Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
04/07/2024, 23:56
General
-
Target
1d4897f82fff2d6e73b471c5d153b1c67f42f110eb1a3889b295ff870f3f0c92.exe
-
Size
78KB
-
MD5
ad777027d6a6eb5dac39ca0abd898f00
-
SHA1
7b893ca169df5f15c1ecdac37c63431c8a90c99b
-
SHA256
1d4897f82fff2d6e73b471c5d153b1c67f42f110eb1a3889b295ff870f3f0c92
-
SHA512
23c8d6ed71b9079ccb4e7aff13dc65a8844491be44a57d7d4814c991beeed62278bcd035f714e7151ac35cb861921f361223b0f62ee3241e5305650798526d47
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5ZzVu:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCZu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d4897f82fff2d6e73b471c5d153b1c67f42f110eb1a3889b295ff870f3f0c92.exe"C:\Users\Admin\AppData\Local\Temp\1d4897f82fff2d6e73b471c5d153b1c67f42f110eb1a3889b295ff870f3f0c92.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvd.exec:\pjpvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvv.exec:\pjjvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvp.exec:\vvdvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20604.exec:\20604.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtnt.exec:\nnbtnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbq88.exec:\thbq88.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbtn.exec:\tbbbtn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvdd.exec:\pvvdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbtn.exec:\hhhbtn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdv.exec:\jvjdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o628402.exec:\o628402.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrlrr.exec:\lflrlrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\62406.exec:\62406.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o628660.exec:\o628660.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4282622.exec:\4282622.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\40260.exec:\40260.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjj.exec:\jdpjj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\24804.exec:\24804.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8048484.exec:\8048484.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8446022.exec:\8446022.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4026006.exec:\4026006.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnhb.exec:\hntnhb.exe23⤵
- Executes dropped EXE
-
\??\c:\22222.exec:\22222.exe24⤵
- Executes dropped EXE
-
\??\c:\0024440.exec:\0024440.exe25⤵
- Executes dropped EXE
-
\??\c:\dpjjv.exec:\dpjjv.exe26⤵
- Executes dropped EXE
-
\??\c:\6286608.exec:\6286608.exe27⤵
- Executes dropped EXE
-
\??\c:\222240.exec:\222240.exe28⤵
- Executes dropped EXE
-
\??\c:\62268.exec:\62268.exe29⤵
- Executes dropped EXE
-
\??\c:\xxxrllf.exec:\xxxrllf.exe30⤵
- Executes dropped EXE
-
\??\c:\lrlxxrr.exec:\lrlxxrr.exe31⤵
- Executes dropped EXE
-
\??\c:\4800484.exec:\4800484.exe32⤵
- Executes dropped EXE
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe33⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe34⤵
- Executes dropped EXE
-
\??\c:\7hhbtb.exec:\7hhbtb.exe35⤵
- Executes dropped EXE
-
\??\c:\bnbhtt.exec:\bnbhtt.exe36⤵
- Executes dropped EXE
-
\??\c:\864082.exec:\864082.exe37⤵
- Executes dropped EXE
-
\??\c:\g8404.exec:\g8404.exe38⤵
- Executes dropped EXE
-
\??\c:\044826.exec:\044826.exe39⤵
- Executes dropped EXE
-
\??\c:\jjddd.exec:\jjddd.exe40⤵
- Executes dropped EXE
-
\??\c:\3htnbb.exec:\3htnbb.exe41⤵
- Executes dropped EXE
-
\??\c:\jddjj.exec:\jddjj.exe42⤵
- Executes dropped EXE
