Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
05/06/2024, 22:00
General
-
Target
45bbd0fcf11d155fffaecda111fb0686cbc254480c7f46ce73ad09b9992fbeb5.exe
-
Size
90KB
-
MD5
b589a7b0e66283bdb85b2a5e6354856e
-
SHA1
660a2d5c0286f1ad669c60fa81197e689e431ec6
-
SHA256
45bbd0fcf11d155fffaecda111fb0686cbc254480c7f46ce73ad09b9992fbeb5
-
SHA512
b1ee6dda13c672dde0a237f7a34a0b793c4ab796d19ec224b475b356c3be4d576caa3fade7c94a46e72d0bf743f082104f7930aae044b6e30d6610cc07a98deb
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIQIDyviFxx2hCtgIMLP9rBZaRBY:ymb3NkkiQ3mdBjFIVLd2hWZGreRCYBy5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\45bbd0fcf11d155fffaecda111fb0686cbc254480c7f46ce73ad09b9992fbeb5.exe"C:\Users\Admin\AppData\Local\Temp\45bbd0fcf11d155fffaecda111fb0686cbc254480c7f46ce73ad09b9992fbeb5.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3vddv.exec:\3vddv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrllll.exec:\lfrllll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtthh.exec:\nhtthh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnhb.exec:\nhnnhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7frlrxx.exec:\7frlrxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnhhh.exec:\5tnhhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbtnn.exec:\hnbtnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrrll.exec:\rlxrrll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxrl.exec:\xllfxrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhbb.exec:\hbhhbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpp.exec:\jdvpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjd.exec:\vdpjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxrrf.exec:\rrfxrrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhtbt.exec:\bhhtbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvp.exec:\vjdvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffxfx.exec:\fxffxfx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3httnb.exec:\3httnb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdd.exec:\pdjdd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvpj.exec:\3vvpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnhh.exec:\hnnnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbbb.exec:\bbhbbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe23⤵
- Executes dropped EXE
-
\??\c:\9ffxlll.exec:\9ffxlll.exe24⤵
- Executes dropped EXE
-
\??\c:\9bnhbh.exec:\9bnhbh.exe25⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe26⤵
- Executes dropped EXE
-
\??\c:\frrrllf.exec:\frrrllf.exe27⤵
- Executes dropped EXE
-
\??\c:\llffxrr.exec:\llffxrr.exe28⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe29⤵
- Executes dropped EXE
-
\??\c:\ttbbhb.exec:\ttbbhb.exe30⤵
- Executes dropped EXE
-
\??\c:\vddvv.exec:\vddvv.exe31⤵
- Executes dropped EXE
-
\??\c:\xxllfrr.exec:\xxllfrr.exe32⤵
- Executes dropped EXE
-
\??\c:\lfllrrx.exec:\lfllrrx.exe33⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe34⤵
- Executes dropped EXE
-
\??\c:\7djjd.exec:\7djjd.exe35⤵
- Executes dropped EXE
-
\??\c:\xflllll.exec:\xflllll.exe36⤵
- Executes dropped EXE
-
\??\c:\rlxxxxr.exec:\rlxxxxr.exe37⤵
- Executes dropped EXE
-
\??\c:\tbhhhh.exec:\tbhhhh.exe38⤵
- Executes dropped EXE
-
\??\c:\fxfrrrl.exec:\fxfrrrl.exe39⤵
- Executes dropped EXE
-
\??\c:\xxrrlrr.exec:\xxrrlrr.exe40⤵
- Executes dropped EXE
-
\??\c:\nhbttt.exec:\nhbttt.exe41⤵
- Executes dropped EXE
-
\??\c:\vvdvd.exec:\vvdvd.exe42⤵
- Executes dropped EXE
-
\??\c:\7dppj.exec:\7dppj.exe43⤵
- Executes dropped EXE
-
\??\c:\lffrlff.exec:\lffrlff.exe44⤵
- Executes dropped EXE
-
\??\c:\rrrfflx.exec:\rrrfflx.exe45⤵
- Executes dropped EXE
