Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
17/05/2024, 14:17
General
-
Target
1a0e6cfcfc2f7d4a6b16379bbb9766ff.exe
-
Size
487KB
-
MD5
1a0e6cfcfc2f7d4a6b16379bbb9766ff
-
SHA1
d52c725777497a0cf55e0350b0a5509e5cb436ca
-
SHA256
d36da087aefd30d3caa165a61fd3204168d08a7f55d7afd0b53e177da1940d80
-
SHA512
0ae290c25d8a195026fb32edf2556d7e016bcbe87fa41bb08c179bfcfc21084f4f9bb90ffeaf2b40aeb80936bad5c1e0353c0fd7f2119e8a3afb6f21b0be9c63
-
SSDEEP
6144:n3C9BRo7tvnJ9oH0IRgZvjkUo7tvnJ9oH0IiVByq9CPobNVS:n3C9ytvngQjgtvngSV3CPobNVS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a0e6cfcfc2f7d4a6b16379bbb9766ff.exe"C:\Users\Admin\AppData\Local\Temp\1a0e6cfcfc2f7d4a6b16379bbb9766ff.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvp.exec:\vjdvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxllll.exec:\frxllll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnnh.exec:\bbtnnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnntt.exec:\ntnntt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppp.exec:\vjppp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrrxl.exec:\xrrrrxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnhbt.exec:\1tnhbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdj.exec:\vvjdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djdd.exec:\1djdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfffff.exec:\xxfffff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtt.exec:\btbbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhhh.exec:\hthhhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvd.exec:\ppdvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrfff.exec:\rrrrfff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbnhh.exec:\bbbnhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnnn.exec:\hntnnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpj.exec:\ppvpj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lfxrrr.exec:\9lfxrrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbntb.exec:\nhbntb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnhhh.exec:\5tnhhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdp.exec:\pjvdp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfrrr.exec:\xllfrrr.exe23⤵
- Executes dropped EXE
-
\??\c:\xrrllfx.exec:\xrrllfx.exe24⤵
- Executes dropped EXE
-
\??\c:\nbhbbt.exec:\nbhbbt.exe25⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe26⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe27⤵
- Executes dropped EXE
-
\??\c:\7rxrrrl.exec:\7rxrrrl.exe28⤵
- Executes dropped EXE
-
\??\c:\bbhbtt.exec:\bbhbtt.exe29⤵
- Executes dropped EXE
-
\??\c:\nnttbb.exec:\nnttbb.exe30⤵
- Executes dropped EXE
-
\??\c:\djdvp.exec:\djdvp.exe31⤵
- Executes dropped EXE
-
\??\c:\flfxrrr.exec:\flfxrrr.exe32⤵
- Executes dropped EXE
-
\??\c:\7bhbtt.exec:\7bhbtt.exe33⤵
- Executes dropped EXE
-
\??\c:\thtnnb.exec:\thtnnb.exe34⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe35⤵
- Executes dropped EXE
-
\??\c:\5llfxxr.exec:\5llfxxr.exe36⤵
- Executes dropped EXE
-
\??\c:\xflfffx.exec:\xflfffx.exe37⤵
- Executes dropped EXE
-
\??\c:\5nhhbb.exec:\5nhhbb.exe38⤵
- Executes dropped EXE
-
\??\c:\jpjvv.exec:\jpjvv.exe39⤵
- Executes dropped EXE
-
\??\c:\9ddvp.exec:\9ddvp.exe40⤵
- Executes dropped EXE
-
\??\c:\3ffxffx.exec:\3ffxffx.exe41⤵
- Executes dropped EXE
-
\??\c:\1nbtnt.exec:\1nbtnt.exe42⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe43⤵
- Executes dropped EXE
-
\??\c:\rlrfffx.exec:\rlrfffx.exe44⤵
- Executes dropped EXE
-
\??\c:\1ttnnn.exec:\1ttnnn.exe45⤵
- Executes dropped EXE
-
\??\c:\thhhbb.exec:\thhhbb.exe46⤵
