Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
13/05/2024, 22:19
General
-
Target
68e2a76899ef54b0a4eef7a5d02c22682e591e4e6ed9de6455ee0f16e415c7d8.exe
-
Size
371KB
-
MD5
a3a93eb00dddd577dab4802d405a6add
-
SHA1
44d6c97dd5f75694d790a175fe2f9251b22ce45f
-
SHA256
68e2a76899ef54b0a4eef7a5d02c22682e591e4e6ed9de6455ee0f16e415c7d8
-
SHA512
5f19f17ddea1ca824f64d61ed56c139c342290153252e73001359ca7fd3a00839adc528f7ed515c8fa34fe5e7669b8c3109055b9731490a589febaf86ff13f31
-
SSDEEP
6144:n3C9BRIG0asYFm71mJl3/X8mak5gNv9rC8IwLaYNUvtTxTKMMA:n3C9uYA7i3/stR9HGYyvtTxTKMt
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
UPX dump on OEP (original entry point) 32 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\68e2a76899ef54b0a4eef7a5d02c22682e591e4e6ed9de6455ee0f16e415c7d8.exe"C:\Users\Admin\AppData\Local\Temp\68e2a76899ef54b0a4eef7a5d02c22682e591e4e6ed9de6455ee0f16e415c7d8.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpj.exec:\pvvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxlxrf.exec:\rxxlxrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllxrl.exec:\xfllxrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxlrrf.exec:\xfxlrrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nhbnh.exec:\7nhbnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htthtn.exec:\htthtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvj.exec:\dvdvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrfxx.exec:\rrrrfxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppj.exec:\ppppj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xfxllf.exec:\7xfxllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ttnnn.exec:\7ttnnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfrlxl.exec:\frfrlxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttthh.exec:\tttthh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbtn.exec:\htbbtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpj.exec:\ddvpj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlffx.exec:\lfrlffx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtnn.exec:\bbbtnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrfxl.exec:\llxrfxl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xfxrll.exec:\1xfxrll.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvp.exec:\vpvvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpj.exec:\dvdpj.exe23⤵
- Executes dropped EXE
-
\??\c:\btttnn.exec:\btttnn.exe24⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe25⤵
- Executes dropped EXE
-
\??\c:\lfrrrrf.exec:\lfrrrrf.exe26⤵
- Executes dropped EXE
-
\??\c:\pdjvv.exec:\pdjvv.exe27⤵
- Executes dropped EXE
-
\??\c:\9vdvp.exec:\9vdvp.exe28⤵
- Executes dropped EXE
-
\??\c:\nthbhb.exec:\nthbhb.exe29⤵
- Executes dropped EXE
-
\??\c:\5bhbnn.exec:\5bhbnn.exe30⤵
- Executes dropped EXE
-
\??\c:\xrrlllr.exec:\xrrlllr.exe31⤵
- Executes dropped EXE
-
\??\c:\hhtntn.exec:\hhtntn.exe32⤵
- Executes dropped EXE
-
\??\c:\ttbnhb.exec:\ttbnhb.exe33⤵
- Executes dropped EXE
-
\??\c:\pdjvj.exec:\pdjvj.exe34⤵
- Executes dropped EXE
-
\??\c:\lrfrflr.exec:\lrfrflr.exe35⤵
- Executes dropped EXE
-
\??\c:\nhbtbb.exec:\nhbtbb.exe36⤵
- Executes dropped EXE
-
\??\c:\pddpd.exec:\pddpd.exe37⤵
- Executes dropped EXE
-
\??\c:\rrxxrxf.exec:\rrxxrxf.exe38⤵
- Executes dropped EXE
-
\??\c:\nhhhbt.exec:\nhhhbt.exe39⤵
- Executes dropped EXE
-
\??\c:\btnthn.exec:\btnthn.exe40⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe41⤵
- Executes dropped EXE
-
\??\c:\1xxrflx.exec:\1xxrflx.exe42⤵
- Executes dropped EXE
-
\??\c:\thnhht.exec:\thnhht.exe43⤵
- Executes dropped EXE
-
\??\c:\htttnt.exec:\htttnt.exe44⤵
