflx.exe112⤵
-
\??\c:\xfrflxl.exec:\xfrflxl.exe113⤵
-
\??\c:\nhhtth.exec:\nhhtth.exe114⤵
-
\??\c:\5vpdp.exec:\5vpdp.exe115⤵
-
\??\c:\9jvvj.exec:\9jvvj.exe116⤵
-
\??\c:\rrffxfl.exec:\rrffxfl.exe117⤵
-
\??\c:\rfrlfxl.exec:\rfrlfxl.exe118⤵
-
\??\c:\bthhhh.exec:\bthhhh.exe119⤵
-
\??\c:\5jvpv.exec:\5jvpv.exe120⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-