Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20/06/2024, 18:53
General
-
Target
0bb826603f2f510c8134076126abc2c7486c7ca7b815577a17cad6b6cb8003aa.exe
-
Size
79KB
-
MD5
03a45a7fbddc33fac1faeefc970c02a5
-
SHA1
d11c0e236a23b098bb50b69334d524c7443b722d
-
SHA256
0bb826603f2f510c8134076126abc2c7486c7ca7b815577a17cad6b6cb8003aa
-
SHA512
f1f2a3768b76755438a1a53268df64e7fe98cc1113642762031648bd9a724c6a5f5369f1c77f0c297076af047177c3aab66116576a49e014864f20b1abc6750b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5rINH6Y:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCun
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0bb826603f2f510c8134076126abc2c7486c7ca7b815577a17cad6b6cb8003aa.exe"C:\Users\Admin\AppData\Local\Temp\0bb826603f2f510c8134076126abc2c7486c7ca7b815577a17cad6b6cb8003aa.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhbb.exec:\bhnhbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpj.exec:\vvvpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfxxx.exec:\xrxfxxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhbb.exec:\nnhhbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7thbbb.exec:\7thbbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrlll.exec:\lrxrlll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrrlff.exec:\7xrrlff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbt.exec:\tnnhbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvjj.exec:\djvjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhhh.exec:\thnhhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhhbb.exec:\3hhhbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpvp.exec:\djpvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrlfx.exec:\xrxrlfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhhh.exec:\nhnhhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjd.exec:\jdpjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlflrrx.exec:\xlflrrx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhnbn.exec:\nhhnbn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvv.exec:\pppvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxrrrr.exec:\3fxrrrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pjdd.exec:\7pjdd.exe23⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe24⤵
- Executes dropped EXE
-
\??\c:\xfrlfff.exec:\xfrlfff.exe25⤵
- Executes dropped EXE
-
\??\c:\rfffffx.exec:\rfffffx.exe26⤵
- Executes dropped EXE
-
\??\c:\tbnnhh.exec:\tbnnhh.exe27⤵
- Executes dropped EXE
-
\??\c:\vdpjj.exec:\vdpjj.exe28⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe29⤵
- Executes dropped EXE
-
\??\c:\rflfxxr.exec:\rflfxxr.exe30⤵
- Executes dropped EXE
-
\??\c:\flrxxxx.exec:\flrxxxx.exe31⤵
- Executes dropped EXE
-
\??\c:\ttttth.exec:\ttttth.exe32⤵
- Executes dropped EXE
-
\??\c:\5dvpp.exec:\5dvpp.exe33⤵
- Executes dropped EXE
-
\??\c:\vddvj.exec:\vddvj.exe34⤵
- Executes dropped EXE
-
\??\c:\1rrlxxf.exec:\1rrlxxf.exe35⤵
- Executes dropped EXE
-
\??\c:\3nnhbb.exec:\3nnhbb.exe36⤵
- Executes dropped EXE
-
\??\c:\1tbttn.exec:\1tbttn.exe37⤵
- Executes dropped EXE
-
\??\c:\dvvjd.exec:\dvvjd.exe38⤵
- Executes dropped EXE
-
\??\c:\vvdpp.exec:\vvdpp.exe39⤵
- Executes dropped EXE
-
\??\c:\rlrrlfl.exec:\rlrrlfl.exe40⤵
- Executes dropped EXE
-
\??\c:\hbnbht.exec:\hbnbht.exe41⤵
- Executes dropped EXE
-
\??\c:\7nnbtt.exec:\7nnbtt.exe42⤵
- Executes dropped EXE
-
\??\c:\pddpd.exec:\pddpd.exe43⤵
- Executes dropped EXE
-
\??\c:\pjpdv.exec:\pjpdv.exe44⤵
- Executes dropped EXE
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe45⤵
- Executes dropped EXE
-
\??\c:\rlfrllr.exec:\rlfrllr.exe46⤵
