Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
11/08/2024, 22:05
General
-
Target
67aff6b67f57ab26134561d93e479bcc17e18834165f337fe6ceca67c0363144.exe
-
Size
65KB
-
MD5
cfdd109062c1d059ce3905f8c669a45a
-
SHA1
d5596b1195489352c5fcb4a61ece3cd09ca14b8c
-
SHA256
67aff6b67f57ab26134561d93e479bcc17e18834165f337fe6ceca67c0363144
-
SHA512
8d38f543294c69f45dacf5b9cd8a4e6e60dc562fffdbba62195231cc32523eb33b8c474f5cd864678b8d5e37dd317883c61955866c083755c80d0d00760bca46
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJULh1214aE:ymb3NkkiQ3mdBjFIFdJmdaE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\67aff6b67f57ab26134561d93e479bcc17e18834165f337fe6ceca67c0363144.exe"C:\Users\Admin\AppData\Local\Temp\67aff6b67f57ab26134561d93e479bcc17e18834165f337fe6ceca67c0363144.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdv.exec:\dpjdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrlrl.exec:\fxfrlrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbtt.exec:\hbhbtt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbntht.exec:\nbntht.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppjd.exec:\1ppjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrrlll.exec:\frrrlll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbbn.exec:\nbhbbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djppd.exec:\djppd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxxrrf.exec:\5xxxrrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtttt.exec:\thtttt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddv.exec:\jdddv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfxfx.exec:\xrxfxfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxfxxr.exec:\rxxfxxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbtn.exec:\tnhbtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjdp.exec:\5jjdp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlxll.exec:\xrrlxll.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfxxx.exec:\xflfxxx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvpj.exec:\7vvpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrrxr.exec:\xxlrrxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlffx.exec:\frrlffx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbtt.exec:\bnhbtt.exe23⤵
- Executes dropped EXE
-
\??\c:\7ntnhh.exec:\7ntnhh.exe24⤵
- Executes dropped EXE
-
\??\c:\1ddvp.exec:\1ddvp.exe25⤵
- Executes dropped EXE
-
\??\c:\lrxrfxx.exec:\lrxrfxx.exe26⤵
- Executes dropped EXE
-
\??\c:\xfxrfxr.exec:\xfxrfxr.exe27⤵
- Executes dropped EXE
-
\??\c:\tntttt.exec:\tntttt.exe28⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe29⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe30⤵
- Executes dropped EXE
-
\??\c:\rllrfxr.exec:\rllrfxr.exe31⤵
- Executes dropped EXE
-
\??\c:\lfxlxrl.exec:\lfxlxrl.exe32⤵
- Executes dropped EXE
-
\??\c:\hbtbnh.exec:\hbtbnh.exe33⤵
- Executes dropped EXE
-
\??\c:\dvdpv.exec:\dvdpv.exe34⤵
- Executes dropped EXE
-
\??\c:\fxxlxxf.exec:\fxxlxxf.exe35⤵
- Executes dropped EXE
-
\??\c:\thbtnh.exec:\thbtnh.exe36⤵
- Executes dropped EXE
-
\??\c:\jjjjv.exec:\jjjjv.exe37⤵
- Executes dropped EXE
-
\??\c:\fxxrllf.exec:\fxxrllf.exe38⤵
- Executes dropped EXE
-
\??\c:\lxrrlxx.exec:\lxrrlxx.exe39⤵
- Executes dropped EXE
-
\??\c:\nhbthh.exec:\nhbthh.exe40⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe41⤵
- Executes dropped EXE
-
\??\c:\jvpjd.exec:\jvpjd.exe42⤵
- Executes dropped EXE
-
\??\c:\fxfxrll.exec:\fxfxrll.exe43⤵
- Executes dropped EXE
-
\??\c:\httnnh.exec:\httnnh.exe44⤵
- Executes dropped EXE
-
\??\c:\nhbhtn.exec:\nhbhtn.exe45⤵
- Executes dropped EXE
-
\??\c:\dpvvj.exec:\dpvvj.exe46⤵
- Executes dropped EXE
-
\??\c:\1djdp.exec:\1djdp.exe47⤵
