Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
20/08/2024, 19:07
General
-
Target
abefdeacfb2be9da20f2ce9361402060N.exe
-
Size
64KB
-
MD5
abefdeacfb2be9da20f2ce9361402060
-
SHA1
d9946c952de2e1183d367f728d35218a45da2537
-
SHA256
df12688ebb6ea87fff1694dfdee51aaf1bcdea3f8062cad3ca32074de65d3c67
-
SHA512
e5fcd61ef726dc1a526e58ff56e64f8b8a64a3c448582abcc807fbfae9afba0a85e8f334474e9167e8371e479392eff2d8cc48f33849a73a066351771c2f9937
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzkzNr:ymb3NkkiQ3mdBjFIvlpr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\abefdeacfb2be9da20f2ce9361402060N.exe"C:\Users\Admin\AppData\Local\Temp\abefdeacfb2be9da20f2ce9361402060N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvp.exec:\vdjvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvj.exec:\ppjvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nbnnh.exec:\3nbnnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjpd.exec:\ddjpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllxrx.exec:\xxllxrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlxrl.exec:\xxxlxrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tbntt.exec:\1tbntt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bthtn.exec:\5bthtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdpd.exec:\jjdpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xlxlxr.exec:\9xlxlxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlxfx.exec:\flrlxfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbnh.exec:\bbhbnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdj.exec:\vpjdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjpd.exec:\dpjpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lfxrlr.exec:\3lfxrlr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbnbh.exec:\btbnbh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbtb.exec:\nhtbtb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dpjv.exec:\5dpjv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfrxr.exec:\rrlfrxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrfxr.exec:\lxxrfxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhbt.exec:\tbhhbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbnn.exec:\nhhbnn.exe23⤵
- Executes dropped EXE
-
\??\c:\3vjdv.exec:\3vjdv.exe24⤵
- Executes dropped EXE
-
\??\c:\fflxlfl.exec:\fflxlfl.exe25⤵
- Executes dropped EXE
-
\??\c:\9thtnh.exec:\9thtnh.exe26⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe27⤵
- Executes dropped EXE
-
\??\c:\9lrlfxf.exec:\9lrlfxf.exe28⤵
- Executes dropped EXE
-
\??\c:\lfrxrlx.exec:\lfrxrlx.exe29⤵
- Executes dropped EXE
-
\??\c:\bbbttn.exec:\bbbttn.exe30⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe31⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe32⤵
- Executes dropped EXE
-
\??\c:\frfrlff.exec:\frfrlff.exe33⤵
- Executes dropped EXE
-
\??\c:\btttnn.exec:\btttnn.exe34⤵
- Executes dropped EXE
-
\??\c:\bhhnbb.exec:\bhhnbb.exe35⤵
- Executes dropped EXE
-
\??\c:\ttbbbb.exec:\ttbbbb.exe36⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe37⤵
- Executes dropped EXE
-
\??\c:\7jjpj.exec:\7jjpj.exe38⤵
- Executes dropped EXE
-
\??\c:\xxfrrll.exec:\xxfrrll.exe39⤵
- Executes dropped EXE
-
\??\c:\xrxrrlx.exec:\xrxrrlx.exe40⤵
- Executes dropped EXE
-
\??\c:\tnhbtn.exec:\tnhbtn.exe41⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe42⤵
- Executes dropped EXE
-
\??\c:\jpjdp.exec:\jpjdp.exe43⤵
- Executes dropped EXE
-
\??\c:\3pdvj.exec:\3pdvj.exe44⤵
- Executes dropped EXE
-
\??\c:\9xlxxrr.exec:\9xlxxrr.exe45⤵
- Executes dropped EXE
-
