Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
24/05/2024, 18:19
General
-
Target
05645442132cb14ff2f64e0b0f2a740f2b07505949961eb96423c6564c5dc264.exe
-
Size
76KB
-
MD5
287414622bb8b4193a47085f7537410a
-
SHA1
48684dfe3568f87669d3265f1e7bdf9b70decf18
-
SHA256
05645442132cb14ff2f64e0b0f2a740f2b07505949961eb96423c6564c5dc264
-
SHA512
9ac31e4c1738568255b56403c2f716e8617faf8ffc4f9ba9134d8d72eb614c9ab0768be1b7bfd9d5bf602a8623b7025804fec12cea751220a3ccb5d449064139
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAX8gu3Gno9yvrjKI:ymb3NkkiQ3mdBjFo68t3Gno9Ij
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
UPX dump on OEP (original entry point) 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\05645442132cb14ff2f64e0b0f2a740f2b07505949961eb96423c6564c5dc264.exe"C:\Users\Admin\AppData\Local\Temp\05645442132cb14ff2f64e0b0f2a740f2b07505949961eb96423c6564c5dc264.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrffrr.exec:\lfrffrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\42204.exec:\42204.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\428282.exec:\428282.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\002082.exec:\002082.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\80226.exec:\80226.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntttnb.exec:\ntttnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhtb.exec:\btnhtb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\82448.exec:\82448.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\60266.exec:\60266.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdpj.exec:\vjdpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbtn.exec:\hbtbtn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrlfl.exec:\frxrlfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6246428.exec:\6246428.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\82260.exec:\82260.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22820.exec:\22820.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbbn.exec:\ntbbbn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrrxr.exec:\xrlrrxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2404400.exec:\2404400.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bnntb.exec:\9bnntb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvv.exec:\jpdvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4620426.exec:\4620426.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvdp.exec:\vvvdp.exe23⤵
- Executes dropped EXE
-
\??\c:\rfflxrl.exec:\rfflxrl.exe24⤵
- Executes dropped EXE
-
\??\c:\640488.exec:\640488.exe25⤵
- Executes dropped EXE
-
\??\c:\6400826.exec:\6400826.exe26⤵
- Executes dropped EXE
-
\??\c:\068222.exec:\068222.exe27⤵
- Executes dropped EXE
-
\??\c:\4882660.exec:\4882660.exe28⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe29⤵
- Executes dropped EXE
-
\??\c:\0020226.exec:\0020226.exe30⤵
- Executes dropped EXE
-
\??\c:\vddvd.exec:\vddvd.exe31⤵
- Executes dropped EXE
-
\??\c:\8200622.exec:\8200622.exe32⤵
- Executes dropped EXE
-
\??\c:\4448682.exec:\4448682.exe33⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe34⤵
- Executes dropped EXE
-
\??\c:\00664.exec:\00664.exe35⤵
- Executes dropped EXE
-
\??\c:\lffxrrr.exec:\lffxrrr.exe36⤵
- Executes dropped EXE
-
\??\c:\846048.exec:\846048.exe37⤵
- Executes dropped EXE
-
\??\c:\266648.exec:\266648.exe38⤵
- Executes dropped EXE
-
\??\c:\a2804.exec:\a2804.exe39⤵
- Executes dropped EXE
-
\??\c:\xrfxrfr.exec:\xrfxrfr.exe40⤵
- Executes dropped EXE
-
\??\c:\68000.exec:\68000.exe41⤵
- Executes dropped EXE
-
\??\c:\4204026.exec:\4204026.exe42⤵
- Executes dropped EXE
-
\??\c:\rxffffl.exec:\rxffffl.exe43⤵
