Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
25/05/2024, 19:40
General
-
Target
245b9a7d6db0293d516aa2b4b5fbe8431a736f209e84b7af13ceca1273b858ed.exe
-
Size
75KB
-
MD5
0382fbb94d4a1ee4e9f47ead7877afbf
-
SHA1
5c995479ff52d5a6136940365ab72f5add3fac49
-
SHA256
245b9a7d6db0293d516aa2b4b5fbe8431a736f209e84b7af13ceca1273b858ed
-
SHA512
41fc372d3cdab91985742a9d50c4c82b022eb1b14b3191e3a254e987f02b6c80c29b1ffc7598aba3ba43be9cf8c5249d78cb00e726aa115d9faa6a7771d29da4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5rINHB:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCuj
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
UPX dump on OEP (original entry point) 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\245b9a7d6db0293d516aa2b4b5fbe8431a736f209e84b7af13ceca1273b858ed.exe"C:\Users\Admin\AppData\Local\Temp\245b9a7d6db0293d516aa2b4b5fbe8431a736f209e84b7af13ceca1273b858ed.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbnt.exec:\nhbbnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpp.exec:\dvjpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfxxr.exec:\rrlfxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppv.exec:\jjppv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllfll.exec:\lxllfll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxxxf.exec:\rllxxxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnhn.exec:\tnnnhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjd.exec:\dppjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djdp.exec:\1djdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlxxr.exec:\lfxlxxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlffxx.exec:\rrlffxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttnt.exec:\hbttnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddpv.exec:\vddpv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfxxr.exec:\frlfxxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbntn.exec:\nnbntn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjj.exec:\vjpjj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflxlxf.exec:\xflxlxf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhhtt.exec:\bhhhtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbbh.exec:\bntbbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fffxxl.exec:\3fffxxl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htthnh.exec:\htthnh.exe23⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe24⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe25⤵
- Executes dropped EXE
-
\??\c:\xlrrrrr.exec:\xlrrrrr.exe26⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe27⤵
- Executes dropped EXE
-
\??\c:\5ffffff.exec:\5ffffff.exe28⤵
- Executes dropped EXE
-
\??\c:\lrfxffx.exec:\lrfxffx.exe29⤵
- Executes dropped EXE
-
\??\c:\7nnnnn.exec:\7nnnnn.exe30⤵
- Executes dropped EXE
-
\??\c:\jdddp.exec:\jdddp.exe31⤵
- Executes dropped EXE
-
\??\c:\xxxxlxx.exec:\xxxxlxx.exe32⤵
- Executes dropped EXE
-
\??\c:\jdpvp.exec:\jdpvp.exe33⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe34⤵
- Executes dropped EXE
-
\??\c:\9jppv.exec:\9jppv.exe35⤵
- Executes dropped EXE
-
\??\c:\xfxxxxx.exec:\xfxxxxx.exe36⤵
- Executes dropped EXE
-
\??\c:\lffrlll.exec:\lffrlll.exe37⤵
- Executes dropped EXE
-
\??\c:\nbnnbh.exec:\nbnnbh.exe38⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe39⤵
- Executes dropped EXE
-
\??\c:\ppdvj.exec:\ppdvj.exe40⤵
- Executes dropped EXE
-
\??\c:\lxrxrrr.exec:\lxrxrrr.exe41⤵
- Executes dropped EXE
-
\??\c:\rlrrrll.exec:\rlrrrll.exe42⤵
- Executes dropped EXE
-
\??\c:\tntnbb.exec:\tntnbb.exe43⤵
- Executes dropped EXE
-
