Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
03/08/2024, 03:20
General
-
Target
cfc296b0789bf43b37b225ed1f918aa444a3132f78eda3a9fd303585d7503581.exe
-
Size
107KB
-
MD5
38ba27bd886286588fb072673d34f0cb
-
SHA1
836ca398172fd7c8f1f3669a83f905db374c6729
-
SHA256
cfc296b0789bf43b37b225ed1f918aa444a3132f78eda3a9fd303585d7503581
-
SHA512
db4cb2783db74e218247d13ad47dcb8769457e19d5b03daade4ae48d43e505acdedfa7453cff53c97965b8ff82ad560eb000a876b50839634db9c66a77098490
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoTNKDeS98hPUdHV7RNzfJNXZmJ:ymb3NkkiQ3mdBjFo5KDe88g1fDg
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cfc296b0789bf43b37b225ed1f918aa444a3132f78eda3a9fd303585d7503581.exe"C:\Users\Admin\AppData\Local\Temp\cfc296b0789bf43b37b225ed1f918aa444a3132f78eda3a9fd303585d7503581.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbnht.exec:\1hbnht.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjjd.exec:\pvjjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpj.exec:\pddpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxlfxr.exec:\xrxlfxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbthh.exec:\bbbthh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pvpd.exec:\7pvpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrxlrf.exec:\rxrxlrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnhnh.exec:\9nnhnh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvp.exec:\vjdvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntntt.exec:\bntntt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvjd.exec:\ppvjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrfxr.exec:\rlfrfxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthtnn.exec:\tthtnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddvp.exec:\1ddvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxrl.exec:\xllfxrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxlffx.exec:\ffxlffx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthbb.exec:\bbthbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdp.exec:\vjpdp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdv.exec:\jdpdv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfflffx.exec:\rfflffx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbtn.exec:\bhhbtn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdpj.exec:\jpdpj.exe23⤵
- Executes dropped EXE
-
\??\c:\lxxrlfl.exec:\lxxrlfl.exe24⤵
- Executes dropped EXE
-
\??\c:\lrrfllf.exec:\lrrfllf.exe25⤵
- Executes dropped EXE
-
\??\c:\nbtnnt.exec:\nbtnnt.exe26⤵
- Executes dropped EXE
-
\??\c:\hhhnhh.exec:\hhhnhh.exe27⤵
- Executes dropped EXE
-
\??\c:\9ddvp.exec:\9ddvp.exe28⤵
- Executes dropped EXE
-
\??\c:\lrlllll.exec:\lrlllll.exe29⤵
- Executes dropped EXE
-
\??\c:\bhtnnt.exec:\bhtnnt.exe30⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe31⤵
- Executes dropped EXE
-
\??\c:\rlfxrll.exec:\rlfxrll.exe32⤵
- Executes dropped EXE
-
\??\c:\5dpvj.exec:\5dpvj.exe33⤵
- Executes dropped EXE
-
\??\c:\1rxlfxr.exec:\1rxlfxr.exe34⤵
- Executes dropped EXE
-
\??\c:\xffxrlf.exec:\xffxrlf.exe35⤵
- Executes dropped EXE
-
\??\c:\rlrlffx.exec:\rlrlffx.exe36⤵
- Executes dropped EXE
-
\??\c:\9flfrrl.exec:\9flfrrl.exe37⤵
- Executes dropped EXE
-
\??\c:\9jddd.exec:\9jddd.exe38⤵
- Executes dropped EXE
-
\??\c:\xlxrlll.exec:\xlxrlll.exe39⤵
- Executes dropped EXE
-
\??\c:\rllrlxr.exec:\rllrlxr.exe40⤵
- Executes dropped EXE
-
\??\c:\tbbbhb.exec:\tbbbhb.exe41⤵
- Executes dropped EXE
-
\??\c:\htnhbt.exec:\htnhbt.exe42⤵
- Executes dropped EXE
-
\??\c:\jdjvp.exec:\jdjvp.exe43⤵
- Executes dropped EXE
-
\??\c:\9jpjp.exec:\9jpjp.exe44⤵
- Executes dropped EXE
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe45⤵
