Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
11/06/2024, 23:47
General
-
Target
79b51ecad9d4ce2f760b069ec18b96720e0037eef69c3b7d4fec6836628fc45e.exe
-
Size
1.2MB
-
MD5
19b9ea3682a72bd02ebb754b4765bdc0
-
SHA1
33cc0c238a7395b91d4930d2055a03235a197241
-
SHA256
79b51ecad9d4ce2f760b069ec18b96720e0037eef69c3b7d4fec6836628fc45e
-
SHA512
fbc234656796e7701aaa05424ec3774786aea59528ac7e88c50d5a38f80b28e312bd51bc529054fa026f0b8c96071f87902e49cf0d6e08206f333dc415c3c7ca
-
SSDEEP
24576:ShPh2kkkkK4kXkkkkkkkkhLX3a20R0v50+YNpsKv2EvZHp3oWt:4bazR0vKLXZ7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\79b51ecad9d4ce2f760b069ec18b96720e0037eef69c3b7d4fec6836628fc45e.exe"C:\Users\Admin\AppData\Local\Temp\79b51ecad9d4ce2f760b069ec18b96720e0037eef69c3b7d4fec6836628fc45e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7flxrlf.exec:\7flxrlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpj.exec:\dvdpj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxfffl.exec:\lrxfffl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvd.exec:\vvvvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfrrl.exec:\xllfrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxflx.exec:\lxfxflx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbtb.exec:\bbhbtb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjd.exec:\dvjjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxxrf.exec:\xrfxxrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdd.exec:\vjpdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhtnh.exec:\bhhtnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjv.exec:\vvjjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfflf.exec:\xllfflf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbhbb.exec:\bnbhbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrlflx.exec:\7rrlflx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjvp.exec:\djjvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlxxr.exec:\frrlxxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbtt.exec:\tnhbtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrrlfx.exec:\rxrrlfx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjv.exec:\jdpjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxlx.exec:\xllfxlx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllffff.exec:\rllffff.exe23⤵
- Executes dropped EXE
-
\??\c:\tbbtnh.exec:\tbbtnh.exe24⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe25⤵
- Executes dropped EXE
-
\??\c:\xrfrllf.exec:\xrfrllf.exe26⤵
- Executes dropped EXE
-
\??\c:\lfxrffx.exec:\lfxrffx.exe27⤵
- Executes dropped EXE
-
\??\c:\pvppj.exec:\pvppj.exe28⤵
- Executes dropped EXE
-
\??\c:\3llfxxr.exec:\3llfxxr.exe29⤵
- Executes dropped EXE
-
\??\c:\dpjdd.exec:\dpjdd.exe30⤵
- Executes dropped EXE
-
\??\c:\nbhhtt.exec:\nbhhtt.exe31⤵
- Executes dropped EXE
-
\??\c:\5xlfrxl.exec:\5xlfrxl.exe32⤵
- Executes dropped EXE
-
\??\c:\dpjdp.exec:\dpjdp.exe33⤵
- Executes dropped EXE
-
\??\c:\tnbthh.exec:\tnbthh.exe34⤵
- Executes dropped EXE
-
\??\c:\dpjjd.exec:\dpjjd.exe35⤵
- Executes dropped EXE
-
\??\c:\bbbtnh.exec:\bbbtnh.exe36⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe37⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe38⤵
- Executes dropped EXE
-
\??\c:\vdddj.exec:\vdddj.exe39⤵
- Executes dropped EXE
-
\??\c:\xxfxrlr.exec:\xxfxrlr.exe40⤵
- Executes dropped EXE
-
\??\c:\9thbnh.exec:\9thbnh.exe41⤵
- Executes dropped EXE
-
\??\c:\1fllrrl.exec:\1fllrrl.exe42⤵
- Executes dropped EXE
-
\??\c:\hhhbtn.exec:\hhhbtn.exe43⤵
- Executes dropped EXE
-
\??\c:\1djvj.exec:\1djvj.exe44⤵
- Executes dropped EXE
-
