Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16/05/2024, 18:12
General
-
Target
03038d53a7000b0955dee5816c114c99dfc4ef153a7297b86792c77f56d69f31.exe
-
Size
224KB
-
MD5
455fa0f4f4cd34d3402a200c703bd361
-
SHA1
a88b0e4f1fb544fe7e8f337f87ad523fde400ae2
-
SHA256
03038d53a7000b0955dee5816c114c99dfc4ef153a7297b86792c77f56d69f31
-
SHA512
bb8c21ec55592621d15ffb09d25aaed1f2da952cca366751d5c6267cafe6819ec664e1027641c1cbe70acf8643a9a5fb2234dae784c0066522cb18c1a8b5d3a3
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xL79:n3C9BRo7MlrWKo+lxKZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\03038d53a7000b0955dee5816c114c99dfc4ef153a7297b86792c77f56d69f31.exe"C:\Users\Admin\AppData\Local\Temp\03038d53a7000b0955dee5816c114c99dfc4ef153a7297b86792c77f56d69f31.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpj.exec:\pdvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrrll.exec:\llxrrll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdv.exec:\dvpdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflxrrl.exec:\rflxrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntttt.exec:\tntttt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhbt.exec:\hbnhbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhbbb.exec:\hnhbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjp.exec:\pppjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlxlx.exec:\rlxlxlx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvp.exec:\jvvvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrfxxl.exec:\flrfxxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnhb.exec:\tntnhb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrfrfl.exec:\lfrfrfl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrfrr.exec:\frlrfrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhbb.exec:\htnhbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlfxr.exec:\rlxlfxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbtn.exec:\tbhbtn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppd.exec:\jdppd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbnh.exec:\nbhbnh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnhh.exec:\tnbnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlxxrr.exec:\rxlxxrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe23⤵
- Executes dropped EXE
-
\??\c:\xlrlxxr.exec:\xlrlxxr.exe24⤵
- Executes dropped EXE
-
\??\c:\lfrlxxf.exec:\lfrlxxf.exe25⤵
- Executes dropped EXE
-
\??\c:\hbhhhh.exec:\hbhhhh.exe26⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe27⤵
- Executes dropped EXE
-
\??\c:\frxrlff.exec:\frxrlff.exe28⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\thhhnb.exec:\thhhnb.exe30⤵
- Executes dropped EXE
-
\??\c:\vdjdp.exec:\vdjdp.exe31⤵
- Executes dropped EXE
-
\??\c:\3ntntn.exec:\3ntntn.exe32⤵
- Executes dropped EXE
-
\??\c:\vdpvj.exec:\vdpvj.exe33⤵
- Executes dropped EXE
-
\??\c:\flrfrfl.exec:\flrfrfl.exe34⤵
- Executes dropped EXE
-
\??\c:\lrrrllf.exec:\lrrrllf.exe35⤵
- Executes dropped EXE
-
\??\c:\tbnhbt.exec:\tbnhbt.exe36⤵
- Executes dropped EXE
-
\??\c:\jvjdj.exec:\jvjdj.exe37⤵
- Executes dropped EXE
-
\??\c:\frlfrrl.exec:\frlfrrl.exe38⤵
- Executes dropped EXE
-
\??\c:\fxfxffx.exec:\fxfxffx.exe39⤵
- Executes dropped EXE
-
\??\c:\btbttn.exec:\btbttn.exe40⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe41⤵
- Executes dropped EXE
-
\??\c:\pjpdj.exec:\pjpdj.exe42⤵
- Executes dropped EXE
-
\??\c:\xlrrrff.exec:\xlrrrff.exe43⤵
- Executes dropped EXE
-
\??\c:\bbbbbt.exec:\bbbbbt.exe44⤵
- Executes dropped EXE
-
\??\c:\nnhbnn.exec:\nnhbnn.exe45⤵
- Executes dropped EXE
-
