Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
26/05/2024, 02:36
General
-
Target
c18c11fc5c178ce0990eebc4d01c04a37d50dfa3d8f4605ee70574414fd4ec7d.exe
-
Size
82KB
-
MD5
2202d448ecab075af478ecd25a206973
-
SHA1
2446152ac46786d157b542bd90ab5618760d7663
-
SHA256
c18c11fc5c178ce0990eebc4d01c04a37d50dfa3d8f4605ee70574414fd4ec7d
-
SHA512
65e9e264efa8960cf8a1b4cf2d6b5875afbeea9004578bd89ba00c1662e147c1d61beb4f1d7e37bf51fa2051676c20d3dfb91b920dc02934bf34e75d7584090d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAXPfgr2hKmdbcPi2v7:ymb3NkkiQ3mdBjFo6Pfgy3dbc/7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
UPX dump on OEP (original entry point) 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c18c11fc5c178ce0990eebc4d01c04a37d50dfa3d8f4605ee70574414fd4ec7d.exe"C:\Users\Admin\AppData\Local\Temp\c18c11fc5c178ce0990eebc4d01c04a37d50dfa3d8f4605ee70574414fd4ec7d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxrxl.exec:\fxrxrxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ntbbb.exec:\3ntbbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjp.exec:\jvpjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ppjj.exec:\3ppjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtb.exec:\btbbtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbt.exec:\tnnhbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvvv.exec:\9vvvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbthh.exec:\btbthh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vddp.exec:\7vddp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrrrll.exec:\7lrrrll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbhnn.exec:\hnbhnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppp.exec:\vpppp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjj.exec:\ddjjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrrflr.exec:\5rrrflr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnbt.exec:\bthnbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppj.exec:\jpppj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhhn.exec:\bbbhhn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbbb.exec:\hbhbbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvdd.exec:\djvdd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfffrl.exec:\rrfffrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnnh.exec:\nbnnnh.exe23⤵
- Executes dropped EXE
-
\??\c:\pddpj.exec:\pddpj.exe24⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe25⤵
- Executes dropped EXE
-
\??\c:\xlxxrrl.exec:\xlxxrrl.exe26⤵
- Executes dropped EXE
-
\??\c:\ntbbbn.exec:\ntbbbn.exe27⤵
- Executes dropped EXE
-
\??\c:\btthhn.exec:\btthhn.exe28⤵
- Executes dropped EXE
-
\??\c:\9pjdv.exec:\9pjdv.exe29⤵
- Executes dropped EXE
-
\??\c:\3xxffll.exec:\3xxffll.exe30⤵
- Executes dropped EXE
-
\??\c:\7bnhbh.exec:\7bnhbh.exe31⤵
- Executes dropped EXE
-
\??\c:\frlllxf.exec:\frlllxf.exe32⤵
- Executes dropped EXE
-
\??\c:\xxxrrrr.exec:\xxxrrrr.exe33⤵
- Executes dropped EXE
-
\??\c:\tnnttt.exec:\tnnttt.exe34⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe35⤵
- Executes dropped EXE
-
\??\c:\vjdjp.exec:\vjdjp.exe36⤵
- Executes dropped EXE
-
\??\c:\xxrrrrr.exec:\xxrrrrr.exe37⤵
- Executes dropped EXE
-
\??\c:\fllrrll.exec:\fllrrll.exe38⤵
- Executes dropped EXE
-
\??\c:\llrrxxl.exec:\llrrxxl.exe39⤵
- Executes dropped EXE
-
\??\c:\9hhbnn.exec:\9hhbnn.exe40⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe41⤵
- Executes dropped EXE
-
\??\c:\ppjjp.exec:\ppjjp.exe42⤵
- Executes dropped EXE
-
\??\c:\xxxffll.exec:\xxxffll.exe43⤵
- Executes dropped EXE
-
\??\c:\nhhhnb.exec:\nhhhnb.exe44⤵