\??\c:\rlfxlfr.exec:\rlfxlfr.exe46⤵
- Executes dropped EXE
-
\??\c:\7bbnht.exec:\7bbnht.exe47⤵
- Executes dropped EXE
-
\??\c:\bttnnh.exec:\bttnnh.exe48⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe49⤵
- Executes dropped EXE
-
\??\c:\dddjd.exec:\dddjd.exe50⤵
- Executes dropped EXE
-
\??\c:\vvddv.exec:\vvddv.exe51⤵
- Executes dropped EXE
-
\??\c:\lxfrlfl.exec:\lxfrlfl.exe52⤵
- Executes dropped EXE
-
\??\c:\3rrrlfx.exec:\3rrrlfx.exe53⤵
- Executes dropped EXE
-
\??\c:\tnnnhh.exec:\tnnnhh.exe54⤵
- Executes dropped EXE
-
\??\c:\3thbbt.exec:\3thbbt.exe55⤵
- Executes dropped EXE
-
\??\c:\9hthhb.exec:\9hthhb.exe56⤵
- Executes dropped EXE
-
\??\c:\jpdpd.exec:\jpdpd.exe57⤵
- Executes dropped EXE
-
\??\c:\flfllll.exec:\flfllll.exe58⤵
- Executes dropped EXE
-
\??\c:\rxfrfxf.exec:\rxfrfxf.exe59⤵
- Executes dropped EXE
-
\??\c:\7nttnh.exec:\7nttnh.exe60⤵
- Executes dropped EXE
-
\??\c:\9ttnbt.exec:\9ttnbt.exe61⤵
- Executes dropped EXE
-
\??\c:\5ppjv.exec:\5ppjv.exe62⤵
- Executes dropped EXE
-
\??\c:\1flxlfl.exec:\1flxlfl.exe63⤵
- Executes dropped EXE
-
\??\c:\rflfxrl.exec:\rflfxrl.exe64⤵
- Executes dropped EXE
-
\??\c:\1bhbtn.exec:\1bhbtn.exe65⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe66⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe67⤵
-
\??\c:\pdjvd.exec:\pdjvd.exe68⤵
-
\??\c:\1fxrxrl.exec:\1fxrxrl.exe69⤵
-
\??\c:\3flxrlf.exec:\3flxrlf.exe70⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe71⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe72⤵
-
\??\c:\thbtth.exec:\thbtth.exe73⤵
-
\??\c:\jpvvd.exec:\jpvvd.exe74⤵
-
\??\c:\1pvjv.exec:\1pvjv.exe75⤵
-
\??\c:\7frlrrx.exec:\7frlrrx.exe76⤵
-
\??\c:\3xrlfxl.exec:\3xrlfxl.exe77⤵
-
\??\c:\tttnbt.exec:\tttnbt.exe78⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe79⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe80⤵
-
\??\c:\jvvjv.exec:\jvvjv.exe81⤵
-
\??\c:\llfflrx.exec:\llfflrx.exe82⤵
-
\??\c:\rfrlfff.exec:\rfrlfff.exe83⤵
-
\??\c:\nttnnn.exec:\nttnnn.exe84⤵
-
\??\c:\bnnnnt.exec:\bnnnnt.exe85⤵
-
\??\c:\jjddd.exec:\jjddd.exe86⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe87⤵
-
\??\c:\5lrlffx.exec:\5lrlffx.exe88⤵
-
\??\c:\hhttbh.exec:\hhttbh.exe89⤵
-
\??\c:\bhhhnt.exec:\bhhhnt.exe90⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe91⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe92⤵
-
\??\c:\9xrxlll.exec:\9xrxlll.exe93⤵
-
\??\c:\lxlfxxr.exec:\lxlfxxr.exe94⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe95⤵
-
\??\c:\nbtnnh.exec:\nbtnnh.exe96⤵
-
\??\c:\llrrlll.exec:\llrrlll.exe97⤵
-
\??\c:\hhbnth.exec:\hhbnth.exe98⤵
-
\??\c:\bhnttn.exec:\bhnttn.exe99⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe100⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe101⤵
-
\??\c:\9xrrfff.exec:\9xrrfff.exe102⤵
-
\??\c:\lfrlfrl.exec:\lfrlfrl.exe103⤵
-
\??\c:\hbtnnb.exec:\hbtnnb.exe104⤵
-
\??\c:\jpjjj.exec:\jpjjj.exe105⤵
-
\??\c:\3vpjd.exec:\3vpjd.exe106⤵
-
\??\c:\jvppp.exec:\jvppp.exe107⤵
-
\??\c:\xfrlxlr.exec:\xfrlxlr.exe108⤵
-
\??\c:\5rlfxxr.exec:\5rlfxxr.exe109⤵
-
\??\c:\rfrlrff.exec:\rfrlrff.exe110⤵
-
\??\c:\3nbtnt.exec:\3nbtnt.exe111⤵
-
\??\c:\jpdjd.exec:\jpdjd.exe112⤵
-
\??\c:\9lxrlrl.exec:\9lxrlrl.exe113⤵
-
\??\c:\9rxrxlf.exec:\9rxrxlf.exe114⤵
-
\??\c:\nhhhtt.exec:\nhhhtt.exe115⤵
-
\??\c:\nnhbhh.exec:\nnhbhh.exe116⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe117⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe118⤵
-
\??\c:\lfxrrlf.exec:\lfxrrlf.exe119⤵
-
\??\c:\xxffxfx.exec:\xxffxfx.exe120⤵
-
\??\c:\llxfxxx.exec:\llxfxxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-