Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/08/2024, 10:39
General
-
Target
7f43f5d72e2322d16d457edb072823c0N.exe
-
Size
366KB
-
MD5
7f43f5d72e2322d16d457edb072823c0
-
SHA1
830e208c3004fe63e5ffae1bf7f3181c3f260474
-
SHA256
da10c5b6c363461a8373dbe38c2d8313917533d4ad6da5573627894573caa3b4
-
SHA512
672c9fbaf0e26ddc0e8d99290cc15957c9f3a2b4acafd6db7ac72a0ebf863fe90329f39d95d74aefaf9b49fc56555cf46b4962dd2d388a4d9347b94e8434ae76
-
SSDEEP
6144:n3C9BRo7tvnJ9oH0IRgZvjD8296gnzeZhBul:n3C9ytvngQj429nnzeZhBq
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f43f5d72e2322d16d457edb072823c0N.exe"C:\Users\Admin\AppData\Local\Temp\7f43f5d72e2322d16d457edb072823c0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbtt.exec:\hhhbtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdp.exec:\dvjdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrllfx.exec:\flrllfx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtnnn.exec:\tbtnnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pdvp.exec:\5pdvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvv.exec:\pvvvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttbb.exec:\ttttbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlflfx.exec:\rxlflfx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpdv.exec:\ddpdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvv.exec:\dddvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrlff.exec:\xlxrlff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbttt.exec:\bhbttt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdv.exec:\vvjdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxxfx.exec:\fxfxxfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhbt.exec:\bbhhbt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvv.exec:\dddvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrflff.exec:\rlrflff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbnb.exec:\bnhbnb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpj.exec:\vdvpj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfllf.exec:\xrlfllf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhnh.exec:\hbnhnh.exe23⤵
- Executes dropped EXE
-
\??\c:\pppdv.exec:\pppdv.exe24⤵
- Executes dropped EXE
-
\??\c:\bbnhhh.exec:\bbnhhh.exe25⤵
- Executes dropped EXE
-
\??\c:\1jdvv.exec:\1jdvv.exe26⤵
- Executes dropped EXE
-
\??\c:\hbnhnh.exec:\hbnhnh.exe27⤵
- Executes dropped EXE
-
\??\c:\bthhbb.exec:\bthhbb.exe28⤵
- Executes dropped EXE
-
\??\c:\ffxrrlf.exec:\ffxrrlf.exe29⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe30⤵
- Executes dropped EXE
-
\??\c:\nntbnn.exec:\nntbnn.exe31⤵
- Executes dropped EXE
-
\??\c:\pdpjv.exec:\pdpjv.exe32⤵
- Executes dropped EXE
-
\??\c:\9bbbth.exec:\9bbbth.exe33⤵
- Executes dropped EXE
-
\??\c:\rrxrlfx.exec:\rrxrlfx.exe34⤵
- Executes dropped EXE
-
\??\c:\fxxrxxr.exec:\fxxrxxr.exe35⤵
- Executes dropped EXE
-
\??\c:\htbnnb.exec:\htbnnb.exe36⤵
- Executes dropped EXE
-
\??\c:\3pvdv.exec:\3pvdv.exe37⤵
- Executes dropped EXE
-
\??\c:\xxfrlxl.exec:\xxfrlxl.exe38⤵
- Executes dropped EXE
-
\??\c:\xrrflfx.exec:\xrrflfx.exe39⤵
- Executes dropped EXE
-
\??\c:\thnhhb.exec:\thnhhb.exe40⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe41⤵
- Executes dropped EXE
-
\??\c:\9xxrrlx.exec:\9xxrrlx.exe42⤵
- Executes dropped EXE
-
\??\c:\rrlffxl.exec:\rrlffxl.exe43⤵
- Executes dropped EXE
-
\??\c:\tnhbnh.exec:\tnhbnh.exe44⤵
- Executes dropped EXE
-
\??\c:\dddjp.exec:\dddjp.exe45⤵
- Executes dropped EXE
-
\??\c:\rrxlffx.exec:\rrxlffx.exe46⤵
- Executes dropped EXE
-
\??\c:\lffrlff.exec:\lffrlff.exe47⤵
