Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
05/08/2024, 21:18
General
-
Target
09ef099ba4c7ca2701e5d8428607d3d0N.exe
-
Size
257KB
-
MD5
09ef099ba4c7ca2701e5d8428607d3d0
-
SHA1
e4a91ecd18149c1f75b9bc1d5cdc27975c35e89c
-
SHA256
d092cd692c6c4f6317cd0be126a7cbe574c0f4597e9fb6e62eda8667cf8d89d0
-
SHA512
b9b3ee8a40d0268994335c1f38893d3e1fac9457f2a31740895ccf8740e5fe177a6d61d7dce03683e9c5b9cc2808117898fbce3486b384695517b1cdcffd787c
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmc51+GqekBJCvr6zJBUDMu7rr60UI:n3C9BRIG0asYFm71m8+GdkB9yMu7P
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\09ef099ba4c7ca2701e5d8428607d3d0N.exe"C:\Users\Admin\AppData\Local\Temp\09ef099ba4c7ca2701e5d8428607d3d0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1flfffx.exec:\1flfffx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttthh.exec:\tttthh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtnn.exec:\nnbtnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdv.exec:\dpjdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3btbtn.exec:\3btbtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pvvp.exec:\9pvvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lllrrx.exec:\1lllrrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbthnb.exec:\tbthnb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdp.exec:\dvjdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlfxr.exec:\lrrlfxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhtn.exec:\hhhhtn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpj.exec:\vvvpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbtnh.exec:\bnbtnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdv.exec:\vpjdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrllf.exec:\lrxrllf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xfxrxr.exec:\5xfxrxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhbb.exec:\thnhbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjd.exec:\djpjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnn.exec:\bntnnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvp.exec:\pvvvp.exe23⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe24⤵
- Executes dropped EXE
-
\??\c:\lflfxxr.exec:\lflfxxr.exe25⤵
- Executes dropped EXE
-
\??\c:\bntbth.exec:\bntbth.exe26⤵
- Executes dropped EXE
-
\??\c:\jddjj.exec:\jddjj.exe27⤵
- Executes dropped EXE
-
\??\c:\rffrllf.exec:\rffrllf.exe28⤵
- Executes dropped EXE
-
\??\c:\nbhbbh.exec:\nbhbbh.exe29⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe30⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe31⤵
- Executes dropped EXE
-
\??\c:\xflfrrl.exec:\xflfrrl.exe32⤵
- Executes dropped EXE
-
\??\c:\nbttbt.exec:\nbttbt.exe33⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe34⤵
- Executes dropped EXE
-
\??\c:\rlrxxff.exec:\rlrxxff.exe35⤵
- Executes dropped EXE
-
\??\c:\frrrrrl.exec:\frrrrrl.exe36⤵
- Executes dropped EXE
-
\??\c:\tthbtt.exec:\tthbtt.exe37⤵
- Executes dropped EXE
-
\??\c:\7tbtbn.exec:\7tbtbn.exe38⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe39⤵
- Executes dropped EXE
-
\??\c:\5fxrlfl.exec:\5fxrlfl.exe40⤵
- Executes dropped EXE
-
\??\c:\xrxrffx.exec:\xrxrffx.exe41⤵
- Executes dropped EXE
-
\??\c:\nbhthb.exec:\nbhthb.exe42⤵
- Executes dropped EXE
-
\??\c:\pvddp.exec:\pvddp.exe43⤵
- Executes dropped EXE
-
\??\c:\frrlrxx.exec:\frrlrxx.exe44⤵
- Executes dropped EXE
-
\??\c:\hhhnhb.exec:\hhhnhb.exe45⤵
- Executes dropped EXE
-
\??\c:\1ppjd.exec:\1ppjd.exe46⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe47⤵
- Executes dropped EXE
-
