Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/08/2024, 07:11
General
-
Target
8909118b94826c1f1950bc522142bca0N.exe
-
Size
72KB
-
MD5
8909118b94826c1f1950bc522142bca0
-
SHA1
8debb3db493793d567055da751c77922c32cbc6b
-
SHA256
3337be7ed44a48a7c6391bfdb96e50258a5ef6d262cf179b7b63013b0b9cbc8b
-
SHA512
c943e0b1b1fe2d9b24dd3cd9e811d649d96203538c355db13bcc81018f816d49cfddddb358881b880d901848644ba23babb28ae31ea6c3accce9fa81979eb050
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIYgC/KSLJUn:ymb3NkkiQ3mdBjFI3eF4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8909118b94826c1f1950bc522142bca0N.exe"C:\Users\Admin\AppData\Local\Temp\8909118b94826c1f1950bc522142bca0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbtt.exec:\hthbtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdp.exec:\vjpdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrrxr.exec:\xlxrrxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtt.exec:\btbbtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdd.exec:\pdvdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxrrr.exec:\lfxxrrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflfff.exec:\lfflfff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnbtb.exec:\htnbtb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdp.exec:\dvpdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffxfl.exec:\xrffxfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnhh.exec:\hbtnhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdv.exec:\dppdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjv.exec:\dvjjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrrxf.exec:\rlxrrxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxxxf.exec:\xlxxxxf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbhh.exec:\btbbhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpd.exec:\jdvpd.exe19⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrlxl.exec:\lflrlxl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbhh.exec:\hbhbhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhtb.exec:\hbnhtb.exe23⤵
- Executes dropped EXE
-
\??\c:\jvpjd.exec:\jvpjd.exe24⤵
- Executes dropped EXE
-
\??\c:\xllxlff.exec:\xllxlff.exe25⤵
- Executes dropped EXE
-
\??\c:\rllffff.exec:\rllffff.exe26⤵
- Executes dropped EXE
-
\??\c:\nnbtht.exec:\nnbtht.exe27⤵
- Executes dropped EXE
-
\??\c:\thbnhb.exec:\thbnhb.exe28⤵
- Executes dropped EXE
-
\??\c:\9ddvj.exec:\9ddvj.exe29⤵
- Executes dropped EXE
-
\??\c:\djvpd.exec:\djvpd.exe30⤵
- Executes dropped EXE
-
\??\c:\lfxrrlf.exec:\lfxrrlf.exe31⤵
- Executes dropped EXE
-
\??\c:\tnnbtt.exec:\tnnbtt.exe32⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe33⤵
- Executes dropped EXE
-
\??\c:\dvvjv.exec:\dvvjv.exe34⤵
- Executes dropped EXE
-
\??\c:\lxrlfrr.exec:\lxrlfrr.exe35⤵
- Executes dropped EXE
-
\??\c:\lrxrlfl.exec:\lrxrlfl.exe36⤵
- Executes dropped EXE
-
\??\c:\rfxrrlr.exec:\rfxrrlr.exe37⤵
- Executes dropped EXE
-
\??\c:\hnhbnt.exec:\hnhbnt.exe38⤵
- Executes dropped EXE
-
\??\c:\nbnbhb.exec:\nbnbhb.exe39⤵
- Executes dropped EXE
-
\??\c:\vppvv.exec:\vppvv.exe40⤵
- Executes dropped EXE
-
\??\c:\xrlxlff.exec:\xrlxlff.exe41⤵
- Executes dropped EXE
-
\??\c:\rlxrfxl.exec:\rlxrfxl.exe42⤵
- Executes dropped EXE
-
\??\c:\1htnbn.exec:\1htnbn.exe43⤵
- Executes dropped EXE
-
\??\c:\hhnhtt.exec:\hhnhtt.exe44⤵
- Executes dropped EXE
-
\??\c:\jdddp.exec:\jdddp.exe45⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe46⤵
- Executes dropped EXE
-
