Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
06/07/2024, 00:33
General
-
Target
96fda4b6b3946c6a6cdfe28148aafffbee0366b31002bb0f3a4a79be55945f64.exe
-
Size
331KB
-
MD5
06650cd13ea18309302c12420e46f657
-
SHA1
a2e38d14c5b44fe1ce89d9c6d3a924a7cb1f51e3
-
SHA256
96fda4b6b3946c6a6cdfe28148aafffbee0366b31002bb0f3a4a79be55945f64
-
SHA512
42fbcbf5fbf40e72056c1ec384b06e2d1185c467010fb28a7332adc05869289de19d5ef390785ff3a4076db66bb5e5ab0889906f05a5281940ad2865810adb7b
-
SSDEEP
6144:9cm4FmowdHoS4BftapTs8Hoo+6MjTVhRDqzS:/4wFHoS4d0G8HoljTVhRDqzS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca1⤵
-
C:\Users\Admin\AppData\Local\Temp\96fda4b6b3946c6a6cdfe28148aafffbee0366b31002bb0f3a4a79be55945f64.exe"C:\Users\Admin\AppData\Local\Temp\96fda4b6b3946c6a6cdfe28148aafffbee0366b31002bb0f3a4a79be55945f64.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjp.exec:\vvjjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxllflf.exec:\rxllflf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthbn.exec:\hhthbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbttb.exec:\hnbttb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppj.exec:\jdppj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbhnn.exec:\thbhnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddp.exec:\jjddp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrlfx.exec:\xxxrlfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnnh.exec:\bttnnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnt.exec:\bntnnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrllff.exec:\xlrllff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbttbn.exec:\bbttbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdp.exec:\dpjdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrllll.exec:\1rrllll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbbbn.exec:\bhbbbn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdd.exec:\jdjdd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrlff.exec:\xxlrlff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnhh.exec:\httnhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpj.exec:\vpjpj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrxfr.exec:\lffrxfr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbb.exec:\nhnhbb.exe23⤵
- Executes dropped EXE
-
\??\c:\vjdjv.exec:\vjdjv.exe24⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe25⤵
- Executes dropped EXE
-
\??\c:\ttnbht.exec:\ttnbht.exe26⤵
- Executes dropped EXE
-
\??\c:\vvpdp.exec:\vvpdp.exe27⤵
- Executes dropped EXE
-
\??\c:\hbnthh.exec:\hbnthh.exe28⤵
- Executes dropped EXE
-
\??\c:\rrxxlxx.exec:\rrxxlxx.exe29⤵
- Executes dropped EXE
-
\??\c:\bnhbtt.exec:\bnhbtt.exe30⤵
- Executes dropped EXE
-
\??\c:\rrrxxll.exec:\rrrxxll.exe31⤵
- Executes dropped EXE
-
\??\c:\ddjpp.exec:\ddjpp.exe32⤵
- Executes dropped EXE
-
\??\c:\5bbbbb.exec:\5bbbbb.exe33⤵
- Executes dropped EXE
-
\??\c:\vdvdv.exec:\vdvdv.exe34⤵
- Executes dropped EXE
-
\??\c:\xxfxrlf.exec:\xxfxrlf.exe35⤵
- Executes dropped EXE
-
\??\c:\rlrrrll.exec:\rlrrrll.exe36⤵
- Executes dropped EXE
-
\??\c:\nnhbhh.exec:\nnhbhh.exe37⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe38⤵
- Executes dropped EXE
-
\??\c:\rflfrrr.exec:\rflfrrr.exe39⤵
- Executes dropped EXE
-
\??\c:\nthbtt.exec:\nthbtt.exe40⤵
- Executes dropped EXE
-
\??\c:\pddjv.exec:\pddjv.exe41⤵
- Executes dropped EXE
-
\??\c:\frlffll.exec:\frlffll.exe42⤵
- Executes dropped EXE
-
\??\c:\tnbbtb.exec:\tnbbtb.exe43⤵
- Executes dropped EXE
-
\??\c:\ntbbbt.exec:\ntbbbt.exe44⤵
- Executes dropped EXE
-
