Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
21/07/2024, 12:12
General
-
Target
bfe9ad8cdebb84d2b3a30415bfa7fd00N.exe
-
Size
84KB
-
MD5
bfe9ad8cdebb84d2b3a30415bfa7fd00
-
SHA1
ab7c3d8dd4785f1255c1ea7284749856e41cce91
-
SHA256
6c036948d3d10bc7277cf78265b70fa58b0c13b888ac77a7afa390e4fd954a17
-
SHA512
9457fa4dd5f2c132008b71de6cfafbea1da98786286e45f28c7571688b71c5c696ce27a0e3b389653eae96bb44f26277fc0e67f4cf590026560f259bd829bc2a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAXPfgr2hKmdbcPi2v/:ymb3NkkiQ3mdBjFo6Pfgy3dbc//
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bfe9ad8cdebb84d2b3a30415bfa7fd00N.exe"C:\Users\Admin\AppData\Local\Temp\bfe9ad8cdebb84d2b3a30415bfa7fd00N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxrxr.exec:\lxxxrxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnhh.exec:\bbtnhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjd.exec:\ppjjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxrllf.exec:\3rxrllf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlrxxr.exec:\rxlrxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxrrr.exec:\lxxxrrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxllrf.exec:\rfxllrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhnn.exec:\bbhhnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjjp.exec:\dpjjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxxxff.exec:\lrxxxff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbnbn.exec:\bnbnbn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vddp.exec:\9vddp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xllllr.exec:\1xllllr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnntt.exec:\nnnntt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpj.exec:\ddvpj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9frlllr.exec:\9frlllr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbbb.exec:\tnbbbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hnnnn.exec:\1hnnnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjd.exec:\djjjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlrrl.exec:\xrrlrrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbbb.exec:\thhbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe24⤵
- Executes dropped EXE
-
\??\c:\xrffllx.exec:\xrffllx.exe25⤵
- Executes dropped EXE
-
\??\c:\ttnnnn.exec:\ttnnnn.exe26⤵
- Executes dropped EXE
-
\??\c:\rllxfxf.exec:\rllxfxf.exe27⤵
- Executes dropped EXE
-
\??\c:\fxrxxff.exec:\fxrxxff.exe28⤵
- Executes dropped EXE
-
\??\c:\thnhtn.exec:\thnhtn.exe29⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe30⤵
- Executes dropped EXE
-
\??\c:\xfllffr.exec:\xfllffr.exe31⤵
- Executes dropped EXE
-
\??\c:\bhthbh.exec:\bhthbh.exe32⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe33⤵
- Executes dropped EXE
-
\??\c:\rxxxrff.exec:\rxxxrff.exe34⤵
- Executes dropped EXE
-
\??\c:\hbhthb.exec:\hbhthb.exe35⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe36⤵
- Executes dropped EXE
-
\??\c:\pjpdj.exec:\pjpdj.exe37⤵
- Executes dropped EXE
-
\??\c:\9ttnbh.exec:\9ttnbh.exe38⤵
- Executes dropped EXE
-
\??\c:\nbbtht.exec:\nbbtht.exe39⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe40⤵
- Executes dropped EXE
-
\??\c:\fxlfxxx.exec:\fxlfxxx.exe41⤵
- Executes dropped EXE
-
\??\c:\bntnnn.exec:\bntnnn.exe42⤵
- Executes dropped EXE
-
\??\c:\jjvpj.exec:\jjvpj.exe43⤵
- Executes dropped EXE
-
\??\c:\rxffrrl.exec:\rxffrrl.exe44⤵
- Executes dropped EXE
-
\??\c:\hhhbhh.exec:\hhhbhh.exe45⤵
- Executes dropped EXE
-
\??\c:\9nbtnn.exec:\9nbtnn.exe46⤵
