Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
11/07/2024, 07:03
General
-
Target
e07ef2abb74250afcc7f89e4d6341877254131aa6fd814e8484cadf3afeb021f.exe
-
Size
212KB
-
MD5
c9d58c0685de0cf2bfd234445c7eb2cc
-
SHA1
d8e88c79edf87d0c4a494c1deaeae83dbee71f6d
-
SHA256
e07ef2abb74250afcc7f89e4d6341877254131aa6fd814e8484cadf3afeb021f
-
SHA512
d80c76f78d7e125f9fb0c33bbb056067f789705fa0d9305b9a33f8a4c1676f97a340e94382ddc19f8a87e3596dedfefb265153c06beb853324e5e9e1065e95cd
-
SSDEEP
6144:Hcm4FmowdHoSrXZf8l/ubPzYNLPf4t+lE:V4wFHoSBK/ubLcfS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e07ef2abb74250afcc7f89e4d6341877254131aa6fd814e8484cadf3afeb021f.exe"C:\Users\Admin\AppData\Local\Temp\e07ef2abb74250afcc7f89e4d6341877254131aa6fd814e8484cadf3afeb021f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjpv.exec:\vjjpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflffxf.exec:\xflffxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhntbh.exec:\bhntbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjpv.exec:\jdjpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrxxrl.exec:\lrrxxrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbnbh.exec:\btbnbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddd.exec:\vdddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvd.exec:\pjdvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxxrf.exec:\rxxxxrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhnb.exec:\bbnhnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pdvv.exec:\9pdvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhbtn.exec:\1nhbtn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jddp.exec:\9jddp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbbnt.exec:\9hbbnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntttt.exec:\bntttt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxxx.exec:\rllfxxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnnb.exec:\nbtnnb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlxff.exec:\rfrlxff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrrlfl.exec:\lxrrlfl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpvd.exec:\jjpvd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrflxx.exec:\rlrflxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhnnh.exec:\nhhnnh.exe23⤵
- Executes dropped EXE
-
\??\c:\lfffxrl.exec:\lfffxrl.exe24⤵
- Executes dropped EXE
-
\??\c:\tnhhbh.exec:\tnhhbh.exe25⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe26⤵
- Executes dropped EXE
-
\??\c:\jjvvv.exec:\jjvvv.exe27⤵
- Executes dropped EXE
-
\??\c:\xlllrrx.exec:\xlllrrx.exe28⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe29⤵
- Executes dropped EXE
-
\??\c:\rxrxxxr.exec:\rxrxxxr.exe30⤵
- Executes dropped EXE
-
\??\c:\rffxrll.exec:\rffxrll.exe31⤵
- Executes dropped EXE
-
\??\c:\ntbnbn.exec:\ntbnbn.exe32⤵
- Executes dropped EXE
-
\??\c:\dpjpp.exec:\dpjpp.exe33⤵
- Executes dropped EXE
-
\??\c:\rxfxxxr.exec:\rxfxxxr.exe34⤵
- Executes dropped EXE
-
\??\c:\9nnhbt.exec:\9nnhbt.exe35⤵
- Executes dropped EXE
-
\??\c:\ddjpp.exec:\ddjpp.exe36⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe37⤵
- Executes dropped EXE
-
\??\c:\hnbhtb.exec:\hnbhtb.exe38⤵
- Executes dropped EXE
-
\??\c:\vjdvd.exec:\vjdvd.exe39⤵
- Executes dropped EXE
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe40⤵
- Executes dropped EXE
-
\??\c:\vjvpd.exec:\vjvpd.exe41⤵
- Executes dropped EXE
-
\??\c:\ffxlxff.exec:\ffxlxff.exe42⤵
- Executes dropped EXE
-
\??\c:\tnbttt.exec:\tnbttt.exe43⤵
- Executes dropped EXE
-
\??\c:\rlrrfff.exec:\rlrrfff.exe44⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe45⤵
- Executes dropped EXE
-
\??\c:\rrxlxff.exec:\rrxlxff.exe46⤵