\??\c:\lllrflf.exec:\lllrflf.exe45⤵
- Executes dropped EXE
-
\??\c:\hbnthh.exec:\hbnthh.exe46⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe47⤵
- Executes dropped EXE
-
\??\c:\rllfxxr.exec:\rllfxxr.exe48⤵
- Executes dropped EXE
-
\??\c:\nhnbnh.exec:\nhnbnh.exe49⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe50⤵
- Executes dropped EXE
-
\??\c:\xlllllf.exec:\xlllllf.exe51⤵
- Executes dropped EXE
-
\??\c:\5hhbnh.exec:\5hhbnh.exe52⤵
- Executes dropped EXE
-
\??\c:\9jvjj.exec:\9jvjj.exe53⤵
- Executes dropped EXE
-
\??\c:\fxrxrlf.exec:\fxrxrlf.exe54⤵
- Executes dropped EXE
-
\??\c:\9htnbn.exec:\9htnbn.exe55⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe56⤵
- Executes dropped EXE
-
\??\c:\rxfxxxx.exec:\rxfxxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\nbnbnh.exec:\nbnbnh.exe58⤵
- Executes dropped EXE
-
\??\c:\3rrlffx.exec:\3rrlffx.exe59⤵
- Executes dropped EXE
-
\??\c:\nbbtnh.exec:\nbbtnh.exe60⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe61⤵
- Executes dropped EXE
-
\??\c:\9xxrlfr.exec:\9xxrlfr.exe62⤵
- Executes dropped EXE
-
\??\c:\tbbtnh.exec:\tbbtnh.exe63⤵
- Executes dropped EXE
-
\??\c:\5vppj.exec:\5vppj.exe64⤵
- Executes dropped EXE
-
\??\c:\rrfxlfl.exec:\rrfxlfl.exe65⤵
- Executes dropped EXE
-
\??\c:\nhhbbb.exec:\nhhbbb.exe66⤵
-
\??\c:\vpppp.exec:\vpppp.exe67⤵
-
\??\c:\frxxxrx.exec:\frxxxrx.exe68⤵
-
\??\c:\tbbtth.exec:\tbbtth.exe69⤵
-
\??\c:\1flflrx.exec:\1flflrx.exe70⤵
-
\??\c:\rxrrfff.exec:\rxrrfff.exe71⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe72⤵
-
\??\c:\xlrllff.exec:\xlrllff.exe73⤵
-
\??\c:\1xfffff.exec:\1xfffff.exe74⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe75⤵
-
\??\c:\llrllfx.exec:\llrllfx.exe76⤵
-
\??\c:\nhnbbt.exec:\nhnbbt.exe77⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe78⤵
-
\??\c:\9rxrxxl.exec:\9rxrxxl.exe79⤵
-
\??\c:\9nttbb.exec:\9nttbb.exe80⤵
-
\??\c:\vddjp.exec:\vddjp.exe81⤵
-
\??\c:\3rxfrlx.exec:\3rxfrlx.exe82⤵
-
\??\c:\3hhbnn.exec:\3hhbnn.exe83⤵
-
\??\c:\djvjj.exec:\djvjj.exe84⤵
-
\??\c:\lrxrllx.exec:\lrxrllx.exe85⤵
-
\??\c:\bttnht.exec:\bttnht.exe86⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe87⤵
-
\??\c:\rlxlxll.exec:\rlxlxll.exe88⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe89⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe90⤵
-
\??\c:\3xfrllf.exec:\3xfrllf.exe91⤵
-
\??\c:\frxlrll.exec:\frxlrll.exe92⤵
-
\??\c:\7jpjd.exec:\7jpjd.exe93⤵
-
\??\c:\xxrrllr.exec:\xxrrllr.exe94⤵
-
\??\c:\ttbbtn.exec:\ttbbtn.exe95⤵
-
\??\c:\9llfllf.exec:\9llfllf.exe96⤵
-
\??\c:\5bbhnn.exec:\5bbhnn.exe97⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe98⤵
-
\??\c:\llrlrll.exec:\llrlrll.exe99⤵
-
\??\c:\nnhnnn.exec:\nnhnnn.exe100⤵
-
\??\c:\9pdvp.exec:\9pdvp.exe101⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe102⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe103⤵
-
\??\c:\frfxlrr.exec:\frfxlrr.exe104⤵
-
\??\c:\1vvpj.exec:\1vvpj.exe105⤵
-
\??\c:\1ppdp.exec:\1ppdp.exe106⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe107⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe108⤵
-
\??\c:\frfxrrl.exec:\frfxrrl.exe109⤵
-
\??\c:\9hbnbt.exec:\9hbnbt.exe110⤵
-
\??\c:\9rxlrrf.exec:\9rxlrrf.exe111⤵
-
\??\c:\nnhbnb.exec:\nnhbnb.exe112⤵
-
\??\c:\pdppj.exec:\pdppj.exe113⤵
-
\??\c:\lllflfl.exec:\lllflfl.exe114⤵
-
\??\c:\1jvvd.exec:\1jvvd.exe115⤵
-
\??\c:\3lfrrlx.exec:\3lfrrlx.exe116⤵
-
\??\c:\tbnhbb.exec:\tbnhbb.exe117⤵
-
\??\c:\5jjjd.exec:\5jjjd.exe118⤵
-
\??\c:\hhtnhb.exec:\hhtnhb.exe119⤵
-
\??\c:\vdppp.exec:\vdppp.exe120⤵
-
\??\c:\ffrrxxr.exec:\ffrrxxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-