Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
01/06/2024, 01:27
General
-
Target
a43dc91b3beb7bf3275cdad059683b1bd2a1d9202529f4f9446f02da719af054.exe
-
Size
383KB
-
MD5
45c6ee5c01e868751da11a2f72e69999
-
SHA1
439d36161743dbe12eab1aca8c857a4e3fff362e
-
SHA256
a43dc91b3beb7bf3275cdad059683b1bd2a1d9202529f4f9446f02da719af054
-
SHA512
2b9ce2c036bf50e00de39678016cffdf281b727d5d66aa147bafcee9259754b6a30f7f3a400639dde0942054d063572991a6da8d2357d0a1dbc2be065d421895
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp99zm+/KZBHqL3yeHmlwe+axBcot39vUDbYhzod03:n3C9BRo7tvnJ99T/KZEL3c5BTkPXKpv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
UPX dump on OEP (original entry point) 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a43dc91b3beb7bf3275cdad059683b1bd2a1d9202529f4f9446f02da719af054.exe"C:\Users\Admin\AppData\Local\Temp\a43dc91b3beb7bf3275cdad059683b1bd2a1d9202529f4f9446f02da719af054.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvj.exec:\vjdvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrllr.exec:\xxrrllr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtnn.exec:\bthtnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvp.exec:\vjjvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5frlfff.exec:\5frlfff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnnn.exec:\nnnnnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddv.exec:\vvddv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpdp.exec:\vdpdp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxxxr.exec:\xrfxxxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhbb.exec:\thnhbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtnn.exec:\ttbtnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxxxx.exec:\frfxxxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtnhh.exec:\bhtnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrxrf.exec:\rlxrxrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbhnn.exec:\bhbhnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlffff.exec:\rrlffff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbht.exec:\hbbbht.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvp.exec:\dpdvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxlfl.exec:\xlfxlfl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvpj.exec:\5vvpj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddd.exec:\pjddd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxxl.exec:\lflfxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\lxxxxrl.exec:\lxxxxrl.exe24⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe25⤵
- Executes dropped EXE
-
\??\c:\lfllflx.exec:\lfllflx.exe26⤵
- Executes dropped EXE
-
\??\c:\vjdvp.exec:\vjdvp.exe27⤵
- Executes dropped EXE
-
\??\c:\lrrxlxl.exec:\lrrxlxl.exe28⤵
- Executes dropped EXE
-
\??\c:\hhnnhb.exec:\hhnnhb.exe29⤵
- Executes dropped EXE
-
\??\c:\hbbbbh.exec:\hbbbbh.exe30⤵
- Executes dropped EXE
-
\??\c:\xrxrrfx.exec:\xrxrrfx.exe31⤵
- Executes dropped EXE
-
\??\c:\ppvpd.exec:\ppvpd.exe32⤵
- Executes dropped EXE
-
\??\c:\flxrlff.exec:\flxrlff.exe33⤵
- Executes dropped EXE
-
\??\c:\hnbhbt.exec:\hnbhbt.exe34⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe35⤵
- Executes dropped EXE
-
\??\c:\xrffrrr.exec:\xrffrrr.exe36⤵
- Executes dropped EXE
-
\??\c:\hbttbh.exec:\hbttbh.exe37⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe38⤵
- Executes dropped EXE
-
\??\c:\9lrfxxr.exec:\9lrfxxr.exe39⤵
- Executes dropped EXE
-
\??\c:\bntnbt.exec:\bntnbt.exe40⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe41⤵
- Executes dropped EXE
-
\??\c:\llrrlll.exec:\llrrlll.exe42⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe43⤵
- Executes dropped EXE
-
