Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
50s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
05/07/2024, 02:14
General
-
Target
2bb221a79096b4add5b4fc61e68acd2457fdc24611153f905bfab25ce4e20ddb.exe
-
Size
71KB
-
MD5
2cd5da05314eacdcf8ef3dc677252e20
-
SHA1
b3be6cb3803df16d950c33ce0332e008024ac037
-
SHA256
2bb221a79096b4add5b4fc61e68acd2457fdc24611153f905bfab25ce4e20ddb
-
SHA512
a8a68724c1d0182b9b51e583cab65c4ac82e2b706700612b3896bf96e9c2f922a93936b201a28ae178808f843b87990562a04668dc92fdd0dcc504c03a855874
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUwcsbYsRgVq:ymb3NkkiQ3mdBjF0yjcsMsRb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2bb221a79096b4add5b4fc61e68acd2457fdc24611153f905bfab25ce4e20ddb.exe"C:\Users\Admin\AppData\Local\Temp\2bb221a79096b4add5b4fc61e68acd2457fdc24611153f905bfab25ce4e20ddb.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1fffflf.exec:\1fffflf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbntt.exec:\nnbntt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvd.exec:\vvvvd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrlll.exec:\fxrrlll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflffff.exec:\lflffff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbtb.exec:\hhbbtb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnhn.exec:\ttnnhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppp.exec:\dvppp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfrrrr.exec:\frfrrrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnthh.exec:\nhnthh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbnn.exec:\tnhbnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppj.exec:\jjppj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjddd.exec:\vjddd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxlrr.exec:\rrxxlrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffffff.exec:\xffffff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnbb.exec:\nnnnbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtnh.exec:\hbbtnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppj.exec:\vdppj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxffxxl.exec:\lxffxxl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhtnh.exec:\hhhtnh.exe23⤵
- Executes dropped EXE
-
\??\c:\tnbhhh.exec:\tnbhhh.exe24⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe25⤵
- Executes dropped EXE
-
\??\c:\9jjjd.exec:\9jjjd.exe26⤵
- Executes dropped EXE
-
\??\c:\lfxrrrr.exec:\lfxrrrr.exe27⤵
- Executes dropped EXE
-
\??\c:\lffxxxr.exec:\lffxxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\tnhbhh.exec:\tnhbhh.exe29⤵
- Executes dropped EXE
-
\??\c:\tbhnbb.exec:\tbhnbb.exe30⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe31⤵
- Executes dropped EXE
-
\??\c:\3ppvp.exec:\3ppvp.exe32⤵
- Executes dropped EXE
-
\??\c:\rrfxrrf.exec:\rrfxrrf.exe33⤵
- Executes dropped EXE
-
\??\c:\7llllfx.exec:\7llllfx.exe34⤵
- Executes dropped EXE
-
\??\c:\tbntnt.exec:\tbntnt.exe35⤵
- Executes dropped EXE
-
\??\c:\bbnhnn.exec:\bbnhnn.exe36⤵
- Executes dropped EXE
-
\??\c:\pvjjp.exec:\pvjjp.exe37⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe38⤵
- Executes dropped EXE
-
\??\c:\rllfflr.exec:\rllfflr.exe39⤵
- Executes dropped EXE
-
\??\c:\9rrrrxx.exec:\9rrrrxx.exe40⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe41⤵
- Executes dropped EXE
-
\??\c:\9thhtb.exec:\9thhtb.exe42⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe43⤵
- Executes dropped EXE
-
\??\c:\jdpvv.exec:\jdpvv.exe44⤵
- Executes dropped EXE
