Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
07/08/2024, 20:23
General
-
Target
315997134380a286a8a056e08a62d33e43806bd7c17a106e568793037ba3cf8d.exe
-
Size
362KB
-
MD5
93c12dd984d9070199e2948d55462239
-
SHA1
24ba1cb59d672a278d9cb485bdad7dea11958d44
-
SHA256
315997134380a286a8a056e08a62d33e43806bd7c17a106e568793037ba3cf8d
-
SHA512
768056e4963fa4179ffda1ec6702d4286de71358da76989ce43d928913808cf335c95fcfcbe853ffc863ffdca223e50ff1b0d54c81ebe7f27d18ab0007f6ff81
-
SSDEEP
6144:n3C9BRo7MlrWKo+lS0Le4xRSAoq7mj9+04xNZ:n3C9yMo+S0L9xRnoq7mR+04xf
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\315997134380a286a8a056e08a62d33e43806bd7c17a106e568793037ba3cf8d.exe"C:\Users\Admin\AppData\Local\Temp\315997134380a286a8a056e08a62d33e43806bd7c17a106e568793037ba3cf8d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffllr.exec:\rrffllr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthnh.exec:\hbthnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvjp.exec:\3pvjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpp.exec:\vpvpp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxrlf.exec:\rllxrlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhtnb.exec:\5hhtnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pppj.exec:\5pppj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjd.exec:\dvvjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnbt.exec:\hntnbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdvp.exec:\3jdvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlxxx.exec:\llrlxxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthtnt.exec:\hthtnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjd.exec:\vvpjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxrlx.exec:\rxfxrlx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrfxrr.exec:\9xrfxrr.exe16⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhbt.exec:\bnnhbt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbbt.exec:\nhnbbt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ddpd.exec:\3ddpd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrfxlf.exec:\xfrfxlf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlfxl.exec:\lxrlfxl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdv.exec:\vjjdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxxxxl.exec:\3xxxxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\nntnnn.exec:\nntnnn.exe24⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe25⤵
- Executes dropped EXE
-
\??\c:\lfxrfxr.exec:\lfxrfxr.exe26⤵
- Executes dropped EXE
-
\??\c:\frrlfxl.exec:\frrlfxl.exe27⤵
- Executes dropped EXE
-
\??\c:\ntthtn.exec:\ntthtn.exe28⤵
- Executes dropped EXE
-
\??\c:\pvjjd.exec:\pvjjd.exe29⤵
- Executes dropped EXE
-
\??\c:\frffrlx.exec:\frffrlx.exe30⤵
- Executes dropped EXE
-
\??\c:\btbtnh.exec:\btbtnh.exe31⤵
- Executes dropped EXE
-
\??\c:\httnhh.exec:\httnhh.exe32⤵
- Executes dropped EXE
-
\??\c:\xxfxxfx.exec:\xxfxxfx.exe33⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe34⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe35⤵
- Executes dropped EXE
-
\??\c:\pvjdv.exec:\pvjdv.exe36⤵
- Executes dropped EXE
-
\??\c:\pjvjp.exec:\pjvjp.exe37⤵
- Executes dropped EXE
-
\??\c:\7xfxrrl.exec:\7xfxrrl.exe38⤵
- Executes dropped EXE
-
\??\c:\fxffffx.exec:\fxffffx.exe39⤵
- Executes dropped EXE
-
\??\c:\bbbthh.exec:\bbbthh.exe40⤵
- Executes dropped EXE
-
\??\c:\3djdv.exec:\3djdv.exe41⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\5vpdp.exec:\5vpdp.exe42⤵
- Executes dropped EXE
-
\??\c:\rllxlfx.exec:\rllxlfx.exe43⤵
- Executes dropped EXE
-
\??\c:\7ffxllx.exec:\7ffxllx.exe44⤵
- Executes dropped EXE