- Executes dropped EXE
-
\??\c:\tntbtt.exec:\tntbtt.exe47⤵
- Executes dropped EXE
-
\??\c:\7bnnbh.exec:\7bnnbh.exe48⤵
- Executes dropped EXE
-
\??\c:\pppvv.exec:\pppvv.exe49⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe50⤵
- Executes dropped EXE
-
\??\c:\3ffxrrl.exec:\3ffxrrl.exe51⤵
- Executes dropped EXE
-
\??\c:\rllffxx.exec:\rllffxx.exe52⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe53⤵
- Executes dropped EXE
-
\??\c:\7ddvv.exec:\7ddvv.exe54⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe55⤵
- Executes dropped EXE
-
\??\c:\9fxrlxr.exec:\9fxrlxr.exe56⤵
- Executes dropped EXE
-
\??\c:\lfllfff.exec:\lfllfff.exe57⤵
- Executes dropped EXE
-
\??\c:\hbtbtt.exec:\hbtbtt.exe58⤵
- Executes dropped EXE
-
\??\c:\tnhhbb.exec:\tnhhbb.exe59⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe60⤵
- Executes dropped EXE
-
\??\c:\dvvjd.exec:\dvvjd.exe61⤵
- Executes dropped EXE
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe62⤵
- Executes dropped EXE
-
\??\c:\frrrlrr.exec:\frrrlrr.exe63⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe64⤵
- Executes dropped EXE
-
\??\c:\bhbbbt.exec:\bhbbbt.exe65⤵
- Executes dropped EXE
-
\??\c:\dppvp.exec:\dppvp.exe66⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe67⤵
-
\??\c:\lxxrffx.exec:\lxxrffx.exe68⤵
-
\??\c:\rxfxrrl.exec:\rxfxrrl.exe69⤵
-
\??\c:\bbnnhh.exec:\bbnnhh.exe70⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe71⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe72⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe73⤵
-
\??\c:\fxflxlr.exec:\fxflxlr.exe74⤵
-
\??\c:\flrrllf.exec:\flrrllf.exe75⤵
-
\??\c:\9hhbnh.exec:\9hhbnh.exe76⤵
-
\??\c:\3pvvv.exec:\3pvvv.exe77⤵
-
\??\c:\9vdvj.exec:\9vdvj.exe78⤵
-
\??\c:\lrxxllf.exec:\lrxxllf.exe79⤵
-
\??\c:\3rrrlll.exec:\3rrrlll.exe80⤵
-
\??\c:\bhbbbt.exec:\bhbbbt.exe81⤵
-
\??\c:\ttthht.exec:\ttthht.exe82⤵
-
\??\c:\dppjd.exec:\dppjd.exe83⤵
-
\??\c:\3xrrlff.exec:\3xrrlff.exe84⤵
-
\??\c:\5ttnhh.exec:\5ttnhh.exe85⤵
-
\??\c:\tthhhh.exec:\tthhhh.exe86⤵
-
\??\c:\5pvpd.exec:\5pvpd.exe87⤵
-
\??\c:\rxxrrrl.exec:\rxxrrrl.exe88⤵
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe89⤵
-
\??\c:\rlrrffr.exec:\rlrrffr.exe90⤵
-
\??\c:\nhhhtt.exec:\nhhhtt.exe91⤵
-
\??\c:\hthbtb.exec:\hthbtb.exe92⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe93⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe94⤵
-
\??\c:\5fxrrrr.exec:\5fxrrrr.exe95⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe96⤵
-
\??\c:\9nhbtt.exec:\9nhbtt.exe97⤵
-
\??\c:\thnhtt.exec:\thnhtt.exe98⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe99⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe100⤵
-
\??\c:\rrffrxf.exec:\rrffrxf.exe101⤵
-
\??\c:\3xxllfx.exec:\3xxllfx.exe102⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe103⤵
-
\??\c:\bbttbn.exec:\bbttbn.exe104⤵
-
\??\c:\7dvpd.exec:\7dvpd.exe105⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe106⤵
-
\??\c:\jvddd.exec:\jvddd.exe107⤵
-
\??\c:\lffxllf.exec:\lffxllf.exe108⤵
-
\??\c:\nhnnht.exec:\nhnnht.exe109⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe110⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe111⤵
-
\??\c:\flrlxxr.exec:\flrlxxr.exe112⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe113⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe114⤵
-
\??\c:\llfxllf.exec:\llfxllf.exe115⤵
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe116⤵
-
\??\c:\5vvvp.exec:\5vvvp.exe117⤵
-
\??\c:\xrlllxf.exec:\xrlllxf.exe118⤵
-
\??\c:\9hnttt.exec:\9hnttt.exe119⤵
-
\??\c:\bhnttt.exec:\bhnttt.exe120⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-