Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
21/07/2024, 23:40
General
-
Target
2b496769513b4829e7e99aa4d959d000N.exe
-
Size
68KB
-
MD5
2b496769513b4829e7e99aa4d959d000
-
SHA1
3dfc221ece2143eac1753ae58d28204a834e1ffb
-
SHA256
6d58231936d99404657a49ad23138bbfa9427531d791e38d8e64ba08d2e1f9d9
-
SHA512
f3e8352b9319775494239aeb21508f26ee470692ec9a2b054494c64c619c51bea600474eb2bbcfc6f24bfc43ff3ba011f6014d459fe68056f8b424392fb1f8ef
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfUci4IO:ymb3NkkiQ3mdBjFI4V4ci4IO
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2b496769513b4829e7e99aa4d959d000N.exe"C:\Users\Admin\AppData\Local\Temp\2b496769513b4829e7e99aa4d959d000N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nthtbt.exec:\nthtbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pdvp.exec:\5pdvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxlrr.exec:\lffxlrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbntb.exec:\nbbntb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvp.exec:\pvvvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddv.exec:\dvddv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlffx.exec:\llrlffx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbbb.exec:\nntbbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpj.exec:\jvjpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfffr.exec:\xflfffr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppdp.exec:\jppdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrllll.exec:\fxrllll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtthn.exec:\thtthn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvp.exec:\vvjvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxffflx.exec:\lxffflx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxxxf.exec:\rlrxxxf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvd.exec:\jpvvd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjv.exec:\ppjjv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxllxx.exec:\fxxllxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvp.exec:\jpdvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrlxx.exec:\xxrrlxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbntb.exec:\hbbntb.exe23⤵
- Executes dropped EXE
-
\??\c:\jjjvv.exec:\jjjvv.exe24⤵
- Executes dropped EXE
-
\??\c:\3xxrrrl.exec:\3xxrrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\5ntttb.exec:\5ntttb.exe26⤵
- Executes dropped EXE
-
\??\c:\pppvj.exec:\pppvj.exe27⤵
- Executes dropped EXE
-
\??\c:\xlxfrxf.exec:\xlxfrxf.exe28⤵
- Executes dropped EXE
-
\??\c:\fxffffx.exec:\fxffffx.exe29⤵
- Executes dropped EXE
-
\??\c:\nnthnt.exec:\nnthnt.exe30⤵
- Executes dropped EXE
-
\??\c:\pvvvp.exec:\pvvvp.exe31⤵
- Executes dropped EXE
-
\??\c:\9xllrrl.exec:\9xllrrl.exe32⤵
- Executes dropped EXE
-
\??\c:\bbtnbt.exec:\bbtnbt.exe33⤵
- Executes dropped EXE
-
\??\c:\jpvdp.exec:\jpvdp.exe34⤵
- Executes dropped EXE
-
\??\c:\rrlrrff.exec:\rrlrrff.exe35⤵
- Executes dropped EXE
-
\??\c:\lffflfr.exec:\lffflfr.exe36⤵
- Executes dropped EXE
-
\??\c:\hbnnnt.exec:\hbnnnt.exe37⤵
- Executes dropped EXE
-
\??\c:\9dppj.exec:\9dppj.exe38⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe39⤵
- Executes dropped EXE
-
\??\c:\rrxlfxx.exec:\rrxlfxx.exe40⤵
- Executes dropped EXE
-
\??\c:\hnbbtt.exec:\hnbbtt.exe41⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe42⤵
- Executes dropped EXE
-
\??\c:\djjpj.exec:\djjpj.exe43⤵
- Executes dropped EXE
-
\??\c:\fxfffll.exec:\fxfffll.exe44⤵
- Executes dropped EXE
-
\??\c:\1ffllll.exec:\1ffllll.exe45⤵
- Executes dropped EXE
-
