Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
01/06/2024, 18:47
General
-
Target
1198ab6e258aa45e004de731c9b027ed412120cad1b0f3b2d3c52e111a15c317.exe
-
Size
460KB
-
MD5
05614c8e267c7d6f56705b58d2d89b2e
-
SHA1
0e7f5fac319def89a96f1439cd749f068afc7c70
-
SHA256
1198ab6e258aa45e004de731c9b027ed412120cad1b0f3b2d3c52e111a15c317
-
SHA512
77b38f29c407e15c3bbd77bdf67c5403c3e6cb7f6d7c0e2f49c2a4d2f468fed9f47a3e4a654a411f8e58d2692046849bd384c86b18215141030627b2bc70cb70
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/TJTaYvMmr3C9BRo7tvnJ9Fywhk/Tkh:n3C9ytvn8whkbJTaFmr3C9ytvn8whkbW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
UPX dump on OEP (original entry point) 35 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1198ab6e258aa45e004de731c9b027ed412120cad1b0f3b2d3c52e111a15c317.exe"C:\Users\Admin\AppData\Local\Temp\1198ab6e258aa45e004de731c9b027ed412120cad1b0f3b2d3c52e111a15c317.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9vjdd.exec:\9vjdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbhb.exec:\bthbhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlffx.exec:\fxrlffx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrrlrl.exec:\1lrrlrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbbb.exec:\thhbbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpv.exec:\pjvpv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhbb.exec:\bnhhbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlrrx.exec:\fxrlrrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9djdj.exec:\9djdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tbttt.exec:\9tbttt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvv.exec:\vpdvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbtn.exec:\tbhbtn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dpjp.exec:\7dpjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlffx.exec:\frrlffx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlfxl.exec:\frrlfxl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvvj.exec:\1vvvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxllr.exec:\xrxxllr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbbb.exec:\tthbbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhtt.exec:\bbnhtt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddj.exec:\jvddj.exe23⤵
- Executes dropped EXE
-
\??\c:\ffrrxxf.exec:\ffrrxxf.exe24⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe25⤵
- Executes dropped EXE
-
\??\c:\fxlllff.exec:\fxlllff.exe26⤵
- Executes dropped EXE
-
\??\c:\3ttnhb.exec:\3ttnhb.exe27⤵
- Executes dropped EXE
-
\??\c:\7rffxrr.exec:\7rffxrr.exe28⤵
- Executes dropped EXE
-
\??\c:\nthhhb.exec:\nthhhb.exe29⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe30⤵
- Executes dropped EXE
-
\??\c:\5jjdd.exec:\5jjdd.exe31⤵
- Executes dropped EXE
-
\??\c:\rxrfxxx.exec:\rxrfxxx.exe32⤵
- Executes dropped EXE
-
\??\c:\7xrlxxf.exec:\7xrlxxf.exe33⤵
- Executes dropped EXE
-
\??\c:\rrlfffx.exec:\rrlfffx.exe34⤵
- Executes dropped EXE
-
\??\c:\5lrlffx.exec:\5lrlffx.exe35⤵
- Executes dropped EXE
-
\??\c:\nthhhh.exec:\nthhhh.exe36⤵
- Executes dropped EXE
-
\??\c:\jjjpj.exec:\jjjpj.exe37⤵
- Executes dropped EXE
-
\??\c:\frffffx.exec:\frffffx.exe38⤵
- Executes dropped EXE
-
\??\c:\nthhhb.exec:\nthhhb.exe39⤵
- Executes dropped EXE
-
\??\c:\vjddj.exec:\vjddj.exe40⤵
- Executes dropped EXE
-
\??\c:\dvdpp.exec:\dvdpp.exe41⤵
- Executes dropped EXE
-
\??\c:\xxfffff.exec:\xxfffff.exe42⤵
- Executes dropped EXE
-
\??\c:\nhtntt.exec:\nhtntt.exe43⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe44⤵
- Executes dropped EXE
-
\??\c:\djvvj.exec:\djvvj.exe45⤵
