Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14/08/2024, 01:01
General
-
Target
e11395ff46b23e134321b01af40bc2ad678588ccdb94d6ccbaa472e65de3046f.exe
-
Size
93KB
-
MD5
954e07803cfaa102a921e55038b64877
-
SHA1
d8d7d8266afb45b4e3bab980c2e2faaeebe3215b
-
SHA256
e11395ff46b23e134321b01af40bc2ad678588ccdb94d6ccbaa472e65de3046f
-
SHA512
1a50e3a7e807252b074bf711ab6b731ce6584335953c96e89c85a4a651a001187b8509941f2f3f7f1188317d8937e75a2691b5c6b48ae05a7ee0605fabc1e0cf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7xCkTsIRwnohZkqwKYSpFxL:ymb3NkkiQ3mdBjFo7LAIRUohDwKY+xL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e11395ff46b23e134321b01af40bc2ad678588ccdb94d6ccbaa472e65de3046f.exe"C:\Users\Admin\AppData\Local\Temp\e11395ff46b23e134321b01af40bc2ad678588ccdb94d6ccbaa472e65de3046f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5rlfrlx.exec:\5rlfrlx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhhb.exec:\nhnhhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdv.exec:\jdjdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjv.exec:\vppjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxfxr.exec:\llfxfxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbnh.exec:\hhhbnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnbnh.exec:\htnbnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjvp.exec:\1jjvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrfrf.exec:\rlfrfrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfxfx.exec:\fxlfxfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththnh.exec:\ththnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpp.exec:\dpvpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxffrlx.exec:\xxffrlx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlfrl.exec:\xlrlfrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbtnn.exec:\bnbtnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpp.exec:\pdvpp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrfxl.exec:\lfxrfxl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlfrf.exec:\frrlfrf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhnn.exec:\ttnhnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdv.exec:\jjjdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lfxllx.exec:\9lfxllx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrfrlf.exec:\lxrfrlf.exe23⤵
- Executes dropped EXE
-
\??\c:\nbthbn.exec:\nbthbn.exe24⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe25⤵
- Executes dropped EXE
-
\??\c:\pdvjv.exec:\pdvjv.exe26⤵
- Executes dropped EXE
-
\??\c:\rfxlrlx.exec:\rfxlrlx.exe27⤵
- Executes dropped EXE
-
\??\c:\9pvpd.exec:\9pvpd.exe28⤵
- Executes dropped EXE
-
\??\c:\vvpdp.exec:\vvpdp.exe29⤵
- Executes dropped EXE
-
\??\c:\rlxlllr.exec:\rlxlllr.exe30⤵
- Executes dropped EXE
-
\??\c:\nttnbt.exec:\nttnbt.exe31⤵
- Executes dropped EXE
-
\??\c:\hnnbnn.exec:\hnnbnn.exe32⤵
- Executes dropped EXE
-
\??\c:\pvpjp.exec:\pvpjp.exe33⤵
- Executes dropped EXE
-
\??\c:\jdvpv.exec:\jdvpv.exe34⤵
- Executes dropped EXE
-
\??\c:\ffflxrf.exec:\ffflxrf.exe35⤵
- Executes dropped EXE
-
\??\c:\htnhhb.exec:\htnhhb.exe36⤵
- Executes dropped EXE
-
\??\c:\nhnhnn.exec:\nhnhnn.exe37⤵
- Executes dropped EXE
-
\??\c:\djjjv.exec:\djjjv.exe38⤵
- Executes dropped EXE
-
\??\c:\jjpdp.exec:\jjpdp.exe39⤵
- Executes dropped EXE
-
\??\c:\rlrfrrr.exec:\rlrfrrr.exe40⤵
- Executes dropped EXE
-
\??\c:\bhtnhb.exec:\bhtnhb.exe41⤵
- Executes dropped EXE
-
\??\c:\jjjpv.exec:\jjjpv.exe42⤵
- Executes dropped EXE
-
\??\c:\rxrfrrr.exec:\rxrfrrr.exe43⤵
- Executes dropped EXE
-
\??\c:\lrrfxrl.exec:\lrrfxrl.exe44⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hbbbhb.exec:\hbbbhb.exe45⤵
