Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
26s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
08/07/2024, 01:50
General
-
Target
9c623463facf38a35de1f7df408b1641aedbe1b56eba9c8961a5e6e46800eeb6.exe
-
Size
79KB
-
MD5
7d87a62d19ce90beedb3aa8cf667c2d6
-
SHA1
6230dafb93abbe384cf8dc012478260266ab1b5d
-
SHA256
9c623463facf38a35de1f7df408b1641aedbe1b56eba9c8961a5e6e46800eeb6
-
SHA512
44881a229163b7d5352c581b84d3a4d4700d35ddd9344dc4863c88b5272ab5b150ad63ee8124b7664102f1fcded791e050c1104ea93cb584dec79cf3d9df7b56
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrAr:ymb3NkkiQ3mdBjFIIp9L9QrrAr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c623463facf38a35de1f7df408b1641aedbe1b56eba9c8961a5e6e46800eeb6.exe"C:\Users\Admin\AppData\Local\Temp\9c623463facf38a35de1f7df408b1641aedbe1b56eba9c8961a5e6e46800eeb6.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvj.exec:\dpjvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbbh.exec:\htbbbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppj.exec:\jpppj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjvd.exec:\jpjvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnnh.exec:\thnnnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpdv.exec:\pvpdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllllll.exec:\rllllll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththtb.exec:\ththtb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntthn.exec:\tntthn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httbbt.exec:\httbbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfxlff.exec:\flfxlff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjdv.exec:\5jjdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdd.exec:\vvjdd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrfrxf.exec:\lxrfrxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvp.exec:\dvdvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ffxllx.exec:\3ffxllx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbttn.exec:\nhbttn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvdv.exec:\ppvdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrrxr.exec:\flrrrxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnhbt.exec:\ntnhbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpjv.exec:\pvpjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlrxl.exec:\rrrlrxl.exe23⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe24⤵
- Executes dropped EXE
-
\??\c:\djjpd.exec:\djjpd.exe25⤵
- Executes dropped EXE
-
\??\c:\ttbtnb.exec:\ttbtnb.exe26⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe27⤵
- Executes dropped EXE
-
\??\c:\xxxlfxx.exec:\xxxlfxx.exe28⤵
- Executes dropped EXE
-
\??\c:\bhbbbh.exec:\bhbbbh.exe29⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe30⤵
- Executes dropped EXE
-
\??\c:\rlfxlxr.exec:\rlfxlxr.exe31⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe32⤵
- Executes dropped EXE
-
\??\c:\rxlllrx.exec:\rxlllrx.exe33⤵
- Executes dropped EXE
-
\??\c:\hnthbb.exec:\hnthbb.exe34⤵
- Executes dropped EXE
-
\??\c:\pvpvd.exec:\pvpvd.exe35⤵
- Executes dropped EXE
-
\??\c:\lrxrfrx.exec:\lrxrfrx.exe36⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe37⤵
- Executes dropped EXE
-
\??\c:\rffrxfr.exec:\rffrxfr.exe38⤵
- Executes dropped EXE
-
\??\c:\bbnhbh.exec:\bbnhbh.exe39⤵
- Executes dropped EXE
-
\??\c:\htnhhb.exec:\htnhhb.exe40⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe41⤵
- Executes dropped EXE
-
\??\c:\fllffff.exec:\fllffff.exe42⤵
- Executes dropped EXE
-
\??\c:\nnnhbh.exec:\nnnhbh.exe43⤵
- Executes dropped EXE
-
\??\c:\ddpdp.exec:\ddpdp.exe44⤵
