Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
21/08/2024, 15:51
General
-
Target
ce942a23ee4d054f0b06b091f109afd0N.exe
-
Size
64KB
-
MD5
ce942a23ee4d054f0b06b091f109afd0
-
SHA1
aac0ef09d6cb1d16d51e1846c4f70ef186ab8607
-
SHA256
8c51a8ba9c64bf6e174c2817bc476b49b8d2c357280b7832c44d40186693d1a6
-
SHA512
f12c5fabd6eb2281cc0fa2e21d44cab75ab27dc653252fce83c0307005e5c4009fd79633ee157d1c970ac29cece2c59eeaa0c38aeebfc9a11fa0bc93edb82969
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qPtW:ymb3NkkiQ3mdBjFIj+qA
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ce942a23ee4d054f0b06b091f109afd0N.exe"C:\Users\Admin\AppData\Local\Temp\ce942a23ee4d054f0b06b091f109afd0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpd.exec:\vdvpd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrffx.exec:\lfxrffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhbh.exec:\hbbhbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnntt.exec:\hbnntt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpd.exec:\vvvpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxflfl.exec:\llxflfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbttn.exec:\nbbttn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjj.exec:\dddjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdv.exec:\vdjdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxlffx.exec:\rfxlffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnhb.exec:\hbbnhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddv.exec:\pvddv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrrfx.exec:\fffrrfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxrrl.exec:\fffxrrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtnn.exec:\nhbtnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdpj.exec:\dpdpj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxrrrf.exec:\1rxrrrf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfxxr.exec:\rflfxxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppp.exec:\dpppp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvd.exec:\jjdvd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrlll.exec:\xrrrlll.exe23⤵
- Executes dropped EXE
-
\??\c:\hbhbtb.exec:\hbhbtb.exe24⤵
- Executes dropped EXE
-
\??\c:\tnnnhn.exec:\tnnnhn.exe25⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe26⤵
- Executes dropped EXE
-
\??\c:\vddvp.exec:\vddvp.exe27⤵
- Executes dropped EXE
-
\??\c:\3frrllf.exec:\3frrllf.exe28⤵
- Executes dropped EXE
-
\??\c:\ttbtbb.exec:\ttbtbb.exe29⤵
- Executes dropped EXE
-
\??\c:\bbhbtt.exec:\bbhbtt.exe30⤵
- Executes dropped EXE
-
\??\c:\ddjvd.exec:\ddjvd.exe31⤵
- Executes dropped EXE
-
\??\c:\rlrlfff.exec:\rlrlfff.exe32⤵
- Executes dropped EXE
-
\??\c:\1hnttt.exec:\1hnttt.exe33⤵
- Executes dropped EXE
-
\??\c:\bntthh.exec:\bntthh.exe34⤵
- Executes dropped EXE
-
\??\c:\1dpjv.exec:\1dpjv.exe35⤵
- Executes dropped EXE
-
\??\c:\fxrfxfx.exec:\fxrfxfx.exe36⤵
- Executes dropped EXE
-
\??\c:\lffrlfx.exec:\lffrlfx.exe37⤵
- Executes dropped EXE
-
\??\c:\fxxxlfx.exec:\fxxxlfx.exe38⤵
- Executes dropped EXE
-
\??\c:\9nnhnh.exec:\9nnhnh.exe39⤵
- Executes dropped EXE
-
\??\c:\jvvvd.exec:\jvvvd.exe40⤵
- Executes dropped EXE
-
\??\c:\pjjdj.exec:\pjjdj.exe41⤵
- Executes dropped EXE
-
\??\c:\dpjvj.exec:\dpjvj.exe42⤵
- Executes dropped EXE
-
\??\c:\lllxlfr.exec:\lllxlfr.exe43⤵
- Executes dropped EXE
-
\??\c:\hhhhtn.exec:\hhhhtn.exe44⤵
- Executes dropped EXE
-
\??\c:\thhbhh.exec:\thhbhh.exe45⤵
- Executes dropped EXE
-
\??\c:\pdpdp.exec:\pdpdp.exe46⤵
- Executes dropped EXE
-
\??\c:\pdpvp.exec:\pdpvp.exe47⤵
