Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
06/07/2024, 20:32
General
-
Target
3672f3185ad30da7798a6e883acd9c3aee354873d5590b2fa34b9d440e792c5b.exe
-
Size
308KB
-
MD5
2608d8efd6e184807ab856a47bc1dba7
-
SHA1
313a38d083127581f6d06f60857a25404fc76584
-
SHA256
3672f3185ad30da7798a6e883acd9c3aee354873d5590b2fa34b9d440e792c5b
-
SHA512
79628149c622641f87f27e94f8137131e7f8cacb53bbb510fecbd6a37d6b37cdff42bae3864763a679f91a8f0f87015221c06cddb80514e6349cf3a77386dff5
-
SSDEEP
6144:n3C9BRo/CH26ZAmaOXicLrnRukAPXt1UP+3OgEbXeTiDSd2vJ:n3C9uUnAvtd3Ogld2vJ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3672f3185ad30da7798a6e883acd9c3aee354873d5590b2fa34b9d440e792c5b.exe"C:\Users\Admin\AppData\Local\Temp\3672f3185ad30da7798a6e883acd9c3aee354873d5590b2fa34b9d440e792c5b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxlll.exec:\frfxlll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbthb.exec:\hhbthb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpv.exec:\pvdpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhbtt.exec:\5bhbtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvpd.exec:\3pvpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnhn.exec:\nnhnhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnht.exec:\nhtnht.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpd.exec:\dvjpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxrlf.exec:\fxrxrlf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbnnh.exec:\nbbnnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdvp.exec:\3jdvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhtt.exec:\htnhtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpvp.exec:\jvpvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhbtn.exec:\3nhbtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ntnnb.exec:\3ntnnb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vppd.exec:\1vppd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxfxrr.exec:\flxfxrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdp.exec:\jvpdp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpjj.exec:\7vpjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxxlx.exec:\rlfxxlx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbb.exec:\tnnhbb.exe23⤵
- Executes dropped EXE
-
\??\c:\lxlfxlr.exec:\lxlfxlr.exe24⤵
- Executes dropped EXE
-
\??\c:\bntttn.exec:\bntttn.exe25⤵
- Executes dropped EXE
-
\??\c:\tthhbt.exec:\tthhbt.exe26⤵
- Executes dropped EXE
-
\??\c:\jpvvj.exec:\jpvvj.exe27⤵
- Executes dropped EXE
-
\??\c:\lxfrlff.exec:\lxfrlff.exe28⤵
- Executes dropped EXE
-
\??\c:\9nnhhh.exec:\9nnhhh.exe29⤵
- Executes dropped EXE
-
\??\c:\jjpjv.exec:\jjpjv.exe30⤵
- Executes dropped EXE
-
\??\c:\rxfxrrr.exec:\rxfxrrr.exe31⤵
- Executes dropped EXE
-
\??\c:\bbbttt.exec:\bbbttt.exe32⤵
- Executes dropped EXE
-
\??\c:\pvpjv.exec:\pvpjv.exe33⤵
- Executes dropped EXE
-
\??\c:\jddpj.exec:\jddpj.exe34⤵
- Executes dropped EXE
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe35⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe36⤵
- Executes dropped EXE
-
\??\c:\bnbtnn.exec:\bnbtnn.exe37⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe38⤵
- Executes dropped EXE
-
\??\c:\9flfxff.exec:\9flfxff.exe39⤵
- Executes dropped EXE
-
\??\c:\lxrllff.exec:\lxrllff.exe40⤵
- Executes dropped EXE
-
\??\c:\nnbtnn.exec:\nnbtnn.exe41⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe42⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe43⤵
- Executes dropped EXE
-
\??\c:\xrllfff.exec:\xrllfff.exe44⤵
- Executes dropped EXE
-
\??\c:\xxrlffx.exec:\xxrlffx.exe45⤵
- Executes dropped EXE
