Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
19/07/2024, 01:34
General
-
Target
37f129777097b45283a7d47f0a520680N.exe
-
Size
71KB
-
MD5
37f129777097b45283a7d47f0a520680
-
SHA1
9f436f8427d6e69b12a753fd282bdd45b082d20a
-
SHA256
4b3689f8db1a4c5c882285ae6d7e25c40b5d5de1513090719f387fe7412ca2c6
-
SHA512
80ca88d2d3598c23af72f064c4158187c6fa2c5f33e144674e85572a0f6cfe273c993075ca94977367688f3cd68480b6d0e419f89f7d7493ae279715fd1f23e2
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDWiekja1br3GGBxfot3edp:ymb3NkkiQ3mdBjFWXkj7afoM
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\37f129777097b45283a7d47f0a520680N.exe"C:\Users\Admin\AppData\Local\Temp\37f129777097b45283a7d47f0a520680N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1bthbb.exec:\1bthbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfxxx.exec:\fflfxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnntt.exec:\hbnntt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttnn.exec:\ttttnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddj.exec:\pdddj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffxfl.exec:\lfffxfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntttt.exec:\bntttt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pppv.exec:\9pppv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdj.exec:\pjpdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxrlf.exec:\rxxxrlf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbtnn.exec:\5tbtnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjvv.exec:\jpjvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxxxx.exec:\lffxxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttnn.exec:\btttnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbttb.exec:\btbttb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvj.exec:\jvdvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrlff.exec:\xlfrlff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtt.exec:\btbbtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvv.exec:\jpvvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrfrlf.exec:\flrfrlf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrllf.exec:\fxlrllf.exe23⤵
- Executes dropped EXE
-
\??\c:\tnbtnn.exec:\tnbtnn.exe24⤵
- Executes dropped EXE
-
\??\c:\bhthbb.exec:\bhthbb.exe25⤵
- Executes dropped EXE
-
\??\c:\djjjj.exec:\djjjj.exe26⤵
- Executes dropped EXE
-
\??\c:\frfxlxr.exec:\frfxlxr.exe27⤵
- Executes dropped EXE
-
\??\c:\rlrfxrl.exec:\rlrfxrl.exe28⤵
- Executes dropped EXE
-
\??\c:\ntnhbn.exec:\ntnhbn.exe29⤵
- Executes dropped EXE
-
\??\c:\9btntn.exec:\9btntn.exe30⤵
- Executes dropped EXE
-
\??\c:\3vvvv.exec:\3vvvv.exe31⤵
- Executes dropped EXE
-
\??\c:\5flxrfr.exec:\5flxrfr.exe32⤵
- Executes dropped EXE
-
\??\c:\rfrlxrl.exec:\rfrlxrl.exe33⤵
- Executes dropped EXE
-
\??\c:\ntbtnh.exec:\ntbtnh.exe34⤵
- Executes dropped EXE
-
\??\c:\djddp.exec:\djddp.exe35⤵
- Executes dropped EXE
-
\??\c:\1vpdp.exec:\1vpdp.exe36⤵
- Executes dropped EXE
-
\??\c:\5xxllfx.exec:\5xxllfx.exe37⤵
- Executes dropped EXE
-
\??\c:\nhbnnh.exec:\nhbnnh.exe38⤵
- Executes dropped EXE
-
\??\c:\1vpdp.exec:\1vpdp.exe39⤵
- Executes dropped EXE
-
\??\c:\5ddpd.exec:\5ddpd.exe40⤵
- Executes dropped EXE
-
\??\c:\1llxlrl.exec:\1llxlrl.exe41⤵
- Executes dropped EXE
-
\??\c:\nntnbt.exec:\nntnbt.exe42⤵
- Executes dropped EXE
-
\??\c:\hthtbh.exec:\hthtbh.exe43⤵
- Executes dropped EXE
-
\??\c:\pvvjd.exec:\pvvjd.exe44⤵
- Executes dropped EXE
-
\??\c:\xfxrlll.exec:\xfxrlll.exe45⤵
- Executes dropped EXE
-
\??\c:\xrlrlfx.exec:\xrlrlfx.exe46⤵
