Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16/06/2024, 02:31
General
-
Target
c990ca4dfb9cc2e1023466e22822f47685603d79fc17b4e395b1ce89ee981659.exe
-
Size
446KB
-
MD5
a4fc0640b546cfcddc3d11ab3fbd1111
-
SHA1
1a811d7d1028a55cc2496cd4f422ac5e7ded82e2
-
SHA256
c990ca4dfb9cc2e1023466e22822f47685603d79fc17b4e395b1ce89ee981659
-
SHA512
beaa578c87cdeb986256d77a5242392e5b4a2373b81cec4893d7a565d0362b3cc011778e7efa389ff3ebadf0575c320441fb3cca20249f4c8e0e733fe6578a4b
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/T4i37K3BoKg0p5WI09JsB:n3C9ytvn8whkb4i3e3GFO6JsB
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c990ca4dfb9cc2e1023466e22822f47685603d79fc17b4e395b1ce89ee981659.exe"C:\Users\Admin\AppData\Local\Temp\c990ca4dfb9cc2e1023466e22822f47685603d79fc17b4e395b1ce89ee981659.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhttb.exec:\nhhttb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjj.exec:\vjjjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvv.exec:\pdpvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fllfff.exec:\9fllfff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhhh.exec:\tnhhhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvpd.exec:\djvpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflllfl.exec:\fflllfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbttt.exec:\ttbttt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppp.exec:\vpppp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxlrf.exec:\ffrxlrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnttnt.exec:\hnttnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjpj.exec:\jjjpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrrll.exec:\rfxrrll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfflrl.exec:\xxfflrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhhh.exec:\nhhhhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjj.exec:\vvjjj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjj.exec:\djpjj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbhh.exec:\thtbhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddj.exec:\jjddj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlffx.exec:\flrlffx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thttnt.exec:\thttnt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvp.exec:\jddvp.exe23⤵
- Executes dropped EXE
-
\??\c:\djdjv.exec:\djdjv.exe24⤵
- Executes dropped EXE
-
\??\c:\9dvvp.exec:\9dvvp.exe25⤵
- Executes dropped EXE
-
\??\c:\frrflrf.exec:\frrflrf.exe26⤵
- Executes dropped EXE
-
\??\c:\bhhhnn.exec:\bhhhnn.exe27⤵
- Executes dropped EXE
-
\??\c:\nbnttb.exec:\nbnttb.exe28⤵
- Executes dropped EXE
-
\??\c:\fxlllrx.exec:\fxlllrx.exe29⤵
- Executes dropped EXE
-
\??\c:\ttbbbb.exec:\ttbbbb.exe30⤵
- Executes dropped EXE
-
\??\c:\nbtttb.exec:\nbtttb.exe31⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe32⤵
- Executes dropped EXE
-
\??\c:\3thnnn.exec:\3thnnn.exe33⤵
- Executes dropped EXE
-
\??\c:\bthhnt.exec:\bthhnt.exe34⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe35⤵
- Executes dropped EXE
-
\??\c:\xxrlrll.exec:\xxrlrll.exe36⤵
- Executes dropped EXE
-
\??\c:\ntbbhb.exec:\ntbbhb.exe37⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe38⤵
- Executes dropped EXE
-
\??\c:\xlxffll.exec:\xlxffll.exe39⤵
- Executes dropped EXE
-
\??\c:\hbbttt.exec:\hbbttt.exe40⤵
- Executes dropped EXE
-
\??\c:\7tbthn.exec:\7tbthn.exe41⤵
- Executes dropped EXE
-
\??\c:\1jddd.exec:\1jddd.exe42⤵
- Executes dropped EXE
-
\??\c:\rffxrlf.exec:\rffxrlf.exe43⤵
- Executes dropped EXE
-
\??\c:\5rlrrfx.exec:\5rlrrfx.exe44⤵
- Executes dropped EXE
-
\??\c:\bhthtn.exec:\bhthtn.exe45⤵
