Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14/08/2024, 07:23
General
-
Target
7d6a1781b35442a4b3a20eb81386f820N.exe
-
Size
296KB
-
MD5
7d6a1781b35442a4b3a20eb81386f820
-
SHA1
5de5ea6381b363b4482749d350f75dc8ec95cce9
-
SHA256
946cdbd1ab14c31846031c5158d852825ac07decf251edd9dfedee894dc34a21
-
SHA512
3c237936b7fd7bb6f8b1f073c7c564076ecaf830be30440132e405953f0bdd43e5b0aa063e2b24927f5fe79bdcf5dd19aa5d36c244b84b19540b8872825762a4
-
SSDEEP
6144:n3C9BRo/AIuuOthLmH403Pyr6UWO6jUl7sPgvh:n3C9uDVOXLmHBKWyn+Pgvh
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7d6a1781b35442a4b3a20eb81386f820N.exe"C:\Users\Admin\AppData\Local\Temp\7d6a1781b35442a4b3a20eb81386f820N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddp.exec:\jjddp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlllll.exec:\fxlllll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpp.exec:\vdvpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxffxrr.exec:\xxffxrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbnnn.exec:\5tbnnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppp.exec:\vpppp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtntn.exec:\nhtntn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvv.exec:\ppvvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtn.exec:\nbhbtn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xfxrxx.exec:\7xfxrxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrllll.exec:\xrrllll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthttt.exec:\bthttt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvj.exec:\vvjvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllfxr.exec:\xrllfxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrlfr.exec:\fxxrlfr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbttn.exec:\tbbttn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvp.exec:\dpdvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbt.exec:\nhhhbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrlfxr.exec:\1xrlfxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxlfxr.exec:\rfxlfxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbtt.exec:\bhhbtt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjd.exec:\ddpjd.exe23⤵
- Executes dropped EXE
-
\??\c:\rrxrlll.exec:\rrxrlll.exe24⤵
- Executes dropped EXE
-
\??\c:\bhnnnh.exec:\bhnnnh.exe25⤵
- Executes dropped EXE
-
\??\c:\7bnhbb.exec:\7bnhbb.exe26⤵
- Executes dropped EXE
-
\??\c:\xxflffx.exec:\xxflffx.exe27⤵
- Executes dropped EXE
-
\??\c:\3lrlffx.exec:\3lrlffx.exe28⤵
- Executes dropped EXE
-
\??\c:\bntnhh.exec:\bntnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe30⤵
- Executes dropped EXE
-
\??\c:\5lrlffx.exec:\5lrlffx.exe31⤵
- Executes dropped EXE
-
\??\c:\bnbtnn.exec:\bnbtnn.exe32⤵
- Executes dropped EXE
-
\??\c:\7flxrrx.exec:\7flxrrx.exe33⤵
- Executes dropped EXE
-
\??\c:\9ffxrrl.exec:\9ffxrrl.exe34⤵
- Executes dropped EXE
-
\??\c:\3bbttt.exec:\3bbttt.exe35⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe36⤵
- Executes dropped EXE
-
\??\c:\rxfxllx.exec:\rxfxllx.exe37⤵
- Executes dropped EXE
-
\??\c:\nnnbtn.exec:\nnnbtn.exe38⤵
- Executes dropped EXE
-
\??\c:\jjvpv.exec:\jjvpv.exe39⤵
- Executes dropped EXE
-
\??\c:\jjvpj.exec:\jjvpj.exe40⤵
- Executes dropped EXE
-
\??\c:\xllfrrl.exec:\xllfrrl.exe41⤵
- Executes dropped EXE
-
\??\c:\flxrxxx.exec:\flxrxxx.exe42⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe43⤵
- Executes dropped EXE
-
\??\c:\rlrllll.exec:\rlrllll.exe44⤵
- Executes dropped EXE
-
\??\c:\hhbnhh.exec:\hhbnhh.exe45⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe46⤵
