Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
17/08/2024, 11:56
General
-
Target
4df3ccb5f92fb2d201ab637d0d4e7140N.exe
-
Size
92KB
-
MD5
4df3ccb5f92fb2d201ab637d0d4e7140
-
SHA1
44d94e796268137d88dd8289d5aa6cd5e423993d
-
SHA256
bfc4d47e057420e17486b5ccc269ad4eace48ff0738d2d1978146c51fb05c350
-
SHA512
b28fe28ac4cdb7b81e2063f5733bab128c5411cdb6a513a9426974e8c68ce306dd01aa1f3395b6da459b29057245b494d8b53d493ff133ef615b9d6b613d5374
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIS7/b9EUeWpEC3alBl7F/8e+e:ymb3NkkiQ3mdBjFIi/REUZnKlD+e
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4df3ccb5f92fb2d201ab637d0d4e7140N.exe"C:\Users\Admin\AppData\Local\Temp\4df3ccb5f92fb2d201ab637d0d4e7140N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvv.exec:\ppvvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbhh.exec:\nhbbhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvp.exec:\jjdvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlffx.exec:\xrrlffx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnttt.exec:\thnttt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vdvd.exec:\1vdvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthhh.exec:\btthhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpp.exec:\dvvpp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvpp.exec:\7dvpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrfflf.exec:\xrrfflf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbbh.exec:\thbbbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvjj.exec:\vpvjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrrrr.exec:\rrxrrrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlrrl.exec:\fxrlrrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhbt.exec:\btnhbt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppjj.exec:\9ppjj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvv.exec:\jpdvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllfrl.exec:\rlllfrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhhb.exec:\nhhhhb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbbb.exec:\thbbbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvd.exec:\vvvvd.exe23⤵
- Executes dropped EXE
-
\??\c:\vdvpp.exec:\vdvpp.exe24⤵
- Executes dropped EXE
-
\??\c:\3xrrlll.exec:\3xrrlll.exe25⤵
- Executes dropped EXE
-
\??\c:\7ttnbb.exec:\7ttnbb.exe26⤵
- Executes dropped EXE
-
\??\c:\5djdd.exec:\5djdd.exe27⤵
- Executes dropped EXE
-
\??\c:\rlxxfxf.exec:\rlxxfxf.exe28⤵
- Executes dropped EXE
-
\??\c:\bnnbhh.exec:\bnnbhh.exe29⤵
- Executes dropped EXE
-
\??\c:\9pjdd.exec:\9pjdd.exe30⤵
- Executes dropped EXE
-
\??\c:\7pvpp.exec:\7pvpp.exe31⤵
- Executes dropped EXE
-
\??\c:\3llfxfr.exec:\3llfxfr.exe32⤵
- Executes dropped EXE
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe33⤵
- Executes dropped EXE
-
\??\c:\bbtbtt.exec:\bbtbtt.exe34⤵
- Executes dropped EXE
-
\??\c:\ppvjd.exec:\ppvjd.exe35⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe36⤵
- Executes dropped EXE
-
\??\c:\rrlfxxr.exec:\rrlfxxr.exe37⤵
- Executes dropped EXE
-
\??\c:\9fxfxrr.exec:\9fxfxrr.exe38⤵
- Executes dropped EXE
-
\??\c:\tnbthh.exec:\tnbthh.exe39⤵
- Executes dropped EXE
-
\??\c:\pvpdv.exec:\pvpdv.exe40⤵
- Executes dropped EXE
-
\??\c:\1lrlfll.exec:\1lrlfll.exe41⤵
- Executes dropped EXE
-
\??\c:\5rxffll.exec:\5rxffll.exe42⤵
- Executes dropped EXE
-
\??\c:\nbttnn.exec:\nbttnn.exe43⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe44⤵
- Executes dropped EXE
-
\??\c:\jjvpj.exec:\jjvpj.exe45⤵
- Executes dropped EXE