-
\??\c:\tbtnbh.exec:\tbtnbh.exe46⤵
- Executes dropped EXE
-
\??\c:\hnttbb.exec:\hnttbb.exe47⤵
- Executes dropped EXE
-
\??\c:\ppvvd.exec:\ppvvd.exe48⤵
- Executes dropped EXE
-
\??\c:\frlffrl.exec:\frlffrl.exe49⤵
- Executes dropped EXE
-
\??\c:\lflllll.exec:\lflllll.exe50⤵
- Executes dropped EXE
-
\??\c:\nhnttt.exec:\nhnttt.exe51⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe52⤵
- Executes dropped EXE
-
\??\c:\dpppp.exec:\dpppp.exe53⤵
- Executes dropped EXE
-
\??\c:\3lfxllx.exec:\3lfxllx.exe54⤵
- Executes dropped EXE
-
\??\c:\xflrrrr.exec:\xflrrrr.exe55⤵
- Executes dropped EXE
-
\??\c:\hthhnh.exec:\hthhnh.exe56⤵
- Executes dropped EXE
-
\??\c:\9dppj.exec:\9dppj.exe57⤵
- Executes dropped EXE
-
\??\c:\flfxxll.exec:\flfxxll.exe58⤵
- Executes dropped EXE
-
\??\c:\3bbhhh.exec:\3bbhhh.exe59⤵
- Executes dropped EXE
-
\??\c:\nttnht.exec:\nttnht.exe60⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe61⤵
- Executes dropped EXE
-
\??\c:\lrrffxr.exec:\lrrffxr.exe62⤵
- Executes dropped EXE
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe63⤵
- Executes dropped EXE
-
\??\c:\tbtttb.exec:\tbtttb.exe64⤵
- Executes dropped EXE
-
\??\c:\ppppp.exec:\ppppp.exe65⤵
- Executes dropped EXE
-
\??\c:\3rlflll.exec:\3rlflll.exe66⤵
-
\??\c:\xxrrrxx.exec:\xxrrrxx.exe67⤵
-
\??\c:\bnttth.exec:\bnttth.exe68⤵
-
\??\c:\3htnbb.exec:\3htnbb.exe69⤵
-
\??\c:\ddpvv.exec:\ddpvv.exe70⤵
-
\??\c:\7vvvv.exec:\7vvvv.exe71⤵
-
\??\c:\bhhbtn.exec:\bhhbtn.exe72⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe73⤵
-
\??\c:\pdppp.exec:\pdppp.exe74⤵
-
\??\c:\9xxfxxf.exec:\9xxfxxf.exe75⤵
-
\??\c:\llrrrrr.exec:\llrrrrr.exe76⤵
-
\??\c:\htbnnn.exec:\htbnnn.exe77⤵
-
\??\c:\bbnhnt.exec:\bbnhnt.exe78⤵
-
\??\c:\pjppj.exec:\pjppj.exe79⤵
-
\??\c:\djvpv.exec:\djvpv.exe80⤵
-
\??\c:\lxxrrrl.exec:\lxxrrrl.exe81⤵
-
\??\c:\ffrllrr.exec:\ffrllrr.exe82⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe83⤵
-
\??\c:\1bhhnn.exec:\1bhhnn.exe84⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe85⤵
-
\??\c:\7jvvv.exec:\7jvvv.exe86⤵
-
\??\c:\3rfxflr.exec:\3rfxflr.exe87⤵
-
\??\c:\7ffrrxf.exec:\7ffrrxf.exe88⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe89⤵
-
\??\c:\nnnhbt.exec:\nnnhbt.exe90⤵
-
\??\c:\1jvpp.exec:\1jvpp.exe91⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe92⤵
-
\??\c:\xrxxffl.exec:\xrxxffl.exe93⤵
-
\??\c:\lrlllrr.exec:\lrlllrr.exe94⤵
-
\??\c:\9bhhnn.exec:\9bhhnn.exe95⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe96⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe97⤵
-
\??\c:\lllffff.exec:\lllffff.exe98⤵
-
\??\c:\xrxrrll.exec:\xrxrrll.exe99⤵
-
\??\c:\bbhbbb.exec:\bbhbbb.exe100⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe101⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe102⤵
-
\??\c:\xxlrxff.exec:\xxlrxff.exe103⤵
-
\??\c:\llrrrrx.exec:\llrrrrx.exe104⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe105⤵
-
\??\c:\bnttnh.exec:\bnttnh.exe106⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe107⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe108⤵
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe109⤵
-
\??\c:\ffxxrrr.exec:\ffxxrrr.exe110⤵
-
\??\c:\nhnntb.exec:\nhnntb.exe111⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe112⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe113⤵
-
\??\c:\ffxxxfr.exec:\ffxxxfr.exe114⤵
-
\??\c:\rllrrrl.exec:\rllrrrl.exe115⤵
-
\??\c:\nnhhtt.exec:\nnhhtt.exe116⤵
-
\??\c:\nnttbb.exec:\nnttbb.exe117⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe118⤵
-
\??\c:\jpddv.exec:\jpddv.exe119⤵
-
\??\c:\tnnnnt.exec:\tnnnnt.exe120⤵
-
\??\c:\7nhhbb.exec:\7nhhbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-