Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
04/06/2024, 00:53
General
-
Target
9f93a58d3dc257f8529a228814bd78f008e5577567b13ae9268ff4ca94d7adde.exe
-
Size
78KB
-
MD5
8e380aaa624d1485e3c6c4b598fec408
-
SHA1
3be3eb4b716930567c597d1fe6f8eb9003000222
-
SHA256
9f93a58d3dc257f8529a228814bd78f008e5577567b13ae9268ff4ca94d7adde
-
SHA512
9751dbe1646640b46f30c28e40a0d4e395f38bda492ad4cdc70b3f51fe4592a6bcb52370d23563a8de4e3aa598858e05ba5505f1519c73ce8a6f9c7d05a3c317
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAX8YieVIJclPvPJtcdc1:ymb3NkkiQ3mdBjFo68YBVIJc9Jtx1
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9f93a58d3dc257f8529a228814bd78f008e5577567b13ae9268ff4ca94d7adde.exe"C:\Users\Admin\AppData\Local\Temp\9f93a58d3dc257f8529a228814bd78f008e5577567b13ae9268ff4ca94d7adde.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxxfl.exec:\rxxxxfl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttbbh.exec:\nttbbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllffl.exec:\lfllffl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhnn.exec:\bbhhnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjp.exec:\jjdjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrrrl.exec:\rffrrrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbnnn.exec:\hhbnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdd.exec:\vjjdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrllf.exec:\lfxrllf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnntb.exec:\ntnntb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddv.exec:\ddddv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflfrl.exec:\lfflfrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhhnt.exec:\bhhhnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnntb.exec:\bnnntb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jpjj.exec:\7jpjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djdd.exec:\7djdd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxxr.exec:\lflfxxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbttt.exec:\btbttt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvp.exec:\jdpvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjj.exec:\vjjjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlrrx.exec:\llrlrrx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbtbn.exec:\tbbtbn.exe23⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe24⤵
- Executes dropped EXE
-
\??\c:\llxrfff.exec:\llxrfff.exe25⤵
- Executes dropped EXE
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe26⤵
- Executes dropped EXE
-
\??\c:\btnnhh.exec:\btnnhh.exe27⤵
- Executes dropped EXE
-
\??\c:\pjjvp.exec:\pjjvp.exe28⤵
- Executes dropped EXE
-
\??\c:\3rlfrrr.exec:\3rlfrrr.exe29⤵
- Executes dropped EXE
-
\??\c:\rrffllx.exec:\rrffllx.exe30⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe31⤵
- Executes dropped EXE
-
\??\c:\ffrxfll.exec:\ffrxfll.exe32⤵
- Executes dropped EXE
-
\??\c:\btbnnn.exec:\btbnnn.exe33⤵
- Executes dropped EXE
-
\??\c:\9jddd.exec:\9jddd.exe34⤵
- Executes dropped EXE
-
\??\c:\jdddp.exec:\jdddp.exe35⤵
- Executes dropped EXE
-
\??\c:\lllffff.exec:\lllffff.exe36⤵
- Executes dropped EXE
-
\??\c:\nbhhnn.exec:\nbhhnn.exe37⤵
- Executes dropped EXE
-
\??\c:\nhhhhh.exec:\nhhhhh.exe38⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe39⤵
- Executes dropped EXE
-
\??\c:\rfxxffl.exec:\rfxxffl.exe40⤵
- Executes dropped EXE
-
\??\c:\xxlrffx.exec:\xxlrffx.exe41⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe42⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe43⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe44⤵