- Executes dropped EXE
-
\??\c:\7vvvj.exec:\7vvvj.exe47⤵
- Executes dropped EXE
-
\??\c:\xfrlffx.exec:\xfrlffx.exe48⤵
- Executes dropped EXE
-
\??\c:\nbhhhh.exec:\nbhhhh.exe49⤵
- Executes dropped EXE
-
\??\c:\tbttbn.exec:\tbttbn.exe50⤵
- Executes dropped EXE
-
\??\c:\jdvpp.exec:\jdvpp.exe51⤵
- Executes dropped EXE
-
\??\c:\xrlflrf.exec:\xrlflrf.exe52⤵
- Executes dropped EXE
-
\??\c:\nnnthh.exec:\nnnthh.exe53⤵
- Executes dropped EXE
-
\??\c:\pjvvp.exec:\pjvvp.exe54⤵
- Executes dropped EXE
-
\??\c:\rlrllll.exec:\rlrllll.exe55⤵
- Executes dropped EXE
-
\??\c:\bnhntb.exec:\bnhntb.exe56⤵
- Executes dropped EXE
-
\??\c:\dvjvj.exec:\dvjvj.exe57⤵
- Executes dropped EXE
-
\??\c:\frfrxff.exec:\frfrxff.exe58⤵
- Executes dropped EXE
-
\??\c:\bbbhtn.exec:\bbbhtn.exe59⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe60⤵
- Executes dropped EXE
-
\??\c:\djppd.exec:\djppd.exe61⤵
- Executes dropped EXE
-
\??\c:\xxffllr.exec:\xxffllr.exe62⤵
- Executes dropped EXE
-
\??\c:\bnttbn.exec:\bnttbn.exe63⤵
- Executes dropped EXE
-
\??\c:\pvdvj.exec:\pvdvj.exe64⤵
- Executes dropped EXE
-
\??\c:\lfflfxr.exec:\lfflfxr.exe65⤵
- Executes dropped EXE
-
\??\c:\hnhhbh.exec:\hnhhbh.exe66⤵
- Executes dropped EXE
-
\??\c:\jpjvv.exec:\jpjvv.exe67⤵
-
\??\c:\pvdpd.exec:\pvdpd.exe68⤵
-
\??\c:\lrlxxfr.exec:\lrlxxfr.exe69⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe70⤵
-
\??\c:\lrxffrl.exec:\lrxffrl.exe71⤵
-
\??\c:\xfxxxlr.exec:\xfxxxlr.exe72⤵
-
\??\c:\nntnhh.exec:\nntnhh.exe73⤵
-
\??\c:\5jddv.exec:\5jddv.exe74⤵
-
\??\c:\rxlxrlf.exec:\rxlxrlf.exe75⤵
-
\??\c:\hnhthb.exec:\hnhthb.exe76⤵
-
\??\c:\tbnhht.exec:\tbnhht.exe77⤵
-
\??\c:\pppdj.exec:\pppdj.exe78⤵
-
\??\c:\rfflfxr.exec:\rfflfxr.exe79⤵
-
\??\c:\7xrlxxx.exec:\7xrlxxx.exe80⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe81⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe82⤵
-
\??\c:\lflxxxr.exec:\lflxxxr.exe83⤵
-
\??\c:\nnnhbt.exec:\nnnhbt.exe84⤵
-
\??\c:\3vvpj.exec:\3vvpj.exe85⤵
-
\??\c:\rxlllrr.exec:\rxlllrr.exe86⤵
-
\??\c:\llrfffl.exec:\llrfffl.exe87⤵
-
\??\c:\1ntnnn.exec:\1ntnnn.exe88⤵
-
\??\c:\xrlfxxx.exec:\xrlfxxx.exe89⤵
-
\??\c:\lflfxxr.exec:\lflfxxr.exe90⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe91⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe92⤵
-
\??\c:\btbthh.exec:\btbthh.exe93⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe94⤵
-
\??\c:\rrlrfxl.exec:\rrlrfxl.exe95⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe96⤵
-
\??\c:\jddpv.exec:\jddpv.exe97⤵
-
\??\c:\7ppjv.exec:\7ppjv.exe98⤵
-
\??\c:\xlrfxrl.exec:\xlrfxrl.exe99⤵
-
\??\c:\nttttt.exec:\nttttt.exe100⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe101⤵
-
\??\c:\vjpdp.exec:\vjpdp.exe102⤵
-
\??\c:\rfxxrrr.exec:\rfxxrrr.exe103⤵
-
\??\c:\9nhtnb.exec:\9nhtnb.exe104⤵
-
\??\c:\7bbtnn.exec:\7bbtnn.exe105⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe106⤵
-
\??\c:\hbnhtt.exec:\hbnhtt.exe107⤵
-
\??\c:\5hbbtt.exec:\5hbbtt.exe108⤵
-
\??\c:\pvdjd.exec:\pvdjd.exe109⤵
-
\??\c:\lxxrlll.exec:\lxxrlll.exe110⤵
-
\??\c:\llrllrx.exec:\llrllrx.exe111⤵
-
\??\c:\nhtntn.exec:\nhtntn.exe112⤵
-
\??\c:\hnhbtn.exec:\hnhbtn.exe113⤵
-
\??\c:\1pjpj.exec:\1pjpj.exe114⤵
-
\??\c:\rrrlfff.exec:\rrrlfff.exe115⤵
-
\??\c:\btbthh.exec:\btbthh.exe116⤵
-
\??\c:\vdvpv.exec:\vdvpv.exe117⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe118⤵
-
\??\c:\bhbhnn.exec:\bhbhnn.exe119⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe120⤵
-
\??\c:\frrlfff.exec:\frrlfff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-