-
\??\c:\rrxrxxr.exec:\rrxrxxr.exe46⤵
- Executes dropped EXE
-
\??\c:\fxlflfl.exec:\fxlflfl.exe47⤵
- Executes dropped EXE
-
\??\c:\nnnbbb.exec:\nnnbbb.exe48⤵
- Executes dropped EXE
-
\??\c:\jvdjp.exec:\jvdjp.exe49⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe50⤵
- Executes dropped EXE
-
\??\c:\lflfffl.exec:\lflfffl.exe51⤵
- Executes dropped EXE
-
\??\c:\xrrlfff.exec:\xrrlfff.exe52⤵
- Executes dropped EXE
-
\??\c:\nbbtnn.exec:\nbbtnn.exe53⤵
- Executes dropped EXE
-
\??\c:\httnbb.exec:\httnbb.exe54⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe55⤵
- Executes dropped EXE
-
\??\c:\7vvvp.exec:\7vvvp.exe56⤵
- Executes dropped EXE
-
\??\c:\9llrlxr.exec:\9llrlxr.exe57⤵
- Executes dropped EXE
-
\??\c:\9flrxxx.exec:\9flrxxx.exe58⤵
- Executes dropped EXE
-
\??\c:\nnhhht.exec:\nnhhht.exe59⤵
- Executes dropped EXE
-
\??\c:\tthbhh.exec:\tthbhh.exe60⤵
- Executes dropped EXE
-
\??\c:\dpddp.exec:\dpddp.exe61⤵
- Executes dropped EXE
-
\??\c:\9dpvp.exec:\9dpvp.exe62⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe63⤵
- Executes dropped EXE
-
\??\c:\llrrrlr.exec:\llrrrlr.exe64⤵
- Executes dropped EXE
-
\??\c:\xxrrrrl.exec:\xxrrrrl.exe65⤵
- Executes dropped EXE
-
\??\c:\nhtnnh.exec:\nhtnnh.exe66⤵
-
\??\c:\nnbbhh.exec:\nnbbhh.exe67⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe68⤵
-
\??\c:\pvdjj.exec:\pvdjj.exe69⤵
-
\??\c:\9rlxxrr.exec:\9rlxxrr.exe70⤵
-
\??\c:\lrfffff.exec:\lrfffff.exe71⤵
-
\??\c:\ttbbnn.exec:\ttbbnn.exe72⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe73⤵
-
\??\c:\hhtthh.exec:\hhtthh.exe74⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe75⤵
-
\??\c:\vppjj.exec:\vppjj.exe76⤵
-
\??\c:\flfxrxx.exec:\flfxrxx.exe77⤵
-
\??\c:\fxfxrlx.exec:\fxfxrlx.exe78⤵
-
\??\c:\lxxrffl.exec:\lxxrffl.exe79⤵
-
\??\c:\tnhbbt.exec:\tnhbbt.exe80⤵
-
\??\c:\nbtntt.exec:\nbtntt.exe81⤵
-
\??\c:\pvvdd.exec:\pvvdd.exe82⤵
-
\??\c:\djppd.exec:\djppd.exe83⤵
-
\??\c:\xlrxxxx.exec:\xlrxxxx.exe84⤵
-
\??\c:\xlrrxxf.exec:\xlrrxxf.exe85⤵
-
\??\c:\bnhhtt.exec:\bnhhtt.exe86⤵
-
\??\c:\ntttnb.exec:\ntttnb.exe87⤵
-
\??\c:\7pvpj.exec:\7pvpj.exe88⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe89⤵
-
\??\c:\rfllxxx.exec:\rfllxxx.exe90⤵
-
\??\c:\5hhnhn.exec:\5hhnhn.exe91⤵
-
\??\c:\nnnhhb.exec:\nnnhhb.exe92⤵
-
\??\c:\1pppp.exec:\1pppp.exe93⤵
-
\??\c:\7dpdp.exec:\7dpdp.exe94⤵
-
\??\c:\lfffrrl.exec:\lfffrrl.exe95⤵
-
\??\c:\fxxrlll.exec:\fxxrlll.exe96⤵
-
\??\c:\thtnbb.exec:\thtnbb.exe97⤵
-
\??\c:\1hhbtt.exec:\1hhbtt.exe98⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe99⤵
-
\??\c:\rllfffx.exec:\rllfffx.exe100⤵
-
\??\c:\nnthbn.exec:\nnthbn.exe101⤵
-
\??\c:\hhnhbh.exec:\hhnhbh.exe102⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe103⤵
-
\??\c:\1jppj.exec:\1jppj.exe104⤵
-
\??\c:\7llllrx.exec:\7llllrx.exe105⤵
-
\??\c:\ffflrrr.exec:\ffflrrr.exe106⤵
-
\??\c:\7nhbtb.exec:\7nhbtb.exe107⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe108⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe109⤵
-
\??\c:\flrxlll.exec:\flrxlll.exe110⤵
-
\??\c:\ttbtbb.exec:\ttbtbb.exe111⤵
-
\??\c:\9bttbb.exec:\9bttbb.exe112⤵
-
\??\c:\ddppd.exec:\ddppd.exe113⤵
-
\??\c:\1dddd.exec:\1dddd.exe114⤵
-
\??\c:\ffrrffx.exec:\ffrrffx.exe115⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rfrfxxr.exec:\rfrfxxr.exe116⤵
-
\??\c:\bhnhhn.exec:\bhnhhn.exe117⤵
-
\??\c:\7ntthb.exec:\7ntthb.exe118⤵
-
\??\c:\dvddp.exec:\dvddp.exe119⤵
-
\??\c:\1ppjd.exec:\1ppjd.exe120⤵
-
\??\c:\lllxlll.exec:\lllxlll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-