- Executes dropped EXE
-
\??\c:\hbhhhn.exec:\hbhhhn.exe47⤵
- Executes dropped EXE
-
\??\c:\ddvjp.exec:\ddvjp.exe48⤵
- Executes dropped EXE
-
\??\c:\djvpj.exec:\djvpj.exe49⤵
- Executes dropped EXE
-
\??\c:\lrxrlff.exec:\lrxrlff.exe50⤵
- Executes dropped EXE
-
\??\c:\hbhttb.exec:\hbhttb.exe51⤵
- Executes dropped EXE
-
\??\c:\vjjvp.exec:\vjjvp.exe52⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe53⤵
- Executes dropped EXE
-
\??\c:\3fxrffr.exec:\3fxrffr.exe54⤵
- Executes dropped EXE
-
\??\c:\ttnhhn.exec:\ttnhhn.exe55⤵
- Executes dropped EXE
-
\??\c:\btbntn.exec:\btbntn.exe56⤵
- Executes dropped EXE
-
\??\c:\xlxxfxl.exec:\xlxxfxl.exe57⤵
- Executes dropped EXE
-
\??\c:\xflrlll.exec:\xflrlll.exe58⤵
- Executes dropped EXE
-
\??\c:\3btntt.exec:\3btntt.exe59⤵
- Executes dropped EXE
-
\??\c:\jjdvj.exec:\jjdvj.exe60⤵
- Executes dropped EXE
-
\??\c:\pvpjd.exec:\pvpjd.exe61⤵
- Executes dropped EXE
-
\??\c:\fffxxfx.exec:\fffxxfx.exe62⤵
- Executes dropped EXE
-
\??\c:\hthbtt.exec:\hthbtt.exe63⤵
- Executes dropped EXE
-
\??\c:\jvdjd.exec:\jvdjd.exe64⤵
- Executes dropped EXE
-
\??\c:\lfxxrxx.exec:\lfxxrxx.exe65⤵
- Executes dropped EXE
-
\??\c:\tnbbnn.exec:\tnbbnn.exe66⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe67⤵
-
\??\c:\jdppv.exec:\jdppv.exe68⤵
-
\??\c:\fffxrll.exec:\fffxrll.exe69⤵
-
\??\c:\thhbtn.exec:\thhbtn.exe70⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe71⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe72⤵
-
\??\c:\9rfxxxr.exec:\9rfxxxr.exe73⤵
-
\??\c:\htnnhb.exec:\htnnhb.exe74⤵
-
\??\c:\bnbbnh.exec:\bnbbnh.exe75⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe76⤵
-
\??\c:\lfrlxlf.exec:\lfrlxlf.exe77⤵
-
\??\c:\dddvj.exec:\dddvj.exe78⤵
-
\??\c:\5rxrrrl.exec:\5rxrrrl.exe79⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe80⤵
-
\??\c:\thbnth.exec:\thbnth.exe81⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe82⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe83⤵
-
\??\c:\rlxxffx.exec:\rlxxffx.exe84⤵
-
\??\c:\nhthbb.exec:\nhthbb.exe85⤵
-
\??\c:\vppvv.exec:\vppvv.exe86⤵
-
\??\c:\lrxxrll.exec:\lrxxrll.exe87⤵
-
\??\c:\rxrrxxl.exec:\rxrrxxl.exe88⤵
-
\??\c:\1nnnnn.exec:\1nnnnn.exe89⤵
-
\??\c:\ppdpp.exec:\ppdpp.exe90⤵
-
\??\c:\vppjv.exec:\vppjv.exe91⤵
-
\??\c:\rxxxllf.exec:\rxxxllf.exe92⤵
-
\??\c:\llrfxlf.exec:\llrfxlf.exe93⤵
-
\??\c:\tnnntt.exec:\tnnntt.exe94⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe95⤵
-
\??\c:\rxfllxr.exec:\rxfllxr.exe96⤵
-
\??\c:\lffxrxr.exec:\lffxrxr.exe97⤵
-
\??\c:\bhhnnt.exec:\bhhnnt.exe98⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe99⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe100⤵
-
\??\c:\frllxxx.exec:\frllxxx.exe101⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe102⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe103⤵
-
\??\c:\jpjdp.exec:\jpjdp.exe104⤵
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe105⤵
-
\??\c:\bhnhhb.exec:\bhnhhb.exe106⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe107⤵
-
\??\c:\lxxfllf.exec:\lxxfllf.exe108⤵
-
\??\c:\bhtttb.exec:\bhtttb.exe109⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe110⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe111⤵
-
\??\c:\xrlfxxx.exec:\xrlfxxx.exe112⤵
-
\??\c:\7hnnbh.exec:\7hnnbh.exe113⤵
-
\??\c:\7pjjv.exec:\7pjjv.exe114⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe115⤵
-
\??\c:\5lfxlll.exec:\5lfxlll.exe116⤵
-
\??\c:\bhttbh.exec:\bhttbh.exe117⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe118⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe119⤵
-
\??\c:\rxlrxfr.exec:\rxlrxfr.exe120⤵
-
\??\c:\lxlffxr.exec:\lxlffxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-