- Executes dropped EXE
-
\??\c:\lfffflf.exec:\lfffflf.exe45⤵
- Executes dropped EXE
-
\??\c:\lrxflxx.exec:\lrxflxx.exe46⤵
- Executes dropped EXE
-
\??\c:\bhhbth.exec:\bhhbth.exe47⤵
- Executes dropped EXE
-
\??\c:\dpvjd.exec:\dpvjd.exe48⤵
- Executes dropped EXE
-
\??\c:\xlfrflx.exec:\xlfrflx.exe49⤵
- Executes dropped EXE
-
\??\c:\1ttbbh.exec:\1ttbbh.exe50⤵
- Executes dropped EXE
-
\??\c:\pdvdp.exec:\pdvdp.exe51⤵
- Executes dropped EXE
-
\??\c:\nbntnt.exec:\nbntnt.exe52⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe53⤵
- Executes dropped EXE
-
\??\c:\ppppd.exec:\ppppd.exe54⤵
- Executes dropped EXE
-
\??\c:\rxffxrx.exec:\rxffxrx.exe55⤵
- Executes dropped EXE
-
\??\c:\bhnnbn.exec:\bhnnbn.exe56⤵
- Executes dropped EXE
-
\??\c:\vjdvv.exec:\vjdvv.exe57⤵
- Executes dropped EXE
-
\??\c:\fxfxrxx.exec:\fxfxrxx.exe58⤵
- Executes dropped EXE
-
\??\c:\nhtbnb.exec:\nhtbnb.exe59⤵
- Executes dropped EXE
-
\??\c:\pddpd.exec:\pddpd.exe60⤵
- Executes dropped EXE
-
\??\c:\rlflxrl.exec:\rlflxrl.exe61⤵
- Executes dropped EXE
-
\??\c:\nhtthh.exec:\nhtthh.exe62⤵
- Executes dropped EXE
-
\??\c:\jjjjd.exec:\jjjjd.exe63⤵
-
\??\c:\lflrxlf.exec:\lflrxlf.exe64⤵
- Executes dropped EXE
-
\??\c:\lrfxffr.exec:\lrfxffr.exe65⤵
- Executes dropped EXE
-
\??\c:\tthhhb.exec:\tthhhb.exe66⤵
- Executes dropped EXE
-
\??\c:\pdppj.exec:\pdppj.exe67⤵
-
\??\c:\lrrflrl.exec:\lrrflrl.exe68⤵
-
\??\c:\fflfxll.exec:\fflfxll.exe69⤵
-
\??\c:\hthbhn.exec:\hthbhn.exe70⤵
-
\??\c:\dvppp.exec:\dvppp.exe71⤵
-
\??\c:\xlxlllf.exec:\xlxlllf.exe72⤵
-
\??\c:\3lrxllr.exec:\3lrxllr.exe73⤵
-
\??\c:\ntbttb.exec:\ntbttb.exe74⤵
-
\??\c:\jpjpv.exec:\jpjpv.exe75⤵
-
\??\c:\xllffrx.exec:\xllffrx.exe76⤵
-
\??\c:\bbnnhn.exec:\bbnnhn.exe77⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe78⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe79⤵
-
\??\c:\lfrxlxl.exec:\lfrxlxl.exe80⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe81⤵
-
\??\c:\tbthbt.exec:\tbthbt.exe82⤵
-
\??\c:\jpvjd.exec:\jpvjd.exe83⤵
-
\??\c:\lfxrxrf.exec:\lfxrxrf.exe84⤵
-
\??\c:\hhhnht.exec:\hhhnht.exe85⤵
-
\??\c:\pvjpp.exec:\pvjpp.exe86⤵
-
\??\c:\lrfffff.exec:\lrfffff.exe87⤵
-
\??\c:\ntnttb.exec:\ntnttb.exe88⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe89⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe90⤵
-
\??\c:\xlffxxr.exec:\xlffxxr.exe91⤵
-
\??\c:\nbtnbb.exec:\nbtnbb.exe92⤵
-
\??\c:\pvppd.exec:\pvppd.exe93⤵
-
\??\c:\rlrlflx.exec:\rlrlflx.exe94⤵
-
\??\c:\nnnntn.exec:\nnnntn.exe95⤵
-
\??\c:\9tbtnh.exec:\9tbtnh.exe96⤵
-
\??\c:\dpjvp.exec:\dpjvp.exe97⤵
-
\??\c:\xxlxrrl.exec:\xxlxrrl.exe98⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe99⤵
-
\??\c:\ntbnhb.exec:\ntbnhb.exe100⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe101⤵
-
\??\c:\rxrxxxr.exec:\rxrxxxr.exe102⤵
-
\??\c:\thbnhh.exec:\thbnhh.exe103⤵
-
\??\c:\nhtthb.exec:\nhtthb.exe104⤵
-
\??\c:\pvpdv.exec:\pvpdv.exe105⤵
-
\??\c:\lrlxfxx.exec:\lrlxfxx.exe106⤵
-
\??\c:\bhnnhn.exec:\bhnnhn.exe107⤵
-
\??\c:\pppdj.exec:\pppdj.exe108⤵
-
\??\c:\rfrrfff.exec:\rfrrfff.exe109⤵
-
\??\c:\hhnntb.exec:\hhnntb.exe110⤵
-
\??\c:\nnbhbh.exec:\nnbhbh.exe111⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe112⤵
-
\??\c:\lfrlxxl.exec:\lfrlxxl.exe113⤵
-
\??\c:\ntbbbt.exec:\ntbbbt.exe114⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe115⤵
-
\??\c:\frrrrxx.exec:\frrrrxx.exe116⤵
-
\??\c:\thnhnh.exec:\thnhnh.exe117⤵
-
\??\c:\vjddv.exec:\vjddv.exe118⤵
-
\??\c:\btthnb.exec:\btthnb.exe119⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe120⤵
-
\??\c:\rffxlrr.exec:\rffxlrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-