Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20/05/2024, 02:52
General
-
Target
cc73d82a1c9a8ebc2ac8abbd0ed393fa688d576cc64668064a7540e13d658fbd.exe
-
Size
57KB
-
MD5
b51bdd5df765e7dcb1055b4d8323ae4c
-
SHA1
e8df4da0bfeb0f4401d1cc4489378192b0be4f0d
-
SHA256
cc73d82a1c9a8ebc2ac8abbd0ed393fa688d576cc64668064a7540e13d658fbd
-
SHA512
e832b20d9325a545338f46b0b1047448386e288978d47329abb7bb3c983e5fa2302cc0bc090738fe3f8c76284666fc2465e2da7067d64137ab582f4f60665c01
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuSwFaEt:ymb3NkkiQ3mdBjFIvIFaEt
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc73d82a1c9a8ebc2ac8abbd0ed393fa688d576cc64668064a7540e13d658fbd.exe"C:\Users\Admin\AppData\Local\Temp\cc73d82a1c9a8ebc2ac8abbd0ed393fa688d576cc64668064a7540e13d658fbd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnbt.exec:\nnhnbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfflff.exec:\9xfflff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnnt.exec:\tthnnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddp.exec:\vdddp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrfll.exec:\ffrrfll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxflffr.exec:\lxflffr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbnht.exec:\nnbnht.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpd.exec:\vpvpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrrllx.exec:\rxrrllx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbbh.exec:\tbbbbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjjd.exec:\5pjjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrlf.exec:\fxfxrlf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hthtn.exec:\5hthtn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppvv.exec:\vppvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfxlr.exec:\fxrfxlr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbtb.exec:\thtbtb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtbnn.exec:\bhtbnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfflrxf.exec:\rfflrxf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffflx.exec:\lfffflx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhbb.exec:\tnhhbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlfxx.exec:\lrrlfxx.exe23⤵
- Executes dropped EXE
-
\??\c:\nnbhhn.exec:\nnbhhn.exe24⤵
- Executes dropped EXE
-
\??\c:\jppjj.exec:\jppjj.exe25⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe26⤵
- Executes dropped EXE
-
\??\c:\5rxrllf.exec:\5rxrllf.exe27⤵
- Executes dropped EXE
-
\??\c:\hnhttn.exec:\hnhttn.exe28⤵
- Executes dropped EXE
-
\??\c:\bbnhhb.exec:\bbnhhb.exe29⤵
- Executes dropped EXE
-
\??\c:\dpppv.exec:\dpppv.exe30⤵
- Executes dropped EXE
-
\??\c:\lxlrlff.exec:\lxlrlff.exe31⤵
- Executes dropped EXE
-
\??\c:\hbbttt.exec:\hbbttt.exe32⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe33⤵
- Executes dropped EXE
-
\??\c:\rrrxxxx.exec:\rrrxxxx.exe34⤵
- Executes dropped EXE
-
\??\c:\xxlrfll.exec:\xxlrfll.exe35⤵
- Executes dropped EXE
-
\??\c:\hnnnnn.exec:\hnnnnn.exe36⤵
- Executes dropped EXE
-
\??\c:\3ttttb.exec:\3ttttb.exe37⤵
- Executes dropped EXE
-
\??\c:\1ppdd.exec:\1ppdd.exe38⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe39⤵
- Executes dropped EXE
-
\??\c:\rrfxxff.exec:\rrfxxff.exe40⤵
- Executes dropped EXE
-
\??\c:\lllxrrl.exec:\lllxrrl.exe41⤵
- Executes dropped EXE
-
\??\c:\bthttn.exec:\bthttn.exe42⤵
- Executes dropped EXE
-
\??\c:\djjpj.exec:\djjpj.exe43⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe44⤵
- Executes dropped EXE
