Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
05/06/2024, 00:48
General
-
Target
98939571c92ac1ef54b0a2254b0ca4668489d7974b9fd96e6c26a1e86fcb69ed.exe
-
Size
92KB
-
MD5
01fbb3c604ed878c2bddff0ec99f709c
-
SHA1
3edabe63bd0ad047fc58d0503eda33b646f7fdcc
-
SHA256
98939571c92ac1ef54b0a2254b0ca4668489d7974b9fd96e6c26a1e86fcb69ed
-
SHA512
068c0c977a0e304e6af0a5b45c146c6fa59abbe8ae622f6e975c3db972ca8c14de38c19f420f6de6dec1a8c34c07154f8327e757a6c087637f1182210d89a828
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIQIDyviFxx2hCtgIMLP9rBZaRBi:ymb3NkkiQ3mdBjFIVLd2hWZGreRCUlba
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
UPX dump on OEP (original entry point) 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\98939571c92ac1ef54b0a2254b0ca4668489d7974b9fd96e6c26a1e86fcb69ed.exe"C:\Users\Admin\AppData\Local\Temp\98939571c92ac1ef54b0a2254b0ca4668489d7974b9fd96e6c26a1e86fcb69ed.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfrxr.exec:\fllfrxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnth.exec:\bntnth.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvv.exec:\dvvvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflflff.exec:\fflflff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbhh.exec:\btnbhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdd.exec:\vdjdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxffl.exec:\xrfxffl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthttn.exec:\bthttn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrxrlr.exec:\llrxrlr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxrlf.exec:\rxfxrlf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhhh.exec:\bhnhhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvp.exec:\vpvvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrlxll.exec:\7xrlxll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhbh.exec:\ttnhbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpd.exec:\jddpd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppv.exec:\pdppv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlfxxx.exec:\lrlfxxx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhbt.exec:\htnhbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjvd.exec:\1jjvd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vpdj.exec:\3vpdj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlxxl.exec:\lfrlxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\htnhnh.exec:\htnhnh.exe24⤵
- Executes dropped EXE
-
\??\c:\hhbthb.exec:\hhbthb.exe25⤵
- Executes dropped EXE
-
\??\c:\1vpjv.exec:\1vpjv.exe26⤵
- Executes dropped EXE
-
\??\c:\frfxfxr.exec:\frfxfxr.exe27⤵
- Executes dropped EXE
-
\??\c:\frrlflx.exec:\frrlflx.exe28⤵
- Executes dropped EXE
-
\??\c:\htnbnh.exec:\htnbnh.exe29⤵
- Executes dropped EXE
-
\??\c:\ntnhtn.exec:\ntnhtn.exe30⤵
- Executes dropped EXE
-
\??\c:\pvpdv.exec:\pvpdv.exe31⤵
- Executes dropped EXE
-
\??\c:\dpjvd.exec:\dpjvd.exe32⤵
- Executes dropped EXE
-
\??\c:\fxrxffl.exec:\fxrxffl.exe33⤵
- Executes dropped EXE
-
\??\c:\tnthtn.exec:\tnthtn.exe34⤵
- Executes dropped EXE
-
\??\c:\vjdpd.exec:\vjdpd.exe35⤵
- Executes dropped EXE
-
\??\c:\rxrlfxl.exec:\rxrlfxl.exe36⤵
- Executes dropped EXE
-
\??\c:\rxxllfr.exec:\rxxllfr.exe37⤵
- Executes dropped EXE
-
\??\c:\1bbthb.exec:\1bbthb.exe38⤵
- Executes dropped EXE
-
\??\c:\hhhtht.exec:\hhhtht.exe39⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe40⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe41⤵
- Executes dropped EXE
-
\??\c:\flfrxrf.exec:\flfrxrf.exe42⤵
- Executes dropped EXE
-
\??\c:\htnhtn.exec:\htnhtn.exe43⤵
- Executes dropped EXE
-
