Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
05/06/2024, 03:39
General
-
Target
d0b51b97c1e967880e0e888f487ce66e79773812c46608f947253dd5a224c866.exe
-
Size
74KB
-
MD5
2284dd7ec980d2d6ed1f7c260c15e278
-
SHA1
fc5df705eaacf018149c10c6e23e8d436419873d
-
SHA256
d0b51b97c1e967880e0e888f487ce66e79773812c46608f947253dd5a224c866
-
SHA512
56def742d212e99d7640083cd44d33dbf1fbcb8d90975230a15cccb1ef375132f0f650f4a8c13c95d506c2cd92c2d2e0bbdb99e69498d6686f38ec708b9c45f6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDWiekja1br3GGBxfot0ioq:ymb3NkkiQ3mdBjFWXkj7afoL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 32 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d0b51b97c1e967880e0e888f487ce66e79773812c46608f947253dd5a224c866.exe"C:\Users\Admin\AppData\Local\Temp\d0b51b97c1e967880e0e888f487ce66e79773812c46608f947253dd5a224c866.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7djdd.exec:\7djdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrxlr.exec:\lflrxlr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlxrf.exec:\xrrlxrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhtnh.exec:\hbhtnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvj.exec:\djdvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1flfxrl.exec:\1flfxrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnhb.exec:\ttnnhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdd.exec:\ddjdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvv.exec:\jjdvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffxll.exec:\llffxll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nhhtn.exec:\7nhhtn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvd.exec:\pppvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpj.exec:\pddpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xfxllx.exec:\7xfxllx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthhn.exec:\hhthhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhhb.exec:\bnnhhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjd.exec:\dvdjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrlllr.exec:\1rrlllr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrlrl.exec:\xrlrlrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbtt.exec:\nhnbtt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bttnh.exec:\9bttnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvpd.exec:\7vvpd.exe23⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe24⤵
- Executes dropped EXE
-
\??\c:\rlfxfxx.exec:\rlfxfxx.exe25⤵
- Executes dropped EXE
-
\??\c:\ththht.exec:\ththht.exe26⤵
- Executes dropped EXE
-
\??\c:\hbnhbb.exec:\hbnhbb.exe27⤵
- Executes dropped EXE
-
\??\c:\3pdvp.exec:\3pdvp.exe28⤵
- Executes dropped EXE
-
\??\c:\1flrlxr.exec:\1flrlxr.exe29⤵
- Executes dropped EXE
-
\??\c:\5bthnt.exec:\5bthnt.exe30⤵
- Executes dropped EXE
-
\??\c:\tbbnbt.exec:\tbbnbt.exe31⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe32⤵
- Executes dropped EXE
-
\??\c:\dvvvj.exec:\dvvvj.exe33⤵
- Executes dropped EXE
-
\??\c:\frlfxxr.exec:\frlfxxr.exe34⤵
- Executes dropped EXE
-
\??\c:\hbbbtt.exec:\hbbbtt.exe35⤵
- Executes dropped EXE
-
\??\c:\hbthnh.exec:\hbthnh.exe36⤵
- Executes dropped EXE
-
\??\c:\3dpjp.exec:\3dpjp.exe37⤵
- Executes dropped EXE
-
\??\c:\jjddj.exec:\jjddj.exe38⤵
- Executes dropped EXE
-
\??\c:\xlflxxr.exec:\xlflxxr.exe39⤵
- Executes dropped EXE
-
\??\c:\nhtbtb.exec:\nhtbtb.exe40⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe41⤵
- Executes dropped EXE
-
\??\c:\pjjpv.exec:\pjjpv.exe42⤵
- Executes dropped EXE
-
\??\c:\fffrrfx.exec:\fffrrfx.exe43⤵
- Executes dropped EXE
-
\??\c:\frrrlff.exec:\frrrlff.exe44⤵
- Executes dropped EXE
-
