Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
14/05/2024, 00:10
General
-
Target
9968319a7cb0f4dcfd5999327af7391845e986aa47ffbcece3a1a442d32d8197.exe
-
Size
84KB
-
MD5
423959f9dda91641b41a383a97b05993
-
SHA1
090e84b0bcdbb763418b5e221fc3828626d6a957
-
SHA256
9968319a7cb0f4dcfd5999327af7391845e986aa47ffbcece3a1a442d32d8197
-
SHA512
7fd1351e380f9aca6a967800269b5548309a3e530154d435ba4038e7ef5d5b681cb861112e86e13d932551877cfc12c0893292fe4158b91f2567723ff4ee6d5a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73t6MlYqn+jMp99zx/K0Xt:ymb3NkkiQ3mdBjFo73tvn+Yp99zx
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
UPX dump on OEP (original entry point) 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9968319a7cb0f4dcfd5999327af7391845e986aa47ffbcece3a1a442d32d8197.exe"C:\Users\Admin\AppData\Local\Temp\9968319a7cb0f4dcfd5999327af7391845e986aa47ffbcece3a1a442d32d8197.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbnt.exec:\bnbbnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdv.exec:\jdvdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrrr.exec:\lffxrrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjjd.exec:\pvjjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxxxx.exec:\rfxxxxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddp.exec:\pdddp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppjj.exec:\7ppjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnnh.exec:\hnnnnh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdpd.exec:\1jdpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllflf.exec:\rlllflf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttbh.exec:\tnttbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3djpv.exec:\3djpv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrrfr.exec:\flrrrfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhbh.exec:\hthhbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvj.exec:\jdvvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlllxl.exec:\lxlllxl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnbh.exec:\ttnnbh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdv.exec:\vpjdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrxxr.exec:\llfrxxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthnth.exec:\nthnth.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjpd.exec:\jdjpd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddjv.exec:\vddjv.exe23⤵
- Executes dropped EXE
-
\??\c:\nttbhn.exec:\nttbhn.exe24⤵
- Executes dropped EXE
-
\??\c:\bnnnhh.exec:\bnnnhh.exe25⤵
- Executes dropped EXE
-
\??\c:\xflxxxf.exec:\xflxxxf.exe26⤵
- Executes dropped EXE
-
\??\c:\tntttb.exec:\tntttb.exe27⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe28⤵
- Executes dropped EXE
-
\??\c:\rrflflf.exec:\rrflflf.exe29⤵
- Executes dropped EXE
-
\??\c:\nnthhn.exec:\nnthhn.exe30⤵
- Executes dropped EXE
-
\??\c:\dpvjj.exec:\dpvjj.exe31⤵
- Executes dropped EXE
-
\??\c:\rxxfflx.exec:\rxxfflx.exe32⤵
- Executes dropped EXE
-
\??\c:\bnbbhb.exec:\bnbbhb.exe33⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe34⤵
- Executes dropped EXE
-
\??\c:\frxrxrx.exec:\frxrxrx.exe35⤵
- Executes dropped EXE
-
\??\c:\9ntnnn.exec:\9ntnnn.exe36⤵
- Executes dropped EXE
-
\??\c:\bbhhnt.exec:\bbhhnt.exe37⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe38⤵
- Executes dropped EXE
-
\??\c:\rllxxxx.exec:\rllxxxx.exe39⤵
- Executes dropped EXE
-
\??\c:\frflffr.exec:\frflffr.exe40⤵
- Executes dropped EXE
-
\??\c:\bthtbh.exec:\bthtbh.exe41⤵
- Executes dropped EXE
-
\??\c:\vdjpp.exec:\vdjpp.exe42⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe43⤵
