Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
26/07/2024, 01:50
General
-
Target
a96070bb942b77a847c3857a91a77d934f311b8e924423a3d0cedda3fae34a91.exe
-
Size
371KB
-
MD5
a4c4de95a1866f36fc52d17e342a3348
-
SHA1
fc4764d039be85124990823c6bbe7a4a7453a867
-
SHA256
a96070bb942b77a847c3857a91a77d934f311b8e924423a3d0cedda3fae34a91
-
SHA512
11f658d90a44e1dbdb3389efbd0f06401a3f53f968680b2eab0671ad95a92f6d5670629987c56b57b145d83f420028adae44404eb75a35200d09dc6a4cd45e35
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVw8:n3C9uYA7okVqdKwaO5CV5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a96070bb942b77a847c3857a91a77d934f311b8e924423a3d0cedda3fae34a91.exe"C:\Users\Admin\AppData\Local\Temp\a96070bb942b77a847c3857a91a77d934f311b8e924423a3d0cedda3fae34a91.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnhh.exec:\btnnhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvp.exec:\vjdvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvpv.exec:\jjvpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjp.exec:\pjdjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtnh.exec:\nhbtnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjj.exec:\jdpjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtth.exec:\nnbtth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpdv.exec:\pvpdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhtn.exec:\bnnhtn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdj.exec:\dpjdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnnth.exec:\tbnnth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnht.exec:\tttnht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddpd.exec:\vddpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtnh.exec:\htbtnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdv.exec:\vvjdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfrfxl.exec:\flfrfxl.exe17⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\thhthh.exec:\thhthh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpdv.exec:\vdpdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrfxl.exec:\xxxrfxl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbthn.exec:\bbbthn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvp.exec:\dddvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllrff.exec:\fxllrff.exe23⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe24⤵
- Executes dropped EXE
-
\??\c:\1rlfxxl.exec:\1rlfxxl.exe25⤵
- Executes dropped EXE
-
\??\c:\hnnbht.exec:\hnnbht.exe26⤵
- Executes dropped EXE
-
\??\c:\rrfffff.exec:\rrfffff.exe27⤵
- Executes dropped EXE
-
\??\c:\lfllrlr.exec:\lfllrlr.exe28⤵
- Executes dropped EXE
-
\??\c:\tbhbbb.exec:\tbhbbb.exe29⤵
- Executes dropped EXE
-
\??\c:\djpjj.exec:\djpjj.exe30⤵
- Executes dropped EXE
-
\??\c:\llxrllx.exec:\llxrllx.exe31⤵
- Executes dropped EXE
-
\??\c:\nhbbtt.exec:\nhbbtt.exe32⤵
- Executes dropped EXE
-
\??\c:\rffxxrr.exec:\rffxxrr.exe33⤵
- Executes dropped EXE
-
\??\c:\lrllrfr.exec:\lrllrfr.exe34⤵
- Executes dropped EXE
-
\??\c:\hbnttn.exec:\hbnttn.exe35⤵
- Executes dropped EXE
-
\??\c:\bbhbbt.exec:\bbhbbt.exe36⤵
- Executes dropped EXE
-
\??\c:\9vjdj.exec:\9vjdj.exe37⤵
- Executes dropped EXE
-
\??\c:\rxfxllf.exec:\rxfxllf.exe38⤵
- Executes dropped EXE
-
\??\c:\tnnbnn.exec:\tnnbnn.exe39⤵
- Executes dropped EXE
-
\??\c:\htbtnt.exec:\htbtnt.exe40⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe41⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe42⤵
- Executes dropped EXE
-
\??\c:\rxlxfxr.exec:\rxlxfxr.exe43⤵
- Executes dropped EXE
-
\??\c:\5tbtth.exec:\5tbtth.exe44⤵
- Executes dropped EXE
-
\??\c:\dpvjd.exec:\dpvjd.exe45⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe46⤵