-
\??\c:\tnnbtn.exec:\tnnbtn.exe45⤵
- Executes dropped EXE
-
\??\c:\1tbthh.exec:\1tbthh.exe46⤵
- Executes dropped EXE
-
\??\c:\9djjd.exec:\9djjd.exe47⤵
- Executes dropped EXE
-
\??\c:\1dvpd.exec:\1dvpd.exe48⤵
- Executes dropped EXE
-
\??\c:\7rrlllf.exec:\7rrlllf.exe49⤵
- Executes dropped EXE
-
\??\c:\hhbtnh.exec:\hhbtnh.exe50⤵
- Executes dropped EXE
-
\??\c:\hhhbnn.exec:\hhhbnn.exe51⤵
- Executes dropped EXE
-
\??\c:\5djpj.exec:\5djpj.exe52⤵
- Executes dropped EXE
-
\??\c:\dvvjd.exec:\dvvjd.exe53⤵
- Executes dropped EXE
-
\??\c:\fxlfllf.exec:\fxlfllf.exe54⤵
- Executes dropped EXE
-
\??\c:\frflxrl.exec:\frflxrl.exe55⤵
- Executes dropped EXE
-
\??\c:\tttnhh.exec:\tttnhh.exe56⤵
- Executes dropped EXE
-
\??\c:\hbtnhb.exec:\hbtnhb.exe57⤵
- Executes dropped EXE
-
\??\c:\7pvdj.exec:\7pvdj.exe58⤵
- Executes dropped EXE
-
\??\c:\lxlffrl.exec:\lxlffrl.exe59⤵
- Executes dropped EXE
-
\??\c:\bnntnn.exec:\bnntnn.exe60⤵
- Executes dropped EXE
-
\??\c:\vdjjj.exec:\vdjjj.exe61⤵
- Executes dropped EXE
-
\??\c:\7dpdv.exec:\7dpdv.exe62⤵
- Executes dropped EXE
-
\??\c:\ffrlffx.exec:\ffrlffx.exe63⤵
- Executes dropped EXE
-
\??\c:\tntttt.exec:\tntttt.exe64⤵
- Executes dropped EXE
-
\??\c:\jvdpp.exec:\jvdpp.exe65⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe66⤵
-
\??\c:\9rxrllf.exec:\9rxrllf.exe67⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe68⤵
-
\??\c:\bbhhbb.exec:\bbhhbb.exe69⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe70⤵
-
\??\c:\rlxrllr.exec:\rlxrllr.exe71⤵
-
\??\c:\tnbtbt.exec:\tnbtbt.exe72⤵
-
\??\c:\jvvjv.exec:\jvvjv.exe73⤵
-
\??\c:\lffxxrr.exec:\lffxxrr.exe74⤵
-
\??\c:\rxlfxff.exec:\rxlfxff.exe75⤵
-
\??\c:\httntb.exec:\httntb.exe76⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe77⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe78⤵
-
\??\c:\xrrrlrl.exec:\xrrrlrl.exe79⤵
-
\??\c:\bbhbbb.exec:\bbhbbb.exe80⤵
-
\??\c:\hhbthh.exec:\hhbthh.exe81⤵
-
\??\c:\pdddd.exec:\pdddd.exe82⤵
-
\??\c:\1rrfxxr.exec:\1rrfxxr.exe83⤵
-
\??\c:\flxrllf.exec:\flxrllf.exe84⤵
-
\??\c:\1nbbbb.exec:\1nbbbb.exe85⤵
-
\??\c:\3vdvp.exec:\3vdvp.exe86⤵
-
\??\c:\vvppp.exec:\vvppp.exe87⤵
-
\??\c:\xlrlllf.exec:\xlrlllf.exe88⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe89⤵
- System Location Discovery: System Language Discovery
-
\??\c:\thnhhh.exec:\thnhhh.exe90⤵
-
\??\c:\dvppj.exec:\dvppj.exe91⤵
-
\??\c:\xfrlffx.exec:\xfrlffx.exe92⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe93⤵
-
\??\c:\pddvp.exec:\pddvp.exe94⤵
-
\??\c:\jdddv.exec:\jdddv.exe95⤵
-
\??\c:\xxrlxlf.exec:\xxrlxlf.exe96⤵
-
\??\c:\btnhbh.exec:\btnhbh.exe97⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe98⤵
-
\??\c:\7vdjv.exec:\7vdjv.exe99⤵
-
\??\c:\frlrlxr.exec:\frlrlxr.exe100⤵
-
\??\c:\bhnnnt.exec:\bhnnnt.exe101⤵
-
\??\c:\vppjj.exec:\vppjj.exe102⤵
-
\??\c:\7rxxffr.exec:\7rxxffr.exe103⤵
-
\??\c:\xrxxffr.exec:\xrxxffr.exe104⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe105⤵
-
\??\c:\vppjv.exec:\vppjv.exe106⤵
-
\??\c:\7xrfrrf.exec:\7xrfrrf.exe107⤵
-
\??\c:\thbbnh.exec:\thbbnh.exe108⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe109⤵
-
\??\c:\xffxlfr.exec:\xffxlfr.exe110⤵
-
\??\c:\1hnnnn.exec:\1hnnnn.exe111⤵
-
\??\c:\bntnbh.exec:\bntnbh.exe112⤵
-
\??\c:\9dvvj.exec:\9dvvj.exe113⤵
-
\??\c:\rflfllf.exec:\rflfllf.exe114⤵
-
\??\c:\9bttnn.exec:\9bttnn.exe115⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe116⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe117⤵
-
\??\c:\lxlfxxl.exec:\lxlfxxl.exe118⤵
-
\??\c:\7nnbtt.exec:\7nnbtt.exe119⤵
-
\??\c:\1bbthh.exec:\1bbthh.exe120⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-