-
\??\c:\ffxrlxl.exec:\ffxrlxl.exe45⤵
- Executes dropped EXE
-
\??\c:\hhbtnn.exec:\hhbtnn.exe46⤵
- Executes dropped EXE
-
\??\c:\nnbtbn.exec:\nnbtbn.exe47⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe48⤵
- Executes dropped EXE
-
\??\c:\9fxrflr.exec:\9fxrflr.exe49⤵
- Executes dropped EXE
-
\??\c:\xxrlxxr.exec:\xxrlxxr.exe50⤵
- Executes dropped EXE
-
\??\c:\nbnnbh.exec:\nbnnbh.exe51⤵
- Executes dropped EXE
-
\??\c:\nbnhnn.exec:\nbnhnn.exe52⤵
- Executes dropped EXE
-
\??\c:\dvddp.exec:\dvddp.exe53⤵
- Executes dropped EXE
-
\??\c:\1lxlrxr.exec:\1lxlrxr.exe54⤵
- Executes dropped EXE
-
\??\c:\nhtnhb.exec:\nhtnhb.exe55⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe56⤵
- Executes dropped EXE
-
\??\c:\fxlxrrl.exec:\fxlxrrl.exe57⤵
- Executes dropped EXE
-
\??\c:\frlrlll.exec:\frlrlll.exe58⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe59⤵
- Executes dropped EXE
-
\??\c:\ntttnh.exec:\ntttnh.exe60⤵
- Executes dropped EXE
-
\??\c:\vvdpp.exec:\vvdpp.exe61⤵
- Executes dropped EXE
-
\??\c:\ffxrlll.exec:\ffxrlll.exe62⤵
- Executes dropped EXE
-
\??\c:\7thbtt.exec:\7thbtt.exe63⤵
- Executes dropped EXE
-
\??\c:\3pdpj.exec:\3pdpj.exe64⤵
- Executes dropped EXE
-
\??\c:\jvdjd.exec:\jvdjd.exe65⤵
- Executes dropped EXE
-
\??\c:\xfrfxrl.exec:\xfrfxrl.exe66⤵
-
\??\c:\5tbbnn.exec:\5tbbnn.exe67⤵
-
\??\c:\5tntbb.exec:\5tntbb.exe68⤵
-
\??\c:\fxffxxl.exec:\fxffxxl.exe69⤵
-
\??\c:\rffxxrr.exec:\rffxxrr.exe70⤵
-
\??\c:\tttnht.exec:\tttnht.exe71⤵
-
\??\c:\djpvd.exec:\djpvd.exe72⤵
-
\??\c:\lxxxlff.exec:\lxxxlff.exe73⤵
-
\??\c:\bbbbtb.exec:\bbbbtb.exe74⤵
-
\??\c:\jddjp.exec:\jddjp.exe75⤵
-
\??\c:\7vvjv.exec:\7vvjv.exe76⤵
-
\??\c:\xxxrxlf.exec:\xxxrxlf.exe77⤵
-
\??\c:\hhntbt.exec:\hhntbt.exe78⤵
-
\??\c:\3pjvj.exec:\3pjvj.exe79⤵
-
\??\c:\lxrlfxr.exec:\lxrlfxr.exe80⤵
-
\??\c:\rrrrfll.exec:\rrrrfll.exe81⤵
-
\??\c:\hhhnnh.exec:\hhhnnh.exe82⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe83⤵
-
\??\c:\vdvdj.exec:\vdvdj.exe84⤵
-
\??\c:\lrffffx.exec:\lrffffx.exe85⤵
-
\??\c:\7bnbbh.exec:\7bnbbh.exe86⤵
-
\??\c:\vddvp.exec:\vddvp.exe87⤵
-
\??\c:\9lxrrll.exec:\9lxrrll.exe88⤵
-
\??\c:\xrllffr.exec:\xrllffr.exe89⤵
-
\??\c:\btttnt.exec:\btttnt.exe90⤵
-
\??\c:\vvppp.exec:\vvppp.exe91⤵
-
\??\c:\9rxlfrr.exec:\9rxlfrr.exe92⤵
-
\??\c:\lxffxxx.exec:\lxffxxx.exe93⤵
-
\??\c:\hbtbbh.exec:\hbtbbh.exe94⤵
-
\??\c:\hnttnb.exec:\hnttnb.exe95⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe96⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe97⤵
-
\??\c:\rllxxrl.exec:\rllxxrl.exe98⤵
-
\??\c:\tbtntt.exec:\tbtntt.exe99⤵
-
\??\c:\jvppd.exec:\jvppd.exe100⤵
-
\??\c:\5jjdp.exec:\5jjdp.exe101⤵
-
\??\c:\lxxlrlf.exec:\lxxlrlf.exe102⤵
-
\??\c:\9tttnn.exec:\9tttnn.exe103⤵
-
\??\c:\hntttb.exec:\hntttb.exe104⤵
-
\??\c:\vjddd.exec:\vjddd.exe105⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe106⤵
-
\??\c:\xxlllrx.exec:\xxlllrx.exe107⤵
-
\??\c:\7rflrxx.exec:\7rflrxx.exe108⤵
-
\??\c:\5hhbbt.exec:\5hhbbt.exe109⤵
-
\??\c:\btbbtb.exec:\btbbtb.exe110⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe111⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe112⤵
-
\??\c:\rrrlfxr.exec:\rrrlfxr.exe113⤵
-
\??\c:\hbbtbn.exec:\hbbtbn.exe114⤵
-
\??\c:\nbbbhn.exec:\nbbbhn.exe115⤵
-
\??\c:\3vvvv.exec:\3vvvv.exe116⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe117⤵
-
\??\c:\lrrxxff.exec:\lrrxxff.exe118⤵
-
\??\c:\xfxxfxf.exec:\xfxxfxf.exe119⤵
-
\??\c:\nnttnt.exec:\nnttnt.exe120⤵
-
\??\c:\hhtbbb.exec:\hhtbbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-