- Executes dropped EXE
-
\??\c:\fffrrrl.exec:\fffrrrl.exe48⤵
- Executes dropped EXE
-
\??\c:\fxxrfrr.exec:\fxxrfrr.exe49⤵
- Executes dropped EXE
-
\??\c:\tttnbt.exec:\tttnbt.exe50⤵
- Executes dropped EXE
-
\??\c:\tnhthb.exec:\tnhthb.exe51⤵
- Executes dropped EXE
-
\??\c:\tnnbbb.exec:\tnnbbb.exe52⤵
- Executes dropped EXE
-
\??\c:\5vvjv.exec:\5vvjv.exe53⤵
- Executes dropped EXE
-
\??\c:\djjpv.exec:\djjpv.exe54⤵
- Executes dropped EXE
-
\??\c:\ffxrllf.exec:\ffxrllf.exe55⤵
- Executes dropped EXE
-
\??\c:\7ffxrlf.exec:\7ffxrlf.exe56⤵
- Executes dropped EXE
-
\??\c:\thhbbh.exec:\thhbbh.exe57⤵
- Executes dropped EXE
-
\??\c:\nnhbnn.exec:\nnhbnn.exe58⤵
- Executes dropped EXE
-
\??\c:\3djjd.exec:\3djjd.exe59⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe60⤵
- Executes dropped EXE
-
\??\c:\xxrrllr.exec:\xxrrllr.exe61⤵
- Executes dropped EXE
-
\??\c:\lxxrrxr.exec:\lxxrrxr.exe62⤵
- Executes dropped EXE
-
\??\c:\htntnh.exec:\htntnh.exe63⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe64⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe65⤵
- Executes dropped EXE
-
\??\c:\1xrrlll.exec:\1xrrlll.exe66⤵
-
\??\c:\rlfrlll.exec:\rlfrlll.exe67⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe68⤵
-
\??\c:\jpjjp.exec:\jpjjp.exe69⤵
-
\??\c:\1jjvj.exec:\1jjvj.exe70⤵
-
\??\c:\rrllrrx.exec:\rrllrrx.exe71⤵
-
\??\c:\rflfxxr.exec:\rflfxxr.exe72⤵
-
\??\c:\7nbhbn.exec:\7nbhbn.exe73⤵
-
\??\c:\5bhbtt.exec:\5bhbtt.exe74⤵
-
\??\c:\nnbttt.exec:\nnbttt.exe75⤵
-
\??\c:\vvddp.exec:\vvddp.exe76⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe77⤵
-
\??\c:\ffxrfxr.exec:\ffxrfxr.exe78⤵
-
\??\c:\7tnnnb.exec:\7tnnnb.exe79⤵
-
\??\c:\3hnbbt.exec:\3hnbbt.exe80⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe81⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe82⤵
-
\??\c:\lfxrlll.exec:\lfxrlll.exe83⤵
-
\??\c:\rlflrff.exec:\rlflrff.exe84⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe85⤵
-
\??\c:\btnhhh.exec:\btnhhh.exe86⤵
-
\??\c:\nhbntt.exec:\nhbntt.exe87⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe88⤵
-
\??\c:\vppjd.exec:\vppjd.exe89⤵
-
\??\c:\xlfxllf.exec:\xlfxllf.exe90⤵
-
\??\c:\xrxrxxf.exec:\xrxrxxf.exe91⤵
-
\??\c:\hnbhht.exec:\hnbhht.exe92⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe93⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe94⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe95⤵
-
\??\c:\rlrlxxf.exec:\rlrlxxf.exe96⤵
-
\??\c:\lfrrrrf.exec:\lfrrrrf.exe97⤵
-
\??\c:\lfxlllf.exec:\lfxlllf.exe98⤵
-
\??\c:\ttnhbb.exec:\ttnhbb.exe99⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe100⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe101⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe102⤵
-
\??\c:\fxxrlll.exec:\fxxrlll.exe103⤵
-
\??\c:\rlxxfll.exec:\rlxxfll.exe104⤵
-
\??\c:\frlfxrl.exec:\frlfxrl.exe105⤵
-
\??\c:\pvppd.exec:\pvppd.exe106⤵
-
\??\c:\3lfxfxr.exec:\3lfxfxr.exe107⤵
-
\??\c:\7lfrrxf.exec:\7lfrrxf.exe108⤵
-
\??\c:\tnbtbt.exec:\tnbtbt.exe109⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe110⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe111⤵
-
\??\c:\vjdpp.exec:\vjdpp.exe112⤵
-
\??\c:\3ffrfxx.exec:\3ffrfxx.exe113⤵
-
\??\c:\lffrlfx.exec:\lffrlfx.exe114⤵
-
\??\c:\xxllrxf.exec:\xxllrxf.exe115⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe116⤵
-
\??\c:\3nbttn.exec:\3nbttn.exe117⤵
-
\??\c:\vppjd.exec:\vppjd.exe118⤵
-
\??\c:\rrrrrlf.exec:\rrrrrlf.exe119⤵
-
\??\c:\rfrllfl.exec:\rfrllfl.exe120⤵
-
\??\c:\lxrlxlx.exec:\lxrlxlx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-