- Executes dropped EXE
-
\??\c:\1xxrrll.exec:\1xxrrll.exe47⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe48⤵
- Executes dropped EXE
-
\??\c:\rrfffxx.exec:\rrfffxx.exe49⤵
- Executes dropped EXE
-
\??\c:\nhbttt.exec:\nhbttt.exe50⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe51⤵
- Executes dropped EXE
-
\??\c:\jpjdv.exec:\jpjdv.exe52⤵
- Executes dropped EXE
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\ttttnh.exec:\ttttnh.exe54⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe55⤵
- Executes dropped EXE
-
\??\c:\vddvv.exec:\vddvv.exe56⤵
- Executes dropped EXE
-
\??\c:\lflrllx.exec:\lflrllx.exe57⤵
- Executes dropped EXE
-
\??\c:\nhbttn.exec:\nhbttn.exe58⤵
- Executes dropped EXE
-
\??\c:\btthbt.exec:\btthbt.exe59⤵
- Executes dropped EXE
-
\??\c:\lffxfxx.exec:\lffxfxx.exe60⤵
- Executes dropped EXE
-
\??\c:\lrlffff.exec:\lrlffff.exe61⤵
- Executes dropped EXE
-
\??\c:\nbhbtn.exec:\nbhbtn.exe62⤵
- Executes dropped EXE
-
\??\c:\9vvpj.exec:\9vvpj.exe63⤵
- Executes dropped EXE
-
\??\c:\1lrlrrr.exec:\1lrlrrr.exe64⤵
- Executes dropped EXE
-
\??\c:\thnntn.exec:\thnntn.exe65⤵
- Executes dropped EXE
-
\??\c:\djpdv.exec:\djpdv.exe66⤵
-
\??\c:\xlxlfxr.exec:\xlxlfxr.exe67⤵
-
\??\c:\5hbbbt.exec:\5hbbbt.exe68⤵
-
\??\c:\htbtbt.exec:\htbtbt.exe69⤵
-
\??\c:\pdpdp.exec:\pdpdp.exe70⤵
-
\??\c:\lxxrlff.exec:\lxxrlff.exe71⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe72⤵
-
\??\c:\ffrrxxx.exec:\ffrrxxx.exe73⤵
-
\??\c:\nthbtn.exec:\nthbtn.exe74⤵
-
\??\c:\1djdd.exec:\1djdd.exe75⤵
-
\??\c:\7vjvp.exec:\7vjvp.exe76⤵
-
\??\c:\9llfrrl.exec:\9llfrrl.exe77⤵
-
\??\c:\fxxrffl.exec:\fxxrffl.exe78⤵
-
\??\c:\hbtnnh.exec:\hbtnnh.exe79⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe80⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe81⤵
-
\??\c:\rlfrxxr.exec:\rlfrxxr.exe82⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bhnbbh.exec:\bhnbbh.exe83⤵
-
\??\c:\nbbtnt.exec:\nbbtnt.exe84⤵
-
\??\c:\jpvjd.exec:\jpvjd.exe85⤵
-
\??\c:\llrfxxl.exec:\llrfxxl.exe86⤵
-
\??\c:\lrxlfxr.exec:\lrxlfxr.exe87⤵
-
\??\c:\bnbtnn.exec:\bnbtnn.exe88⤵
-
\??\c:\rllrllf.exec:\rllrllf.exe89⤵
-
\??\c:\3nnnnn.exec:\3nnnnn.exe90⤵
-
\??\c:\9bbthh.exec:\9bbthh.exe91⤵
-
\??\c:\5vdvj.exec:\5vdvj.exe92⤵
-
\??\c:\7ddpj.exec:\7ddpj.exe93⤵
-
\??\c:\rlfxlff.exec:\rlfxlff.exe94⤵
-
\??\c:\httnnn.exec:\httnnn.exe95⤵
-
\??\c:\9ppdv.exec:\9ppdv.exe96⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe97⤵
-
\??\c:\ffxrlll.exec:\ffxrlll.exe98⤵
- System Location Discovery: System Language Discovery
-
\??\c:\thnhbh.exec:\thnhbh.exe99⤵
-
\??\c:\hnnnbh.exec:\hnnnbh.exe100⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe101⤵
-
\??\c:\7ffxllf.exec:\7ffxllf.exe102⤵
-
\??\c:\rrfxrll.exec:\rrfxrll.exe103⤵
-
\??\c:\nhntnt.exec:\nhntnt.exe104⤵
-
\??\c:\btthbt.exec:\btthbt.exe105⤵
-
\??\c:\9jvvp.exec:\9jvvp.exe106⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe107⤵
-
\??\c:\ffrflfl.exec:\ffrflfl.exe108⤵
-
\??\c:\nbtbtt.exec:\nbtbtt.exe109⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe110⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe111⤵
-
\??\c:\fxllxff.exec:\fxllxff.exe112⤵
-
\??\c:\bnhnhb.exec:\bnhnhb.exe113⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe114⤵
-
\??\c:\rffxrrx.exec:\rffxrrx.exe115⤵
-
\??\c:\tttnnh.exec:\tttnnh.exe116⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe117⤵
-
\??\c:\rfxxxxx.exec:\rfxxxxx.exe118⤵
-
\??\c:\frfrllf.exec:\frfrllf.exe119⤵
-
\??\c:\nhnbhh.exec:\nhnbhh.exe120⤵
-
\??\c:\vddpv.exec:\vddpv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-