-
\??\c:\bhhhhn.exec:\bhhhhn.exe43⤵
- Executes dropped EXE
-
\??\c:\200044.exec:\200044.exe44⤵
- Executes dropped EXE
-
\??\c:\xrxrlxr.exec:\xrxrlxr.exe45⤵
- Executes dropped EXE
-
\??\c:\nthhtn.exec:\nthhtn.exe46⤵
- Executes dropped EXE
-
\??\c:\ddpjv.exec:\ddpjv.exe47⤵
- Executes dropped EXE
-
\??\c:\dpvdd.exec:\dpvdd.exe48⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe49⤵
- Executes dropped EXE
-
\??\c:\ddpvv.exec:\ddpvv.exe50⤵
- Executes dropped EXE
-
\??\c:\806660.exec:\806660.exe51⤵
- Executes dropped EXE
-
\??\c:\6280628.exec:\6280628.exe52⤵
- Executes dropped EXE
-
\??\c:\08000.exec:\08000.exe53⤵
- Executes dropped EXE
-
\??\c:\6060400.exec:\6060400.exe54⤵
- Executes dropped EXE
-
\??\c:\tnntnn.exec:\tnntnn.exe55⤵
- Executes dropped EXE
-
\??\c:\fllffxx.exec:\fllffxx.exe56⤵
- Executes dropped EXE
-
\??\c:\222666.exec:\222666.exe57⤵
- Executes dropped EXE
-
\??\c:\bbtbnb.exec:\bbtbnb.exe58⤵
- Executes dropped EXE
-
\??\c:\442600.exec:\442600.exe59⤵
- Executes dropped EXE
-
\??\c:\c444848.exec:\c444848.exe60⤵
- Executes dropped EXE
-
\??\c:\80024.exec:\80024.exe61⤵
- Executes dropped EXE
-
\??\c:\9flffff.exec:\9flffff.exe62⤵
- Executes dropped EXE
-
\??\c:\0226222.exec:\0226222.exe63⤵
- Executes dropped EXE
-
\??\c:\htbbbb.exec:\htbbbb.exe64⤵
- Executes dropped EXE
-
\??\c:\tttnhh.exec:\tttnhh.exe65⤵
- Executes dropped EXE
-
\??\c:\rxrrxrf.exec:\rxrrxrf.exe66⤵
-
\??\c:\080240.exec:\080240.exe67⤵
-
\??\c:\djpjj.exec:\djpjj.exe68⤵
-
\??\c:\6224004.exec:\6224004.exe69⤵
-
\??\c:\4008288.exec:\4008288.exe70⤵
-
\??\c:\g8044.exec:\g8044.exe71⤵
-
\??\c:\886666.exec:\886666.exe72⤵
-
\??\c:\3rxrlrl.exec:\3rxrlrl.exe73⤵
-
\??\c:\8066800.exec:\8066800.exe74⤵
-
\??\c:\6688880.exec:\6688880.exe75⤵
-
\??\c:\a6262.exec:\a6262.exe76⤵
-
\??\c:\4848226.exec:\4848226.exe77⤵
-
\??\c:\flffrll.exec:\flffrll.exe78⤵
-
\??\c:\tbttnh.exec:\tbttnh.exe79⤵
-
\??\c:\rxffffx.exec:\rxffffx.exe80⤵
-
\??\c:\rlxrlrx.exec:\rlxrlrx.exe81⤵
-
\??\c:\frfxfxf.exec:\frfxfxf.exe82⤵
-
\??\c:\6884028.exec:\6884028.exe83⤵
-
\??\c:\8226600.exec:\8226600.exe84⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe85⤵
-
\??\c:\jpvvj.exec:\jpvvj.exe86⤵
-
\??\c:\8088024.exec:\8088024.exe87⤵
-
\??\c:\462262.exec:\462262.exe88⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe89⤵
-
\??\c:\6286004.exec:\6286004.exe90⤵
-
\??\c:\646688.exec:\646688.exe91⤵
-
\??\c:\84440.exec:\84440.exe92⤵
-
\??\c:\40820.exec:\40820.exe93⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe94⤵
-
\??\c:\28860.exec:\28860.exe95⤵
-
\??\c:\hnbtnt.exec:\hnbtnt.exe96⤵
-
\??\c:\482426.exec:\482426.exe97⤵
-
\??\c:\684266.exec:\684266.exe98⤵
-
\??\c:\rrlxrlf.exec:\rrlxrlf.exe99⤵
-
\??\c:\rfxrxxr.exec:\rfxrxxr.exe100⤵
-
\??\c:\w28228.exec:\w28228.exe101⤵
-
\??\c:\9nntnn.exec:\9nntnn.exe102⤵
-
\??\c:\1jpjj.exec:\1jpjj.exe103⤵
-
\??\c:\dddpj.exec:\dddpj.exe104⤵
-
\??\c:\hnnnnt.exec:\hnnnnt.exe105⤵
-
\??\c:\4842282.exec:\4842282.exe106⤵
-
\??\c:\604062.exec:\604062.exe107⤵
-
\??\c:\22406.exec:\22406.exe108⤵
-
\??\c:\0404426.exec:\0404426.exe109⤵
-
\??\c:\04606.exec:\04606.exe110⤵
-
\??\c:\bnbtht.exec:\bnbtht.exe111⤵
-
\??\c:\pvjpd.exec:\pvjpd.exe112⤵
-
\??\c:\424622.exec:\424622.exe113⤵
-
\??\c:\rrfxxrl.exec:\rrfxxrl.exe114⤵
-
\??\c:\00662.exec:\00662.exe115⤵
-
\??\c:\xflfrxr.exec:\xflfrxr.exe116⤵
-
\??\c:\tthbht.exec:\tthbht.exe117⤵
-
\??\c:\0022666.exec:\0022666.exe118⤵
-
\??\c:\004488.exec:\004488.exe119⤵
-
\??\c:\8460088.exec:\8460088.exe120⤵
-
\??\c:\04288.exec:\04288.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-