- Executes dropped EXE
-
\??\c:\nthbbb.exec:\nthbbb.exe48⤵
- Executes dropped EXE
-
\??\c:\pjpvv.exec:\pjpvv.exe49⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe50⤵
- Executes dropped EXE
-
\??\c:\rrxrrrl.exec:\rrxrrrl.exe51⤵
- Executes dropped EXE
-
\??\c:\9bhtbt.exec:\9bhtbt.exe52⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe53⤵
- Executes dropped EXE
-
\??\c:\jpdpd.exec:\jpdpd.exe54⤵
- Executes dropped EXE
-
\??\c:\7lrlxff.exec:\7lrlxff.exe55⤵
- Executes dropped EXE
-
\??\c:\9hnbbb.exec:\9hnbbb.exe56⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe57⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe58⤵
- Executes dropped EXE
-
\??\c:\7ththn.exec:\7ththn.exe59⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe60⤵
- Executes dropped EXE
-
\??\c:\lfrlffx.exec:\lfrlffx.exe61⤵
- Executes dropped EXE
-
\??\c:\frfxlfl.exec:\frfxlfl.exe62⤵
- Executes dropped EXE
-
\??\c:\btbbnh.exec:\btbbnh.exe63⤵
- Executes dropped EXE
-
\??\c:\hbbtnh.exec:\hbbtnh.exe64⤵
- Executes dropped EXE
-
\??\c:\1hnhtt.exec:\1hnhtt.exe65⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe66⤵
-
\??\c:\xxxllrf.exec:\xxxllrf.exe67⤵
-
\??\c:\xrfxlrl.exec:\xrfxlrl.exe68⤵
-
\??\c:\1nhbtn.exec:\1nhbtn.exe69⤵
-
\??\c:\xffxlfx.exec:\xffxlfx.exe70⤵
-
\??\c:\xxlxrrr.exec:\xxlxrrr.exe71⤵
-
\??\c:\bbtbnb.exec:\bbtbnb.exe72⤵
-
\??\c:\9dpdp.exec:\9dpdp.exe73⤵
-
\??\c:\1dpdv.exec:\1dpdv.exe74⤵
-
\??\c:\rlfxrrf.exec:\rlfxrrf.exe75⤵
-
\??\c:\nnbtbb.exec:\nnbtbb.exe76⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hbhbbb.exec:\hbhbbb.exe77⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe78⤵
-
\??\c:\5xlfxxx.exec:\5xlfxxx.exe79⤵
-
\??\c:\7frrllf.exec:\7frrllf.exe80⤵
-
\??\c:\hbhbhh.exec:\hbhbhh.exe81⤵
-
\??\c:\9ddjv.exec:\9ddjv.exe82⤵
-
\??\c:\5jpjd.exec:\5jpjd.exe83⤵
-
\??\c:\llxrrrr.exec:\llxrrrr.exe84⤵
-
\??\c:\lrrxrfx.exec:\lrrxrfx.exe85⤵
-
\??\c:\nnhnnn.exec:\nnhnnn.exe86⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe87⤵
-
\??\c:\7vjjj.exec:\7vjjj.exe88⤵
-
\??\c:\lrxrrxx.exec:\lrxrrxx.exe89⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ttttnn.exec:\ttttnn.exe90⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe91⤵
-
\??\c:\pdvdv.exec:\pdvdv.exe92⤵
-
\??\c:\rlxxrlf.exec:\rlxxrlf.exe93⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe94⤵
-
\??\c:\ntttnh.exec:\ntttnh.exe95⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe96⤵
-
\??\c:\rlrrlrl.exec:\rlrrlrl.exe97⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe98⤵
-
\??\c:\thntnn.exec:\thntnn.exe99⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe100⤵
-
\??\c:\7xxxfff.exec:\7xxxfff.exe101⤵
-
\??\c:\flrlfrl.exec:\flrlfrl.exe102⤵
-
\??\c:\hnttnb.exec:\hnttnb.exe103⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe104⤵
-
\??\c:\rlxrxfl.exec:\rlxrxfl.exe105⤵
-
\??\c:\7rfxrfl.exec:\7rfxrfl.exe106⤵
-
\??\c:\nbhhbt.exec:\nbhhbt.exe107⤵
-
\??\c:\vjppd.exec:\vjppd.exe108⤵
-
\??\c:\fxxrlfx.exec:\fxxrlfx.exe109⤵
-
\??\c:\flrlffx.exec:\flrlffx.exe110⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe111⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe112⤵
-
\??\c:\xlrlxxl.exec:\xlrlxxl.exe113⤵
-
\??\c:\5lxrrrr.exec:\5lxrrrr.exe114⤵
-
\??\c:\nbhbhh.exec:\nbhbhh.exe115⤵
-
\??\c:\djjdv.exec:\djjdv.exe116⤵
-
\??\c:\llrlfff.exec:\llrlfff.exe117⤵
-
\??\c:\5lfxrlf.exec:\5lfxrlf.exe118⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe119⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe120⤵
-
\??\c:\frxrxxf.exec:\frxrxxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-