- Executes dropped EXE
-
\??\c:\jpjdp.exec:\jpjdp.exe45⤵
- Executes dropped EXE
-
\??\c:\llxlrlx.exec:\llxlrlx.exe46⤵
- Executes dropped EXE
-
\??\c:\nbtnnh.exec:\nbtnnh.exe47⤵
- Executes dropped EXE
-
\??\c:\jjjpd.exec:\jjjpd.exe48⤵
- Executes dropped EXE
-
\??\c:\fllfrrl.exec:\fllfrrl.exe49⤵
- Executes dropped EXE
-
\??\c:\tbbtnh.exec:\tbbtnh.exe50⤵
- Executes dropped EXE
-
\??\c:\tntbtn.exec:\tntbtn.exe51⤵
- Executes dropped EXE
-
\??\c:\5jdvj.exec:\5jdvj.exe52⤵
- Executes dropped EXE
-
\??\c:\rxrlxrf.exec:\rxrlxrf.exe53⤵
- Executes dropped EXE
-
\??\c:\lxfrxrx.exec:\lxfrxrx.exe54⤵
- Executes dropped EXE
-
\??\c:\htbnbt.exec:\htbnbt.exe55⤵
- Executes dropped EXE
-
\??\c:\pvjvp.exec:\pvjvp.exe56⤵
- Executes dropped EXE
-
\??\c:\pjdpd.exec:\pjdpd.exe57⤵
- Executes dropped EXE
-
\??\c:\lxxrfxr.exec:\lxxrfxr.exe58⤵
- Executes dropped EXE
-
\??\c:\hbnhbt.exec:\hbnhbt.exe59⤵
- Executes dropped EXE
-
\??\c:\bbtttn.exec:\bbtttn.exe60⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe61⤵
- Executes dropped EXE
-
\??\c:\3rrfrlx.exec:\3rrfrlx.exe62⤵
- Executes dropped EXE
-
\??\c:\xxxrlrf.exec:\xxxrlrf.exe63⤵
- Executes dropped EXE
-
\??\c:\thtnbn.exec:\thtnbn.exe64⤵
- Executes dropped EXE
-
\??\c:\thbnbb.exec:\thbnbb.exe65⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe66⤵
-
\??\c:\xlfrfxl.exec:\xlfrfxl.exe67⤵
-
\??\c:\xlxlxlx.exec:\xlxlxlx.exe68⤵
-
\??\c:\bnbnbt.exec:\bnbnbt.exe69⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe70⤵
-
\??\c:\vvppv.exec:\vvppv.exe71⤵
-
\??\c:\rfrfrlf.exec:\rfrfrlf.exe72⤵
-
\??\c:\nnnhtn.exec:\nnnhtn.exe73⤵
-
\??\c:\hhhhtn.exec:\hhhhtn.exe74⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe75⤵
-
\??\c:\frlxrlx.exec:\frlxrlx.exe76⤵
-
\??\c:\fflxlfx.exec:\fflxlfx.exe77⤵
-
\??\c:\bhnbbt.exec:\bhnbbt.exe78⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe79⤵
-
\??\c:\djpdp.exec:\djpdp.exe80⤵
-
\??\c:\5rxxllx.exec:\5rxxllx.exe81⤵
-
\??\c:\nntnbh.exec:\nntnbh.exe82⤵
-
\??\c:\btbthh.exec:\btbthh.exe83⤵
-
\??\c:\7vvjd.exec:\7vvjd.exe84⤵
-
\??\c:\frrllll.exec:\frrllll.exe85⤵
-
\??\c:\rxffrrx.exec:\rxffrrx.exe86⤵
-
\??\c:\hnhbbt.exec:\hnhbbt.exe87⤵
-
\??\c:\5nnbbt.exec:\5nnbbt.exe88⤵
-
\??\c:\jvjvd.exec:\jvjvd.exe89⤵
-
\??\c:\xflxlfx.exec:\xflxlfx.exe90⤵
-
\??\c:\3fxrffr.exec:\3fxrffr.exe91⤵
-
\??\c:\tbnnnb.exec:\tbnnnb.exe92⤵
-
\??\c:\hnnnhh.exec:\hnnnhh.exe93⤵
-
\??\c:\1vvjv.exec:\1vvjv.exe94⤵
-
\??\c:\jjddv.exec:\jjddv.exe95⤵
-
\??\c:\rflxfxr.exec:\rflxfxr.exe96⤵
-
\??\c:\hnnhtn.exec:\hnnhtn.exe97⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe98⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe99⤵
-
\??\c:\dppdj.exec:\dppdj.exe100⤵
-
\??\c:\lxxlxrf.exec:\lxxlxrf.exe101⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe102⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe103⤵
-
\??\c:\llrlrlf.exec:\llrlrlf.exe104⤵
-
\??\c:\tbbnhb.exec:\tbbnhb.exe105⤵
-
\??\c:\hbtnhb.exec:\hbtnhb.exe106⤵
-
\??\c:\5pjpj.exec:\5pjpj.exe107⤵
-
\??\c:\rxfrflx.exec:\rxfrflx.exe108⤵
-
\??\c:\rlfrfxl.exec:\rlfrfxl.exe109⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe110⤵
-
\??\c:\pdjvj.exec:\pdjvj.exe111⤵
-
\??\c:\5fxlfxf.exec:\5fxlfxf.exe112⤵
-
\??\c:\bbbnhb.exec:\bbbnhb.exe113⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe114⤵
-
\??\c:\dddjv.exec:\dddjv.exe115⤵
-
\??\c:\fffxffr.exec:\fffxffr.exe116⤵
-
\??\c:\lxlffxx.exec:\lxlffxx.exe117⤵
-
\??\c:\bbbtbt.exec:\bbbtbt.exe118⤵
-
\??\c:\dddvp.exec:\dddvp.exe119⤵
-
\??\c:\lfrlxxx.exec:\lfrlxxx.exe120⤵
-
\??\c:\rlllfff.exec:\rlllfff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-