- Executes dropped EXE
-
\??\c:\llrrrxf.exec:\llrrrxf.exe48⤵
- Executes dropped EXE
-
\??\c:\xfffxxr.exec:\xfffxxr.exe49⤵
- Executes dropped EXE
-
\??\c:\nbtttt.exec:\nbtttt.exe50⤵
- Executes dropped EXE
-
\??\c:\9pjpj.exec:\9pjpj.exe51⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe52⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xfxxrll.exec:\xfxxrll.exe53⤵
- Executes dropped EXE
-
\??\c:\lrrlffx.exec:\lrrlffx.exe54⤵
- Executes dropped EXE
-
\??\c:\bhnhbb.exec:\bhnhbb.exe55⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe56⤵
- Executes dropped EXE
-
\??\c:\9ddpj.exec:\9ddpj.exe57⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe58⤵
- Executes dropped EXE
-
\??\c:\fxlxxxx.exec:\fxlxxxx.exe59⤵
- Executes dropped EXE
-
\??\c:\nbhhbt.exec:\nbhhbt.exe60⤵
- Executes dropped EXE
-
\??\c:\bhhtnb.exec:\bhhtnb.exe61⤵
- Executes dropped EXE
-
\??\c:\pdpjv.exec:\pdpjv.exe62⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fxfxxrf.exec:\fxfxxrf.exe63⤵
- Executes dropped EXE
-
\??\c:\xllfxxr.exec:\xllfxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\nnnnnt.exec:\nnnnnt.exe65⤵
- Executes dropped EXE
-
\??\c:\vdjdj.exec:\vdjdj.exe66⤵
-
\??\c:\3dddv.exec:\3dddv.exe67⤵
-
\??\c:\1fxfrrr.exec:\1fxfrrr.exe68⤵
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe69⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe70⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe71⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe72⤵
-
\??\c:\rfflrrl.exec:\rfflrrl.exe73⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe74⤵
-
\??\c:\1jddv.exec:\1jddv.exe75⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe76⤵
-
\??\c:\lxllxrl.exec:\lxllxrl.exe77⤵
-
\??\c:\7fxrxxf.exec:\7fxrxxf.exe78⤵
-
\??\c:\tbhbbt.exec:\tbhbbt.exe79⤵
-
\??\c:\vpppd.exec:\vpppd.exe80⤵
-
\??\c:\3vdvj.exec:\3vdvj.exe81⤵
-
\??\c:\rrfrlfl.exec:\rrfrlfl.exe82⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe83⤵
-
\??\c:\ttbbtt.exec:\ttbbtt.exe84⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe85⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe86⤵
-
\??\c:\rfxfrfx.exec:\rfxfrfx.exe87⤵
-
\??\c:\thhtbb.exec:\thhtbb.exe88⤵
-
\??\c:\httbhn.exec:\httbhn.exe89⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe90⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe91⤵
-
\??\c:\xffxxxx.exec:\xffxxxx.exe92⤵
-
\??\c:\lfrlrlr.exec:\lfrlrlr.exe93⤵
-
\??\c:\7nhbth.exec:\7nhbth.exe94⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe95⤵
-
\??\c:\5vvpj.exec:\5vvpj.exe96⤵
-
\??\c:\rrrlrll.exec:\rrrlrll.exe97⤵
-
\??\c:\xrffffl.exec:\xrffffl.exe98⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe99⤵
-
\??\c:\tntthh.exec:\tntthh.exe100⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe101⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe102⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe103⤵
-
\??\c:\rrrrxlx.exec:\rrrrxlx.exe104⤵
-
\??\c:\nnnhhh.exec:\nnnhhh.exe105⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe106⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe107⤵
-
\??\c:\llfxffx.exec:\llfxffx.exe108⤵
-
\??\c:\tnttnt.exec:\tnttnt.exe109⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe110⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe111⤵
-
\??\c:\fflfxxr.exec:\fflfxxr.exe112⤵
-
\??\c:\hhhbht.exec:\hhhbht.exe113⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe114⤵
-
\??\c:\pddvp.exec:\pddvp.exe115⤵
-
\??\c:\9jjjp.exec:\9jjjp.exe116⤵
-
\??\c:\rlxxffl.exec:\rlxxffl.exe117⤵
-
\??\c:\ffllffr.exec:\ffllffr.exe118⤵
-
\??\c:\thbbtt.exec:\thbbtt.exe119⤵
-
\??\c:\bhbthh.exec:\bhbthh.exe120⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-