Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
51s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
30/06/2024, 20:07
General
-
Target
2ed3dffb6e41ebe2ff589be60f8e1eea853bffb7d57673b61560a5d22a9cef2c.exe
-
Size
55KB
-
MD5
e034c30cd04d381720f3a691960839c7
-
SHA1
d531ae810fba3bbe0dc947f94d9604bcc3f1302e
-
SHA256
2ed3dffb6e41ebe2ff589be60f8e1eea853bffb7d57673b61560a5d22a9cef2c
-
SHA512
f9098cdfe997080ecfd87efbe33d797309f4d9e96c5c5ba6d6a1f46a140878e900c29ff3adb13d22834165512169e6d288304ed7eebe505134cc3d803af7c06e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFK:ymb3NkkiQ3mdBjFIFK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
UPX dump on OEP (original entry point) 37 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2ed3dffb6e41ebe2ff589be60f8e1eea853bffb7d57673b61560a5d22a9cef2c.exe"C:\Users\Admin\AppData\Local\Temp\2ed3dffb6e41ebe2ff589be60f8e1eea853bffb7d57673b61560a5d22a9cef2c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrfxf.exec:\xrxrfxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppjv.exec:\5ppjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffflrr.exec:\fffflrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbhn.exec:\hbnbhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddv.exec:\pvddv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bbnth.exec:\3bbnth.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdj.exec:\jdvdj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxflr.exec:\frxxflr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhtt.exec:\hhhhtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrllr.exec:\xlrrllr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbbb.exec:\hbhbbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfllf.exec:\fflfllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflrlxr.exec:\fflrlxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbbbn.exec:\bhbbbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjvj.exec:\djjvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrxrll.exec:\1rrxrll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnn.exec:\bntnnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxffx.exec:\lxfxffx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tntbt.exec:\5tntbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpp.exec:\vjvpp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbtb.exec:\nhbbtb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpd.exec:\pdvpd.exe23⤵
- Executes dropped EXE
-
\??\c:\xxffllr.exec:\xxffllr.exe24⤵
- Executes dropped EXE
-
\??\c:\jdrxf.exec:\jdrxf.exe25⤵
- Executes dropped EXE
-
\??\c:\tbhnth.exec:\tbhnth.exe26⤵
- Executes dropped EXE
-
\??\c:\jjjpj.exec:\jjjpj.exe27⤵
- Executes dropped EXE
-
\??\c:\xxllrxx.exec:\xxllrxx.exe28⤵
- Executes dropped EXE
-
\??\c:\rffffxr.exec:\rffffxr.exe29⤵
- Executes dropped EXE
-
\??\c:\pvpdj.exec:\pvpdj.exe30⤵
- Executes dropped EXE
-
\??\c:\lrxlfff.exec:\lrxlfff.exe31⤵
- Executes dropped EXE
-
\??\c:\5bbhbn.exec:\5bbhbn.exe32⤵
- Executes dropped EXE
-
\??\c:\jpdjp.exec:\jpdjp.exe33⤵
- Executes dropped EXE
-
\??\c:\fflrlrf.exec:\fflrlrf.exe34⤵
- Executes dropped EXE
-
\??\c:\bbthbn.exec:\bbthbn.exe35⤵
- Executes dropped EXE
-
\??\c:\tnbhht.exec:\tnbhht.exe36⤵
- Executes dropped EXE
-
\??\c:\vvvvd.exec:\vvvvd.exe37⤵
- Executes dropped EXE
-
\??\c:\ddppv.exec:\ddppv.exe38⤵
- Executes dropped EXE
-
\??\c:\rxlfllr.exec:\rxlfllr.exe39⤵
- Executes dropped EXE
-
\??\c:\btbthh.exec:\btbthh.exe40⤵
- Executes dropped EXE
-
\??\c:\bbhhhh.exec:\bbhhhh.exe41⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe42⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe43⤵
- Executes dropped EXE
-
\??\c:\frfrxlx.exec:\frfrxlx.exe44⤵