- Executes dropped EXE
-
\??\c:\xxfxxfr.exec:\xxfxxfr.exe46⤵
- Executes dropped EXE
-
\??\c:\hbbbth.exec:\hbbbth.exe47⤵
- Executes dropped EXE
-
\??\c:\3ddvj.exec:\3ddvj.exe48⤵
- Executes dropped EXE
-
\??\c:\pvpvj.exec:\pvpvj.exe49⤵
- Executes dropped EXE
-
\??\c:\9rlfxrl.exec:\9rlfxrl.exe50⤵
- Executes dropped EXE
-
\??\c:\fffrlfx.exec:\fffrlfx.exe51⤵
- Executes dropped EXE
-
\??\c:\tnhbtt.exec:\tnhbtt.exe52⤵
- Executes dropped EXE
-
\??\c:\bnhtht.exec:\bnhtht.exe53⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe54⤵
- Executes dropped EXE
-
\??\c:\7pjdp.exec:\7pjdp.exe55⤵
- Executes dropped EXE
-
\??\c:\rfffrrr.exec:\rfffrrr.exe56⤵
- Executes dropped EXE
-
\??\c:\hbthnh.exec:\hbthnh.exe57⤵
- Executes dropped EXE
-
\??\c:\vppjp.exec:\vppjp.exe58⤵
- Executes dropped EXE
-
\??\c:\pdpdp.exec:\pdpdp.exe59⤵
- Executes dropped EXE
-
\??\c:\5llfrrl.exec:\5llfrrl.exe60⤵
- Executes dropped EXE
-
\??\c:\lfxxlrl.exec:\lfxxlrl.exe61⤵
- Executes dropped EXE
-
\??\c:\hbnhbt.exec:\hbnhbt.exe62⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe63⤵
- Executes dropped EXE
-
\??\c:\pjpdv.exec:\pjpdv.exe64⤵
- Executes dropped EXE
-
\??\c:\frrlfxr.exec:\frrlfxr.exe65⤵
- Executes dropped EXE
-
\??\c:\lrlxrlx.exec:\lrlxrlx.exe66⤵
-
\??\c:\xlflxlx.exec:\xlflxlx.exe67⤵
-
\??\c:\5hbthb.exec:\5hbthb.exe68⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nhtnhh.exec:\nhtnhh.exe69⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe70⤵
-
\??\c:\rfxrllf.exec:\rfxrllf.exe71⤵
-
\??\c:\fllxrff.exec:\fllxrff.exe72⤵
-
\??\c:\nttttn.exec:\nttttn.exe73⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe74⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe75⤵
-
\??\c:\xxrlrll.exec:\xxrlrll.exe76⤵
-
\??\c:\hnhhtt.exec:\hnhhtt.exe77⤵
-
\??\c:\nbbnbt.exec:\nbbnbt.exe78⤵
-
\??\c:\9bbthb.exec:\9bbthb.exe79⤵
-
\??\c:\vddvj.exec:\vddvj.exe80⤵
-
\??\c:\xflfrlf.exec:\xflfrlf.exe81⤵
-
\??\c:\1xxlxrl.exec:\1xxlxrl.exe82⤵
-
\??\c:\fxxlxxr.exec:\fxxlxxr.exe83⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe84⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe85⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe86⤵
-
\??\c:\lxxlfxf.exec:\lxxlfxf.exe87⤵
-
\??\c:\1lllfxr.exec:\1lllfxr.exe88⤵
-
\??\c:\nttbnb.exec:\nttbnb.exe89⤵
-
\??\c:\7dvvj.exec:\7dvvj.exe90⤵
-
\??\c:\5dpjp.exec:\5dpjp.exe91⤵
-
\??\c:\xrxxxxf.exec:\xrxxxxf.exe92⤵
-
\??\c:\9tnnhh.exec:\9tnnhh.exe93⤵
-
\??\c:\3bbhnb.exec:\3bbhnb.exe94⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe95⤵
-
\??\c:\rrxfxxr.exec:\rrxfxxr.exe96⤵
-
\??\c:\xxlllff.exec:\xxlllff.exe97⤵
-
\??\c:\1lfflfx.exec:\1lfflfx.exe98⤵
-
\??\c:\nbhthb.exec:\nbhthb.exe99⤵
-
\??\c:\7ttnnh.exec:\7ttnnh.exe100⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe101⤵
-
\??\c:\9fxrffx.exec:\9fxrffx.exe102⤵
-
\??\c:\lfxlfrl.exec:\lfxlfrl.exe103⤵
-
\??\c:\fllfxxf.exec:\fllfxxf.exe104⤵
-
\??\c:\hhthbb.exec:\hhthbb.exe105⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe106⤵
-
\??\c:\5pjdv.exec:\5pjdv.exe107⤵
-
\??\c:\7fffrrl.exec:\7fffrrl.exe108⤵
-
\??\c:\hhhtnn.exec:\hhhtnn.exe109⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe110⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe111⤵
-
\??\c:\3jddp.exec:\3jddp.exe112⤵
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe113⤵
-
\??\c:\1bbtnn.exec:\1bbtnn.exe114⤵
-
\??\c:\bnbhhn.exec:\bnbhhn.exe115⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe116⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe117⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe118⤵
-
\??\c:\1lrflfl.exec:\1lrflfl.exe119⤵
-
\??\c:\lffxrrx.exec:\lffxrrx.exe120⤵
-
\??\c:\xlxrrlf.exec:\xlxrrlf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-