Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
08/07/2024, 06:42
General
-
Target
faa6d7023c135572ba5bac85c8ee129e77b426baa651f4aeae6eea41a9b8514a.exe
-
Size
89KB
-
MD5
15e900e05a567435cb68c2f24fa004f6
-
SHA1
38d141f353f54d3f4d43b118e835540b8907db19
-
SHA256
faa6d7023c135572ba5bac85c8ee129e77b426baa651f4aeae6eea41a9b8514a
-
SHA512
001d3435efe3461b3054cdbde46e040afb14c73ee33cdd58ac416d71e397831c45eb5295ac54c7be02c40fdb5d157c5c2e6a9c12a5595f93db0681c4b5808dad
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2iJvRirE0DmmdL2jqWkBk:ymb3NkkiQ3mdBjF+3TU2iBRioSumWS1S
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\faa6d7023c135572ba5bac85c8ee129e77b426baa651f4aeae6eea41a9b8514a.exe"C:\Users\Admin\AppData\Local\Temp\faa6d7023c135572ba5bac85c8ee129e77b426baa651f4aeae6eea41a9b8514a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppd.exec:\vdppd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddd.exec:\pdddd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjd.exec:\dvpjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlxrl.exec:\lfxlxrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddpj.exec:\dddpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjj.exec:\vpjjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlflx.exec:\xrrlflx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbtnn.exec:\hhbtnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhbb.exec:\nbnhbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhbt.exec:\nnbhbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvj.exec:\vjjvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvdj.exec:\vvvdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppd.exec:\jpppd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppdp.exec:\pppdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxrrx.exec:\lfrxrrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllllr.exec:\rlllllr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxfxlx.exec:\llxfxlx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntntb.exec:\tntntb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthhb.exec:\hhthhb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbnnt.exec:\nnbnnt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlffr.exec:\lrrlffr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrffxl.exec:\frrffxl.exe23⤵
- Executes dropped EXE
-
\??\c:\llfxlfl.exec:\llfxlfl.exe24⤵
- Executes dropped EXE
-
\??\c:\fxrfrfx.exec:\fxrfrfx.exe25⤵
- Executes dropped EXE
-
\??\c:\ffrxrrr.exec:\ffrxrrr.exe26⤵
- Executes dropped EXE
-
\??\c:\frxrllr.exec:\frxrllr.exe27⤵
- Executes dropped EXE
-
\??\c:\nbnnht.exec:\nbnnht.exe28⤵
- Executes dropped EXE
-
\??\c:\3pvvj.exec:\3pvvj.exe29⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe30⤵
- Executes dropped EXE
-
\??\c:\nntbht.exec:\nntbht.exe31⤵
- Executes dropped EXE
-
\??\c:\xffflxx.exec:\xffflxx.exe32⤵
- Executes dropped EXE
-
\??\c:\llffxrf.exec:\llffxrf.exe33⤵
- Executes dropped EXE
-
\??\c:\tnnbtt.exec:\tnnbtt.exe34⤵
- Executes dropped EXE
-
\??\c:\lfrfrfl.exec:\lfrfrfl.exe35⤵
- Executes dropped EXE
-
\??\c:\bhbbht.exec:\bhbbht.exe36⤵
- Executes dropped EXE
-
\??\c:\xflrlfl.exec:\xflrlfl.exe37⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe38⤵
- Executes dropped EXE
-
\??\c:\rlllxlr.exec:\rlllxlr.exe39⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe40⤵
- Executes dropped EXE
-
\??\c:\hbbnbt.exec:\hbbnbt.exe41⤵
- Executes dropped EXE
-
\??\c:\flrfffr.exec:\flrfffr.exe42⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe43⤵
- Executes dropped EXE
-
\??\c:\jvpjv.exec:\jvpjv.exe44⤵
- Executes dropped EXE
