Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
28/05/2024, 13:44
General
-
Target
feddd86c5516e10ffa7c76158734f4a809cb3e67c42e7a737d1c0e72c8fceb3c.exe
-
Size
94KB
-
MD5
8d8b90c4e3754ad32505fc40989faaaf
-
SHA1
a95db69036b984a8e9be3a6a9d157228d2c14943
-
SHA256
feddd86c5516e10ffa7c76158734f4a809cb3e67c42e7a737d1c0e72c8fceb3c
-
SHA512
cc96e0b5743026521f49300302ee7e582e1e3034fefc709f69a3330ef3c98c815ec179e0f57e68e56c1d005b19ee891c4df19d356409b488aea42ef621180d34
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLuePjDYlR3hnjKXIQSe9oEq:ymb3NkkiQ3mdBjFoLucjDilOZhoP
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
UPX dump on OEP (original entry point) 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\feddd86c5516e10ffa7c76158734f4a809cb3e67c42e7a737d1c0e72c8fceb3c.exe"C:\Users\Admin\AppData\Local\Temp\feddd86c5516e10ffa7c76158734f4a809cb3e67c42e7a737d1c0e72c8fceb3c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxlrlx.exec:\rfxlrlx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxxlfx.exec:\1xxxlfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ttnhh.exec:\3ttnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvdp.exec:\vdvdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllrlf.exec:\rlllrlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhtht.exec:\nhhtht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppv.exec:\jpppv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9djdp.exec:\9djdp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlfxr.exec:\rxrlfxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlrrr.exec:\xxrlrrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbtnh.exec:\tbbtnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdp.exec:\jvpdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlffx.exec:\xxxlffx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnhb.exec:\tntnhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvj.exec:\pdpvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdp.exec:\pjjdp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxflffx.exec:\xxflffx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbnn.exec:\thbbnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvj.exec:\jjjvj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxlxrl.exec:\ffxlxrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtnhb.exec:\tbtnhb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhbt.exec:\tnhhbt.exe23⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe24⤵
- Executes dropped EXE
-
\??\c:\3jjdj.exec:\3jjdj.exe25⤵
- Executes dropped EXE
-
\??\c:\xxrfffx.exec:\xxrfffx.exe26⤵
- Executes dropped EXE
-
\??\c:\hhhbnh.exec:\hhhbnh.exe27⤵
- Executes dropped EXE
-
\??\c:\ddjpd.exec:\ddjpd.exe28⤵
- Executes dropped EXE
-
\??\c:\jpvdj.exec:\jpvdj.exe29⤵
- Executes dropped EXE
-
\??\c:\3rxlrlf.exec:\3rxlrlf.exe30⤵
- Executes dropped EXE
-
\??\c:\3bbnht.exec:\3bbnht.exe31⤵
- Executes dropped EXE
-
\??\c:\pjdpp.exec:\pjdpp.exe32⤵
- Executes dropped EXE
-
\??\c:\jvvdd.exec:\jvvdd.exe33⤵
- Executes dropped EXE
-
\??\c:\frxfxfx.exec:\frxfxfx.exe34⤵
- Executes dropped EXE
-
\??\c:\hnbnhh.exec:\hnbnhh.exe35⤵
- Executes dropped EXE
-
\??\c:\9pjdd.exec:\9pjdd.exe36⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe37⤵
- Executes dropped EXE
-
\??\c:\1fxlffl.exec:\1fxlffl.exe38⤵
- Executes dropped EXE
-
\??\c:\9lrfxrl.exec:\9lrfxrl.exe39⤵
- Executes dropped EXE
-
\??\c:\3hbttt.exec:\3hbttt.exe40⤵
- Executes dropped EXE
-
\??\c:\7pvjv.exec:\7pvjv.exe41⤵
- Executes dropped EXE
-
\??\c:\vdvpd.exec:\vdvpd.exe42⤵
- Executes dropped EXE
-
\??\c:\rlrllfr.exec:\rlrllfr.exe43⤵
- Executes dropped EXE
