Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
09/07/2024, 04:02
General
-
Target
296e5dd8e88e5755ef56d38c72b77a50N.exe
-
Size
75KB
-
MD5
296e5dd8e88e5755ef56d38c72b77a50
-
SHA1
3b6047ef632279b191ef13c9875c195e29271575
-
SHA256
89af54504034535d5de80f28b00522b96ba18fa7b20d2d63626f835f334de5b0
-
SHA512
a638d922c9656485708a1cf371c801cba896c6eb3be0c28547209ef9899fc7b3c3948be1dad1c9bbc906f538dbf4d745eaefa2691fac16b5d8e6f6c52535fce1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfv7+afCD+QsQbKQPEU:ymb3NkkiQ3mdBjFIfvTfCD+HlQcU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\296e5dd8e88e5755ef56d38c72b77a50N.exe"C:\Users\Admin\AppData\Local\Temp\296e5dd8e88e5755ef56d38c72b77a50N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxlrrr.exec:\xfxlrrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbhn.exec:\bbbbhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvj.exec:\jvvvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrlrr.exec:\xlxrlrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpv.exec:\jvdpv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxffxr.exec:\rlxffxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvd.exec:\pppvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxffr.exec:\fxlxffr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnttt.exec:\btnttt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvvd.exec:\1vvvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnhn.exec:\nbnnhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhnbb.exec:\bhhnbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrfrx.exec:\fffrfrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddj.exec:\dpddj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxfflf.exec:\1rxfflf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnntnt.exec:\nnntnt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbhht.exec:\7tbhht.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxlxx.exec:\rxfxlxx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbnnt.exec:\nbbnnt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxlffr.exec:\rxxlffr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfxrr.exec:\fxrfxrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddd.exec:\ppddd.exe23⤵
- Executes dropped EXE
-
\??\c:\jjjpp.exec:\jjjpp.exe24⤵
- Executes dropped EXE
-
\??\c:\flxrfrf.exec:\flxrfrf.exe25⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe26⤵
- Executes dropped EXE
-
\??\c:\pvdpj.exec:\pvdpj.exe27⤵
- Executes dropped EXE
-
\??\c:\9rrxxxx.exec:\9rrxxxx.exe28⤵
- Executes dropped EXE
-
\??\c:\tnttth.exec:\tnttth.exe29⤵
- Executes dropped EXE
-
\??\c:\7vjjd.exec:\7vjjd.exe30⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe31⤵
- Executes dropped EXE
-
\??\c:\fxxxffl.exec:\fxxxffl.exe32⤵
- Executes dropped EXE
-
\??\c:\9bnnnt.exec:\9bnnnt.exe33⤵
- Executes dropped EXE
-
\??\c:\pvpdp.exec:\pvpdp.exe34⤵
- Executes dropped EXE
-
\??\c:\fxffxxx.exec:\fxffxxx.exe35⤵
- Executes dropped EXE
-
\??\c:\hnhbbn.exec:\hnhbbn.exe36⤵
- Executes dropped EXE
-
\??\c:\ttnhhn.exec:\ttnhhn.exe37⤵
- Executes dropped EXE
-
\??\c:\vdjpp.exec:\vdjpp.exe38⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe39⤵
- Executes dropped EXE
-
\??\c:\lxlllll.exec:\lxlllll.exe40⤵
- Executes dropped EXE
-
\??\c:\nbhnnt.exec:\nbhnnt.exe41⤵
- Executes dropped EXE
-
\??\c:\djvvv.exec:\djvvv.exe42⤵
- Executes dropped EXE
-
\??\c:\ddvvv.exec:\ddvvv.exe43⤵
- Executes dropped EXE
-
\??\c:\xflfxxx.exec:\xflfxxx.exe44⤵
- Executes dropped EXE
-