- Executes dropped EXE
-
\??\c:\vvjvv.exec:\vvjvv.exe47⤵
- Executes dropped EXE
-
\??\c:\lllffff.exec:\lllffff.exe48⤵
- Executes dropped EXE
-
\??\c:\7flfllr.exec:\7flfllr.exe49⤵
- Executes dropped EXE
-
\??\c:\tntnhb.exec:\tntnhb.exe50⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe51⤵
- Executes dropped EXE
-
\??\c:\1ppdv.exec:\1ppdv.exe52⤵
- Executes dropped EXE
-
\??\c:\rfffxxr.exec:\rfffxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\7bbbtt.exec:\7bbbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe55⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe56⤵
- Executes dropped EXE
-
\??\c:\1lfxlll.exec:\1lfxlll.exe57⤵
- Executes dropped EXE
-
\??\c:\bbbbbt.exec:\bbbbbt.exe58⤵
- Executes dropped EXE
-
\??\c:\tthbbb.exec:\tthbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe60⤵
- Executes dropped EXE
-
\??\c:\3rrlffx.exec:\3rrlffx.exe61⤵
- Executes dropped EXE
-
\??\c:\hntnnn.exec:\hntnnn.exe62⤵
- Executes dropped EXE
-
\??\c:\1ntnbn.exec:\1ntnbn.exe63⤵
- Executes dropped EXE
-
\??\c:\3pvpv.exec:\3pvpv.exe64⤵
- Executes dropped EXE
-
\??\c:\5rxrrrl.exec:\5rxrrrl.exe65⤵
- Executes dropped EXE
-
\??\c:\fxffxxr.exec:\fxffxxr.exe66⤵
-
\??\c:\3tthhb.exec:\3tthhb.exe67⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe68⤵
-
\??\c:\flxllff.exec:\flxllff.exe69⤵
-
\??\c:\fllfxfx.exec:\fllfxfx.exe70⤵
-
\??\c:\httnhh.exec:\httnhh.exe71⤵
-
\??\c:\3jvpv.exec:\3jvpv.exe72⤵
-
\??\c:\btbthb.exec:\btbthb.exe73⤵
-
\??\c:\djjjd.exec:\djjjd.exe74⤵
-
\??\c:\frrrllx.exec:\frrrllx.exe75⤵
-
\??\c:\nttnnh.exec:\nttnnh.exe76⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe77⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe78⤵
-
\??\c:\rlrlrlr.exec:\rlrlrlr.exe79⤵
-
\??\c:\ntbhbb.exec:\ntbhbb.exe80⤵
-
\??\c:\5jdvd.exec:\5jdvd.exe81⤵
-
\??\c:\3rlxxxl.exec:\3rlxxxl.exe82⤵
-
\??\c:\ntnnnn.exec:\ntnnnn.exe83⤵
-
\??\c:\9xfxllf.exec:\9xfxllf.exe84⤵
-
\??\c:\flrlffx.exec:\flrlffx.exe85⤵
-
\??\c:\btnnnb.exec:\btnnnb.exe86⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe87⤵
-
\??\c:\xxxrrrl.exec:\xxxrrrl.exe88⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe89⤵
-
\??\c:\ntbthh.exec:\ntbthh.exe90⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe91⤵
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe92⤵
-
\??\c:\7nthhh.exec:\7nthhh.exe93⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe94⤵
-
\??\c:\7rxxxrx.exec:\7rxxxrx.exe95⤵
-
\??\c:\9dvvv.exec:\9dvvv.exe96⤵
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe97⤵
-
\??\c:\7bbbbn.exec:\7bbbbn.exe98⤵
-
\??\c:\9xrllff.exec:\9xrllff.exe99⤵
-
\??\c:\lflfllf.exec:\lflfllf.exe100⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe101⤵
-
\??\c:\9vdvj.exec:\9vdvj.exe102⤵
-
\??\c:\rxxxxxf.exec:\rxxxxxf.exe103⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe104⤵
-
\??\c:\3bhbhn.exec:\3bhbhn.exe105⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe106⤵
-
\??\c:\lrxrllf.exec:\lrxrllf.exe107⤵
-
\??\c:\bttbbh.exec:\bttbbh.exe108⤵
-
\??\c:\pvddd.exec:\pvddd.exe109⤵
-
\??\c:\rxffxxx.exec:\rxffxxx.exe110⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe111⤵
-
\??\c:\hhtnbb.exec:\hhtnbb.exe112⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe113⤵
-
\??\c:\rlxrxrx.exec:\rlxrxrx.exe114⤵
-
\??\c:\hthbtb.exec:\hthbtb.exe115⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe116⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe117⤵
-
\??\c:\7rrlffr.exec:\7rrlffr.exe118⤵
-
\??\c:\5hhhbh.exec:\5hhhbh.exe119⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe120⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-