Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
02/06/2024, 19:30
General
-
Target
1c14ddbae36b721c5e1165ac622e65731b7e756075a9168dec666ac0976007e6.exe
-
Size
96KB
-
MD5
737d4f2be92988f2cd2280e52b65a53a
-
SHA1
083778f72a64a345f9dd17be3ddb070d9b011981
-
SHA256
1c14ddbae36b721c5e1165ac622e65731b7e756075a9168dec666ac0976007e6
-
SHA512
de5fecf9abc1ac94598928069c5a9d067ce45186daac3593bfc25c2395a254dd78e22cdebb294034d815993bad72ba8b7cdb8b20f659f14e752d27f12090f0f2
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIS7/b9EUeWpEC3alBlwtn8BLnnl:ymb3NkkiQ3mdBjFIi/REUZnKlbnv9
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 34 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1c14ddbae36b721c5e1165ac622e65731b7e756075a9168dec666ac0976007e6.exe"C:\Users\Admin\AppData\Local\Temp\1c14ddbae36b721c5e1165ac622e65731b7e756075a9168dec666ac0976007e6.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7llxrlf.exec:\7llxrlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhhh.exec:\nhhhhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlfrf.exec:\xxxlfrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llfrrx.exec:\7llfrrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ttbtt.exec:\3ttbtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjd.exec:\ppjjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpj.exec:\dpvpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflrxxf.exec:\rflrxxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbtt.exec:\bttbtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbtn.exec:\hnnbtn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdd.exec:\pdjdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlfrr.exec:\xrrlfrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnbb.exec:\bbnnbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjv.exec:\pdjjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ddjv.exec:\9ddjv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlxxr.exec:\frxlxxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbbb.exec:\bhhbbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhtt.exec:\bnnhtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppp.exec:\jjppp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjpv.exec:\pvjpv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrlxxx.exec:\7lrlxxx.exe23⤵
- Executes dropped EXE
-
\??\c:\tbbbth.exec:\tbbbth.exe24⤵
- Executes dropped EXE
-
\??\c:\tbbtnt.exec:\tbbtnt.exe25⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe26⤵
- Executes dropped EXE
-
\??\c:\rlxrllf.exec:\rlxrllf.exe27⤵
- Executes dropped EXE
-
\??\c:\lxlrlxl.exec:\lxlrlxl.exe28⤵
- Executes dropped EXE
-
\??\c:\nttnhh.exec:\nttnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\bbnhnh.exec:\bbnhnh.exe30⤵
- Executes dropped EXE
-
\??\c:\pvpvd.exec:\pvpvd.exe31⤵
- Executes dropped EXE
-
\??\c:\1lxrlfx.exec:\1lxrlfx.exe32⤵
- Executes dropped EXE
-
\??\c:\llxxrrr.exec:\llxxrrr.exe33⤵
- Executes dropped EXE
-
\??\c:\9hbbtt.exec:\9hbbtt.exe34⤵
- Executes dropped EXE
-
\??\c:\tttbtn.exec:\tttbtn.exe35⤵
- Executes dropped EXE
-
\??\c:\jvjdp.exec:\jvjdp.exe36⤵
- Executes dropped EXE
-
\??\c:\flxlfxf.exec:\flxlfxf.exe37⤵
- Executes dropped EXE
-
\??\c:\fllxrfr.exec:\fllxrfr.exe38⤵
- Executes dropped EXE
-
\??\c:\tntnhh.exec:\tntnhh.exe39⤵
- Executes dropped EXE
-
\??\c:\3nthnn.exec:\3nthnn.exe40⤵
-
\??\c:\dvddj.exec:\dvddj.exe41⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe42⤵
- Executes dropped EXE
-
\??\c:\flfrxlx.exec:\flfrxlx.exe43⤵
- Executes dropped EXE
-
\??\c:\hhhtnb.exec:\hhhtnb.exe44⤵
- Executes dropped EXE
-
