Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
15/07/2024, 09:50
General
-
Target
f03fd34d1fc39c7bd3151b7ec4b9cd492b531bde795d51c83e4fa41907149ef8.exe
-
Size
65KB
-
MD5
bd8cb5de0ddc084e29de443333e49440
-
SHA1
5bc2f2b6e573e75b87748f58d6fb8f9befcae7f5
-
SHA256
f03fd34d1fc39c7bd3151b7ec4b9cd492b531bde795d51c83e4fa41907149ef8
-
SHA512
d51c4cfcfd9ac533cac3431bb56d948e2972a5631a1665f54adf92870fc9febd26f3ed69f2f6985d301bb97c522323061e0ddcfd284d462b9fb38d4398970077
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJULh1214ar:ymb3NkkiQ3mdBjFIFdJmdar
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f03fd34d1fc39c7bd3151b7ec4b9cd492b531bde795d51c83e4fa41907149ef8.exe"C:\Users\Admin\AppData\Local\Temp\f03fd34d1fc39c7bd3151b7ec4b9cd492b531bde795d51c83e4fa41907149ef8.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjp.exec:\jppjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjj.exec:\jjjjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxrlx.exec:\xffxrlx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnthbb.exec:\hnthbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpvv.exec:\jvpvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhntbt.exec:\bhntbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpvj.exec:\pvpvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxrfl.exec:\rrlxrfl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjj.exec:\pdjjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrrxx.exec:\xxxrrxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbhhh.exec:\ttbhhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvv.exec:\vpdvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxxlrr.exec:\7lxxlrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thhhn.exec:\3thhhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdd.exec:\vpvdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffffxxx.exec:\ffffxxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbbb.exec:\nbbbbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppj.exec:\ddppj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllflf.exec:\rfllflf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnnnh.exec:\ntnnnh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddd.exec:\vdddd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppp.exec:\ddppp.exe23⤵
- Executes dropped EXE
-
\??\c:\lrflrxl.exec:\lrflrxl.exe24⤵
- Executes dropped EXE
-
\??\c:\nbhhbh.exec:\nbhhbh.exe25⤵
- Executes dropped EXE
-
\??\c:\ddvpp.exec:\ddvpp.exe26⤵
- Executes dropped EXE
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe27⤵
- Executes dropped EXE
-
\??\c:\bthnnt.exec:\bthnnt.exe28⤵
- Executes dropped EXE
-
\??\c:\dvjvv.exec:\dvjvv.exe29⤵
- Executes dropped EXE
-
\??\c:\fflllxr.exec:\fflllxr.exe30⤵
- Executes dropped EXE
-
\??\c:\thhntn.exec:\thhntn.exe31⤵
- Executes dropped EXE
-
\??\c:\vvjdp.exec:\vvjdp.exe32⤵
- Executes dropped EXE
-
\??\c:\hbhhhn.exec:\hbhhhn.exe33⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe34⤵
- Executes dropped EXE
-
\??\c:\7xllflr.exec:\7xllflr.exe35⤵
- Executes dropped EXE
-
\??\c:\9hbbtn.exec:\9hbbtn.exe36⤵
- Executes dropped EXE
-
\??\c:\jvjvv.exec:\jvjvv.exe37⤵
- Executes dropped EXE
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe38⤵
- Executes dropped EXE
-
\??\c:\9hhhtt.exec:\9hhhtt.exe39⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe40⤵
- Executes dropped EXE
-
\??\c:\xrxrllr.exec:\xrxrllr.exe41⤵
- Executes dropped EXE
-
\??\c:\ffflllr.exec:\ffflllr.exe42⤵
- Executes dropped EXE
-
\??\c:\1htnhb.exec:\1htnhb.exe43⤵
- Executes dropped EXE
-
\??\c:\jpvdd.exec:\jpvdd.exe44⤵
