Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
107s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/08/2024, 23:25
General
-
Target
a9478348dce232b0241b58c4950b4f00N.exe
-
Size
235KB
-
MD5
a9478348dce232b0241b58c4950b4f00
-
SHA1
86fdc37b9cb82c063c95cb617e118d6b4d311c36
-
SHA256
be47ab4df2488b814a89cbc04dd02fd32820831a3895f2fdd05ce8020d345c73
-
SHA512
a197da7904169439b8ea9d85f23417b61460cf29c8f9d9083386c2a264402c0820ed40caca3e26412d721b3dbe45a3003cc9844f9f260b5f96951c49903b1825
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4MAWvGjRVZEW:n3C9BRo7MlrWKo+lxtvGtVZEW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 32 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 40 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a9478348dce232b0241b58c4950b4f00N.exe"C:\Users\Admin\AppData\Local\Temp\a9478348dce232b0241b58c4950b4f00N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrfxrl.exec:\rfrfxrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththhb.exec:\ththhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjd.exec:\pdpjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppdv.exec:\9ppdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pvjv.exec:\7pvjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djppp.exec:\djppp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnbb.exec:\tntnbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjj.exec:\ddjjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvvp.exec:\5vvvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbttt.exec:\ttbttt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpp.exec:\vjvpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjj.exec:\jdpjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbthh.exec:\nnbthh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppj.exec:\dpppj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxrffx.exec:\7rxrffx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllllx.exec:\xfllllx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbttt.exec:\hbbttt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvj.exec:\vvpvj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrfxff.exec:\xrrfxff.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtnh.exec:\bbbtnh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhhb.exec:\nnnhhb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe23⤵
- Executes dropped EXE
-
\??\c:\lrxrlrl.exec:\lrxrlrl.exe24⤵
- Executes dropped EXE
-
\??\c:\hhtntb.exec:\hhtntb.exe25⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe26⤵
- Executes dropped EXE
-
\??\c:\hhnhht.exec:\hhnhht.exe27⤵
- Executes dropped EXE
-
\??\c:\7tnnhh.exec:\7tnnhh.exe28⤵
- Executes dropped EXE
-
\??\c:\djvpv.exec:\djvpv.exe29⤵
- Executes dropped EXE
-
\??\c:\ntnnhb.exec:\ntnnhb.exe30⤵
- Executes dropped EXE
-
\??\c:\ppvvd.exec:\ppvvd.exe31⤵
- Executes dropped EXE
-
\??\c:\rlxfxfx.exec:\rlxfxfx.exe32⤵
- Executes dropped EXE
-
\??\c:\htnhhn.exec:\htnhhn.exe33⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe34⤵
- Executes dropped EXE
-
\??\c:\7fflffx.exec:\7fflffx.exe35⤵
- Executes dropped EXE
-
\??\c:\rlfxrxr.exec:\rlfxrxr.exe36⤵
- Executes dropped EXE
-
\??\c:\btnhbb.exec:\btnhbb.exe37⤵
- Executes dropped EXE
-
\??\c:\hhtnbb.exec:\hhtnbb.exe38⤵
- Executes dropped EXE
-
\??\c:\vjvpj.exec:\vjvpj.exe39⤵
- Executes dropped EXE
-
\??\c:\3pjdd.exec:\3pjdd.exe40⤵
- Executes dropped EXE
-
\??\c:\rrrllll.exec:\rrrllll.exe41⤵
- Executes dropped EXE
-
\??\c:\nntnnn.exec:\nntnnn.exe42⤵
- Executes dropped EXE
-
\??\c:\bbnhhh.exec:\bbnhhh.exe43⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe44⤵
