Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
17/05/2024, 06:31
General
-
Target
fced689174f99dbd2fe160fcba2727fdc7d326d9e8f31b38e2965ceaf56f8588.exe
-
Size
95KB
-
MD5
4c533b6ed122abf7387d15b8b3e3e6db
-
SHA1
f8e0028963a1f0c321e451359bf4414d3033d434
-
SHA256
fced689174f99dbd2fe160fcba2727fdc7d326d9e8f31b38e2965ceaf56f8588
-
SHA512
ee02519ecd66d39609086d5059fabc397327edaca17438b76079eb1ce36ca1eb5da0d5dfc8b28aeeeba56360f9160ecf131d735bd425890033e10afa9f87f391
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP1hvZo66Ox4oq2SQwfTA:ymb3NkkiQ3mdBjFIj+qNhvZuHQYk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
UPX dump on OEP (original entry point) 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fced689174f99dbd2fe160fcba2727fdc7d326d9e8f31b38e2965ceaf56f8588.exe"C:\Users\Admin\AppData\Local\Temp\fced689174f99dbd2fe160fcba2727fdc7d326d9e8f31b38e2965ceaf56f8588.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjp.exec:\vpjjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrflfr.exec:\xfrflfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhbt.exec:\btnhbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjvj.exec:\5jjvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrrxr.exec:\fxxrrxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbtn.exec:\hhhbtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhhh.exec:\hnnhhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddp.exec:\dpddp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfrrr.exec:\lflfrrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtnt.exec:\htbtnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdd.exec:\dvjdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxxxff.exec:\lrxxxff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnnn.exec:\nttnnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhnhb.exec:\bhhnhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdp.exec:\vvjdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlffxxr.exec:\xlffxxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfrrl.exec:\fflfrrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbnhb.exec:\1nbnhb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jpjp.exec:\7jpjp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlffx.exec:\xlrlffx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhtn.exec:\tbnhtn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjd.exec:\pjjjd.exe23⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe24⤵
- Executes dropped EXE
-
\??\c:\fxxllfx.exec:\fxxllfx.exe25⤵
- Executes dropped EXE
-
\??\c:\btnhhh.exec:\btnhhh.exe26⤵
- Executes dropped EXE
-
\??\c:\vvvpp.exec:\vvvpp.exe27⤵
- Executes dropped EXE
-
\??\c:\rfllflf.exec:\rfllflf.exe28⤵
- Executes dropped EXE
-
\??\c:\ttnnhb.exec:\ttnnhb.exe29⤵
- Executes dropped EXE
-
\??\c:\htthhb.exec:\htthhb.exe30⤵
- Executes dropped EXE
-
\??\c:\dpjjd.exec:\dpjjd.exe31⤵
- Executes dropped EXE
-
\??\c:\9llfrlf.exec:\9llfrlf.exe32⤵
- Executes dropped EXE
-
\??\c:\tttbtt.exec:\tttbtt.exe33⤵
- Executes dropped EXE
-
\??\c:\nbnnhn.exec:\nbnnhn.exe34⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe35⤵
- Executes dropped EXE
-
\??\c:\jjvvp.exec:\jjvvp.exe36⤵
- Executes dropped EXE
-
\??\c:\llxxlll.exec:\llxxlll.exe37⤵
- Executes dropped EXE
-
\??\c:\nnntnt.exec:\nnntnt.exe38⤵
- Executes dropped EXE
-
\??\c:\pjvdv.exec:\pjvdv.exe39⤵
- Executes dropped EXE
-
\??\c:\llxrrll.exec:\llxrrll.exe40⤵
- Executes dropped EXE
-
\??\c:\hbbbhh.exec:\hbbbhh.exe41⤵
- Executes dropped EXE
-
\??\c:\1bhhhn.exec:\1bhhhn.exe42⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe43⤵
- Executes dropped EXE
-
\??\c:\djjvd.exec:\djjvd.exe44⤵
- Executes dropped EXE
-