\??\c:\xxrlxrl.exec:\xxrlxrl.exe47⤵
- Executes dropped EXE
-
\??\c:\rrlfxxl.exec:\rrlfxxl.exe48⤵
- Executes dropped EXE
-
\??\c:\tnnbtt.exec:\tnnbtt.exe49⤵
- Executes dropped EXE
-
\??\c:\9nbtbb.exec:\9nbtbb.exe50⤵
- Executes dropped EXE
-
\??\c:\jppdp.exec:\jppdp.exe51⤵
- Executes dropped EXE
-
\??\c:\jpjdp.exec:\jpjdp.exe52⤵
- Executes dropped EXE
-
\??\c:\pvpvd.exec:\pvpvd.exe53⤵
- Executes dropped EXE
-
\??\c:\lxxrflf.exec:\lxxrflf.exe54⤵
- Executes dropped EXE
-
\??\c:\llflffr.exec:\llflffr.exe55⤵
- Executes dropped EXE
-
\??\c:\hhhbnb.exec:\hhhbnb.exe56⤵
- Executes dropped EXE
-
\??\c:\nththt.exec:\nththt.exe57⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe58⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe59⤵
- Executes dropped EXE
-
\??\c:\lffxrlf.exec:\lffxrlf.exe60⤵
- Executes dropped EXE
-
\??\c:\frxrrff.exec:\frxrrff.exe61⤵
- Executes dropped EXE
-
\??\c:\nbbnbt.exec:\nbbnbt.exe62⤵
- Executes dropped EXE
-
\??\c:\hbbtbt.exec:\hbbtbt.exe63⤵
- Executes dropped EXE
-
\??\c:\pvjdv.exec:\pvjdv.exe64⤵
- Executes dropped EXE
-
\??\c:\ddvpd.exec:\ddvpd.exe65⤵
- Executes dropped EXE
-
\??\c:\rflflfr.exec:\rflflfr.exe66⤵
-
\??\c:\lllfxxl.exec:\lllfxxl.exe67⤵
-
\??\c:\btntnb.exec:\btntnb.exe68⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe69⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe70⤵
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe71⤵
-
\??\c:\tttthh.exec:\tttthh.exe72⤵
-
\??\c:\hbtnhb.exec:\hbtnhb.exe73⤵
-
\??\c:\9jdvv.exec:\9jdvv.exe74⤵
-
\??\c:\pjppv.exec:\pjppv.exe75⤵
-
\??\c:\xxxlfrl.exec:\xxxlfrl.exe76⤵
-
\??\c:\lxxfrlr.exec:\lxxfrlr.exe77⤵
-
\??\c:\nbbbbb.exec:\nbbbbb.exe78⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe79⤵
-
\??\c:\9vdpd.exec:\9vdpd.exe80⤵
-
\??\c:\jppjv.exec:\jppjv.exe81⤵
-
\??\c:\rlxlfrl.exec:\rlxlfrl.exe82⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe83⤵
-
\??\c:\nbnbtn.exec:\nbnbtn.exe84⤵
-
\??\c:\nbtnnb.exec:\nbtnnb.exe85⤵
-
\??\c:\xfffrll.exec:\xfffrll.exe86⤵
-
\??\c:\lxrlxrx.exec:\lxrlxrx.exe87⤵
-
\??\c:\nbtnbt.exec:\nbtnbt.exe88⤵
-
\??\c:\hnbnht.exec:\hnbnht.exe89⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe90⤵
-
\??\c:\jddvj.exec:\jddvj.exe91⤵
-
\??\c:\9lflfxr.exec:\9lflfxr.exe92⤵
-
\??\c:\ffxlflx.exec:\ffxlflx.exe93⤵
-
\??\c:\htnbtn.exec:\htnbtn.exe94⤵
-
\??\c:\bbhhbt.exec:\bbhhbt.exe95⤵
-
\??\c:\pddpd.exec:\pddpd.exe96⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe97⤵
-
\??\c:\lrrlfxr.exec:\lrrlfxr.exe98⤵
-
\??\c:\frxxrrr.exec:\frxxrrr.exe99⤵
-
\??\c:\htbttn.exec:\htbttn.exe100⤵
-
\??\c:\ntthbh.exec:\ntthbh.exe101⤵
-
\??\c:\dpjvp.exec:\dpjvp.exe102⤵
-
\??\c:\7xfxxrx.exec:\7xfxxrx.exe103⤵
-
\??\c:\ttttbn.exec:\ttttbn.exe104⤵
-
\??\c:\nhhtnn.exec:\nhhtnn.exe105⤵
-
\??\c:\jpdpd.exec:\jpdpd.exe106⤵
-
\??\c:\xflrrxf.exec:\xflrrxf.exe107⤵
-
\??\c:\llrlxxr.exec:\llrlxxr.exe108⤵
-
\??\c:\htbtnh.exec:\htbtnh.exe109⤵
-
\??\c:\btbnhh.exec:\btbnhh.exe110⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe111⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe112⤵
-
\??\c:\1xlfrll.exec:\1xlfrll.exe113⤵
-
\??\c:\frfxrrl.exec:\frfxrrl.exe114⤵
-
\??\c:\thbbtn.exec:\thbbtn.exe115⤵
-
\??\c:\nthtnn.exec:\nthtnn.exe116⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe117⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe118⤵
-
\??\c:\lrxllfl.exec:\lrxllfl.exe119⤵
-
\??\c:\llrfrlr.exec:\llrfrlr.exe120⤵
-
\??\c:\tbbtnh.exec:\tbbtnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-