- Executes dropped EXE
-
\??\c:\jjdpj.exec:\jjdpj.exe46⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe47⤵
- Executes dropped EXE
-
\??\c:\7xlrfxx.exec:\7xlrfxx.exe48⤵
- Executes dropped EXE
-
\??\c:\rxrrffx.exec:\rxrrffx.exe49⤵
- Executes dropped EXE
-
\??\c:\nhbbhn.exec:\nhbbhn.exe50⤵
- Executes dropped EXE
-
\??\c:\jvpdp.exec:\jvpdp.exe51⤵
- Executes dropped EXE
-
\??\c:\3vvjj.exec:\3vvjj.exe52⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe53⤵
- Executes dropped EXE
-
\??\c:\3xfxlll.exec:\3xfxlll.exe54⤵
- Executes dropped EXE
-
\??\c:\1tbtbt.exec:\1tbtbt.exe55⤵
- Executes dropped EXE
-
\??\c:\9hhthb.exec:\9hhthb.exe56⤵
- Executes dropped EXE
-
\??\c:\jppdp.exec:\jppdp.exe57⤵
- Executes dropped EXE
-
\??\c:\9ppdj.exec:\9ppdj.exe58⤵
- Executes dropped EXE
-
\??\c:\xrxfflf.exec:\xrxfflf.exe59⤵
- Executes dropped EXE
-
\??\c:\xrlfxrl.exec:\xrlfxrl.exe60⤵
- Executes dropped EXE
-
\??\c:\nnbttt.exec:\nnbttt.exe61⤵
- Executes dropped EXE
-
\??\c:\btbthb.exec:\btbthb.exe62⤵
- Executes dropped EXE
-
\??\c:\bnhbnh.exec:\bnhbnh.exe63⤵
- Executes dropped EXE
-
\??\c:\5vvpd.exec:\5vvpd.exe64⤵
- Executes dropped EXE
-
\??\c:\fxlfrlf.exec:\fxlfrlf.exe65⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xrfxxrx.exec:\xrfxxrx.exe66⤵
-
\??\c:\btnbtn.exec:\btnbtn.exe67⤵
-
\??\c:\5tntnt.exec:\5tntnt.exe68⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe69⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dpjvd.exec:\dpjvd.exe70⤵
-
\??\c:\xffrfxr.exec:\xffrfxr.exe71⤵
-
\??\c:\rlxrlfx.exec:\rlxrlfx.exe72⤵
-
\??\c:\btbthb.exec:\btbthb.exe73⤵
-
\??\c:\tntthh.exec:\tntthh.exe74⤵
-
\??\c:\3pjdp.exec:\3pjdp.exe75⤵
-
\??\c:\pdjvd.exec:\pdjvd.exe76⤵
-
\??\c:\fxfxrxr.exec:\fxfxrxr.exe77⤵
-
\??\c:\htnhtn.exec:\htnhtn.exe78⤵
-
\??\c:\tththb.exec:\tththb.exe79⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe80⤵
-
\??\c:\vjdpv.exec:\vjdpv.exe81⤵
-
\??\c:\llllxxx.exec:\llllxxx.exe82⤵
-
\??\c:\tttnnn.exec:\tttnnn.exe83⤵
-
\??\c:\tnthhh.exec:\tnthhh.exe84⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe85⤵
-
\??\c:\ffxxlfr.exec:\ffxxlfr.exe86⤵
-
\??\c:\fxrrlll.exec:\fxrrlll.exe87⤵
-
\??\c:\jpdpd.exec:\jpdpd.exe88⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe89⤵
-
\??\c:\vjvdp.exec:\vjvdp.exe90⤵
-
\??\c:\fllflfx.exec:\fllflfx.exe91⤵
-
\??\c:\fllfxrl.exec:\fllfxrl.exe92⤵
-
\??\c:\nttnhb.exec:\nttnhb.exe93⤵
-
\??\c:\tttnht.exec:\tttnht.exe94⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe95⤵
-
\??\c:\pddvp.exec:\pddvp.exe96⤵
-
\??\c:\lfxrffx.exec:\lfxrffx.exe97⤵
-
\??\c:\lrlfrlf.exec:\lrlfrlf.exe98⤵
-
\??\c:\flfrlfr.exec:\flfrlfr.exe99⤵
-
\??\c:\1hnnbt.exec:\1hnnbt.exe100⤵
-
\??\c:\hnnnth.exec:\hnnnth.exe101⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe102⤵
-
\??\c:\jddvd.exec:\jddvd.exe103⤵
-
\??\c:\xfxlfxl.exec:\xfxlfxl.exe104⤵
-
\??\c:\ntbtnt.exec:\ntbtnt.exe105⤵
-
\??\c:\9tthtn.exec:\9tthtn.exe106⤵
-
\??\c:\vvddv.exec:\vvddv.exe107⤵
-
\??\c:\9jjvj.exec:\9jjvj.exe108⤵
-
\??\c:\flrflfx.exec:\flrflfx.exe109⤵
-
\??\c:\xrfxrll.exec:\xrfxrll.exe110⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe111⤵
-
\??\c:\5hnbnn.exec:\5hnbnn.exe112⤵
-
\??\c:\pddpd.exec:\pddpd.exe113⤵
-
\??\c:\9rlxfxr.exec:\9rlxfxr.exe114⤵
-
\??\c:\frxlxrf.exec:\frxlxrf.exe115⤵
-
\??\c:\nhthbh.exec:\nhthbh.exe116⤵
-
\??\c:\9tthnn.exec:\9tthnn.exe117⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe118⤵
-
\??\c:\9lxlrlx.exec:\9lxlrlx.exe119⤵
-
\??\c:\lfxrrlx.exec:\lfxrrlx.exe120⤵
-
\??\c:\hnbhbh.exec:\hnbhbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-