\??\c:\rfrrflx.exec:\rfrrflx.exe45⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe46⤵
- Executes dropped EXE
-
\??\c:\nthnhn.exec:\nthnhn.exe47⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe48⤵
- Executes dropped EXE
-
\??\c:\1rxrffx.exec:\1rxrffx.exe49⤵
- Executes dropped EXE
-
\??\c:\xflfffx.exec:\xflfffx.exe50⤵
- Executes dropped EXE
-
\??\c:\7bbbtt.exec:\7bbbtt.exe51⤵
- Executes dropped EXE
-
\??\c:\nbnthh.exec:\nbnthh.exe52⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe53⤵
- Executes dropped EXE
-
\??\c:\5lllxxx.exec:\5lllxxx.exe54⤵
- Executes dropped EXE
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe55⤵
- Executes dropped EXE
-
\??\c:\hbntnn.exec:\hbntnn.exe56⤵
- Executes dropped EXE
-
\??\c:\dvpdv.exec:\dvpdv.exe57⤵
- Executes dropped EXE
-
\??\c:\7pvpp.exec:\7pvpp.exe58⤵
- Executes dropped EXE
-
\??\c:\xllfffx.exec:\xllfffx.exe59⤵
- Executes dropped EXE
-
\??\c:\fxrrlff.exec:\fxrrlff.exe60⤵
- Executes dropped EXE
-
\??\c:\3hhhbb.exec:\3hhhbb.exe61⤵
- Executes dropped EXE
-
\??\c:\ddpjp.exec:\ddpjp.exe62⤵
- Executes dropped EXE
-
\??\c:\5pdvd.exec:\5pdvd.exe63⤵
- Executes dropped EXE
-
\??\c:\7fllfff.exec:\7fllfff.exe64⤵
- Executes dropped EXE
-
\??\c:\lrxffff.exec:\lrxffff.exe65⤵
- Executes dropped EXE
-
\??\c:\nhnnhh.exec:\nhnnhh.exe66⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe67⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe68⤵
-
\??\c:\ddddp.exec:\ddddp.exe69⤵
-
\??\c:\xxxlffl.exec:\xxxlffl.exe70⤵
-
\??\c:\1httbh.exec:\1httbh.exe71⤵
-
\??\c:\hbbhhb.exec:\hbbhhb.exe72⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe73⤵
-
\??\c:\xxfxrxr.exec:\xxfxrxr.exe74⤵
-
\??\c:\lllxlrr.exec:\lllxlrr.exe75⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe76⤵
-
\??\c:\3vjjd.exec:\3vjjd.exe77⤵
-
\??\c:\1fxxlrl.exec:\1fxxlrl.exe78⤵
-
\??\c:\5tttnn.exec:\5tttnn.exe79⤵
-
\??\c:\tthbbb.exec:\tthbbb.exe80⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe81⤵
-
\??\c:\lxxrlll.exec:\lxxrlll.exe82⤵
-
\??\c:\hbhhtb.exec:\hbhhtb.exe83⤵
-
\??\c:\hhtnnh.exec:\hhtnnh.exe84⤵
-
\??\c:\djpjd.exec:\djpjd.exe85⤵
-
\??\c:\3vdpd.exec:\3vdpd.exe86⤵
-
\??\c:\llxxffl.exec:\llxxffl.exe87⤵
-
\??\c:\tntttb.exec:\tntttb.exe88⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe89⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe90⤵
-
\??\c:\lfflxxx.exec:\lfflxxx.exe91⤵
-
\??\c:\xxxrrrl.exec:\xxxrrrl.exe92⤵
-
\??\c:\nhhnbb.exec:\nhhnbb.exe93⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe94⤵
-
\??\c:\rlrxrff.exec:\rlrxrff.exe95⤵
-
\??\c:\rxrfxrl.exec:\rxrfxrl.exe96⤵
-
\??\c:\1htttb.exec:\1htttb.exe97⤵
-
\??\c:\3bhbhn.exec:\3bhbhn.exe98⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe99⤵
-
\??\c:\3djvp.exec:\3djvp.exe100⤵
-
\??\c:\rxlrllf.exec:\rxlrllf.exe101⤵
-
\??\c:\lrxrlll.exec:\lrxrlll.exe102⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe103⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe104⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe105⤵
-
\??\c:\rlxffff.exec:\rlxffff.exe106⤵
-
\??\c:\1xfrrrr.exec:\1xfrrrr.exe107⤵
-
\??\c:\hbbntn.exec:\hbbntn.exe108⤵
-
\??\c:\nhhtnn.exec:\nhhtnn.exe109⤵
-
\??\c:\dpppj.exec:\dpppj.exe110⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe111⤵
-
\??\c:\lfxxrrr.exec:\lfxxrrr.exe112⤵
-
\??\c:\3lffxxx.exec:\3lffxxx.exe113⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe114⤵
-
\??\c:\vpddd.exec:\vpddd.exe115⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe116⤵
-
\??\c:\lflllfl.exec:\lflllfl.exe117⤵
-
\??\c:\lrffxff.exec:\lrffxff.exe118⤵
-
\??\c:\9rflffx.exec:\9rflffx.exe119⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe120⤵
-
\??\c:\bttnht.exec:\bttnht.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-