\??\c:\vjddv.exec:\vjddv.exe46⤵
- Executes dropped EXE
-
\??\c:\xxlffxx.exec:\xxlffxx.exe47⤵
- Executes dropped EXE
-
\??\c:\tnhbhb.exec:\tnhbhb.exe48⤵
- Executes dropped EXE
-
\??\c:\hhtttb.exec:\hhtttb.exe49⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe50⤵
- Executes dropped EXE
-
\??\c:\xrxflrr.exec:\xrxflrr.exe51⤵
- Executes dropped EXE
-
\??\c:\3lxrllr.exec:\3lxrllr.exe52⤵
- Executes dropped EXE
-
\??\c:\1nhbtn.exec:\1nhbtn.exe53⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe54⤵
- Executes dropped EXE
-
\??\c:\lrlfxlf.exec:\lrlfxlf.exe55⤵
- Executes dropped EXE
-
\??\c:\lxllllf.exec:\lxllllf.exe56⤵
- Executes dropped EXE
-
\??\c:\hnttnt.exec:\hnttnt.exe57⤵
- Executes dropped EXE
-
\??\c:\ddjjv.exec:\ddjjv.exe58⤵
- Executes dropped EXE
-
\??\c:\5jpjj.exec:\5jpjj.exe59⤵
- Executes dropped EXE
-
\??\c:\rfffxxx.exec:\rfffxxx.exe60⤵
- Executes dropped EXE
-
\??\c:\ffllrrf.exec:\ffllrrf.exe61⤵
- Executes dropped EXE
-
\??\c:\tnhbnh.exec:\tnhbnh.exe62⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe63⤵
- Executes dropped EXE
-
\??\c:\xxrrxfr.exec:\xxrrxfr.exe64⤵
- Executes dropped EXE
-
\??\c:\fxlfffl.exec:\fxlfffl.exe65⤵
- Executes dropped EXE
-
\??\c:\thtnnn.exec:\thtnnn.exe66⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe67⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe68⤵
-
\??\c:\xrfxfxx.exec:\xrfxfxx.exe69⤵
-
\??\c:\hhbttn.exec:\hhbttn.exe70⤵
-
\??\c:\djppp.exec:\djppp.exe71⤵
-
\??\c:\1dddp.exec:\1dddp.exe72⤵
-
\??\c:\rffxrlf.exec:\rffxrlf.exe73⤵
-
\??\c:\1hhhhh.exec:\1hhhhh.exe74⤵
-
\??\c:\nthbtt.exec:\nthbtt.exe75⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe76⤵
-
\??\c:\3xxrfff.exec:\3xxrfff.exe77⤵
-
\??\c:\llxrlff.exec:\llxrlff.exe78⤵
-
\??\c:\3nnnnn.exec:\3nnnnn.exe79⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe80⤵
-
\??\c:\dppjv.exec:\dppjv.exe81⤵
-
\??\c:\fxxlllr.exec:\fxxlllr.exe82⤵
-
\??\c:\tntnhb.exec:\tntnhb.exe83⤵
-
\??\c:\nhbnhh.exec:\nhbnhh.exe84⤵
-
\??\c:\jdpdd.exec:\jdpdd.exe85⤵
-
\??\c:\xrrxllx.exec:\xrrxllx.exe86⤵
-
\??\c:\tttttt.exec:\tttttt.exe87⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe88⤵
-
\??\c:\5pjvp.exec:\5pjvp.exe89⤵
-
\??\c:\fxlfrrr.exec:\fxlfrrr.exe90⤵
-
\??\c:\7rxrllf.exec:\7rxrllf.exe91⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe92⤵
-
\??\c:\hnbtnn.exec:\hnbtnn.exe93⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe94⤵
-
\??\c:\lfxrffx.exec:\lfxrffx.exe95⤵
-
\??\c:\fxrxrxf.exec:\fxrxrxf.exe96⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe97⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe98⤵
-
\??\c:\3vvvj.exec:\3vvvj.exe99⤵
-
\??\c:\flrlxxr.exec:\flrlxxr.exe100⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe101⤵
-
\??\c:\3djdj.exec:\3djdj.exe102⤵
-
\??\c:\vvppp.exec:\vvppp.exe103⤵
-
\??\c:\3lfxxff.exec:\3lfxxff.exe104⤵
-
\??\c:\xrxfffr.exec:\xrxfffr.exe105⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe106⤵
-
\??\c:\5pvpd.exec:\5pvpd.exe107⤵
-
\??\c:\7vdvv.exec:\7vdvv.exe108⤵
-
\??\c:\rxfxrll.exec:\rxfxrll.exe109⤵
-
\??\c:\1nnhhn.exec:\1nnhhn.exe110⤵
-
\??\c:\7ttnhn.exec:\7ttnhn.exe111⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe112⤵
-
\??\c:\lxfrlfx.exec:\lxfrlfx.exe113⤵
-
\??\c:\rxllxxx.exec:\rxllxxx.exe114⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe115⤵
-
\??\c:\3hnhbb.exec:\3hnhbb.exe116⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe117⤵
-
\??\c:\pddvv.exec:\pddvv.exe118⤵
-
\??\c:\lrxfxxr.exec:\lrxfxxr.exe119⤵
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe120⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-