- Executes dropped EXE
-
\??\c:\7xfxxff.exec:\7xfxxff.exe46⤵
- Executes dropped EXE
-
\??\c:\hbtbbb.exec:\hbtbbb.exe47⤵
- Executes dropped EXE
-
\??\c:\9djdp.exec:\9djdp.exe48⤵
- Executes dropped EXE
-
\??\c:\rfrrffr.exec:\rfrrffr.exe49⤵
- Executes dropped EXE
-
\??\c:\tbhbtn.exec:\tbhbtn.exe50⤵
- Executes dropped EXE
-
\??\c:\vddvp.exec:\vddvp.exe51⤵
- Executes dropped EXE
-
\??\c:\7pvjv.exec:\7pvjv.exe52⤵
- Executes dropped EXE
-
\??\c:\llrlfxr.exec:\llrlfxr.exe53⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe54⤵
- Executes dropped EXE
-
\??\c:\jpdpp.exec:\jpdpp.exe55⤵
- Executes dropped EXE
-
\??\c:\llxrlll.exec:\llxrlll.exe56⤵
- Executes dropped EXE
-
\??\c:\ttbbhh.exec:\ttbbhh.exe57⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe58⤵
- Executes dropped EXE
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe59⤵
- Executes dropped EXE
-
\??\c:\bhnhbb.exec:\bhnhbb.exe60⤵
- Executes dropped EXE
-
\??\c:\7ddvp.exec:\7ddvp.exe61⤵
- Executes dropped EXE
-
\??\c:\xllfxxx.exec:\xllfxxx.exe62⤵
- Executes dropped EXE
-
\??\c:\btttbb.exec:\btttbb.exe63⤵
- Executes dropped EXE
-
\??\c:\bhbtnn.exec:\bhbtnn.exe64⤵
- Executes dropped EXE
-
\??\c:\jjdvv.exec:\jjdvv.exe65⤵
- Executes dropped EXE
-
\??\c:\xfllffr.exec:\xfllffr.exe66⤵
-
\??\c:\tnhhbh.exec:\tnhhbh.exe67⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe68⤵
-
\??\c:\pddjv.exec:\pddjv.exe69⤵
-
\??\c:\frfxrrl.exec:\frfxrrl.exe70⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe71⤵
-
\??\c:\5vvpd.exec:\5vvpd.exe72⤵
-
\??\c:\rfrllll.exec:\rfrllll.exe73⤵
-
\??\c:\fxxrrll.exec:\fxxrrll.exe74⤵
-
\??\c:\tnbttb.exec:\tnbttb.exe75⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe76⤵
-
\??\c:\vppdd.exec:\vppdd.exe77⤵
-
\??\c:\fffllll.exec:\fffllll.exe78⤵
-
\??\c:\tthnhh.exec:\tthnhh.exe79⤵
-
\??\c:\nnnhbt.exec:\nnnhbt.exe80⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe81⤵
-
\??\c:\xlfxrrl.exec:\xlfxrrl.exe82⤵
-
\??\c:\hbnhnh.exec:\hbnhnh.exe83⤵
-
\??\c:\5nbtnt.exec:\5nbtnt.exe84⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe85⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe86⤵
-
\??\c:\9flfxrl.exec:\9flfxrl.exe87⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe88⤵
-
\??\c:\3bbthh.exec:\3bbthh.exe89⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe90⤵
-
\??\c:\ffllfrl.exec:\ffllfrl.exe91⤵
-
\??\c:\rlxxffx.exec:\rlxxffx.exe92⤵
-
\??\c:\bttntn.exec:\bttntn.exe93⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe94⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe95⤵
-
\??\c:\rflllff.exec:\rflllff.exe96⤵
-
\??\c:\9nhhbb.exec:\9nhhbb.exe97⤵
-
\??\c:\bhthht.exec:\bhthht.exe98⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe99⤵
-
\??\c:\9fxrrrl.exec:\9fxrrrl.exe100⤵
-
\??\c:\llffxfx.exec:\llffxfx.exe101⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe102⤵
-
\??\c:\ntbhhn.exec:\ntbhhn.exe103⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe104⤵
-
\??\c:\rfllfff.exec:\rfllfff.exe105⤵
-
\??\c:\tbbbbn.exec:\tbbbbn.exe106⤵
-
\??\c:\3pdvp.exec:\3pdvp.exe107⤵
-
\??\c:\3flffff.exec:\3flffff.exe108⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe109⤵
-
\??\c:\nntnbt.exec:\nntnbt.exe110⤵
-
\??\c:\pddvv.exec:\pddvv.exe111⤵
-
\??\c:\flrrlrl.exec:\flrrlrl.exe112⤵
-
\??\c:\nntnhb.exec:\nntnhb.exe113⤵
-
\??\c:\1ppvj.exec:\1ppvj.exe114⤵
-
\??\c:\7lrlllf.exec:\7lrlllf.exe115⤵
-
\??\c:\bttttt.exec:\bttttt.exe116⤵
-
\??\c:\bhnhhb.exec:\bhnhhb.exe117⤵
-
\??\c:\pvpjj.exec:\pvpjj.exe118⤵
-
\??\c:\xrllrll.exec:\xrllrll.exe119⤵
-
\??\c:\ntbbtn.exec:\ntbbtn.exe120⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-