Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
30/05/2024, 01:14
General
-
Target
0b00471d05fbec8dd89515394b80f290.exe
-
Size
285KB
-
MD5
0b00471d05fbec8dd89515394b80f290
-
SHA1
4aa9a985ace19b0d038111d1afde7b4234f0c54a
-
SHA256
6c41fdb38c34bf7a747ce56735724d39b0e49b359db808a41da4b08b7016e141
-
SHA512
980850f5a3daa22c203ed1e3af85e686843cee9198bf5d979b6af2684114019e145a413ee0ffa6fb8b3ab13ca2937efae0188952acdb65fa57879b671f0ef9fe
-
SSDEEP
6144:kcm4FmowdHoSphraHcpOFltH4t+IDvSXrh5g8hZTyoImg:y4wFHoS3eFp3IDvSbh5nP+oImg
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0b00471d05fbec8dd89515394b80f290.exe"C:\Users\Admin\AppData\Local\Temp\0b00471d05fbec8dd89515394b80f290.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttbh.exec:\tnttbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdj.exec:\pvjdj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrrrl.exec:\lfxrrrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnntt.exec:\bnnntt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdp.exec:\djjdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffxff.exec:\rrffxff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ttnhh.exec:\3ttnhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdd.exec:\pvjdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrlfr.exec:\xxrrlfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3btnhh.exec:\3btnhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxxxx.exec:\fffxxxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjd.exec:\vdpjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddv.exec:\pvddv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxxrl.exec:\rxfxxrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdvv.exec:\1jdvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhbh.exec:\bbhhbh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrrffl.exec:\xfrrffl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnnn.exec:\hbtnnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxrlf.exec:\xrxxrlf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbnbt.exec:\btbnbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflxfll.exec:\xflxfll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbnbt.exec:\7tbnbt.exe23⤵
- Executes dropped EXE
-
\??\c:\lxrrlll.exec:\lxrrlll.exe24⤵
- Executes dropped EXE
-
\??\c:\xflfrrr.exec:\xflfrrr.exe25⤵
- Executes dropped EXE
-
\??\c:\tnbhhh.exec:\tnbhhh.exe26⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe27⤵
- Executes dropped EXE
-
\??\c:\tbtbbh.exec:\tbtbbh.exe28⤵
- Executes dropped EXE
-
\??\c:\7pdjv.exec:\7pdjv.exe29⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe30⤵
- Executes dropped EXE
-
\??\c:\fxflxlx.exec:\fxflxlx.exe31⤵
- Executes dropped EXE
-
\??\c:\hhttbb.exec:\hhttbb.exe32⤵
- Executes dropped EXE
-
\??\c:\ntnbnh.exec:\ntnbnh.exe33⤵
- Executes dropped EXE
-
\??\c:\fxrrlrl.exec:\fxrrlrl.exe34⤵
- Executes dropped EXE
-
\??\c:\ppvvj.exec:\ppvvj.exe35⤵
- Executes dropped EXE
-
\??\c:\htbhnn.exec:\htbhnn.exe36⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe37⤵
- Executes dropped EXE
-
\??\c:\btttnh.exec:\btttnh.exe38⤵
- Executes dropped EXE
-
\??\c:\jvppv.exec:\jvppv.exe39⤵
- Executes dropped EXE
-
\??\c:\hnbttb.exec:\hnbttb.exe40⤵
- Executes dropped EXE
-
\??\c:\pvjvj.exec:\pvjvj.exe41⤵
- Executes dropped EXE
-
\??\c:\xflfrfr.exec:\xflfrfr.exe42⤵
- Executes dropped EXE
-
\??\c:\ttbhnt.exec:\ttbhnt.exe43⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe44⤵
- Executes dropped EXE
-
\??\c:\tttttb.exec:\tttttb.exe45⤵