- Executes dropped EXE
-
\??\c:\bbbnbt.exec:\bbbnbt.exe47⤵
- Executes dropped EXE
-
\??\c:\7pjvj.exec:\7pjvj.exe48⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe49⤵
- Executes dropped EXE
-
\??\c:\rrxflrx.exec:\rrxflrx.exe50⤵
- Executes dropped EXE
-
\??\c:\7llfxxx.exec:\7llfxxx.exe51⤵
- Executes dropped EXE
-
\??\c:\hhhhbb.exec:\hhhhbb.exe52⤵
- Executes dropped EXE
-
\??\c:\tbhthb.exec:\tbhthb.exe53⤵
- Executes dropped EXE
-
\??\c:\jvddp.exec:\jvddp.exe54⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe55⤵
- Executes dropped EXE
-
\??\c:\rlffrff.exec:\rlffrff.exe56⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe57⤵
- Executes dropped EXE
-
\??\c:\pvdpj.exec:\pvdpj.exe58⤵
- Executes dropped EXE
-
\??\c:\fxrfxrl.exec:\fxrfxrl.exe59⤵
- Executes dropped EXE
-
\??\c:\3llfrrl.exec:\3llfrrl.exe60⤵
- Executes dropped EXE
-
\??\c:\bntnnb.exec:\bntnnb.exe61⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe62⤵
- Executes dropped EXE
-
\??\c:\3pjdp.exec:\3pjdp.exe63⤵
- Executes dropped EXE
-
\??\c:\9lrfxrl.exec:\9lrfxrl.exe64⤵
- Executes dropped EXE
-
\??\c:\thnhbt.exec:\thnhbt.exe65⤵
- Executes dropped EXE
-
\??\c:\hhbnbb.exec:\hhbnbb.exe66⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe67⤵
-
\??\c:\rflxrxf.exec:\rflxrxf.exe68⤵
-
\??\c:\nbtnhb.exec:\nbtnhb.exe69⤵
-
\??\c:\ttthbt.exec:\ttthbt.exe70⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe71⤵
-
\??\c:\1rlfrrf.exec:\1rlfrrf.exe72⤵
-
\??\c:\lfxfxrl.exec:\lfxfxrl.exe73⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe74⤵
-
\??\c:\3tbtnn.exec:\3tbtnn.exe75⤵
-
\??\c:\jppjd.exec:\jppjd.exe76⤵
-
\??\c:\hbtthb.exec:\hbtthb.exe77⤵
-
\??\c:\tntbtt.exec:\tntbtt.exe78⤵
-
\??\c:\vddjv.exec:\vddjv.exe79⤵
-
\??\c:\xlxllfr.exec:\xlxllfr.exe80⤵
-
\??\c:\3lfrlrl.exec:\3lfrlrl.exe81⤵
-
\??\c:\nthbnn.exec:\nthbnn.exe82⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe83⤵
-
\??\c:\1jpdv.exec:\1jpdv.exe84⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe85⤵
-
\??\c:\lffxxxr.exec:\lffxxxr.exe86⤵
-
\??\c:\xlxfxxx.exec:\xlxfxxx.exe87⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe88⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe89⤵
-
\??\c:\pvvpv.exec:\pvvpv.exe90⤵
-
\??\c:\vppjd.exec:\vppjd.exe91⤵
-
\??\c:\rfllfxx.exec:\rfllfxx.exe92⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe93⤵
-
\??\c:\nhnbtt.exec:\nhnbtt.exe94⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe95⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe96⤵
-
\??\c:\rfxlrlr.exec:\rfxlrlr.exe97⤵
-
\??\c:\bttntn.exec:\bttntn.exe98⤵
-
\??\c:\btnnhn.exec:\btnnhn.exe99⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe100⤵
-
\??\c:\vjpdj.exec:\vjpdj.exe101⤵
-
\??\c:\fxxllff.exec:\fxxllff.exe102⤵
-
\??\c:\fxrllfr.exec:\fxrllfr.exe103⤵
-
\??\c:\1htnhh.exec:\1htnhh.exe104⤵
-
\??\c:\nnnhtn.exec:\nnnhtn.exe105⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe106⤵
-
\??\c:\jjpdj.exec:\jjpdj.exe107⤵
-
\??\c:\7xxlfrl.exec:\7xxlfrl.exe108⤵
-
\??\c:\lxrxfxf.exec:\lxrxfxf.exe109⤵
-
\??\c:\nbtthb.exec:\nbtthb.exe110⤵
-
\??\c:\nnhtbt.exec:\nnhtbt.exe111⤵
-
\??\c:\dppdp.exec:\dppdp.exe112⤵
-
\??\c:\jvpvj.exec:\jvpvj.exe113⤵
-
\??\c:\xfrxlrx.exec:\xfrxlrx.exe114⤵
-
\??\c:\9lxlffl.exec:\9lxlffl.exe115⤵
-
\??\c:\hhhtnh.exec:\hhhtnh.exe116⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe117⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe118⤵
-
\??\c:\rxrlfxl.exec:\rxrlfxl.exe119⤵
-
\??\c:\lfrllll.exec:\lfrllll.exe120⤵
-
\??\c:\7hbhtt.exec:\7hbhtt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-