-
\??\c:\tnhbth.exec:\tnhbth.exe44⤵
- Executes dropped EXE
-
\??\c:\3hhbhn.exec:\3hhbhn.exe45⤵
- Executes dropped EXE
-
\??\c:\1jjvp.exec:\1jjvp.exe46⤵
- Executes dropped EXE
-
\??\c:\7pvjv.exec:\7pvjv.exe47⤵
- Executes dropped EXE
-
\??\c:\1flrfff.exec:\1flrfff.exe48⤵
- Executes dropped EXE
-
\??\c:\nnhbtn.exec:\nnhbtn.exe49⤵
- Executes dropped EXE
-
\??\c:\btnhtn.exec:\btnhtn.exe50⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe51⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe52⤵
- Executes dropped EXE
-
\??\c:\xxxlfrl.exec:\xxxlfrl.exe53⤵
- Executes dropped EXE
-
\??\c:\ffxrrll.exec:\ffxrrll.exe54⤵
- Executes dropped EXE
-
\??\c:\3htnhb.exec:\3htnhb.exe55⤵
- Executes dropped EXE
-
\??\c:\ttttnt.exec:\ttttnt.exe56⤵
- Executes dropped EXE
-
\??\c:\dppjp.exec:\dppjp.exe57⤵
- Executes dropped EXE
-
\??\c:\ddvjd.exec:\ddvjd.exe58⤵
- Executes dropped EXE
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe59⤵
- Executes dropped EXE
-
\??\c:\5lrlffx.exec:\5lrlffx.exe60⤵
- Executes dropped EXE
-
\??\c:\1nhhhn.exec:\1nhhhn.exe61⤵
- Executes dropped EXE
-
\??\c:\nhbnbb.exec:\nhbnbb.exe62⤵
- Executes dropped EXE
-
\??\c:\ddpjj.exec:\ddpjj.exe63⤵
- Executes dropped EXE
-
\??\c:\dvvpv.exec:\dvvpv.exe64⤵
- Executes dropped EXE
-
\??\c:\lxlffff.exec:\lxlffff.exe65⤵
- Executes dropped EXE
-
\??\c:\1hnhtn.exec:\1hnhtn.exe66⤵
-
\??\c:\bnbnbb.exec:\bnbnbb.exe67⤵
-
\??\c:\jppdv.exec:\jppdv.exe68⤵
-
\??\c:\3pvpj.exec:\3pvpj.exe69⤵
-
\??\c:\pvvpv.exec:\pvvpv.exe70⤵
-
\??\c:\flxrflr.exec:\flxrflr.exe71⤵
-
\??\c:\xlxrfxl.exec:\xlxrfxl.exe72⤵
-
\??\c:\btbtnh.exec:\btbtnh.exe73⤵
-
\??\c:\5nnnbt.exec:\5nnnbt.exe74⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe75⤵
-
\??\c:\7vvjv.exec:\7vvjv.exe76⤵
-
\??\c:\1rfxlfx.exec:\1rfxlfx.exe77⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe78⤵
-
\??\c:\1thtnn.exec:\1thtnn.exe79⤵
-
\??\c:\jppjv.exec:\jppjv.exe80⤵
-
\??\c:\llffrrl.exec:\llffrrl.exe81⤵
-
\??\c:\rrxrlfx.exec:\rrxrlfx.exe82⤵
-
\??\c:\bnnhhb.exec:\bnnhhb.exe83⤵
-
\??\c:\dpddj.exec:\dpddj.exe84⤵
-
\??\c:\1jddp.exec:\1jddp.exe85⤵
-
\??\c:\9ffxlxr.exec:\9ffxlxr.exe86⤵
-
\??\c:\fllllfr.exec:\fllllfr.exe87⤵
-
\??\c:\9pppj.exec:\9pppj.exe88⤵
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe89⤵
-
\??\c:\lrxrlfx.exec:\lrxrlfx.exe90⤵
-
\??\c:\3btnbt.exec:\3btnbt.exe91⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe92⤵
-
\??\c:\frxlfxx.exec:\frxlfxx.exe93⤵
-
\??\c:\bbntht.exec:\bbntht.exe94⤵
-
\??\c:\3nthtt.exec:\3nthtt.exe95⤵
-
\??\c:\jpddv.exec:\jpddv.exe96⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe97⤵
-
\??\c:\xrrxfxl.exec:\xrrxfxl.exe98⤵
-
\??\c:\5hnhhh.exec:\5hnhhh.exe99⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe100⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe101⤵
-
\??\c:\lffxxxx.exec:\lffxxxx.exe102⤵
-
\??\c:\1nbtnt.exec:\1nbtnt.exe103⤵
-
\??\c:\tntttt.exec:\tntttt.exe104⤵
-
\??\c:\jjppj.exec:\jjppj.exe105⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe106⤵
-
\??\c:\llrxxxl.exec:\llrxxxl.exe107⤵
-
\??\c:\xxflrxf.exec:\xxflrxf.exe108⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe109⤵
-
\??\c:\ttnttb.exec:\ttnttb.exe110⤵
-
\??\c:\djdjp.exec:\djdjp.exe111⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe112⤵
-
\??\c:\lrfflff.exec:\lrfflff.exe113⤵
-
\??\c:\ffxxflr.exec:\ffxxflr.exe114⤵
-
\??\c:\tbnntt.exec:\tbnntt.exe115⤵
-
\??\c:\ttnnhb.exec:\ttnnhb.exe116⤵
-
\??\c:\9jpjj.exec:\9jpjj.exe117⤵
-
\??\c:\pddvp.exec:\pddvp.exe118⤵
-
\??\c:\xfrlxxx.exec:\xfrlxxx.exe119⤵
-
\??\c:\xxffffx.exec:\xxffffx.exe120⤵
-
\??\c:\9btnnn.exec:\9btnnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-