Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
21/07/2024, 10:19
General
-
Target
ac049a6229d96e4451d6b03228d79680N.exe
-
Size
83KB
-
MD5
ac049a6229d96e4451d6b03228d79680
-
SHA1
b22ebdbccddea87fc6f2364ea6076a0e8b4e7b4e
-
SHA256
3326111efe62b87d6ab415d126b0c330e13bbb51648aad2d46d8cd6f1667a731
-
SHA512
c3b812a70d7995438ea42d6c14fa22e0b58bd010cb106f0ffc7cc298f9e1b5397ae4ec8e14b8584a73121a1eaabd93b2fa3247178382924ae914e96784bc8003
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73t6MlYqn+jMp9E+zLT71:ymb3NkkiQ3mdBjFo73tvn+Yp9ZD71
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 42 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac049a6229d96e4451d6b03228d79680N.exe"C:\Users\Admin\AppData\Local\Temp\ac049a6229d96e4451d6b03228d79680N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddj.exec:\pvddj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdd.exec:\dvjdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrrxx.exec:\rfxrrxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhhhn.exec:\3hhhhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhbh.exec:\bbnhbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddd.exec:\jdddd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5llfxff.exec:\5llfxff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddd.exec:\vpddd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvp.exec:\jjvvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhhn.exec:\tnhhhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvv.exec:\ppvvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllllx.exec:\flllllx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbnn.exec:\tnnbnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjd.exec:\jjdjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjdp.exec:\5vjdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlxxr.exec:\lxrlxxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtnh.exec:\ttbtnh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhtn.exec:\ttnhtn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpp.exec:\ppjpp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nnbnh.exec:\7nnbnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjd.exec:\jdvjd.exe23⤵
- Executes dropped EXE
-
\??\c:\fxxxxxf.exec:\fxxxxxf.exe24⤵
- Executes dropped EXE
-
\??\c:\lffxllx.exec:\lffxllx.exe25⤵
- Executes dropped EXE
-
\??\c:\ttnhth.exec:\ttnhth.exe26⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe27⤵
- Executes dropped EXE
-
\??\c:\llfrxxr.exec:\llfrxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\ttnhbb.exec:\ttnhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\ntthtn.exec:\ntthtn.exe30⤵
- Executes dropped EXE
-
\??\c:\3ddvj.exec:\3ddvj.exe31⤵
- Executes dropped EXE
-
\??\c:\frfxlxr.exec:\frfxlxr.exe32⤵
- Executes dropped EXE
-
\??\c:\lxxffxx.exec:\lxxffxx.exe33⤵
- Executes dropped EXE
-
\??\c:\nbnhnn.exec:\nbnhnn.exe34⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe35⤵
- Executes dropped EXE
-
\??\c:\pppjp.exec:\pppjp.exe36⤵
- Executes dropped EXE
-
\??\c:\5llfxxr.exec:\5llfxxr.exe37⤵
- Executes dropped EXE
-
\??\c:\1ffxfxf.exec:\1ffxfxf.exe38⤵
- Executes dropped EXE
-
\??\c:\bnnhtt.exec:\bnnhtt.exe39⤵
- Executes dropped EXE
-
\??\c:\thhtnh.exec:\thhtnh.exe40⤵
- Executes dropped EXE
-
\??\c:\ddpdv.exec:\ddpdv.exe41⤵
- Executes dropped EXE
-
\??\c:\fxfrfxl.exec:\fxfrfxl.exe42⤵
- Executes dropped EXE
-
\??\c:\fxfrrll.exec:\fxfrrll.exe43⤵
- Executes dropped EXE
-
\??\c:\bnhhbb.exec:\bnhhbb.exe44⤵
- Executes dropped EXE
-
