Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
22/07/2024, 21:47
General
-
Target
58b830b1c8059030253dc759f738d5e4bf799a04f258766a574eabd4c870cfd8.exe
-
Size
426KB
-
MD5
d68b78b7fa425e8966260f9eeeedaeb7
-
SHA1
078f8bc60697729d2cb1edadb6d83930dc965d82
-
SHA256
58b830b1c8059030253dc759f738d5e4bf799a04f258766a574eabd4c870cfd8
-
SHA512
cc805fa98ec6ad192fe01333108757bda3a284cb53cde75f3a227e06e3b07814453b44401e01770a832c43460fe8be4a4214b54c45b81e4a4893b34da75c5145
-
SSDEEP
3072:PhOm2sI93UufdC67cihfmCiiiXAsACF486jJSp1BxI21xQo:Pcm7ImGddXtWrXD486jJq1BSq
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 63 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\58b830b1c8059030253dc759f738d5e4bf799a04f258766a574eabd4c870cfd8.exe"C:\Users\Admin\AppData\Local\Temp\58b830b1c8059030253dc759f738d5e4bf799a04f258766a574eabd4c870cfd8.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\m0048.exec:\m0048.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllrxx.exec:\rlllrxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpd.exec:\vdvpd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2844862.exec:\2844862.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\64200.exec:\64200.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdv.exec:\pvjdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0660404.exec:\0660404.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2864442.exec:\2864442.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48088.exec:\48088.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\600860.exec:\600860.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddv.exec:\vpddv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhhn.exec:\hthhhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxffxxx.exec:\lxffxxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrrrl.exec:\xlxrrrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrlrl.exec:\rfrrlrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffffff.exec:\fffffff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbbt.exec:\hbhbbt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8864640.exec:\8864640.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhbt.exec:\tbnhbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6686802.exec:\6686802.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjj.exec:\jpjjj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpv.exec:\ppvpv.exe23⤵
- Executes dropped EXE
-
\??\c:\w02228.exec:\w02228.exe24⤵
- Executes dropped EXE
-
\??\c:\280000.exec:\280000.exe25⤵
- Executes dropped EXE
-
\??\c:\420448.exec:\420448.exe26⤵
- Executes dropped EXE
-
\??\c:\q84022.exec:\q84022.exe27⤵
- Executes dropped EXE
-
\??\c:\lllrrlr.exec:\lllrrlr.exe28⤵
- Executes dropped EXE
-
\??\c:\ppdjd.exec:\ppdjd.exe29⤵
- Executes dropped EXE
-
\??\c:\6880444.exec:\6880444.exe30⤵
- Executes dropped EXE
-
\??\c:\llrrrff.exec:\llrrrff.exe31⤵
- Executes dropped EXE
-
\??\c:\frffxff.exec:\frffxff.exe32⤵
- Executes dropped EXE
-
\??\c:\1vvpp.exec:\1vvpp.exe33⤵
- Executes dropped EXE
-
\??\c:\80608.exec:\80608.exe34⤵
- Executes dropped EXE
-
\??\c:\8046466.exec:\8046466.exe35⤵
- Executes dropped EXE
-
\??\c:\044484.exec:\044484.exe36⤵
- Executes dropped EXE
-
\??\c:\frlrrrr.exec:\frlrrrr.exe37⤵
- Executes dropped EXE
-
\??\c:\88626.exec:\88626.exe38⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe39⤵
- Executes dropped EXE
-
\??\c:\ffrrrll.exec:\ffrrrll.exe40⤵
- Executes dropped EXE
-
\??\c:\224428.exec:\224428.exe41⤵
- Executes dropped EXE
-
\??\c:\xxrrrxx.exec:\xxrrrxx.exe42⤵
- Executes dropped EXE
-