- Executes dropped EXE
-
\??\c:\tbttbh.exec:\tbttbh.exe46⤵
- Executes dropped EXE
-
\??\c:\ddpjp.exec:\ddpjp.exe47⤵
- Executes dropped EXE
-
\??\c:\rrrrrxx.exec:\rrrrrxx.exe48⤵
- Executes dropped EXE
-
\??\c:\tthhbh.exec:\tthhbh.exe49⤵
- Executes dropped EXE
-
\??\c:\hhbhhn.exec:\hhbhhn.exe50⤵
- Executes dropped EXE
-
\??\c:\jdjjp.exec:\jdjjp.exe51⤵
- Executes dropped EXE
-
\??\c:\rrlffrf.exec:\rrlffrf.exe52⤵
- Executes dropped EXE
-
\??\c:\nhhhhn.exec:\nhhhhn.exe53⤵
- Executes dropped EXE
-
\??\c:\hhnnbb.exec:\hhnnbb.exe54⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe55⤵
- Executes dropped EXE
-
\??\c:\rxfxxfl.exec:\rxfxxfl.exe56⤵
- Executes dropped EXE
-
\??\c:\9ththn.exec:\9ththn.exe57⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe58⤵
- Executes dropped EXE
-
\??\c:\lxffflf.exec:\lxffflf.exe59⤵
- Executes dropped EXE
-
\??\c:\frxxrxl.exec:\frxxrxl.exe60⤵
- Executes dropped EXE
-
\??\c:\tbhnnn.exec:\tbhnnn.exe61⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe62⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe63⤵
- Executes dropped EXE
-
\??\c:\fllxxfx.exec:\fllxxfx.exe64⤵
- Executes dropped EXE
-
\??\c:\hhnbbn.exec:\hhnbbn.exe65⤵
- Executes dropped EXE
-
\??\c:\hbhbtb.exec:\hbhbtb.exe66⤵
-
\??\c:\ddddj.exec:\ddddj.exe67⤵
-
\??\c:\1frrrxx.exec:\1frrrxx.exe68⤵
-
\??\c:\nhnnnt.exec:\nhnnnt.exe69⤵
-
\??\c:\hhtnhn.exec:\hhtnhn.exe70⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe71⤵
-
\??\c:\rrfxxxf.exec:\rrfxxxf.exe72⤵
-
\??\c:\xlxrrrf.exec:\xlxrrrf.exe73⤵
-
\??\c:\tbtbnt.exec:\tbtbnt.exe74⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe75⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe76⤵
-
\??\c:\flfflrx.exec:\flfflrx.exe77⤵
-
\??\c:\htttth.exec:\htttth.exe78⤵
-
\??\c:\djdjp.exec:\djdjp.exe79⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe80⤵
-
\??\c:\frrrffr.exec:\frrrffr.exe81⤵
-
\??\c:\nnnhnn.exec:\nnnhnn.exe82⤵
-
\??\c:\vjjvd.exec:\vjjvd.exe83⤵
-
\??\c:\rfffllr.exec:\rfffllr.exe84⤵
-
\??\c:\tntnnt.exec:\tntnnt.exe85⤵
-
\??\c:\pvvdd.exec:\pvvdd.exe86⤵
-
\??\c:\fxflflr.exec:\fxflflr.exe87⤵
-
\??\c:\nnbnnb.exec:\nnbnnb.exe88⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe89⤵
-
\??\c:\lfllrfx.exec:\lfllrfx.exe90⤵
-
\??\c:\rxffxfr.exec:\rxffxfr.exe91⤵
-
\??\c:\llrrrrx.exec:\llrrrrx.exe92⤵
-
\??\c:\xrrrlrx.exec:\xrrrlrx.exe93⤵
-
\??\c:\7pdvp.exec:\7pdvp.exe94⤵
-
\??\c:\xrfffff.exec:\xrfffff.exe95⤵
-
\??\c:\nnbhtt.exec:\nnbhtt.exe96⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe97⤵
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe98⤵
-
\??\c:\bnnhhb.exec:\bnnhhb.exe99⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe100⤵
-
\??\c:\flxrrlf.exec:\flxrrlf.exe101⤵
-
\??\c:\nnbntt.exec:\nnbntt.exe102⤵
-
\??\c:\dppvp.exec:\dppvp.exe103⤵
-
\??\c:\fflffff.exec:\fflffff.exe104⤵
-
\??\c:\thhnhh.exec:\thhnhh.exe105⤵
-
\??\c:\lrlfxrl.exec:\lrlfxrl.exe106⤵
-
\??\c:\httbnn.exec:\httbnn.exe107⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe108⤵
-
\??\c:\fxfffll.exec:\fxfffll.exe109⤵
-
\??\c:\bbhhhh.exec:\bbhhhh.exe110⤵
-
\??\c:\rfrrrrl.exec:\rfrrrrl.exe111⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe112⤵
-
\??\c:\bnhtnh.exec:\bnhtnh.exe113⤵
-
\??\c:\xrrrrrl.exec:\xrrrrrl.exe114⤵
-
\??\c:\llfxffr.exec:\llfxffr.exe115⤵
-
\??\c:\9ntbbh.exec:\9ntbbh.exe116⤵
-
\??\c:\rlxrflf.exec:\rlxrflf.exe117⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe118⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe119⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe120⤵
-
\??\c:\tnbntt.exec:\tnbntt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-