- Executes dropped EXE
-
\??\c:\1dvpv.exec:\1dvpv.exe46⤵
- Executes dropped EXE
-
\??\c:\hhbtth.exec:\hhbtth.exe47⤵
- Executes dropped EXE
-
\??\c:\vdpdp.exec:\vdpdp.exe48⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe49⤵
- Executes dropped EXE
-
\??\c:\lfrlrrr.exec:\lfrlrrr.exe50⤵
- Executes dropped EXE
-
\??\c:\7bbbtt.exec:\7bbbtt.exe51⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe52⤵
- Executes dropped EXE
-
\??\c:\vjjjv.exec:\vjjjv.exe53⤵
- Executes dropped EXE
-
\??\c:\bbnnnn.exec:\bbnnnn.exe54⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe55⤵
- Executes dropped EXE
-
\??\c:\flfxxxx.exec:\flfxxxx.exe56⤵
- Executes dropped EXE
-
\??\c:\nttbbb.exec:\nttbbb.exe57⤵
- Executes dropped EXE
-
\??\c:\lxlxflr.exec:\lxlxflr.exe58⤵
- Executes dropped EXE
-
\??\c:\ntnbnt.exec:\ntnbnt.exe59⤵
- Executes dropped EXE
-
\??\c:\jvpjp.exec:\jvpjp.exe60⤵
- Executes dropped EXE
-
\??\c:\1bbtnn.exec:\1bbtnn.exe61⤵
- Executes dropped EXE
-
\??\c:\9ppjj.exec:\9ppjj.exe62⤵
- Executes dropped EXE
-
\??\c:\hhtbtn.exec:\hhtbtn.exe63⤵
- Executes dropped EXE
-
\??\c:\9pjjd.exec:\9pjjd.exe64⤵
- Executes dropped EXE
-
\??\c:\fxxxrfx.exec:\fxxxrfx.exe65⤵
- Executes dropped EXE
-
\??\c:\bhntnt.exec:\bhntnt.exe66⤵
-
\??\c:\lflllll.exec:\lflllll.exe67⤵
-
\??\c:\llxlfff.exec:\llxlfff.exe68⤵
-
\??\c:\bhtbht.exec:\bhtbht.exe69⤵
-
\??\c:\dddjd.exec:\dddjd.exe70⤵
-
\??\c:\rlxrlll.exec:\rlxrlll.exe71⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe72⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe73⤵
-
\??\c:\ffllrrx.exec:\ffllrrx.exe74⤵
-
\??\c:\lrrrllf.exec:\lrrrllf.exe75⤵
-
\??\c:\hhntnt.exec:\hhntnt.exe76⤵
-
\??\c:\jjppd.exec:\jjppd.exe77⤵
-
\??\c:\1xxxrff.exec:\1xxxrff.exe78⤵
-
\??\c:\hnbbtn.exec:\hnbbtn.exe79⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe80⤵
-
\??\c:\jpjpd.exec:\jpjpd.exe81⤵
-
\??\c:\lrlfrrf.exec:\lrlfrrf.exe82⤵
-
\??\c:\hthntt.exec:\hthntt.exe83⤵
-
\??\c:\vdddj.exec:\vdddj.exe84⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe85⤵
-
\??\c:\djvpv.exec:\djvpv.exe86⤵
-
\??\c:\ffflrxx.exec:\ffflrxx.exe87⤵
-
\??\c:\xrrrlrr.exec:\xrrrlrr.exe88⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe89⤵
-
\??\c:\llxrfxr.exec:\llxrfxr.exe90⤵
-
\??\c:\3flllll.exec:\3flllll.exe91⤵
-
\??\c:\nhbbbh.exec:\nhbbbh.exe92⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe93⤵
-
\??\c:\djvvv.exec:\djvvv.exe94⤵
-
\??\c:\xllrxfl.exec:\xllrxfl.exe95⤵
-
\??\c:\nbttnn.exec:\nbttnn.exe96⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe97⤵
-
\??\c:\xfrxxrr.exec:\xfrxxrr.exe98⤵
-
\??\c:\ttnbnh.exec:\ttnbnh.exe99⤵
-
\??\c:\htbtth.exec:\htbtth.exe100⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe101⤵
-
\??\c:\flxxxrf.exec:\flxxxrf.exe102⤵
-
\??\c:\xlxrlrx.exec:\xlxrlrx.exe103⤵
-
\??\c:\bbntht.exec:\bbntht.exe104⤵
-
\??\c:\jpjvp.exec:\jpjvp.exe105⤵
-
\??\c:\lfrrrrl.exec:\lfrrrrl.exe106⤵
-
\??\c:\1bnhnn.exec:\1bnhnn.exe107⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe108⤵
-
\??\c:\lxfflrl.exec:\lxfflrl.exe109⤵
-
\??\c:\5tnhhn.exec:\5tnhhn.exe110⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe111⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe112⤵
-
\??\c:\lfxxxxx.exec:\lfxxxxx.exe113⤵
-
\??\c:\nnhnbt.exec:\nnhnbt.exe114⤵
-
\??\c:\dddjd.exec:\dddjd.exe115⤵
-
\??\c:\5xxxxxr.exec:\5xxxxxr.exe116⤵
-
\??\c:\ffflxff.exec:\ffflxff.exe117⤵
-
\??\c:\5bhbbh.exec:\5bhbbh.exe118⤵
-
\??\c:\xrrrfrf.exec:\xrrrfrf.exe119⤵
-
\??\c:\9frflxl.exec:\9frflxl.exe120⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-