\??\c:\ttnntn.exec:\ttnntn.exe45⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe46⤵
- Executes dropped EXE
-
\??\c:\3jvjj.exec:\3jvjj.exe47⤵
- Executes dropped EXE
-
\??\c:\xlxrlff.exec:\xlxrlff.exe48⤵
- Executes dropped EXE
-
\??\c:\9lflllf.exec:\9lflllf.exe49⤵
- Executes dropped EXE
-
\??\c:\9bthbn.exec:\9bthbn.exe50⤵
- Executes dropped EXE
-
\??\c:\ntbttt.exec:\ntbttt.exe51⤵
- Executes dropped EXE
-
\??\c:\jdpvv.exec:\jdpvv.exe52⤵
- Executes dropped EXE
-
\??\c:\lfflrfx.exec:\lfflrfx.exe53⤵
- Executes dropped EXE
-
\??\c:\rrxrxxf.exec:\rrxrxxf.exe54⤵
- Executes dropped EXE
-
\??\c:\thtbht.exec:\thtbht.exe55⤵
- Executes dropped EXE
-
\??\c:\ttbhnt.exec:\ttbhnt.exe56⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe57⤵
- Executes dropped EXE
-
\??\c:\frxxrrr.exec:\frxxrrr.exe58⤵
- Executes dropped EXE
-
\??\c:\bnbbhn.exec:\bnbbhn.exe59⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe60⤵
- Executes dropped EXE
-
\??\c:\xxfrlff.exec:\xxfrlff.exe61⤵
- Executes dropped EXE
-
\??\c:\rflxrlx.exec:\rflxrlx.exe62⤵
- Executes dropped EXE
-
\??\c:\nbbtnh.exec:\nbbtnh.exe63⤵
- Executes dropped EXE
-
\??\c:\5pdvv.exec:\5pdvv.exe64⤵
- Executes dropped EXE
-
\??\c:\xxlrlxf.exec:\xxlrlxf.exe65⤵
- Executes dropped EXE
-
\??\c:\9htttt.exec:\9htttt.exe66⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe67⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe68⤵
-
\??\c:\7xllllr.exec:\7xllllr.exe69⤵
-
\??\c:\9bbbtb.exec:\9bbbtb.exe70⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe71⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe72⤵
-
\??\c:\fflfrfx.exec:\fflfrfx.exe73⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe74⤵
-
\??\c:\hnhntb.exec:\hnhntb.exe75⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe76⤵
-
\??\c:\lxllrff.exec:\lxllrff.exe77⤵
-
\??\c:\bbhbbh.exec:\bbhbbh.exe78⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe79⤵
-
\??\c:\llxxrxx.exec:\llxxrxx.exe80⤵
-
\??\c:\dddvv.exec:\dddvv.exe81⤵
-
\??\c:\xfxxxxr.exec:\xfxxxxr.exe82⤵
-
\??\c:\xflfxll.exec:\xflfxll.exe83⤵
-
\??\c:\tbtnhh.exec:\tbtnhh.exe84⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe85⤵
-
\??\c:\nttnth.exec:\nttnth.exe86⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe87⤵
-
\??\c:\lrxxxxx.exec:\lrxxxxx.exe88⤵
-
\??\c:\tnbbth.exec:\tnbbth.exe89⤵
-
\??\c:\7btnhh.exec:\7btnhh.exe90⤵
-
\??\c:\pjddv.exec:\pjddv.exe91⤵
-
\??\c:\lrxlrrx.exec:\lrxlrrx.exe92⤵
-
\??\c:\nntttt.exec:\nntttt.exe93⤵
-
\??\c:\jdppp.exec:\jdppp.exe94⤵
-
\??\c:\flxlxrf.exec:\flxlxrf.exe95⤵
-
\??\c:\ttttbn.exec:\ttttbn.exe96⤵
-
\??\c:\btntbb.exec:\btntbb.exe97⤵
-
\??\c:\1pvvd.exec:\1pvvd.exe98⤵
-
\??\c:\xxxllrx.exec:\xxxllrx.exe99⤵
-
\??\c:\hhthtn.exec:\hhthtn.exe100⤵
-
\??\c:\hntnhb.exec:\hntnhb.exe101⤵
-
\??\c:\pjppp.exec:\pjppp.exe102⤵
-
\??\c:\ffrxlrf.exec:\ffrxlrf.exe103⤵
-
\??\c:\5nbbbb.exec:\5nbbbb.exe104⤵
-
\??\c:\hbntbn.exec:\hbntbn.exe105⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe106⤵
-
\??\c:\dpddp.exec:\dpddp.exe107⤵
-
\??\c:\frffxll.exec:\frffxll.exe108⤵
-
\??\c:\fllllll.exec:\fllllll.exe109⤵
-
\??\c:\5hnnnt.exec:\5hnnnt.exe110⤵
-
\??\c:\hnhnbn.exec:\hnhnbn.exe111⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe112⤵
-
\??\c:\dddjj.exec:\dddjj.exe113⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe114⤵
-
\??\c:\ffxxfxf.exec:\ffxxfxf.exe115⤵
-
\??\c:\fflrxfl.exec:\fflrxfl.exe116⤵
-
\??\c:\1hhtnt.exec:\1hhtnt.exe117⤵
-
\??\c:\htbtnt.exec:\htbtnt.exe118⤵
-
\??\c:\3ddvp.exec:\3ddvp.exe119⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe120⤵
-
\??\c:\djddv.exec:\djddv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-