\??\c:\tntnnh.exec:\tntnnh.exe44⤵
- Executes dropped EXE
-
\??\c:\nththt.exec:\nththt.exe45⤵
- Executes dropped EXE
-
\??\c:\9djjp.exec:\9djjp.exe46⤵
- Executes dropped EXE
-
\??\c:\jddjp.exec:\jddjp.exe47⤵
- Executes dropped EXE
-
\??\c:\lffrxrl.exec:\lffrxrl.exe48⤵
- Executes dropped EXE
-
\??\c:\hhhhbt.exec:\hhhhbt.exe49⤵
- Executes dropped EXE
-
\??\c:\nhbnbt.exec:\nhbnbt.exe50⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe51⤵
- Executes dropped EXE
-
\??\c:\rffxfxr.exec:\rffxfxr.exe52⤵
- Executes dropped EXE
-
\??\c:\lfxrllf.exec:\lfxrllf.exe53⤵
- Executes dropped EXE
-
\??\c:\nhhthn.exec:\nhhthn.exe54⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe55⤵
- Executes dropped EXE
-
\??\c:\rrlxlll.exec:\rrlxlll.exe56⤵
- Executes dropped EXE
-
\??\c:\lfxrfxr.exec:\lfxrfxr.exe57⤵
- Executes dropped EXE
-
\??\c:\thtbbt.exec:\thtbbt.exe58⤵
- Executes dropped EXE
-
\??\c:\hhtbnh.exec:\hhtbnh.exe59⤵
- Executes dropped EXE
-
\??\c:\7pdvj.exec:\7pdvj.exe60⤵
- Executes dropped EXE
-
\??\c:\frxrrlf.exec:\frxrrlf.exe61⤵
- Executes dropped EXE
-
\??\c:\xrlfxlf.exec:\xrlfxlf.exe62⤵
- Executes dropped EXE
-
\??\c:\7hbnbt.exec:\7hbnbt.exe63⤵
- Executes dropped EXE
-
\??\c:\5bthnn.exec:\5bthnn.exe64⤵
- Executes dropped EXE
-
\??\c:\5ntnhb.exec:\5ntnhb.exe65⤵
- Executes dropped EXE
-
\??\c:\ddvpd.exec:\ddvpd.exe66⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe67⤵
-
\??\c:\rlflrxf.exec:\rlflrxf.exe68⤵
-
\??\c:\xlfxlxr.exec:\xlfxlxr.exe69⤵
-
\??\c:\tbnttt.exec:\tbnttt.exe70⤵
-
\??\c:\ppvjv.exec:\ppvjv.exe71⤵
-
\??\c:\rxlxfxr.exec:\rxlxfxr.exe72⤵
-
\??\c:\xllxrlx.exec:\xllxrlx.exe73⤵
-
\??\c:\btthbt.exec:\btthbt.exe74⤵
-
\??\c:\tthnnt.exec:\tthnnt.exe75⤵
-
\??\c:\jpjvd.exec:\jpjvd.exe76⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe77⤵
-
\??\c:\xrlfrlx.exec:\xrlfrlx.exe78⤵
-
\??\c:\tnbbbn.exec:\tnbbbn.exe79⤵
-
\??\c:\htthtn.exec:\htthtn.exe80⤵
-
\??\c:\pvdpd.exec:\pvdpd.exe81⤵
-
\??\c:\5ddpd.exec:\5ddpd.exe82⤵
-
\??\c:\1xxrfxl.exec:\1xxrfxl.exe83⤵
-
\??\c:\tnhtnh.exec:\tnhtnh.exe84⤵
-
\??\c:\7ntntn.exec:\7ntntn.exe85⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe86⤵
-
\??\c:\fflfrfx.exec:\fflfrfx.exe87⤵
-
\??\c:\hhhhnt.exec:\hhhhnt.exe88⤵
-
\??\c:\tbbthb.exec:\tbbthb.exe89⤵
-
\??\c:\pdppp.exec:\pdppp.exe90⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe91⤵
-
\??\c:\xlrlxrl.exec:\xlrlxrl.exe92⤵
-
\??\c:\xlfrfxl.exec:\xlfrfxl.exe93⤵
-
\??\c:\nbtntb.exec:\nbtntb.exe94⤵
-
\??\c:\5pdvj.exec:\5pdvj.exe95⤵
-
\??\c:\llfrflx.exec:\llfrflx.exe96⤵
-
\??\c:\9ffrfxl.exec:\9ffrfxl.exe97⤵
-
\??\c:\nbnbth.exec:\nbnbth.exe98⤵
-
\??\c:\thbtnt.exec:\thbtnt.exe99⤵
-
\??\c:\7djdj.exec:\7djdj.exe100⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe101⤵
-
\??\c:\lfrxfrx.exec:\lfrxfrx.exe102⤵
-
\??\c:\rlfxllf.exec:\rlfxllf.exe103⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe104⤵
-
\??\c:\5thhht.exec:\5thhht.exe105⤵
-
\??\c:\7jdvj.exec:\7jdvj.exe106⤵
-
\??\c:\7pvjd.exec:\7pvjd.exe107⤵
-
\??\c:\xllxxrf.exec:\xllxxrf.exe108⤵
-
\??\c:\lffxffl.exec:\lffxffl.exe109⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe110⤵
-
\??\c:\bnnbbb.exec:\bnnbbb.exe111⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe112⤵
-
\??\c:\rrllfxx.exec:\rrllfxx.exe113⤵
-
\??\c:\llxxxrx.exec:\llxxxrx.exe114⤵
-
\??\c:\rlffxxx.exec:\rlffxxx.exe115⤵
-
\??\c:\7hbbbt.exec:\7hbbbt.exe116⤵
-
\??\c:\pddvj.exec:\pddvj.exe117⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe118⤵
-
\??\c:\rffxlll.exec:\rffxlll.exe119⤵
-
\??\c:\xxfffff.exec:\xxfffff.exe120⤵
-
\??\c:\3tnnbb.exec:\3tnnbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-