\??\c:\80086.exec:\80086.exe43⤵
- Executes dropped EXE
-
\??\c:\484262.exec:\484262.exe44⤵
- Executes dropped EXE
-
\??\c:\e62048.exec:\e62048.exe45⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe46⤵
- Executes dropped EXE
-
\??\c:\ttbtbn.exec:\ttbtbn.exe47⤵
- Executes dropped EXE
-
\??\c:\7xxrlll.exec:\7xxrlll.exe48⤵
- Executes dropped EXE
-
\??\c:\e44826.exec:\e44826.exe49⤵
- Executes dropped EXE
-
\??\c:\i242822.exec:\i242822.exe50⤵
- Executes dropped EXE
-
\??\c:\84088.exec:\84088.exe51⤵
- Executes dropped EXE
-
\??\c:\fxfxrlf.exec:\fxfxrlf.exe52⤵
- Executes dropped EXE
-
\??\c:\jddpj.exec:\jddpj.exe53⤵
- Executes dropped EXE
-
\??\c:\824082.exec:\824082.exe54⤵
- Executes dropped EXE
-
\??\c:\xflfrlx.exec:\xflfrlx.exe55⤵
- Executes dropped EXE
-
\??\c:\o060486.exec:\o060486.exe56⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe57⤵
- Executes dropped EXE
-
\??\c:\ntbnhh.exec:\ntbnhh.exe58⤵
- Executes dropped EXE
-
\??\c:\nbbbtn.exec:\nbbbtn.exe59⤵
- Executes dropped EXE
-
\??\c:\rlrlfrr.exec:\rlrlfrr.exe60⤵
- Executes dropped EXE
-
\??\c:\lrrfxxr.exec:\lrrfxxr.exe61⤵
- Executes dropped EXE
-
\??\c:\o226042.exec:\o226042.exe62⤵
- Executes dropped EXE
-
\??\c:\46202.exec:\46202.exe63⤵
- Executes dropped EXE
-
\??\c:\068460.exec:\068460.exe64⤵
- Executes dropped EXE
-
\??\c:\jppjp.exec:\jppjp.exe65⤵
- Executes dropped EXE
-
\??\c:\4246482.exec:\4246482.exe66⤵
-
\??\c:\rlrrrll.exec:\rlrrrll.exe67⤵
-
\??\c:\thnnbt.exec:\thnnbt.exe68⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe69⤵
-
\??\c:\ntnbhh.exec:\ntnbhh.exe70⤵
-
\??\c:\rfxrllf.exec:\rfxrllf.exe71⤵
-
\??\c:\06884.exec:\06884.exe72⤵
-
\??\c:\802280.exec:\802280.exe73⤵
-
\??\c:\dppdv.exec:\dppdv.exe74⤵
-
\??\c:\rxxrrrl.exec:\rxxrrrl.exe75⤵
-
\??\c:\hntnnh.exec:\hntnnh.exe76⤵
-
\??\c:\k48248.exec:\k48248.exe77⤵
-
\??\c:\xlffrrr.exec:\xlffrrr.exe78⤵
-
\??\c:\k24204.exec:\k24204.exe79⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe80⤵
-
\??\c:\480400.exec:\480400.exe81⤵
-
\??\c:\q28662.exec:\q28662.exe82⤵
-
\??\c:\xxxrlll.exec:\xxxrlll.exe83⤵
-
\??\c:\rfxfxrx.exec:\rfxfxrx.exe84⤵
-
\??\c:\2484662.exec:\2484662.exe85⤵
-
\??\c:\204202.exec:\204202.exe86⤵
-
\??\c:\824482.exec:\824482.exe87⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe88⤵
-
\??\c:\hhhbbt.exec:\hhhbbt.exe89⤵
-
\??\c:\24282.exec:\24282.exe90⤵
-
\??\c:\g6266.exec:\g6266.exe91⤵
-
\??\c:\nhbtbt.exec:\nhbtbt.exe92⤵
-
\??\c:\frrlflf.exec:\frrlflf.exe93⤵
-
\??\c:\frxrlfx.exec:\frxrlfx.exe94⤵
-
\??\c:\46868.exec:\46868.exe95⤵
-
\??\c:\06406.exec:\06406.exe96⤵
-
\??\c:\042662.exec:\042662.exe97⤵
-
\??\c:\lflfffl.exec:\lflfffl.exe98⤵
-
\??\c:\o026488.exec:\o026488.exe99⤵
-
\??\c:\04448.exec:\04448.exe100⤵
-
\??\c:\3llxxfx.exec:\3llxxfx.exe101⤵
-
\??\c:\062266.exec:\062266.exe102⤵
-
\??\c:\822488.exec:\822488.exe103⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe104⤵
-
\??\c:\bbbnbt.exec:\bbbnbt.exe105⤵
-
\??\c:\o400880.exec:\o400880.exe106⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe107⤵
-
\??\c:\flflrrx.exec:\flflrrx.exe108⤵
-
\??\c:\82202.exec:\82202.exe109⤵
-
\??\c:\664026.exec:\664026.exe110⤵
-
\??\c:\thnbbb.exec:\thnbbb.exe111⤵
-
\??\c:\00660.exec:\00660.exe112⤵
-
\??\c:\lflfxxx.exec:\lflfxxx.exe113⤵
-
\??\c:\02488.exec:\02488.exe114⤵
-
\??\c:\8022224.exec:\8022224.exe115⤵
-
\??\c:\w40488.exec:\w40488.exe116⤵
-
\??\c:\0622222.exec:\0622222.exe117⤵
-
\??\c:\46004.exec:\46004.exe118⤵
-
\??\c:\622266.exec:\622266.exe119⤵
-
\??\c:\g4400.exec:\g4400.exe120⤵
-
\??\c:\1bbnbh.exec:\1bbnbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-