- Executes dropped EXE
-
\??\c:\0000000.exec:\0000000.exe44⤵
- Executes dropped EXE
-
\??\c:\dpvjv.exec:\dpvjv.exe45⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe46⤵
- Executes dropped EXE
-
\??\c:\3vvjd.exec:\3vvjd.exe47⤵
- Executes dropped EXE
-
\??\c:\hnnhtt.exec:\hnnhtt.exe48⤵
- Executes dropped EXE
-
\??\c:\lxrxrfr.exec:\lxrxrfr.exe49⤵
- Executes dropped EXE
-
\??\c:\pddpp.exec:\pddpp.exe50⤵
- Executes dropped EXE
-
\??\c:\u844604.exec:\u844604.exe51⤵
- Executes dropped EXE
-
\??\c:\3vddv.exec:\3vddv.exe52⤵
- Executes dropped EXE
-
\??\c:\frxlxxr.exec:\frxlxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\0448226.exec:\0448226.exe54⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe55⤵
- Executes dropped EXE
-
\??\c:\042806.exec:\042806.exe56⤵
- Executes dropped EXE
-
\??\c:\802888.exec:\802888.exe57⤵
- Executes dropped EXE
-
\??\c:\028822.exec:\028822.exe58⤵
- Executes dropped EXE
-
\??\c:\284826.exec:\284826.exe59⤵
- Executes dropped EXE
-
\??\c:\htnhbb.exec:\htnhbb.exe60⤵
- Executes dropped EXE
-
\??\c:\88406.exec:\88406.exe61⤵
- Executes dropped EXE
-
\??\c:\288824.exec:\288824.exe62⤵
- Executes dropped EXE
-
\??\c:\6040280.exec:\6040280.exe63⤵
- Executes dropped EXE
-
\??\c:\bbbthh.exec:\bbbthh.exe64⤵
- Executes dropped EXE
-
\??\c:\60048.exec:\60048.exe65⤵
- Executes dropped EXE
-
\??\c:\084480.exec:\084480.exe66⤵
-
\??\c:\xrlfrrr.exec:\xrlfrrr.exe67⤵
-
\??\c:\86822.exec:\86822.exe68⤵
-
\??\c:\fxxlffx.exec:\fxxlffx.exe69⤵
-
\??\c:\a0882.exec:\a0882.exe70⤵
-
\??\c:\1bbbbn.exec:\1bbbbn.exe71⤵
-
\??\c:\68488.exec:\68488.exe72⤵
-
\??\c:\48884.exec:\48884.exe73⤵
-
\??\c:\8444448.exec:\8444448.exe74⤵
-
\??\c:\6684444.exec:\6684444.exe75⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe76⤵
-
\??\c:\xlfxrxx.exec:\xlfxrxx.exe77⤵
-
\??\c:\fxxxrxx.exec:\fxxxrxx.exe78⤵
-
\??\c:\g2886.exec:\g2886.exe79⤵
-
\??\c:\840488.exec:\840488.exe80⤵
-
\??\c:\pvddv.exec:\pvddv.exe81⤵
-
\??\c:\82208.exec:\82208.exe82⤵
-
\??\c:\28842.exec:\28842.exe83⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe84⤵
-
\??\c:\04488.exec:\04488.exe85⤵
-
\??\c:\0200006.exec:\0200006.exe86⤵
-
\??\c:\22226.exec:\22226.exe87⤵
-
\??\c:\s2888.exec:\s2888.exe88⤵
-
\??\c:\o844488.exec:\o844488.exe89⤵
-
\??\c:\7htntt.exec:\7htntt.exe90⤵
-
\??\c:\tthbbb.exec:\tthbbb.exe91⤵
-
\??\c:\482604.exec:\482604.exe92⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe93⤵
-
\??\c:\hnnhtt.exec:\hnnhtt.exe94⤵
-
\??\c:\ttnhnh.exec:\ttnhnh.exe95⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe96⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe97⤵
-
\??\c:\820406.exec:\820406.exe98⤵
-
\??\c:\lffxxrf.exec:\lffxxrf.exe99⤵
-
\??\c:\048260.exec:\048260.exe100⤵
-
\??\c:\82260.exec:\82260.exe101⤵
-
\??\c:\86820.exec:\86820.exe102⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe103⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe104⤵
-
\??\c:\dppdd.exec:\dppdd.exe105⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe106⤵
-
\??\c:\xlllxxr.exec:\xlllxxr.exe107⤵
-
\??\c:\4082662.exec:\4082662.exe108⤵
-
\??\c:\lfxxfxf.exec:\lfxxfxf.exe109⤵
-
\??\c:\260624.exec:\260624.exe110⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe111⤵
-
\??\c:\hthhbb.exec:\hthhbb.exe112⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe113⤵
-
\??\c:\86206.exec:\86206.exe114⤵
-
\??\c:\44004.exec:\44004.exe115⤵
-
\??\c:\400044.exec:\400044.exe116⤵
-
\??\c:\2622040.exec:\2622040.exe117⤵
-
\??\c:\lrlllfx.exec:\lrlllfx.exe118⤵
-
\??\c:\248664.exec:\248664.exe119⤵
-
\??\c:\tbthnh.exec:\tbthnh.exe120⤵
-
\??\c:\thnbnn.exec:\thnbnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-