\??\c:\rllfffl.exec:\rllfffl.exe45⤵
- Executes dropped EXE
-
\??\c:\htnhht.exec:\htnhht.exe46⤵
- Executes dropped EXE
-
\??\c:\pdjjd.exec:\pdjjd.exe47⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe48⤵
- Executes dropped EXE
-
\??\c:\xxrffrr.exec:\xxrffrr.exe49⤵
- Executes dropped EXE
-
\??\c:\llffrff.exec:\llffrff.exe50⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe51⤵
- Executes dropped EXE
-
\??\c:\pvvdd.exec:\pvvdd.exe52⤵
- Executes dropped EXE
-
\??\c:\dvjdd.exec:\dvjdd.exe53⤵
- Executes dropped EXE
-
\??\c:\7fffxfx.exec:\7fffxfx.exe54⤵
- Executes dropped EXE
-
\??\c:\nnbtbh.exec:\nnbtbh.exe55⤵
- Executes dropped EXE
-
\??\c:\hhbbbb.exec:\hhbbbb.exe56⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe57⤵
- Executes dropped EXE
-
\??\c:\jppvd.exec:\jppvd.exe58⤵
- Executes dropped EXE
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe59⤵
- Executes dropped EXE
-
\??\c:\bntttb.exec:\bntttb.exe60⤵
- Executes dropped EXE
-
\??\c:\nbtntn.exec:\nbtntn.exe61⤵
- Executes dropped EXE
-
\??\c:\dvjvd.exec:\dvjvd.exe62⤵
- Executes dropped EXE
-
\??\c:\rrrrrxx.exec:\rrrrrxx.exe63⤵
- Executes dropped EXE
-
\??\c:\frfffxf.exec:\frfffxf.exe64⤵
- Executes dropped EXE
-
\??\c:\1htnnt.exec:\1htnnt.exe65⤵
- Executes dropped EXE
-
\??\c:\ddppv.exec:\ddppv.exe66⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe67⤵
-
\??\c:\3xxrfff.exec:\3xxrfff.exe68⤵
-
\??\c:\nbbnhb.exec:\nbbnhb.exe69⤵
-
\??\c:\hntttb.exec:\hntttb.exe70⤵
-
\??\c:\pppjv.exec:\pppjv.exe71⤵
-
\??\c:\llrrrxx.exec:\llrrrxx.exe72⤵
-
\??\c:\3rrffll.exec:\3rrffll.exe73⤵
-
\??\c:\hntthh.exec:\hntthh.exe74⤵
-
\??\c:\btnbbn.exec:\btnbbn.exe75⤵
-
\??\c:\vdddd.exec:\vdddd.exe76⤵
-
\??\c:\frrllrl.exec:\frrllrl.exe77⤵
-
\??\c:\7llfxfx.exec:\7llfxfx.exe78⤵
-
\??\c:\bttttt.exec:\bttttt.exe79⤵
-
\??\c:\nnbtht.exec:\nnbtht.exe80⤵
-
\??\c:\vpppp.exec:\vpppp.exe81⤵
-
\??\c:\rfrlxxf.exec:\rfrlxxf.exe82⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe83⤵
-
\??\c:\thnttt.exec:\thnttt.exe84⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe85⤵
-
\??\c:\xlrflrr.exec:\xlrflrr.exe86⤵
-
\??\c:\hnnbtn.exec:\hnnbtn.exe87⤵
-
\??\c:\vddvp.exec:\vddvp.exe88⤵
-
\??\c:\vdvdd.exec:\vdvdd.exe89⤵
-
\??\c:\flfxrrx.exec:\flfxrrx.exe90⤵
-
\??\c:\thhnbh.exec:\thhnbh.exe91⤵
-
\??\c:\ttnbtn.exec:\ttnbtn.exe92⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe93⤵
-
\??\c:\frrxlxx.exec:\frrxlxx.exe94⤵
-
\??\c:\fxlrlxr.exec:\fxlrlxr.exe95⤵
-
\??\c:\thbthb.exec:\thbthb.exe96⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe97⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe98⤵
-
\??\c:\xflrflf.exec:\xflrflf.exe99⤵
-
\??\c:\btbhbn.exec:\btbhbn.exe100⤵
-
\??\c:\dvddp.exec:\dvddp.exe101⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe102⤵
-
\??\c:\xfxlffr.exec:\xfxlffr.exe103⤵
-
\??\c:\llxfffr.exec:\llxfffr.exe104⤵
-
\??\c:\hbttnt.exec:\hbttnt.exe105⤵
-
\??\c:\jpjjj.exec:\jpjjj.exe106⤵
-
\??\c:\vppjj.exec:\vppjj.exe107⤵
-
\??\c:\lllrflf.exec:\lllrflf.exe108⤵
-
\??\c:\ffllxxl.exec:\ffllxxl.exe109⤵
-
\??\c:\httntb.exec:\httntb.exe110⤵
-
\??\c:\jvddd.exec:\jvddd.exe111⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe112⤵
-
\??\c:\rffxrlr.exec:\rffxrlr.exe113⤵
-
\??\c:\rxxxrfx.exec:\rxxxrfx.exe114⤵
-
\??\c:\bbntbh.exec:\bbntbh.exe115⤵
-
\??\c:\dppdv.exec:\dppdv.exe116⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe117⤵
-
\??\c:\frfrrlr.exec:\frfrrlr.exe118⤵
-
\??\c:\hthbnn.exec:\hthbnn.exe119⤵
-
\??\c:\jdddd.exec:\jdddd.exe120⤵
-
\??\c:\9frrflx.exec:\9frrflx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-