\??\c:\3nbbbh.exec:\3nbbbh.exe44⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe45⤵
- Executes dropped EXE
-
\??\c:\rfrlrrr.exec:\rfrlrrr.exe46⤵
- Executes dropped EXE
-
\??\c:\9fxxrxr.exec:\9fxxrxr.exe47⤵
- Executes dropped EXE
-
\??\c:\hnnbbb.exec:\hnnbbb.exe48⤵
- Executes dropped EXE
-
\??\c:\jppvj.exec:\jppvj.exe49⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe50⤵
- Executes dropped EXE
-
\??\c:\5xxrrlx.exec:\5xxrrlx.exe51⤵
- Executes dropped EXE
-
\??\c:\9htttt.exec:\9htttt.exe52⤵
- Executes dropped EXE
-
\??\c:\vjjdd.exec:\vjjdd.exe53⤵
- Executes dropped EXE
-
\??\c:\dpppv.exec:\dpppv.exe54⤵
- Executes dropped EXE
-
\??\c:\llfxllx.exec:\llfxllx.exe55⤵
- Executes dropped EXE
-
\??\c:\fxffflr.exec:\fxffflr.exe56⤵
- Executes dropped EXE
-
\??\c:\bhhttn.exec:\bhhttn.exe57⤵
- Executes dropped EXE
-
\??\c:\pvjvd.exec:\pvjvd.exe58⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe59⤵
- Executes dropped EXE
-
\??\c:\xxrflxl.exec:\xxrflxl.exe60⤵
- Executes dropped EXE
-
\??\c:\7xllrxf.exec:\7xllrxf.exe61⤵
- Executes dropped EXE
-
\??\c:\3hnnhh.exec:\3hnnhh.exe62⤵
- Executes dropped EXE
-
\??\c:\tttnnt.exec:\tttnnt.exe63⤵
- Executes dropped EXE
-
\??\c:\lfxrffx.exec:\lfxrffx.exe64⤵
- Executes dropped EXE
-
\??\c:\1bhhhn.exec:\1bhhhn.exe65⤵
- Executes dropped EXE
-
\??\c:\bhbhtn.exec:\bhbhtn.exe66⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe67⤵
-
\??\c:\pjpdd.exec:\pjpdd.exe68⤵
-
\??\c:\xxllrxf.exec:\xxllrxf.exe69⤵
-
\??\c:\lrlrrlr.exec:\lrlrrlr.exe70⤵
-
\??\c:\ttnttn.exec:\ttnttn.exe71⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe72⤵
-
\??\c:\3vvvj.exec:\3vvvj.exe73⤵
-
\??\c:\lfxrlfr.exec:\lfxrlfr.exe74⤵
-
\??\c:\thttbt.exec:\thttbt.exe75⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe76⤵
-
\??\c:\rllxlff.exec:\rllxlff.exe77⤵
-
\??\c:\fflrrxr.exec:\fflrrxr.exe78⤵
-
\??\c:\bbhntt.exec:\bbhntt.exe79⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe80⤵
-
\??\c:\pdddv.exec:\pdddv.exe81⤵
-
\??\c:\pjppp.exec:\pjppp.exe82⤵
-
\??\c:\1rxrffl.exec:\1rxrffl.exe83⤵
-
\??\c:\rxrlllx.exec:\rxrlllx.exe84⤵
-
\??\c:\hnhbbb.exec:\hnhbbb.exe85⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe86⤵
-
\??\c:\vpddv.exec:\vpddv.exe87⤵
-
\??\c:\rrfffxr.exec:\rrfffxr.exe88⤵
-
\??\c:\xrfxxfx.exec:\xrfxxfx.exe89⤵
-
\??\c:\9bnntb.exec:\9bnntb.exe90⤵
-
\??\c:\1bnhtt.exec:\1bnhtt.exe91⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe92⤵
-
\??\c:\3jpjd.exec:\3jpjd.exe93⤵
-
\??\c:\fxfxrlf.exec:\fxfxrlf.exe94⤵
-
\??\c:\rllxfrx.exec:\rllxfrx.exe95⤵
-
\??\c:\7hnhhh.exec:\7hnhhh.exe96⤵
-
\??\c:\hbtbtn.exec:\hbtbtn.exe97⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe98⤵
-
\??\c:\lxfxxrx.exec:\lxfxxrx.exe99⤵
-
\??\c:\frxffff.exec:\frxffff.exe100⤵
-
\??\c:\nbhnnn.exec:\nbhnnn.exe101⤵
-
\??\c:\thbhbh.exec:\thbhbh.exe102⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe103⤵
-
\??\c:\vdjpp.exec:\vdjpp.exe104⤵
-
\??\c:\5flflll.exec:\5flflll.exe105⤵
-
\??\c:\tnntnn.exec:\tnntnn.exe106⤵
-
\??\c:\bttntt.exec:\bttntt.exe107⤵
-
\??\c:\vjjvj.exec:\vjjvj.exe108⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe109⤵
-
\??\c:\lrxrlfx.exec:\lrxrlfx.exe110⤵
-
\??\c:\rffxlfx.exec:\rffxlfx.exe111⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe112⤵
-
\??\c:\3bhtnn.exec:\3bhtnn.exe113⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe114⤵
-
\??\c:\ffrrfxl.exec:\ffrrfxl.exe115⤵
-
\??\c:\xlllfff.exec:\xlllfff.exe116⤵
-
\??\c:\5nhhhh.exec:\5nhhhh.exe117⤵
-
\??\c:\nntthh.exec:\nntthh.exe118⤵
-
\??\c:\1pvvp.exec:\1pvvp.exe119⤵
-
\??\c:\3rfxlfl.exec:\3rfxlfl.exe120⤵
-
\??\c:\rxfrxrx.exec:\rxfrxrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-