- Executes dropped EXE
-
\??\c:\lrxxllx.exec:\lrxxllx.exe44⤵
- Executes dropped EXE
-
\??\c:\hhhbbb.exec:\hhhbbb.exe45⤵
- Executes dropped EXE
-
\??\c:\vdppj.exec:\vdppj.exe46⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe47⤵
- Executes dropped EXE
-
\??\c:\9llllrx.exec:\9llllrx.exe48⤵
- Executes dropped EXE
-
\??\c:\tbthnn.exec:\tbthnn.exe49⤵
- Executes dropped EXE
-
\??\c:\ntbbbb.exec:\ntbbbb.exe50⤵
- Executes dropped EXE
-
\??\c:\jpjvv.exec:\jpjvv.exe51⤵
- Executes dropped EXE
-
\??\c:\9dddv.exec:\9dddv.exe52⤵
- Executes dropped EXE
-
\??\c:\rflflll.exec:\rflflll.exe53⤵
- Executes dropped EXE
-
\??\c:\thnbbh.exec:\thnbbh.exe54⤵
- Executes dropped EXE
-
\??\c:\ttttnt.exec:\ttttnt.exe55⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe56⤵
- Executes dropped EXE
-
\??\c:\xrllfll.exec:\xrllfll.exe57⤵
- Executes dropped EXE
-
\??\c:\thnhnn.exec:\thnhnn.exe58⤵
- Executes dropped EXE
-
\??\c:\jvjpp.exec:\jvjpp.exe59⤵
- Executes dropped EXE
-
\??\c:\pvdvd.exec:\pvdvd.exe60⤵
- Executes dropped EXE
-
\??\c:\lfxrllx.exec:\lfxrllx.exe61⤵
- Executes dropped EXE
-
\??\c:\5hhhnt.exec:\5hhhnt.exe62⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe63⤵
- Executes dropped EXE
-
\??\c:\lfflllx.exec:\lfflllx.exe64⤵
- Executes dropped EXE
-
\??\c:\fxllfll.exec:\fxllfll.exe65⤵
- Executes dropped EXE
-
\??\c:\tnhnhn.exec:\tnhnhn.exe66⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe67⤵
-
\??\c:\lrllrxf.exec:\lrllrxf.exe68⤵
-
\??\c:\nnhhnn.exec:\nnhhnn.exe69⤵
-
\??\c:\bttnht.exec:\bttnht.exe70⤵
-
\??\c:\3ddpj.exec:\3ddpj.exe71⤵
-
\??\c:\xrffrlr.exec:\xrffrlr.exe72⤵
-
\??\c:\nnhtnn.exec:\nnhtnn.exe73⤵
-
\??\c:\jddjv.exec:\jddjv.exe74⤵
-
\??\c:\llrxxfl.exec:\llrxxfl.exe75⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe76⤵
-
\??\c:\jppvd.exec:\jppvd.exe77⤵
-
\??\c:\llrrffr.exec:\llrrffr.exe78⤵
-
\??\c:\tnntnh.exec:\tnntnh.exe79⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe80⤵
-
\??\c:\pppjj.exec:\pppjj.exe81⤵
-
\??\c:\rxfxrrl.exec:\rxfxrrl.exe82⤵
-
\??\c:\bntnbb.exec:\bntnbb.exe83⤵
-
\??\c:\djppv.exec:\djppv.exe84⤵
-
\??\c:\rxxrlfl.exec:\rxxrlfl.exe85⤵
-
\??\c:\lffxrff.exec:\lffxrff.exe86⤵
-
\??\c:\9nttht.exec:\9nttht.exe87⤵
-
\??\c:\7nttnt.exec:\7nttnt.exe88⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe89⤵
-
\??\c:\lfllrxf.exec:\lfllrxf.exe90⤵
-
\??\c:\1frrxlx.exec:\1frrxlx.exe91⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe92⤵
-
\??\c:\jjddv.exec:\jjddv.exe93⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe94⤵
-
\??\c:\rrxxlrr.exec:\rrxxlrr.exe95⤵
-
\??\c:\3bnnth.exec:\3bnnth.exe96⤵
-
\??\c:\xxrrlrr.exec:\xxrrlrr.exe97⤵
-
\??\c:\bhhthh.exec:\bhhthh.exe98⤵
-
\??\c:\hnhbhb.exec:\hnhbhb.exe99⤵
-
\??\c:\dppdp.exec:\dppdp.exe100⤵
-
\??\c:\lrrxxxx.exec:\lrrxxxx.exe101⤵
-
\??\c:\rxrfrrf.exec:\rxrfrrf.exe102⤵
-
\??\c:\nthntb.exec:\nthntb.exe103⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe104⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe105⤵
-
\??\c:\rlxlrll.exec:\rlxlrll.exe106⤵
-
\??\c:\ffrllrr.exec:\ffrllrr.exe107⤵
-
\??\c:\tbbnht.exec:\tbbnht.exe108⤵
-
\??\c:\vjddj.exec:\vjddj.exe109⤵
-
\??\c:\xrlrrff.exec:\xrlrrff.exe110⤵
-
\??\c:\tbtttt.exec:\tbtttt.exe111⤵
-
\??\c:\thhbth.exec:\thhbth.exe112⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe113⤵
-
\??\c:\lxxlxrl.exec:\lxxlxrl.exe114⤵
-
\??\c:\bttbnt.exec:\bttbnt.exe115⤵
-
\??\c:\5vpdd.exec:\5vpdd.exe116⤵
-
\??\c:\rrlxrll.exec:\rrlxrll.exe117⤵
-
\??\c:\lxxlrrr.exec:\lxxlrrr.exe118⤵
-
\??\c:\nhbthb.exec:\nhbthb.exe119⤵
-
\??\c:\vppvp.exec:\vppvp.exe120⤵
-
\??\c:\fxrfxrx.exec:\fxrfxrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-