\??\c:\nntttt.exec:\nntttt.exe46⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe47⤵
- Executes dropped EXE
-
\??\c:\3lfxxff.exec:\3lfxxff.exe48⤵
- Executes dropped EXE
-
\??\c:\9tbbbh.exec:\9tbbbh.exe49⤵
- Executes dropped EXE
-
\??\c:\pdpjv.exec:\pdpjv.exe50⤵
- Executes dropped EXE
-
\??\c:\xxxfllx.exec:\xxxfllx.exe51⤵
- Executes dropped EXE
-
\??\c:\bthbbb.exec:\bthbbb.exe52⤵
- Executes dropped EXE
-
\??\c:\bttntb.exec:\bttntb.exe53⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe54⤵
- Executes dropped EXE
-
\??\c:\djddp.exec:\djddp.exe55⤵
- Executes dropped EXE
-
\??\c:\rrrrrxr.exec:\rrrrrxr.exe56⤵
- Executes dropped EXE
-
\??\c:\tthbht.exec:\tthbht.exe57⤵
- Executes dropped EXE
-
\??\c:\jpddp.exec:\jpddp.exe58⤵
- Executes dropped EXE
-
\??\c:\lrrxrfl.exec:\lrrxrfl.exe59⤵
- Executes dropped EXE
-
\??\c:\thhhhn.exec:\thhhhn.exe60⤵
- Executes dropped EXE
-
\??\c:\tnhhhh.exec:\tnhhhh.exe61⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe62⤵
- Executes dropped EXE
-
\??\c:\ffllrrr.exec:\ffllrrr.exe63⤵
- Executes dropped EXE
-
\??\c:\3xxrfll.exec:\3xxrfll.exe64⤵
- Executes dropped EXE
-
\??\c:\tbbhhn.exec:\tbbhhn.exe65⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe66⤵
-
\??\c:\3xffffr.exec:\3xffffr.exe67⤵
-
\??\c:\ffllfxx.exec:\ffllfxx.exe68⤵
-
\??\c:\nthnnt.exec:\nthnnt.exe69⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe70⤵
-
\??\c:\bbbtnb.exec:\bbbtnb.exe71⤵
-
\??\c:\hthtbh.exec:\hthtbh.exe72⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe73⤵
-
\??\c:\rxfflrr.exec:\rxfflrr.exe74⤵
-
\??\c:\btbnbn.exec:\btbnbn.exe75⤵
-
\??\c:\5jpvp.exec:\5jpvp.exe76⤵
-
\??\c:\jpjjj.exec:\jpjjj.exe77⤵
-
\??\c:\frllrxf.exec:\frllrxf.exe78⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe79⤵
-
\??\c:\pvjpv.exec:\pvjpv.exe80⤵
-
\??\c:\lfrflrx.exec:\lfrflrx.exe81⤵
-
\??\c:\hbthnt.exec:\hbthnt.exe82⤵
-
\??\c:\bhhttt.exec:\bhhttt.exe83⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe84⤵
-
\??\c:\frlllrl.exec:\frlllrl.exe85⤵
-
\??\c:\nthnbb.exec:\nthnbb.exe86⤵
-
\??\c:\7bbbtb.exec:\7bbbtb.exe87⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe88⤵
-
\??\c:\ffrxlxx.exec:\ffrxlxx.exe89⤵
-
\??\c:\tnbthh.exec:\tnbthh.exe90⤵
-
\??\c:\7lxxrrr.exec:\7lxxrrr.exe91⤵
-
\??\c:\nttttt.exec:\nttttt.exe92⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe93⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe94⤵
-
\??\c:\fffxfff.exec:\fffxfff.exe95⤵
-
\??\c:\htbttb.exec:\htbttb.exe96⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe97⤵
-
\??\c:\7lrrlrr.exec:\7lrrlrr.exe98⤵
-
\??\c:\ttttbh.exec:\ttttbh.exe99⤵
-
\??\c:\jvvdd.exec:\jvvdd.exe100⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe101⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe102⤵
-
\??\c:\pppjj.exec:\pppjj.exe103⤵
-
\??\c:\xxxrlfx.exec:\xxxrlfx.exe104⤵
-
\??\c:\nhnnbh.exec:\nhnnbh.exe105⤵
-
\??\c:\jdppj.exec:\jdppj.exe106⤵
-
\??\c:\lxxxrff.exec:\lxxxrff.exe107⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe108⤵
-
\??\c:\djjdj.exec:\djjdj.exe109⤵
-
\??\c:\9lfxrfx.exec:\9lfxrfx.exe110⤵
-
\??\c:\bttnht.exec:\bttnht.exe111⤵
-
\??\c:\nhbnnn.exec:\nhbnnn.exe112⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe113⤵
-
\??\c:\nhhnnt.exec:\nhhnnt.exe114⤵
-
\??\c:\dvddd.exec:\dvddd.exe115⤵
-
\??\c:\lffxrfx.exec:\lffxrfx.exe116⤵
-
\??\c:\lxlfxrr.exec:\lxlfxrr.exe117⤵
-
\??\c:\ntthtn.exec:\ntthtn.exe118⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe119⤵
-
\??\c:\lrlfrxx.exec:\lrlfrxx.exe120⤵
-
\??\c:\fxxxxlr.exec:\fxxxxlr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-