\??\c:\thhbtb.exec:\thhbtb.exe45⤵
- Executes dropped EXE
-
\??\c:\btbttn.exec:\btbttn.exe46⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe47⤵
- Executes dropped EXE
-
\??\c:\lfffxxl.exec:\lfffxxl.exe48⤵
- Executes dropped EXE
-
\??\c:\lxxrrlf.exec:\lxxrrlf.exe49⤵
- Executes dropped EXE
-
\??\c:\9tttnt.exec:\9tttnt.exe50⤵
- Executes dropped EXE
-
\??\c:\nnnntn.exec:\nnnntn.exe51⤵
- Executes dropped EXE
-
\??\c:\9ppjv.exec:\9ppjv.exe52⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe53⤵
- Executes dropped EXE
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe54⤵
- Executes dropped EXE
-
\??\c:\7hhhhh.exec:\7hhhhh.exe55⤵
- Executes dropped EXE
-
\??\c:\ttbhhn.exec:\ttbhhn.exe56⤵
- Executes dropped EXE
-
\??\c:\jvpvp.exec:\jvpvp.exe57⤵
- Executes dropped EXE
-
\??\c:\pvvdp.exec:\pvvdp.exe58⤵
- Executes dropped EXE
-
\??\c:\xfrllll.exec:\xfrllll.exe59⤵
- Executes dropped EXE
-
\??\c:\htbhhb.exec:\htbhhb.exe60⤵
- Executes dropped EXE
-
\??\c:\pjjdj.exec:\pjjdj.exe61⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe62⤵
- Executes dropped EXE
-
\??\c:\fxfxflf.exec:\fxfxflf.exe63⤵
- Executes dropped EXE
-
\??\c:\5hbbbh.exec:\5hbbbh.exe64⤵
- Executes dropped EXE
-
\??\c:\hbbnbt.exec:\hbbnbt.exe65⤵
- Executes dropped EXE
-
\??\c:\3pvvv.exec:\3pvvv.exe66⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe67⤵
-
\??\c:\frfrrrr.exec:\frfrrrr.exe68⤵
-
\??\c:\3lflllf.exec:\3lflllf.exe69⤵
-
\??\c:\1tttth.exec:\1tttth.exe70⤵
-
\??\c:\btttnt.exec:\btttnt.exe71⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe72⤵
-
\??\c:\1djvp.exec:\1djvp.exe73⤵
-
\??\c:\rllflfl.exec:\rllflfl.exe74⤵
-
\??\c:\lxflllx.exec:\lxflllx.exe75⤵
-
\??\c:\bbtnnt.exec:\bbtnnt.exe76⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe77⤵
-
\??\c:\dpjpv.exec:\dpjpv.exe78⤵
-
\??\c:\rffffrr.exec:\rffffrr.exe79⤵
-
\??\c:\flxxxff.exec:\flxxxff.exe80⤵
-
\??\c:\3nbbbb.exec:\3nbbbb.exe81⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe82⤵
-
\??\c:\djpjj.exec:\djpjj.exe83⤵
-
\??\c:\llxrffl.exec:\llxrffl.exe84⤵
-
\??\c:\bbnnnb.exec:\bbnnnb.exe85⤵
-
\??\c:\nhnthn.exec:\nhnthn.exe86⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe87⤵
-
\??\c:\ffxxrrx.exec:\ffxxrrx.exe88⤵
-
\??\c:\rrlllll.exec:\rrlllll.exe89⤵
-
\??\c:\hhnhhn.exec:\hhnhhn.exe90⤵
-
\??\c:\3hnbtt.exec:\3hnbtt.exe91⤵
-
\??\c:\3dvpv.exec:\3dvpv.exe92⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe93⤵
-
\??\c:\3lfxrlf.exec:\3lfxrlf.exe94⤵
-
\??\c:\7hhbth.exec:\7hhbth.exe95⤵
-
\??\c:\nhhtth.exec:\nhhtth.exe96⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe97⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe98⤵
-
\??\c:\xlllxrl.exec:\xlllxrl.exe99⤵
-
\??\c:\lrxxrrf.exec:\lrxxrrf.exe100⤵
-
\??\c:\nnbhtb.exec:\nnbhtb.exe101⤵
-
\??\c:\ttttnh.exec:\ttttnh.exe102⤵
-
\??\c:\jdddv.exec:\jdddv.exe103⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe104⤵
-
\??\c:\xrxffxr.exec:\xrxffxr.exe105⤵
-
\??\c:\fxfxrxr.exec:\fxfxrxr.exe106⤵
-
\??\c:\3httbb.exec:\3httbb.exe107⤵
-
\??\c:\3nbhbh.exec:\3nbhbh.exe108⤵
-
\??\c:\jjddv.exec:\jjddv.exe109⤵
-
\??\c:\1vvvp.exec:\1vvvp.exe110⤵
-
\??\c:\rllflxr.exec:\rllflxr.exe111⤵
-
\??\c:\jpddv.exec:\jpddv.exe112⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe113⤵
-
\??\c:\rrxfxlr.exec:\rrxfxlr.exe114⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe115⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe116⤵
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe117⤵
-
\??\c:\xxlflrr.exec:\xxlflrr.exe118⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe119⤵
-
\??\c:\jpdjj.exec:\jpdjj.exe120⤵
-
\??\c:\lrxrrxx.exec:\lrxrrxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-