- Executes dropped EXE
-
\??\c:\ffxxxxr.exec:\ffxxxxr.exe45⤵
- Executes dropped EXE
-
\??\c:\lrxfffx.exec:\lrxfffx.exe46⤵
- Executes dropped EXE
-
\??\c:\hbttbb.exec:\hbttbb.exe47⤵
- Executes dropped EXE
-
\??\c:\ntttbn.exec:\ntttbn.exe48⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe49⤵
- Executes dropped EXE
-
\??\c:\frxxrrr.exec:\frxxrrr.exe50⤵
- Executes dropped EXE
-
\??\c:\fxlfffx.exec:\fxlfffx.exe51⤵
- Executes dropped EXE
-
\??\c:\htbhbh.exec:\htbhbh.exe52⤵
- Executes dropped EXE
-
\??\c:\djvvd.exec:\djvvd.exe53⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe54⤵
- Executes dropped EXE
-
\??\c:\llfxrrl.exec:\llfxrrl.exe55⤵
- Executes dropped EXE
-
\??\c:\lfllrrf.exec:\lfllrrf.exe56⤵
- Executes dropped EXE
-
\??\c:\bbbbbb.exec:\bbbbbb.exe57⤵
- Executes dropped EXE
-
\??\c:\ddpdd.exec:\ddpdd.exe58⤵
- Executes dropped EXE
-
\??\c:\jvvjv.exec:\jvvjv.exe59⤵
- Executes dropped EXE
-
\??\c:\xlxxlll.exec:\xlxxlll.exe60⤵
- Executes dropped EXE
-
\??\c:\ntbbtt.exec:\ntbbtt.exe61⤵
- Executes dropped EXE
-
\??\c:\tnttnt.exec:\tnttnt.exe62⤵
- Executes dropped EXE
-
\??\c:\pdpdd.exec:\pdpdd.exe63⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe64⤵
- Executes dropped EXE
-
\??\c:\frxflfr.exec:\frxflfr.exe65⤵
- Executes dropped EXE
-
\??\c:\xrfxrrr.exec:\xrfxrrr.exe66⤵
-
\??\c:\ttbttt.exec:\ttbttt.exe67⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe68⤵
-
\??\c:\djppv.exec:\djppv.exe69⤵
-
\??\c:\lrffxxx.exec:\lrffxxx.exe70⤵
-
\??\c:\lrfffff.exec:\lrfffff.exe71⤵
-
\??\c:\hhttnt.exec:\hhttnt.exe72⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe73⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe74⤵
-
\??\c:\fflfxxr.exec:\fflfxxr.exe75⤵
-
\??\c:\hhbbtb.exec:\hhbbtb.exe76⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe77⤵
-
\??\c:\dddvv.exec:\dddvv.exe78⤵
-
\??\c:\xffffff.exec:\xffffff.exe79⤵
-
\??\c:\xxfxxff.exec:\xxfxxff.exe80⤵
-
\??\c:\hntbtt.exec:\hntbtt.exe81⤵
-
\??\c:\hbbttn.exec:\hbbttn.exe82⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe83⤵
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe84⤵
-
\??\c:\xlrlxfx.exec:\xlrlxfx.exe85⤵
-
\??\c:\9bhhhh.exec:\9bhhhh.exe86⤵
-
\??\c:\1vvpp.exec:\1vvpp.exe87⤵
-
\??\c:\pdddd.exec:\pdddd.exe88⤵
-
\??\c:\rlffffx.exec:\rlffffx.exe89⤵
-
\??\c:\tntbhh.exec:\tntbhh.exe90⤵
-
\??\c:\5tbttb.exec:\5tbttb.exe91⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe92⤵
-
\??\c:\lxxxrrr.exec:\lxxxrrr.exe93⤵
-
\??\c:\xxxrrll.exec:\xxxrrll.exe94⤵
-
\??\c:\tbhtnn.exec:\tbhtnn.exe95⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe96⤵
-
\??\c:\jdppp.exec:\jdppp.exe97⤵
-
\??\c:\ffxrrrr.exec:\ffxrrrr.exe98⤵
-
\??\c:\7lllllf.exec:\7lllllf.exe99⤵
-
\??\c:\httnhb.exec:\httnhb.exe100⤵
-
\??\c:\jjppp.exec:\jjppp.exe101⤵
-
\??\c:\jdppv.exec:\jdppv.exe102⤵
-
\??\c:\xxfxxll.exec:\xxfxxll.exe103⤵
-
\??\c:\3rfxxxr.exec:\3rfxxxr.exe104⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe105⤵
-
\??\c:\1pvvp.exec:\1pvvp.exe106⤵
-
\??\c:\5jvvj.exec:\5jvvj.exe107⤵
-
\??\c:\llrxllf.exec:\llrxllf.exe108⤵
-
\??\c:\1tbbhh.exec:\1tbbhh.exe109⤵
-
\??\c:\tbhhbb.exec:\tbhhbb.exe110⤵
-
\??\c:\jvvdj.exec:\jvvdj.exe111⤵
-
\??\c:\frxxfll.exec:\frxxfll.exe112⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tnbhtn.exec:\tnbhtn.exe113⤵
-
\??\c:\nntnhh.exec:\nntnhh.exe114⤵
-
\??\c:\jdddv.exec:\jdddv.exe115⤵
-
\??\c:\lfrlfll.exec:\lfrlfll.exe116⤵
-
\??\c:\lxffxxr.exec:\lxffxxr.exe117⤵
-
\??\c:\1hhnht.exec:\1hhnht.exe118⤵
-
\??\c:\nthhhh.exec:\nthhhh.exe119⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dpjdd.exec:\dpjdd.exe120⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-