\??\c:\ntbhbb.exec:\ntbhbb.exe45⤵
- Executes dropped EXE
-
\??\c:\bhhbnn.exec:\bhhbnn.exe46⤵
- Executes dropped EXE
-
\??\c:\3ppjd.exec:\3ppjd.exe47⤵
- Executes dropped EXE
-
\??\c:\flfllxl.exec:\flfllxl.exe48⤵
- Executes dropped EXE
-
\??\c:\hbhthb.exec:\hbhthb.exe49⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe50⤵
- Executes dropped EXE
-
\??\c:\rrlfrxr.exec:\rrlfrxr.exe51⤵
- Executes dropped EXE
-
\??\c:\hhthnt.exec:\hhthnt.exe52⤵
- Executes dropped EXE
-
\??\c:\djpdp.exec:\djpdp.exe53⤵
- Executes dropped EXE
-
\??\c:\rfflxff.exec:\rfflxff.exe54⤵
- Executes dropped EXE
-
\??\c:\hbbhtn.exec:\hbbhtn.exe55⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe56⤵
- Executes dropped EXE
-
\??\c:\ffflllr.exec:\ffflllr.exe57⤵
- Executes dropped EXE
-
\??\c:\rflfrxx.exec:\rflfrxx.exe58⤵
- Executes dropped EXE
-
\??\c:\bbthbt.exec:\bbthbt.exe59⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe60⤵
- Executes dropped EXE
-
\??\c:\rlffffx.exec:\rlffffx.exe61⤵
- Executes dropped EXE
-
\??\c:\9ttttb.exec:\9ttttb.exe62⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe63⤵
- Executes dropped EXE
-
\??\c:\frxxrxx.exec:\frxxrxx.exe64⤵
- Executes dropped EXE
-
\??\c:\rxllrrx.exec:\rxllrrx.exe65⤵
- Executes dropped EXE
-
\??\c:\hhttbh.exec:\hhttbh.exe66⤵
-
\??\c:\vpddd.exec:\vpddd.exe67⤵
-
\??\c:\rrfxlfl.exec:\rrfxlfl.exe68⤵
-
\??\c:\tntthb.exec:\tntthb.exe69⤵
-
\??\c:\jddpd.exec:\jddpd.exe70⤵
-
\??\c:\frxrfxf.exec:\frxrfxf.exe71⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe72⤵
-
\??\c:\9vvvp.exec:\9vvvp.exe73⤵
-
\??\c:\xrfxrxx.exec:\xrfxrxx.exe74⤵
-
\??\c:\xfllfrr.exec:\xfllfrr.exe75⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe76⤵
-
\??\c:\ppppd.exec:\ppppd.exe77⤵
-
\??\c:\lfxxxrr.exec:\lfxxxrr.exe78⤵
-
\??\c:\bhbbtn.exec:\bhbbtn.exe79⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe80⤵
-
\??\c:\xxfllfr.exec:\xxfllfr.exe81⤵
-
\??\c:\lfrrfxl.exec:\lfrrfxl.exe82⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe83⤵
-
\??\c:\5fffrxl.exec:\5fffrxl.exe84⤵
-
\??\c:\nnhbhb.exec:\nnhbhb.exe85⤵
-
\??\c:\vpppp.exec:\vpppp.exe86⤵
-
\??\c:\rfxrlfx.exec:\rfxrlfx.exe87⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe88⤵
-
\??\c:\bnbthh.exec:\bnbthh.exe89⤵
-
\??\c:\vjjpj.exec:\vjjpj.exe90⤵
-
\??\c:\fffxxxx.exec:\fffxxxx.exe91⤵
-
\??\c:\htttnn.exec:\htttnn.exe92⤵
-
\??\c:\5nnthh.exec:\5nnthh.exe93⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe94⤵
-
\??\c:\lrrxlrx.exec:\lrrxlrx.exe95⤵
-
\??\c:\thhbbt.exec:\thhbbt.exe96⤵
-
\??\c:\jdddd.exec:\jdddd.exe97⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe98⤵
-
\??\c:\rrfrfxl.exec:\rrfrfxl.exe99⤵
-
\??\c:\hnntnb.exec:\hnntnb.exe100⤵
-
\??\c:\pvvvj.exec:\pvvvj.exe101⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe102⤵
-
\??\c:\5rxrfxl.exec:\5rxrfxl.exe103⤵
-
\??\c:\ntbnhh.exec:\ntbnhh.exe104⤵
-
\??\c:\bbbhbh.exec:\bbbhbh.exe105⤵
-
\??\c:\3jjvj.exec:\3jjvj.exe106⤵
-
\??\c:\lffxxff.exec:\lffxxff.exe107⤵
-
\??\c:\hnhtht.exec:\hnhtht.exe108⤵
-
\??\c:\htbntt.exec:\htbntt.exe109⤵
-
\??\c:\5jpjd.exec:\5jpjd.exe110⤵
-
\??\c:\fxlrffx.exec:\fxlrffx.exe111⤵
-
\??\c:\5frfflx.exec:\5frfflx.exe112⤵
-
\??\c:\thhhth.exec:\thhhth.exe113⤵
-
\??\c:\bbbnbt.exec:\bbbnbt.exe114⤵
-
\??\c:\ppvjv.exec:\ppvjv.exe115⤵
-
\??\c:\lxlrxrx.exec:\lxlrxrx.exe116⤵
-
\??\c:\xlxxrlx.exec:\xlxxrlx.exe117⤵
-
\??\c:\btbbbt.exec:\btbbbt.exe118⤵
-
\??\c:\1djjv.exec:\1djjv.exe119⤵
-
\??\c:\nhnnbh.exec:\nhnnbh.exe120⤵
-
\??\c:\tbtthn.exec:\tbtthn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-