-
\??\c:\xxrrrxx.exec:\xxrrrxx.exe45⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe46⤵
- Executes dropped EXE
-
\??\c:\djdpd.exec:\djdpd.exe47⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe48⤵
- Executes dropped EXE
-
\??\c:\pvvvd.exec:\pvvvd.exe49⤵
- Executes dropped EXE
-
\??\c:\tttnnh.exec:\tttnnh.exe50⤵
- Executes dropped EXE
-
\??\c:\lfffflf.exec:\lfffflf.exe51⤵
- Executes dropped EXE
-
\??\c:\ntbbhb.exec:\ntbbhb.exe52⤵
- Executes dropped EXE
-
\??\c:\rfrlrrx.exec:\rfrlrrx.exe53⤵
- Executes dropped EXE
-
\??\c:\nhhnhh.exec:\nhhnhh.exe54⤵
- Executes dropped EXE
-
\??\c:\xffxfxl.exec:\xffxfxl.exe55⤵
- Executes dropped EXE
-
\??\c:\btbbtb.exec:\btbbtb.exe56⤵
- Executes dropped EXE
-
\??\c:\xlrrxxl.exec:\xlrrxxl.exe57⤵
- Executes dropped EXE
-
\??\c:\vjdjd.exec:\vjdjd.exe58⤵
- Executes dropped EXE
-
\??\c:\bhnttt.exec:\bhnttt.exe59⤵
- Executes dropped EXE
-
\??\c:\rrffflf.exec:\rrffflf.exe60⤵
- Executes dropped EXE
-
\??\c:\nhhtth.exec:\nhhtth.exe61⤵
- Executes dropped EXE
-
\??\c:\pjdpp.exec:\pjdpp.exe62⤵
- Executes dropped EXE
-
\??\c:\thtntt.exec:\thtntt.exe63⤵
- Executes dropped EXE
-
\??\c:\xlfffxx.exec:\xlfffxx.exe64⤵
- Executes dropped EXE
-
\??\c:\flxlfrx.exec:\flxlfrx.exe65⤵
- Executes dropped EXE
-
\??\c:\ffrlxrx.exec:\ffrlxrx.exe66⤵
-
\??\c:\bhntnt.exec:\bhntnt.exe67⤵
-
\??\c:\rllfxfr.exec:\rllfxfr.exe68⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe69⤵
-
\??\c:\bhnbtn.exec:\bhnbtn.exe70⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe71⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe72⤵
-
\??\c:\llfrlfx.exec:\llfrlfx.exe73⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe74⤵
-
\??\c:\nhtnnt.exec:\nhtnnt.exe75⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe76⤵
-
\??\c:\tbbbnh.exec:\tbbbnh.exe77⤵
-
\??\c:\llxllxr.exec:\llxllxr.exe78⤵
-
\??\c:\btthbb.exec:\btthbb.exe79⤵
-
\??\c:\lrllfrl.exec:\lrllfrl.exe80⤵
-
\??\c:\jpdjj.exec:\jpdjj.exe81⤵
-
\??\c:\rfrxrfr.exec:\rfrxrfr.exe82⤵
-
\??\c:\djvjd.exec:\djvjd.exe83⤵
-
\??\c:\nhbnth.exec:\nhbnth.exe84⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe85⤵
-
\??\c:\vjjpp.exec:\vjjpp.exe86⤵
-
\??\c:\tnhnnt.exec:\tnhnnt.exe87⤵
-
\??\c:\3xfllll.exec:\3xfllll.exe88⤵
-
\??\c:\bhhbnt.exec:\bhhbnt.exe89⤵
-
\??\c:\lfxflxf.exec:\lfxflxf.exe90⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe91⤵
-
\??\c:\bhbtht.exec:\bhbtht.exe92⤵
-
\??\c:\1rlfflx.exec:\1rlfflx.exe93⤵
-
\??\c:\xrxfrfx.exec:\xrxfrfx.exe94⤵
-
\??\c:\djjdv.exec:\djjdv.exe95⤵
-
\??\c:\hhbntt.exec:\hhbntt.exe96⤵
-
\??\c:\lxxfxrl.exec:\lxxfxrl.exe97⤵
-
\??\c:\jvppj.exec:\jvppj.exe98⤵
-
\??\c:\nbbtth.exec:\nbbtth.exe99⤵
-
\??\c:\lxfffrr.exec:\lxfffrr.exe100⤵
-
\??\c:\vdddd.exec:\vdddd.exe101⤵
-
\??\c:\bhtnhb.exec:\bhtnhb.exe102⤵
-
\??\c:\xffrrrl.exec:\xffrrrl.exe103⤵
-
\??\c:\bhthtt.exec:\bhthtt.exe104⤵
-
\??\c:\ffxlxrf.exec:\ffxlxrf.exe105⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe106⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe107⤵
-
\??\c:\bthttt.exec:\bthttt.exe108⤵
-
\??\c:\rlffrrr.exec:\rlffrrr.exe109⤵
-
\??\c:\pvddd.exec:\pvddd.exe110⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe111⤵
-
\??\c:\tbbbbb.exec:\tbbbbb.exe112⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe113⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe114⤵
-
\??\c:\xffrxxf.exec:\xffrxxf.exe115⤵
-
\??\c:\xlffxxl.exec:\xlffxxl.exe116⤵
-
\??\c:\bhhthn.exec:\bhhthn.exe117⤵
-
\??\c:\lfxrfxr.exec:\lfxrfxr.exe118⤵
-
\??\c:\9nbbbb.exec:\9nbbbb.exe119⤵
-
\??\c:\rxxfffr.exec:\rxxfffr.exe120⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-