- Executes dropped EXE
-
\??\c:\rrfxrrr.exec:\rrfxrrr.exe45⤵
- Executes dropped EXE
-
\??\c:\thhhtt.exec:\thhhtt.exe46⤵
- Executes dropped EXE
-
\??\c:\tnnnhh.exec:\tnnnhh.exe47⤵
- Executes dropped EXE
-
\??\c:\djjjv.exec:\djjjv.exe48⤵
- Executes dropped EXE
-
\??\c:\lrrrlff.exec:\lrrrlff.exe49⤵
- Executes dropped EXE
-
\??\c:\xflllll.exec:\xflllll.exe50⤵
- Executes dropped EXE
-
\??\c:\bbbttn.exec:\bbbttn.exe51⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe52⤵
- Executes dropped EXE
-
\??\c:\9htnnb.exec:\9htnnb.exe53⤵
- Executes dropped EXE
-
\??\c:\bbthtt.exec:\bbthtt.exe54⤵
- Executes dropped EXE
-
\??\c:\vvjdv.exec:\vvjdv.exe55⤵
- Executes dropped EXE
-
\??\c:\jjpjv.exec:\jjpjv.exe56⤵
- Executes dropped EXE
-
\??\c:\lflffff.exec:\lflffff.exe57⤵
- Executes dropped EXE
-
\??\c:\nhnhnh.exec:\nhnhnh.exe58⤵
- Executes dropped EXE
-
\??\c:\jjvvv.exec:\jjvvv.exe59⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe60⤵
- Executes dropped EXE
-
\??\c:\rfffxrr.exec:\rfffxrr.exe61⤵
- Executes dropped EXE
-
\??\c:\1ttnnn.exec:\1ttnnn.exe62⤵
- Executes dropped EXE
-
\??\c:\5ttnhh.exec:\5ttnhh.exe63⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe64⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe65⤵
- Executes dropped EXE
-
\??\c:\nthnnn.exec:\nthnnn.exe66⤵
-
\??\c:\pvjpj.exec:\pvjpj.exe67⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe68⤵
-
\??\c:\flfrxxr.exec:\flfrxxr.exe69⤵
-
\??\c:\hhtnhn.exec:\hhtnhn.exe70⤵
-
\??\c:\7djjd.exec:\7djjd.exe71⤵
-
\??\c:\rrrrlrr.exec:\rrrrlrr.exe72⤵
-
\??\c:\bthnnn.exec:\bthnnn.exe73⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe74⤵
-
\??\c:\dppvv.exec:\dppvv.exe75⤵
-
\??\c:\rxrllrx.exec:\rxrllrx.exe76⤵
-
\??\c:\nthhbn.exec:\nthhbn.exe77⤵
-
\??\c:\jdddd.exec:\jdddd.exe78⤵
-
\??\c:\llfrffr.exec:\llfrffr.exe79⤵
-
\??\c:\bbhhnb.exec:\bbhhnb.exe80⤵
-
\??\c:\hhnbnt.exec:\hhnbnt.exe81⤵
-
\??\c:\pvppj.exec:\pvppj.exe82⤵
-
\??\c:\fllfxxx.exec:\fllfxxx.exe83⤵
-
\??\c:\tntntt.exec:\tntntt.exe84⤵
-
\??\c:\tthhhh.exec:\tthhhh.exe85⤵
-
\??\c:\dpdpv.exec:\dpdpv.exe86⤵
-
\??\c:\jpjpp.exec:\jpjpp.exe87⤵
-
\??\c:\xfxllfx.exec:\xfxllfx.exe88⤵
-
\??\c:\btbbbh.exec:\btbbbh.exe89⤵
-
\??\c:\tthhnt.exec:\tthhnt.exe90⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe91⤵
-
\??\c:\dvddv.exec:\dvddv.exe92⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe93⤵
-
\??\c:\frxrlll.exec:\frxrlll.exe94⤵
-
\??\c:\rfflffx.exec:\rfflffx.exe95⤵
-
\??\c:\bbtnhn.exec:\bbtnhn.exe96⤵
-
\??\c:\ntnnnn.exec:\ntnnnn.exe97⤵
-
\??\c:\dpppd.exec:\dpppd.exe98⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe99⤵
-
\??\c:\1ffffff.exec:\1ffffff.exe100⤵
-
\??\c:\lrfffrr.exec:\lrfffrr.exe101⤵
-
\??\c:\rlfrxrl.exec:\rlfrxrl.exe102⤵
-
\??\c:\1thhhh.exec:\1thhhh.exe103⤵
-
\??\c:\9hnbtb.exec:\9hnbtb.exe104⤵
-
\??\c:\vpddv.exec:\vpddv.exe105⤵
-
\??\c:\jvddv.exec:\jvddv.exe106⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe107⤵
-
\??\c:\rlllfff.exec:\rlllfff.exe108⤵
-
\??\c:\bhtbhn.exec:\bhtbhn.exe109⤵
-
\??\c:\3nnhbb.exec:\3nnhbb.exe110⤵
-
\??\c:\9pdpd.exec:\9pdpd.exe111⤵
-
\??\c:\7dpvp.exec:\7dpvp.exe112⤵
-
\??\c:\frxlxff.exec:\frxlxff.exe113⤵
-
\??\c:\rffxlxf.exec:\rffxlxf.exe114⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe115⤵
-
\??\c:\tbbhhn.exec:\tbbhhn.exe116⤵
-
\??\c:\3ppjj.exec:\3ppjj.exe117⤵
-
\??\c:\jvddp.exec:\jvddp.exe118⤵
-
\??\c:\1nnnhh.exec:\1nnnhh.exe119⤵
-
\??\c:\7jpjd.exec:\7jpjd.exe120⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-