\??\c:\lxrflrf.exec:\lxrflrf.exe44⤵
- Executes dropped EXE
-
\??\c:\llfxlrf.exec:\llfxlrf.exe45⤵
- Executes dropped EXE
-
\??\c:\ntbnhh.exec:\ntbnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe47⤵
- Executes dropped EXE
-
\??\c:\frrrllf.exec:\frrrllf.exe48⤵
- Executes dropped EXE
-
\??\c:\1ntnhn.exec:\1ntnhn.exe49⤵
- Executes dropped EXE
-
\??\c:\vjddp.exec:\vjddp.exe50⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe51⤵
- Executes dropped EXE
-
\??\c:\xlfllff.exec:\xlfllff.exe52⤵
- Executes dropped EXE
-
\??\c:\nnbtnn.exec:\nnbtnn.exe53⤵
- Executes dropped EXE
-
\??\c:\bhnnhn.exec:\bhnnhn.exe54⤵
- Executes dropped EXE
-
\??\c:\xrxlffr.exec:\xrxlffr.exe55⤵
- Executes dropped EXE
-
\??\c:\hbhhhb.exec:\hbhhhb.exe56⤵
- Executes dropped EXE
-
\??\c:\5lrlxxx.exec:\5lrlxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\3xxxxxr.exec:\3xxxxxr.exe58⤵
- Executes dropped EXE
-
\??\c:\9bhtnb.exec:\9bhtnb.exe59⤵
- Executes dropped EXE
-
\??\c:\vdvpd.exec:\vdvpd.exe60⤵
- Executes dropped EXE
-
\??\c:\9llxxxr.exec:\9llxxxr.exe61⤵
- Executes dropped EXE
-
\??\c:\bthhhh.exec:\bthhhh.exe62⤵
- Executes dropped EXE
-
\??\c:\1jjpd.exec:\1jjpd.exe63⤵
- Executes dropped EXE
-
\??\c:\lffxxll.exec:\lffxxll.exe64⤵
- Executes dropped EXE
-
\??\c:\5rrrffr.exec:\5rrrffr.exe65⤵
- Executes dropped EXE
-
\??\c:\htbhbb.exec:\htbhbb.exe66⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe67⤵
-
\??\c:\ffrllll.exec:\ffrllll.exe68⤵
-
\??\c:\nbhbtn.exec:\nbhbtn.exe69⤵
-
\??\c:\pdjvd.exec:\pdjvd.exe70⤵
-
\??\c:\lxlffff.exec:\lxlffff.exe71⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe72⤵
-
\??\c:\7djjd.exec:\7djjd.exe73⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe74⤵
-
\??\c:\fxffxxf.exec:\fxffxxf.exe75⤵
-
\??\c:\9nnnhn.exec:\9nnnhn.exe76⤵
-
\??\c:\pjppp.exec:\pjppp.exe77⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe78⤵
-
\??\c:\rlrlllf.exec:\rlrlllf.exe79⤵
-
\??\c:\5ntnhh.exec:\5ntnhh.exe80⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe81⤵
-
\??\c:\9vpjd.exec:\9vpjd.exe82⤵
-
\??\c:\xlrllfx.exec:\xlrllfx.exe83⤵
-
\??\c:\hbtnbt.exec:\hbtnbt.exe84⤵
-
\??\c:\bbtnht.exec:\bbtnht.exe85⤵
-
\??\c:\jjppj.exec:\jjppj.exe86⤵
-
\??\c:\5rffxfx.exec:\5rffxfx.exe87⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe88⤵
-
\??\c:\bhnnbb.exec:\bhnnbb.exe89⤵
-
\??\c:\vpvjv.exec:\vpvjv.exe90⤵
-
\??\c:\jvdjp.exec:\jvdjp.exe91⤵
-
\??\c:\xrxrxxx.exec:\xrxrxxx.exe92⤵
-
\??\c:\bbbbtb.exec:\bbbbtb.exe93⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe94⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe95⤵
-
\??\c:\llllxxr.exec:\llllxxr.exe96⤵
-
\??\c:\tbntnn.exec:\tbntnn.exe97⤵
-
\??\c:\tbnnhb.exec:\tbnnhb.exe98⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe99⤵
-
\??\c:\5rlrllf.exec:\5rlrllf.exe100⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe101⤵
-
\??\c:\vpvjp.exec:\vpvjp.exe102⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe103⤵
-
\??\c:\rrlfrlx.exec:\rrlfrlx.exe104⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe105⤵
-
\??\c:\5bhhbh.exec:\5bhhbh.exe106⤵
-
\??\c:\lllffxx.exec:\lllffxx.exe107⤵
-
\??\c:\thtnhh.exec:\thtnhh.exe108⤵
-
\??\c:\dppjd.exec:\dppjd.exe109⤵
-
\??\c:\lrllxrf.exec:\lrllxrf.exe110⤵
-
\??\c:\fxxrlfr.exec:\fxxrlfr.exe111⤵
-
\??\c:\htbnhb.exec:\htbnhb.exe112⤵
-
\??\c:\5jjjp.exec:\5jjjp.exe113⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe114⤵
-
\??\c:\lrrxxff.exec:\lrrxxff.exe115⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe116⤵
-
\??\c:\bbbtbb.exec:\bbbtbb.exe117⤵
-
\??\c:\1djjj.exec:\1djjj.exe118⤵
-
\??\c:\frrrrxf.exec:\frrrrxf.exe119⤵
-
\??\c:\5nbtnt.exec:\5nbtnt.exe120⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-