Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
05/06/2024, 20:25
General
-
Target
2c1eec17eab32ea0c36a2296a105aaf08a09fa637697f3c61bed76a7785f3c8d.exe
-
Size
267KB
-
MD5
209d1e329a38c0329b0a926e2289f87b
-
SHA1
350b08d83135692b1e09a8016e574559cb52a77e
-
SHA256
2c1eec17eab32ea0c36a2296a105aaf08a09fa637697f3c61bed76a7785f3c8d
-
SHA512
219505a4df6311f3d0e787b63fc07e579398e770f478e82fd7ba6bdf55e178955783e92b31558a86faeec02f9148d1276381e3d64524f089517662bf887a582b
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmPzTkV2y/QTa9RBZydZbf83pnzgmmIMz:n3C9BRIG0asYFm71mPfkVB8dKwaWj
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2c1eec17eab32ea0c36a2296a105aaf08a09fa637697f3c61bed76a7785f3c8d.exe"C:\Users\Admin\AppData\Local\Temp\2c1eec17eab32ea0c36a2296a105aaf08a09fa637697f3c61bed76a7785f3c8d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxfffx.exec:\lrxfffx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnttt.exec:\nnnttt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjpd.exec:\dpjpd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxlfll.exec:\llxlfll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxflrx.exec:\lrxflrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbbb.exec:\btbbbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddd.exec:\vdddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthbh.exec:\bbthbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpp.exec:\vvvpp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbhhn.exec:\bnbhhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjj.exec:\pdpjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5llllll.exec:\5llllll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxrrxl.exec:\xfxrrxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnntbh.exec:\hnntbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvd.exec:\jvvvd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrrxf.exec:\rfrrrxf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhbhn.exec:\hnhbhn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvv.exec:\dpvvv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5flfllf.exec:\5flfllf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhnn.exec:\bbhhnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppp.exec:\jjppp.exe23⤵
- Executes dropped EXE
-
\??\c:\lxrrxrx.exec:\lxrrxrx.exe24⤵
- Executes dropped EXE
-
\??\c:\jjjjj.exec:\jjjjj.exe25⤵
- Executes dropped EXE
-
\??\c:\xrffflf.exec:\xrffflf.exe26⤵
- Executes dropped EXE
-
\??\c:\7xffflf.exec:\7xffflf.exe27⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe28⤵
- Executes dropped EXE
-
\??\c:\xrllrxf.exec:\xrllrxf.exe29⤵
- Executes dropped EXE
-
\??\c:\nntnhh.exec:\nntnhh.exe30⤵
- Executes dropped EXE
-
\??\c:\dvpjj.exec:\dvpjj.exe31⤵
- Executes dropped EXE
-
\??\c:\ntnnnt.exec:\ntnnnt.exe32⤵
- Executes dropped EXE
-
\??\c:\bbtttb.exec:\bbtttb.exe33⤵
- Executes dropped EXE
-
\??\c:\xxrllrr.exec:\xxrllrr.exe34⤵
- Executes dropped EXE
-
\??\c:\nnnnnn.exec:\nnnnnn.exe35⤵
- Executes dropped EXE
-
\??\c:\tthhtb.exec:\tthhtb.exe36⤵
- Executes dropped EXE
-
\??\c:\dddpp.exec:\dddpp.exe37⤵
- Executes dropped EXE
-
\??\c:\xfffxxf.exec:\xfffxxf.exe38⤵
- Executes dropped EXE
-
\??\c:\lllrlxl.exec:\lllrlxl.exe39⤵
- Executes dropped EXE
-
\??\c:\ttbthb.exec:\ttbthb.exe40⤵
- Executes dropped EXE
-
\??\c:\jjdvd.exec:\jjdvd.exe41⤵
- Executes dropped EXE
-
\??\c:\9llllll.exec:\9llllll.exe42⤵
- Executes dropped EXE
-
\??\c:\nbtbnt.exec:\nbtbnt.exe43⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe44⤵
- Executes dropped EXE
-
\??\c:\rrxxflx.exec:\rrxxflx.exe45⤵
- Executes dropped EXE
-