- Executes dropped EXE
-
\??\c:\jppjj.exec:\jppjj.exe45⤵
- Executes dropped EXE
-
\??\c:\llfxrff.exec:\llfxrff.exe46⤵
- Executes dropped EXE
-
\??\c:\7tnntt.exec:\7tnntt.exe47⤵
- Executes dropped EXE
-
\??\c:\djvjd.exec:\djvjd.exe48⤵
- Executes dropped EXE
-
\??\c:\rxflllx.exec:\rxflllx.exe49⤵
- Executes dropped EXE
-
\??\c:\flrlxxl.exec:\flrlxxl.exe50⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe51⤵
- Executes dropped EXE
-
\??\c:\xrrrlll.exec:\xrrrlll.exe52⤵
- Executes dropped EXE
-
\??\c:\hbntnn.exec:\hbntnn.exe53⤵
- Executes dropped EXE
-
\??\c:\djdjv.exec:\djdjv.exe54⤵
- Executes dropped EXE
-
\??\c:\ffxfxxx.exec:\ffxfxxx.exe55⤵
- Executes dropped EXE
-
\??\c:\9bbbbt.exec:\9bbbbt.exe56⤵
- Executes dropped EXE
-
\??\c:\9pjjp.exec:\9pjjp.exe57⤵
- Executes dropped EXE
-
\??\c:\jdjpj.exec:\jdjpj.exe58⤵
- Executes dropped EXE
-
\??\c:\9lxrrxx.exec:\9lxrrxx.exe59⤵
- Executes dropped EXE
-
\??\c:\7ntnnh.exec:\7ntnnh.exe60⤵
- Executes dropped EXE
-
\??\c:\jpdvv.exec:\jpdvv.exe61⤵
- Executes dropped EXE
-
\??\c:\jjvdv.exec:\jjvdv.exe62⤵
- Executes dropped EXE
-
\??\c:\9rffflf.exec:\9rffflf.exe63⤵
- Executes dropped EXE
-
\??\c:\nbhnnb.exec:\nbhnnb.exe64⤵
- Executes dropped EXE
-
\??\c:\1jppp.exec:\1jppp.exe65⤵
- Executes dropped EXE
-
\??\c:\1xrllrl.exec:\1xrllrl.exe66⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe67⤵
-
\??\c:\7ntbhn.exec:\7ntbhn.exe68⤵
-
\??\c:\xrxxxfl.exec:\xrxxxfl.exe69⤵
-
\??\c:\tbhhhh.exec:\tbhhhh.exe70⤵
-
\??\c:\hnhhbh.exec:\hnhhbh.exe71⤵
-
\??\c:\ppppp.exec:\ppppp.exe72⤵
-
\??\c:\rxfrxfx.exec:\rxfrxfx.exe73⤵
-
\??\c:\fxllrfl.exec:\fxllrfl.exe74⤵
-
\??\c:\9bhhbb.exec:\9bhhbb.exe75⤵
-
\??\c:\pvddd.exec:\pvddd.exe76⤵
-
\??\c:\xlrrlrl.exec:\xlrrlrl.exe77⤵
-
\??\c:\hhtbbh.exec:\hhtbbh.exe78⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe79⤵
-
\??\c:\jpppj.exec:\jpppj.exe80⤵
-
\??\c:\nnhtnh.exec:\nnhtnh.exe81⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe82⤵
-
\??\c:\lrxlxxr.exec:\lrxlxxr.exe83⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe84⤵
-
\??\c:\lrfxrlf.exec:\lrfxrlf.exe85⤵
-
\??\c:\9lrlxrf.exec:\9lrlxrf.exe86⤵
-
\??\c:\btbttn.exec:\btbttn.exe87⤵
-
\??\c:\vdvvj.exec:\vdvvj.exe88⤵
-
\??\c:\rfrflrf.exec:\rfrflrf.exe89⤵
-
\??\c:\nbnhbn.exec:\nbnhbn.exe90⤵
-
\??\c:\dpjpp.exec:\dpjpp.exe91⤵
-
\??\c:\llfxfxf.exec:\llfxfxf.exe92⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe93⤵
-
\??\c:\pvjpp.exec:\pvjpp.exe94⤵
-
\??\c:\xffxxrf.exec:\xffxxrf.exe95⤵
-
\??\c:\ntntth.exec:\ntntth.exe96⤵
-
\??\c:\flxxfff.exec:\flxxfff.exe97⤵
-
\??\c:\htthhh.exec:\htthhh.exe98⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe99⤵
-
\??\c:\lfffxff.exec:\lfffxff.exe100⤵
-
\??\c:\lflrxfl.exec:\lflrxfl.exe101⤵
-
\??\c:\9hhtth.exec:\9hhtth.exe102⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe103⤵
-
\??\c:\3xllrxr.exec:\3xllrxr.exe104⤵
-
\??\c:\btbbbh.exec:\btbbbh.exe105⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe106⤵
-
\??\c:\lllllll.exec:\lllllll.exe107⤵
-
\??\c:\1ffllrl.exec:\1ffllrl.exe108⤵
-
\??\c:\1pjpv.exec:\1pjpv.exe109⤵
-
\??\c:\pjvjj.exec:\pjvjj.exe110⤵
-
\??\c:\rflrfxr.exec:\rflrfxr.exe111⤵
-
\??\c:\tthbnn.exec:\tthbnn.exe112⤵
-
\??\c:\vvddj.exec:\vvddj.exe113⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe114⤵
-
\??\c:\xlrrfrf.exec:\xlrrfrf.exe115⤵
-
\??\c:\ntthtb.exec:\ntthtb.exe116⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe117⤵
-
\??\c:\7vjjv.exec:\7vjjv.exe118⤵
-
\??\c:\rlfxlxx.exec:\rlfxlxx.exe119⤵
-
\??\c:\llrrrxx.exec:\llrrrxx.exe120⤵
-
\??\c:\ttnbnt.exec:\ttnbnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-