-
\??\c:\rrrlffr.exec:\rrrlffr.exe45⤵
- Executes dropped EXE
-
\??\c:\5ffxfff.exec:\5ffxfff.exe46⤵
- Executes dropped EXE
-
\??\c:\bbbbbb.exec:\bbbbbb.exe47⤵
- Executes dropped EXE
-
\??\c:\btttnh.exec:\btttnh.exe48⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe49⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe50⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe51⤵
- Executes dropped EXE
-
\??\c:\llffxxf.exec:\llffxxf.exe52⤵
- Executes dropped EXE
-
\??\c:\llrxffr.exec:\llrxffr.exe53⤵
- Executes dropped EXE
-
\??\c:\3htnht.exec:\3htnht.exe54⤵
- Executes dropped EXE
-
\??\c:\tbhhtt.exec:\tbhhtt.exe55⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe56⤵
- Executes dropped EXE
-
\??\c:\dvvpv.exec:\dvvpv.exe57⤵
- Executes dropped EXE
-
\??\c:\1dvvj.exec:\1dvvj.exe58⤵
- Executes dropped EXE
-
\??\c:\flxxrrl.exec:\flxxrrl.exe59⤵
- Executes dropped EXE
-
\??\c:\fllrrrr.exec:\fllrrrr.exe60⤵
- Executes dropped EXE
-
\??\c:\tnbtbb.exec:\tnbtbb.exe61⤵
- Executes dropped EXE
-
\??\c:\bnttbh.exec:\bnttbh.exe62⤵
- Executes dropped EXE
-
\??\c:\jvjpd.exec:\jvjpd.exe63⤵
- Executes dropped EXE
-
\??\c:\9jjdv.exec:\9jjdv.exe64⤵
- Executes dropped EXE
-
\??\c:\3rrrlrl.exec:\3rrrlrl.exe65⤵
- Executes dropped EXE
-
\??\c:\fffffff.exec:\fffffff.exe66⤵
-
\??\c:\tbhttn.exec:\tbhttn.exe67⤵
-
\??\c:\tntnnt.exec:\tntnnt.exe68⤵
-
\??\c:\hhtntt.exec:\hhtntt.exe69⤵
-
\??\c:\dvppd.exec:\dvppd.exe70⤵
-
\??\c:\7dddj.exec:\7dddj.exe71⤵
-
\??\c:\lfllflr.exec:\lfllflr.exe72⤵
-
\??\c:\rrrflxl.exec:\rrrflxl.exe73⤵
-
\??\c:\3tbbbb.exec:\3tbbbb.exe74⤵
-
\??\c:\ntntth.exec:\ntntth.exe75⤵
-
\??\c:\pvpvd.exec:\pvpvd.exe76⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe77⤵
-
\??\c:\xlxrllf.exec:\xlxrllf.exe78⤵
-
\??\c:\1rxrfff.exec:\1rxrfff.exe79⤵
-
\??\c:\hntthh.exec:\hntthh.exe80⤵
-
\??\c:\hntnbt.exec:\hntnbt.exe81⤵
-
\??\c:\nnhnhh.exec:\nnhnhh.exe82⤵
-
\??\c:\3ddvv.exec:\3ddvv.exe83⤵
-
\??\c:\7pppj.exec:\7pppj.exe84⤵
-
\??\c:\xlrlffx.exec:\xlrlffx.exe85⤵
-
\??\c:\xxxxlll.exec:\xxxxlll.exe86⤵
-
\??\c:\nnnnnt.exec:\nnnnnt.exe87⤵
-
\??\c:\tnhbnb.exec:\tnhbnb.exe88⤵
-
\??\c:\5ddvj.exec:\5ddvj.exe89⤵
-
\??\c:\xllflll.exec:\xllflll.exe90⤵
-
\??\c:\nbbnnn.exec:\nbbnnn.exe91⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe92⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe93⤵
-
\??\c:\xfrfrrl.exec:\xfrfrrl.exe94⤵
-
\??\c:\nnbthh.exec:\nnbthh.exe95⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe96⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe97⤵
-
\??\c:\lrrlflf.exec:\lrrlflf.exe98⤵
-
\??\c:\nhhbhn.exec:\nhhbhn.exe99⤵
-
\??\c:\jpddd.exec:\jpddd.exe100⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe101⤵
-
\??\c:\nntbbh.exec:\nntbbh.exe102⤵
-
\??\c:\1pvvd.exec:\1pvvd.exe103⤵
-
\??\c:\llffxfx.exec:\llffxfx.exe104⤵
-
\??\c:\fxffflx.exec:\fxffflx.exe105⤵
-
\??\c:\nhnnbh.exec:\nhnnbh.exe106⤵
-
\??\c:\xflrxrr.exec:\xflrxrr.exe107⤵
-
\??\c:\hbnthh.exec:\hbnthh.exe108⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe109⤵
-
\??\c:\5rfrlrr.exec:\5rfrlrr.exe110⤵
-
\??\c:\nthtnh.exec:\nthtnh.exe111⤵
-
\??\c:\lffrfxf.exec:\lffrfxf.exe112⤵
-
\??\c:\flffrlx.exec:\flffrlx.exe113⤵
-
\??\c:\3bnnnb.exec:\3bnnnb.exe114⤵
-
\??\c:\xrxxfll.exec:\xrxxfll.exe115⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe116⤵
-
\??\c:\ppjdj.exec:\ppjdj.exe117⤵
-
\??\c:\5llfrxf.exec:\5llfrxf.exe118⤵
-
\??\c:\ttbtbb.exec:\ttbtbb.exe119⤵
-
\??\c:\xxrrflx.exec:\xxrrflx.exe120⤵
-
\??\c:\tbnnnt.exec:\tbnnnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-