- Executes dropped EXE
-
\??\c:\frrlllf.exec:\frrlllf.exe47⤵
- Executes dropped EXE
-
\??\c:\rflfrrf.exec:\rflfrrf.exe48⤵
- Executes dropped EXE
-
\??\c:\hthhbb.exec:\hthhbb.exe49⤵
- Executes dropped EXE
-
\??\c:\jpdpj.exec:\jpdpj.exe50⤵
- Executes dropped EXE
-
\??\c:\tnhbbb.exec:\tnhbbb.exe51⤵
- Executes dropped EXE
-
\??\c:\tttnbb.exec:\tttnbb.exe52⤵
- Executes dropped EXE
-
\??\c:\7pppj.exec:\7pppj.exe53⤵
- Executes dropped EXE
-
\??\c:\xrrlllf.exec:\xrrlllf.exe54⤵
- Executes dropped EXE
-
\??\c:\lxflffx.exec:\lxflffx.exe55⤵
- Executes dropped EXE
-
\??\c:\bthtbt.exec:\bthtbt.exe56⤵
- Executes dropped EXE
-
\??\c:\ppjvp.exec:\ppjvp.exe57⤵
- Executes dropped EXE
-
\??\c:\xrlfrll.exec:\xrlfrll.exe58⤵
- Executes dropped EXE
-
\??\c:\frlfxxx.exec:\frlfxxx.exe59⤵
- Executes dropped EXE
-
\??\c:\bbtbnn.exec:\bbtbnn.exe60⤵
- Executes dropped EXE
-
\??\c:\jdpdv.exec:\jdpdv.exe61⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe62⤵
- Executes dropped EXE
-
\??\c:\7lfxflx.exec:\7lfxflx.exe63⤵
- Executes dropped EXE
-
\??\c:\bhnnhb.exec:\bhnnhb.exe64⤵
- Executes dropped EXE
-
\??\c:\httnhh.exec:\httnhh.exe65⤵
- Executes dropped EXE
-
\??\c:\3jjvj.exec:\3jjvj.exe66⤵
-
\??\c:\fflxrrf.exec:\fflxrrf.exe67⤵
-
\??\c:\rfffxrl.exec:\rfffxrl.exe68⤵
-
\??\c:\btnhtn.exec:\btnhtn.exe69⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe70⤵
-
\??\c:\pjjvv.exec:\pjjvv.exe71⤵
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe72⤵
-
\??\c:\3bbtbb.exec:\3bbtbb.exe73⤵
-
\??\c:\nhbthb.exec:\nhbthb.exe74⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe75⤵
-
\??\c:\xffrlfx.exec:\xffrlfx.exe76⤵
-
\??\c:\lrrffxx.exec:\lrrffxx.exe77⤵
-
\??\c:\bnhtnb.exec:\bnhtnb.exe78⤵
-
\??\c:\1jpdv.exec:\1jpdv.exe79⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe80⤵
-
\??\c:\5xrlrrr.exec:\5xrlrrr.exe81⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe82⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe83⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe84⤵
-
\??\c:\xlxfxxr.exec:\xlxfxxr.exe85⤵
-
\??\c:\1llxrrl.exec:\1llxrrl.exe86⤵
-
\??\c:\tbhtnh.exec:\tbhtnh.exe87⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe88⤵
-
\??\c:\7xflfxr.exec:\7xflfxr.exe89⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe90⤵
-
\??\c:\hhnthb.exec:\hhnthb.exe91⤵
-
\??\c:\fffxlfx.exec:\fffxlfx.exe92⤵
-
\??\c:\bnnttt.exec:\bnnttt.exe93⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe94⤵
-
\??\c:\xrrlfff.exec:\xrrlfff.exe95⤵
-
\??\c:\hhbtbn.exec:\hhbtbn.exe96⤵
-
\??\c:\3bnbtn.exec:\3bnbtn.exe97⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe98⤵
-
\??\c:\lflrlff.exec:\lflrlff.exe99⤵
-
\??\c:\7lrlffx.exec:\7lrlffx.exe100⤵
-
\??\c:\tbbtnh.exec:\tbbtnh.exe101⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe102⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe103⤵
-
\??\c:\lflffff.exec:\lflffff.exe104⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe105⤵
-
\??\c:\ttthbt.exec:\ttthbt.exe106⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe107⤵
-
\??\c:\rrfxffx.exec:\rrfxffx.exe108⤵
-
\??\c:\lfrrxrx.exec:\lfrrxrx.exe109⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe110⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe111⤵
-
\??\c:\ddddv.exec:\ddddv.exe112⤵
-
\??\c:\9rfxrrl.exec:\9rfxrrl.exe113⤵
-
\??\c:\thhtnh.exec:\thhtnh.exe114⤵
-
\??\c:\1nbtnh.exec:\1nbtnh.exe115⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe116⤵
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe117⤵
-
\??\c:\xxlrrxl.exec:\xxlrrxl.exe118⤵
-
\??\c:\nnhbbt.exec:\nnhbbt.exe119⤵
-
\??\c:\pjpdj.exec:\pjpdj.exe120⤵
-
\??\c:\pjddv.exec:\pjddv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-