-
\??\c:\bhhhbb.exec:\bhhhbb.exe46⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe47⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe48⤵
- Executes dropped EXE
-
\??\c:\xlfllff.exec:\xlfllff.exe49⤵
- Executes dropped EXE
-
\??\c:\nbhhbt.exec:\nbhhbt.exe50⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe51⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe52⤵
- Executes dropped EXE
-
\??\c:\xllfrrl.exec:\xllfrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\hbhtnn.exec:\hbhtnn.exe54⤵
- Executes dropped EXE
-
\??\c:\dpvpd.exec:\dpvpd.exe55⤵
- Executes dropped EXE
-
\??\c:\1lffrrr.exec:\1lffrrr.exe56⤵
- Executes dropped EXE
-
\??\c:\hhhbhh.exec:\hhhbhh.exe57⤵
- Executes dropped EXE
-
\??\c:\btbhtn.exec:\btbhtn.exe58⤵
- Executes dropped EXE
-
\??\c:\5ddpd.exec:\5ddpd.exe59⤵
- Executes dropped EXE
-
\??\c:\xllxrxr.exec:\xllxrxr.exe60⤵
- Executes dropped EXE
-
\??\c:\bntnth.exec:\bntnth.exe61⤵
- Executes dropped EXE
-
\??\c:\htnbbb.exec:\htnbbb.exe62⤵
- Executes dropped EXE
-
\??\c:\7pjjd.exec:\7pjjd.exe63⤵
- Executes dropped EXE
-
\??\c:\5vdvd.exec:\5vdvd.exe64⤵
- Executes dropped EXE
-
\??\c:\9rrfxxx.exec:\9rrfxxx.exe65⤵
- Executes dropped EXE
-
\??\c:\9rrrlll.exec:\9rrrlll.exe66⤵
-
\??\c:\bhtnnn.exec:\bhtnnn.exe67⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe68⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe69⤵
-
\??\c:\ffffxxx.exec:\ffffxxx.exe70⤵
-
\??\c:\9fxxxll.exec:\9fxxxll.exe71⤵
-
\??\c:\nbbttb.exec:\nbbttb.exe72⤵
-
\??\c:\thbbnn.exec:\thbbnn.exe73⤵
-
\??\c:\jdddd.exec:\jdddd.exe74⤵
-
\??\c:\rfxrllf.exec:\rfxrllf.exe75⤵
-
\??\c:\btthbh.exec:\btthbh.exe76⤵
-
\??\c:\vpppp.exec:\vpppp.exe77⤵
-
\??\c:\ppppj.exec:\ppppj.exe78⤵
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe79⤵
-
\??\c:\3hnhnh.exec:\3hnhnh.exe80⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe81⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe82⤵
-
\??\c:\7ffxxxx.exec:\7ffxxxx.exe83⤵
-
\??\c:\xffrxlr.exec:\xffrxlr.exe84⤵
-
\??\c:\thbtbt.exec:\thbtbt.exe85⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe86⤵
-
\??\c:\dddvp.exec:\dddvp.exe87⤵
-
\??\c:\lrlllrl.exec:\lrlllrl.exe88⤵
-
\??\c:\rlfxlll.exec:\rlfxlll.exe89⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe90⤵
-
\??\c:\jpjjj.exec:\jpjjj.exe91⤵
-
\??\c:\3ddvv.exec:\3ddvv.exe92⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe93⤵
-
\??\c:\9fxrllf.exec:\9fxrllf.exe94⤵
-
\??\c:\3bnhhh.exec:\3bnhhh.exe95⤵
-
\??\c:\1hhbtt.exec:\1hhbtt.exe96⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe97⤵
-
\??\c:\pjppj.exec:\pjppj.exe98⤵
-
\??\c:\xfrfxxr.exec:\xfrfxxr.exe99⤵
-
\??\c:\tbnhhb.exec:\tbnhhb.exe100⤵
-
\??\c:\bbntbt.exec:\bbntbt.exe101⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe102⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe103⤵
-
\??\c:\bhbttt.exec:\bhbttt.exe104⤵
-
\??\c:\bhtnhn.exec:\bhtnhn.exe105⤵
-
\??\c:\dpppj.exec:\dpppj.exe106⤵
-
\??\c:\lllrlfl.exec:\lllrlfl.exe107⤵
-
\??\c:\3flfxxx.exec:\3flfxxx.exe108⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe109⤵
-
\??\c:\thtthh.exec:\thtthh.exe110⤵
-
\??\c:\9pvpj.exec:\9pvpj.exe111⤵
-
\??\c:\rrxrlff.exec:\rrxrlff.exe112⤵
-
\??\c:\ffxrllf.exec:\ffxrllf.exe113⤵
-
\??\c:\3tbttt.exec:\3tbttt.exe114⤵
-
\??\c:\5ddvj.exec:\5ddvj.exe115⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe116⤵
-
\??\c:\frfxrrl.exec:\frfxrrl.exe117⤵
-
\??\c:\hhbtnn.exec:\hhbtnn.exe118⤵
-
\??\c:\tbhhbb.exec:\tbhhbb.exe119⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe120⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-