\??\c:\rfxfxff.exec:\rfxfxff.exe48⤵
- Executes dropped EXE
-
\??\c:\bttnnh.exec:\bttnnh.exe49⤵
- Executes dropped EXE
-
\??\c:\lffxrlf.exec:\lffxrlf.exe50⤵
- Executes dropped EXE
-
\??\c:\llxrllf.exec:\llxrllf.exe51⤵
- Executes dropped EXE
-
\??\c:\bhnhbt.exec:\bhnhbt.exe52⤵
- Executes dropped EXE
-
\??\c:\pvvvj.exec:\pvvvj.exe53⤵
- Executes dropped EXE
-
\??\c:\vpdpv.exec:\vpdpv.exe54⤵
- Executes dropped EXE
-
\??\c:\lffxffx.exec:\lffxffx.exe55⤵
- Executes dropped EXE
-
\??\c:\3nnhbb.exec:\3nnhbb.exe56⤵
- Executes dropped EXE
-
\??\c:\bnnhhh.exec:\bnnhhh.exe57⤵
- Executes dropped EXE
-
\??\c:\3lfxlfx.exec:\3lfxlfx.exe58⤵
- Executes dropped EXE
-
\??\c:\rrxxrrr.exec:\rrxxrrr.exe59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tbnhbb.exec:\tbnhbb.exe60⤵
- Executes dropped EXE
-
\??\c:\7vvjv.exec:\7vvjv.exe61⤵
- Executes dropped EXE
-
\??\c:\rxfxxrr.exec:\rxfxxrr.exe62⤵
- Executes dropped EXE
-
\??\c:\tnnhht.exec:\tnnhht.exe63⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe64⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe65⤵
- Executes dropped EXE
-
\??\c:\fllffxx.exec:\fllffxx.exe66⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe67⤵
-
\??\c:\hhbtnh.exec:\hhbtnh.exe68⤵
-
\??\c:\5vvpd.exec:\5vvpd.exe69⤵
-
\??\c:\5jvjj.exec:\5jvjj.exe70⤵
-
\??\c:\llrlxxr.exec:\llrlxxr.exe71⤵
-
\??\c:\tnnnhb.exec:\tnnnhb.exe72⤵
-
\??\c:\ttnhhh.exec:\ttnhhh.exe73⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe74⤵
-
\??\c:\jddpj.exec:\jddpj.exe75⤵
-
\??\c:\3xxlfxr.exec:\3xxlfxr.exe76⤵
-
\??\c:\9hhtth.exec:\9hhtth.exe77⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe78⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe79⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe80⤵
-
\??\c:\lfrlfrr.exec:\lfrlfrr.exe81⤵
-
\??\c:\httbtt.exec:\httbtt.exe82⤵
-
\??\c:\9hbthh.exec:\9hbthh.exe83⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe84⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe85⤵
-
\??\c:\xfxrffx.exec:\xfxrffx.exe86⤵
-
\??\c:\1fxrlfx.exec:\1fxrlfx.exe87⤵
-
\??\c:\3nnbnn.exec:\3nnbnn.exe88⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe89⤵
-
\??\c:\rlrxxlr.exec:\rlrxxlr.exe90⤵
-
\??\c:\rlxrxxx.exec:\rlxrxxx.exe91⤵
-
\??\c:\7nhthb.exec:\7nhthb.exe92⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe93⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe94⤵
-
\??\c:\frflxxr.exec:\frflxxr.exe95⤵
-
\??\c:\1xrlflf.exec:\1xrlflf.exe96⤵
-
\??\c:\thbnbn.exec:\thbnbn.exe97⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe98⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe99⤵
-
\??\c:\fllfxrl.exec:\fllfxrl.exe100⤵
-
\??\c:\lxxrllx.exec:\lxxrllx.exe101⤵
-
\??\c:\htthbt.exec:\htthbt.exe102⤵
-
\??\c:\vpppp.exec:\vpppp.exe103⤵
-
\??\c:\vvppj.exec:\vvppj.exe104⤵
-
\??\c:\rrfflll.exec:\rrfflll.exe105⤵
-
\??\c:\frfxrrl.exec:\frfxrrl.exe106⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe107⤵
-
\??\c:\tnntnn.exec:\tnntnn.exe108⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe109⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe110⤵
-
\??\c:\llfrfxl.exec:\llfrfxl.exe111⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe112⤵
-
\??\c:\thnhnn.exec:\thnhnn.exe113⤵
-
\??\c:\vpvjp.exec:\vpvjp.exe114⤵
-
\??\c:\frrflfr.exec:\frrflfr.exe115⤵
-
\??\c:\ntbttn.exec:\ntbttn.exe116⤵
-
\??\c:\5ththb.exec:\5ththb.exe117⤵
-
\??\c:\9jdvj.exec:\9jdvj.exe118⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe119⤵
-
\??\c:\lrlflfx.exec:\lrlflfx.exe120⤵
-
\??\c:\rlxlfxx.exec:\rlxlfxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-