\??\c:\nhbbtb.exec:\nhbbtb.exe45⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe46⤵
- Executes dropped EXE
-
\??\c:\jjvdv.exec:\jjvdv.exe47⤵
- Executes dropped EXE
-
\??\c:\7xxfxxr.exec:\7xxfxxr.exe48⤵
- Executes dropped EXE
-
\??\c:\bhnhhh.exec:\bhnhhh.exe49⤵
- Executes dropped EXE
-
\??\c:\nbhbtt.exec:\nbhbtt.exe50⤵
- Executes dropped EXE
-
\??\c:\tnnhbh.exec:\tnnhbh.exe51⤵
- Executes dropped EXE
-
\??\c:\dvjvp.exec:\dvjvp.exe52⤵
- Executes dropped EXE
-
\??\c:\xrrllxl.exec:\xrrllxl.exe53⤵
- Executes dropped EXE
-
\??\c:\5frlxxl.exec:\5frlxxl.exe54⤵
- Executes dropped EXE
-
\??\c:\7nnhhh.exec:\7nnhhh.exe55⤵
- Executes dropped EXE
-
\??\c:\ppppp.exec:\ppppp.exe56⤵
- Executes dropped EXE
-
\??\c:\frrxxrl.exec:\frrxxrl.exe57⤵
- Executes dropped EXE
-
\??\c:\nthhhh.exec:\nthhhh.exe58⤵
- Executes dropped EXE
-
\??\c:\bbnhnh.exec:\bbnhnh.exe59⤵
- Executes dropped EXE
-
\??\c:\xlxxlrx.exec:\xlxxlrx.exe60⤵
- Executes dropped EXE
-
\??\c:\htbbbh.exec:\htbbbh.exe61⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe62⤵
- Executes dropped EXE
-
\??\c:\jjdvd.exec:\jjdvd.exe63⤵
- Executes dropped EXE
-
\??\c:\llrxffr.exec:\llrxffr.exe64⤵
- Executes dropped EXE
-
\??\c:\bnnhhb.exec:\bnnhhb.exe65⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe66⤵
-
\??\c:\fxfxlrr.exec:\fxfxlrr.exe67⤵
-
\??\c:\rxlxxxx.exec:\rxlxxxx.exe68⤵
-
\??\c:\bbtthb.exec:\bbtthb.exe69⤵
-
\??\c:\thhbtn.exec:\thhbtn.exe70⤵
-
\??\c:\ddjvp.exec:\ddjvp.exe71⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe72⤵
-
\??\c:\thtntn.exec:\thtntn.exe73⤵
-
\??\c:\djjjp.exec:\djjjp.exe74⤵
-
\??\c:\lfxxxxx.exec:\lfxxxxx.exe75⤵
-
\??\c:\hhtnth.exec:\hhtnth.exe76⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe77⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe78⤵
-
\??\c:\xrllxrf.exec:\xrllxrf.exe79⤵
-
\??\c:\thbtnb.exec:\thbtnb.exe80⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe81⤵
-
\??\c:\lxrrrll.exec:\lxrrrll.exe82⤵
-
\??\c:\ttnnbb.exec:\ttnnbb.exe83⤵
-
\??\c:\bthbbh.exec:\bthbbh.exe84⤵
-
\??\c:\vddpj.exec:\vddpj.exe85⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe86⤵
-
\??\c:\ffxrfff.exec:\ffxrfff.exe87⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe88⤵
-
\??\c:\thnhnh.exec:\thnhnh.exe89⤵
-
\??\c:\pvddv.exec:\pvddv.exe90⤵
-
\??\c:\frxlrrx.exec:\frxlrrx.exe91⤵
-
\??\c:\hnttbb.exec:\hnttbb.exe92⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe93⤵
-
\??\c:\jpvjd.exec:\jpvjd.exe94⤵
-
\??\c:\xrrfrlx.exec:\xrrfrlx.exe95⤵
-
\??\c:\hthbtb.exec:\hthbtb.exe96⤵
-
\??\c:\tthhtt.exec:\tthhtt.exe97⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe98⤵
-
\??\c:\rxxxxfr.exec:\rxxxxfr.exe99⤵
-
\??\c:\bhhbnb.exec:\bhhbnb.exe100⤵
-
\??\c:\djvdd.exec:\djvdd.exe101⤵
-
\??\c:\lllrrrl.exec:\lllrrrl.exe102⤵
-
\??\c:\xfllrff.exec:\xfllrff.exe103⤵
-
\??\c:\nttnbh.exec:\nttnbh.exe104⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe105⤵
-
\??\c:\5pvjv.exec:\5pvjv.exe106⤵
-
\??\c:\rxlrrrx.exec:\rxlrrrx.exe107⤵
-
\??\c:\htnnnh.exec:\htnnnh.exe108⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe109⤵
-
\??\c:\djvdp.exec:\djvdp.exe110⤵
-
\??\c:\llflrxf.exec:\llflrxf.exe111⤵
-
\??\c:\thnnbn.exec:\thnnbn.exe112⤵
-
\??\c:\9xlllrx.exec:\9xlllrx.exe113⤵
-
\??\c:\nbttnh.exec:\nbttnh.exe114⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe115⤵
-
\??\c:\9pjjd.exec:\9pjjd.exe116⤵
-
\??\c:\xfxrllf.exec:\xfxrllf.exe117⤵
-
\??\c:\frlxrrf.exec:\frlxrrf.exe118⤵
-
\??\c:\nnnnnt.exec:\nnnnnt.exe119⤵
-
\??\c:\btbtnh.exec:\btbtnh.exe120⤵
-
\??\c:\djppp.exec:\djppp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-