\??\c:\nnnnhh.exec:\nnnnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\nhntht.exec:\nhntht.exe47⤵
- Executes dropped EXE
-
\??\c:\pppvv.exec:\pppvv.exe48⤵
- Executes dropped EXE
-
\??\c:\llllfxl.exec:\llllfxl.exe49⤵
- Executes dropped EXE
-
\??\c:\lxffrxx.exec:\lxffrxx.exe50⤵
- Executes dropped EXE
-
\??\c:\tthntb.exec:\tthntb.exe51⤵
- Executes dropped EXE
-
\??\c:\hntbbh.exec:\hntbbh.exe52⤵
- Executes dropped EXE
-
\??\c:\vvddd.exec:\vvddd.exe53⤵
- Executes dropped EXE
-
\??\c:\lxllflf.exec:\lxllflf.exe54⤵
- Executes dropped EXE
-
\??\c:\btbnnt.exec:\btbnnt.exe55⤵
- Executes dropped EXE
-
\??\c:\nhttnt.exec:\nhttnt.exe56⤵
- Executes dropped EXE
-
\??\c:\3dvvv.exec:\3dvvv.exe57⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe58⤵
- Executes dropped EXE
-
\??\c:\xrlxfxf.exec:\xrlxfxf.exe59⤵
- Executes dropped EXE
-
\??\c:\hbbntt.exec:\hbbntt.exe60⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe61⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe62⤵
- Executes dropped EXE
-
\??\c:\fllrrlf.exec:\fllrrlf.exe63⤵
- Executes dropped EXE
-
\??\c:\nhbbbh.exec:\nhbbbh.exe64⤵
- Executes dropped EXE
-
\??\c:\5jddd.exec:\5jddd.exe65⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe66⤵
-
\??\c:\lfxxfff.exec:\lfxxfff.exe67⤵
-
\??\c:\5xlllrr.exec:\5xlllrr.exe68⤵
-
\??\c:\bhhhnn.exec:\bhhhnn.exe69⤵
-
\??\c:\9dvdp.exec:\9dvdp.exe70⤵
-
\??\c:\dddvj.exec:\dddvj.exe71⤵
-
\??\c:\frfxflr.exec:\frfxflr.exe72⤵
-
\??\c:\thnnhb.exec:\thnnhb.exe73⤵
-
\??\c:\tthhnh.exec:\tthhnh.exe74⤵
-
\??\c:\9rrllrr.exec:\9rrllrr.exe75⤵
-
\??\c:\lllrlxf.exec:\lllrlxf.exe76⤵
-
\??\c:\hnttbh.exec:\hnttbh.exe77⤵
-
\??\c:\ffxxfxx.exec:\ffxxfxx.exe78⤵
-
\??\c:\xrfxlrf.exec:\xrfxlrf.exe79⤵
-
\??\c:\hbhnnn.exec:\hbhnnn.exe80⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe81⤵
-
\??\c:\lxlllll.exec:\lxlllll.exe82⤵
-
\??\c:\lrxxxfx.exec:\lrxxxfx.exe83⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe84⤵
-
\??\c:\dpjjp.exec:\dpjjp.exe85⤵
-
\??\c:\fflxlll.exec:\fflxlll.exe86⤵
-
\??\c:\xfxrrlf.exec:\xfxrrlf.exe87⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe88⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe89⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe90⤵
-
\??\c:\rflfxll.exec:\rflfxll.exe91⤵
-
\??\c:\ffrxfrr.exec:\ffrxfrr.exe92⤵
-
\??\c:\hbhhhb.exec:\hbhhhb.exe93⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe94⤵
-
\??\c:\llrlrxl.exec:\llrlrxl.exe95⤵
-
\??\c:\thtttb.exec:\thtttb.exe96⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe97⤵
-
\??\c:\lfrrrrr.exec:\lfrrrrr.exe98⤵
-
\??\c:\rrffffl.exec:\rrffffl.exe99⤵
-
\??\c:\nttntt.exec:\nttntt.exe100⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe101⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe102⤵
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe103⤵
-
\??\c:\rxxxrrr.exec:\rxxxrrr.exe104⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe105⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe106⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe107⤵
-
\??\c:\7xfxxxx.exec:\7xfxxxx.exe108⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe109⤵
-
\??\c:\hhbbhn.exec:\hhbbhn.exe110⤵
-
\??\c:\vddvv.exec:\vddvv.exe111⤵
-
\??\c:\fffffxf.exec:\fffffxf.exe112⤵
-
\??\c:\xlllrll.exec:\xlllrll.exe113⤵
-
\??\c:\hbbttn.exec:\hbbttn.exe114⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe115⤵
-
\??\c:\rxfrllf.exec:\rxfrllf.exe116⤵
-
\??\c:\3rlfxxr.exec:\3rlfxxr.exe117⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe118⤵
-
\??\c:\ppppd.exec:\ppppd.exe119⤵
-
\??\c:\pjppd.exec:\pjppd.exe120⤵
-
\??\c:\3fxxrrl.exec:\3fxxrrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-