- Executes dropped EXE
-
\??\c:\1bbbtb.exec:\1bbbtb.exe45⤵
- Executes dropped EXE
-
\??\c:\5vppp.exec:\5vppp.exe46⤵
- Executes dropped EXE
-
\??\c:\lxxxxlf.exec:\lxxxxlf.exe47⤵
- Executes dropped EXE
-
\??\c:\fxxrllf.exec:\fxxrllf.exe48⤵
- Executes dropped EXE
-
\??\c:\hnnbnn.exec:\hnnbnn.exe49⤵
- Executes dropped EXE
-
\??\c:\tttnhh.exec:\tttnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\jppvv.exec:\jppvv.exe51⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe52⤵
- Executes dropped EXE
-
\??\c:\9rlfrxl.exec:\9rlfrxl.exe53⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\tntnhh.exec:\tntnhh.exe55⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe56⤵
- Executes dropped EXE
-
\??\c:\7jppj.exec:\7jppj.exe57⤵
- Executes dropped EXE
-
\??\c:\xrlfrrr.exec:\xrlfrrr.exe58⤵
- Executes dropped EXE
-
\??\c:\hthhhh.exec:\hthhhh.exe59⤵
- Executes dropped EXE
-
\??\c:\tnnhtn.exec:\tnnhtn.exe60⤵
- Executes dropped EXE
-
\??\c:\ddvjd.exec:\ddvjd.exe61⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe62⤵
- Executes dropped EXE
-
\??\c:\rxfllrx.exec:\rxfllrx.exe63⤵
- Executes dropped EXE
-
\??\c:\xxrllll.exec:\xxrllll.exe64⤵
- Executes dropped EXE
-
\??\c:\hhhhhh.exec:\hhhhhh.exe65⤵
- Executes dropped EXE
-
\??\c:\nnhhhn.exec:\nnhhhn.exe66⤵
-
\??\c:\dddvd.exec:\dddvd.exe67⤵
-
\??\c:\pppjp.exec:\pppjp.exe68⤵
-
\??\c:\lfllllx.exec:\lfllllx.exe69⤵
-
\??\c:\hthhbt.exec:\hthhbt.exe70⤵
-
\??\c:\httbbn.exec:\httbbn.exe71⤵
-
\??\c:\1vdvj.exec:\1vdvj.exe72⤵
-
\??\c:\pvjdj.exec:\pvjdj.exe73⤵
-
\??\c:\xfxxlfl.exec:\xfxxlfl.exe74⤵
-
\??\c:\rlxxlfx.exec:\rlxxlfx.exe75⤵
-
\??\c:\bbbbnh.exec:\bbbbnh.exe76⤵
-
\??\c:\3pdjp.exec:\3pdjp.exe77⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe78⤵
-
\??\c:\rflffxr.exec:\rflffxr.exe79⤵
-
\??\c:\nbnthh.exec:\nbnthh.exe80⤵
-
\??\c:\vvppj.exec:\vvppj.exe81⤵
-
\??\c:\pdddv.exec:\pdddv.exe82⤵
-
\??\c:\xxfxllr.exec:\xxfxllr.exe83⤵
-
\??\c:\xxlrrrr.exec:\xxlrrrr.exe84⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe85⤵
-
\??\c:\5hbbtb.exec:\5hbbtb.exe86⤵
-
\??\c:\7jvvj.exec:\7jvvj.exe87⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe88⤵
-
\??\c:\frlfrrl.exec:\frlfrrl.exe89⤵
-
\??\c:\xxrlrrl.exec:\xxrlrrl.exe90⤵
-
\??\c:\bnhhhh.exec:\bnhhhh.exe91⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe92⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe93⤵
-
\??\c:\fxlfrrl.exec:\fxlfrrl.exe94⤵
-
\??\c:\llrlfxx.exec:\llrlfxx.exe95⤵
-
\??\c:\5nnnhh.exec:\5nnnhh.exe96⤵
-
\??\c:\bbhnhh.exec:\bbhnhh.exe97⤵
-
\??\c:\5vdjj.exec:\5vdjj.exe98⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe99⤵
-
\??\c:\xrfffff.exec:\xrfffff.exe100⤵
-
\??\c:\7nbttn.exec:\7nbttn.exe101⤵
-
\??\c:\nttthh.exec:\nttthh.exe102⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe103⤵
-
\??\c:\frlfrlx.exec:\frlfrlx.exe104⤵
-
\??\c:\lfxxxxx.exec:\lfxxxxx.exe105⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe106⤵
-
\??\c:\nntthb.exec:\nntthb.exe107⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe108⤵
-
\??\c:\1rllffr.exec:\1rllffr.exe109⤵
-
\??\c:\llrrxlf.exec:\llrrxlf.exe110⤵
-
\??\c:\nnttnt.exec:\nnttnt.exe111⤵
-
\??\c:\hbtnhb.exec:\hbtnhb.exe112⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe113⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe114⤵
-
\??\c:\5xfffll.exec:\5xfffll.exe115⤵
-
\??\c:\xrlffff.exec:\xrlffff.exe116⤵
-
\??\c:\bnnhhh.exec:\bnnhhh.exe117⤵
-
\??\c:\3thhbh.exec:\3thhbh.exe118⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe119⤵
-
\??\c:\jvpvj.exec:\jvpvj.exe120⤵
-
\??\c:\fxxllff.exec:\fxxllff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-