- Executes dropped EXE
-
\??\c:\rfrxxff.exec:\rfrxxff.exe45⤵
- Executes dropped EXE
-
\??\c:\btntbh.exec:\btntbh.exe46⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe47⤵
- Executes dropped EXE
-
\??\c:\pvjjj.exec:\pvjjj.exe48⤵
- Executes dropped EXE
-
\??\c:\xlrrrxx.exec:\xlrrrxx.exe49⤵
- Executes dropped EXE
-
\??\c:\tbnbht.exec:\tbnbht.exe50⤵
- Executes dropped EXE
-
\??\c:\pvjjj.exec:\pvjjj.exe51⤵
- Executes dropped EXE
-
\??\c:\lllfxxx.exec:\lllfxxx.exe52⤵
- Executes dropped EXE
-
\??\c:\tnnntn.exec:\tnnntn.exe53⤵
- Executes dropped EXE
-
\??\c:\nhntth.exec:\nhntth.exe54⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe55⤵
- Executes dropped EXE
-
\??\c:\llxflrx.exec:\llxflrx.exe56⤵
- Executes dropped EXE
-
\??\c:\nnttbt.exec:\nnttbt.exe57⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe58⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe59⤵
- Executes dropped EXE
-
\??\c:\pjdjd.exec:\pjdjd.exe60⤵
- Executes dropped EXE
-
\??\c:\xxrllrl.exec:\xxrllrl.exe61⤵
- Executes dropped EXE
-
\??\c:\nhbhnb.exec:\nhbhnb.exe62⤵
- Executes dropped EXE
-
\??\c:\jjdjj.exec:\jjdjj.exe63⤵
- Executes dropped EXE
-
\??\c:\bhhbbn.exec:\bhhbbn.exe64⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe65⤵
- Executes dropped EXE
-
\??\c:\bnbtnn.exec:\bnbtnn.exe66⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe67⤵
-
\??\c:\9rfffxx.exec:\9rfffxx.exe68⤵
-
\??\c:\xrflxfr.exec:\xrflxfr.exe69⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe70⤵
-
\??\c:\3jdpd.exec:\3jdpd.exe71⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe72⤵
-
\??\c:\xfxrfxf.exec:\xfxrfxf.exe73⤵
-
\??\c:\flllfff.exec:\flllfff.exe74⤵
-
\??\c:\nhnbhb.exec:\nhnbhb.exe75⤵
-
\??\c:\3hthhn.exec:\3hthhn.exe76⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe77⤵
-
\??\c:\rfxrfxf.exec:\rfxrfxf.exe78⤵
-
\??\c:\rrflffx.exec:\rrflffx.exe79⤵
-
\??\c:\thnbtb.exec:\thnbtb.exe80⤵
-
\??\c:\bntttn.exec:\bntttn.exe81⤵
-
\??\c:\jjddd.exec:\jjddd.exe82⤵
-
\??\c:\vpddd.exec:\vpddd.exe83⤵
-
\??\c:\flxxlxl.exec:\flxxlxl.exe84⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe85⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe86⤵
-
\??\c:\pvdpd.exec:\pvdpd.exe87⤵
-
\??\c:\fxxfllf.exec:\fxxfllf.exe88⤵
-
\??\c:\rrrlrxf.exec:\rrrlrxf.exe89⤵
-
\??\c:\tbtnth.exec:\tbtnth.exe90⤵
-
\??\c:\pvpdj.exec:\pvpdj.exe91⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe92⤵
-
\??\c:\lrllrxx.exec:\lrllrxx.exe93⤵
-
\??\c:\nhnnht.exec:\nhnnht.exe94⤵
-
\??\c:\bntntb.exec:\bntntb.exe95⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe96⤵
-
\??\c:\rrrlfff.exec:\rrrlfff.exe97⤵
-
\??\c:\fffrrrl.exec:\fffrrrl.exe98⤵
-
\??\c:\bbntht.exec:\bbntht.exe99⤵
-
\??\c:\7tnhbt.exec:\7tnhbt.exe100⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe101⤵
-
\??\c:\fxxxrlr.exec:\fxxxrlr.exe102⤵
-
\??\c:\rlxxfff.exec:\rlxxfff.exe103⤵
-
\??\c:\hbthhh.exec:\hbthhh.exe104⤵
-
\??\c:\djddj.exec:\djddj.exe105⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe106⤵
-
\??\c:\lrxflfr.exec:\lrxflfr.exe107⤵
-
\??\c:\xfxrrrr.exec:\xfxrrrr.exe108⤵
-
\??\c:\nhnbbn.exec:\nhnbbn.exe109⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe110⤵
-
\??\c:\vjppp.exec:\vjppp.exe111⤵
-
\??\c:\rxfflxl.exec:\rxfflxl.exe112⤵
-
\??\c:\rxfrxrx.exec:\rxfrxrx.exe113⤵
-
\??\c:\bthbhn.exec:\bthbhn.exe114⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe115⤵
-
\??\c:\7flffff.exec:\7flffff.exe116⤵
-
\??\c:\rfrlffx.exec:\rfrlffx.exe117⤵
-
\??\c:\tnnbbt.exec:\tnnbbt.exe118⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe119⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe120⤵
-
\??\c:\hbhnnb.exec:\hbhnnb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-