Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
22/08/2024, 18:19
General
-
Target
ebc40cd78bf15a7862f1db4c29cd7580N.exe
-
Size
73KB
-
MD5
ebc40cd78bf15a7862f1db4c29cd7580
-
SHA1
07273016d621b7035c7e6d053dc0591df73b06b3
-
SHA256
ec07e19890290a8c09077fdafb7e1c8b158bb7aa17f1659a8014bd2ecf787e4f
-
SHA512
35f622a9eddc02a94a62a3650ef85f557c0a487e2d3cc0d4d6768db95361dbd4768dadeed949ec37b8bce1cd8ec506dffdc883c23812b6c2166ec6956fd98cb2
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDWiekja1br3GGBxfot3ey:ymb3NkkiQ3mdBjFWXkj7afoV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ebc40cd78bf15a7862f1db4c29cd7580N.exe"C:\Users\Admin\AppData\Local\Temp\ebc40cd78bf15a7862f1db4c29cd7580N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpj.exec:\vvvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfrrfx.exec:\lxfrrfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxflr.exec:\rrxxflr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttnn.exec:\nhttnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjd.exec:\dppjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdp.exec:\pjjdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxfrx.exec:\rffxfrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnnt.exec:\hhnnnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvj.exec:\pjdvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffrrrl.exec:\xffrrrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ttttt.exec:\5ttttt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjv.exec:\vdjjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvjv.exec:\pvvjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xffxff.exec:\1xffxff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbhnn.exec:\7nbhnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddj.exec:\jjddj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxllf.exec:\rfxxllf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rllfff.exec:\1rllfff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtttt.exec:\nhtttt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbthn.exec:\hhbthn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdd.exec:\dvjdd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxrl.exec:\rllfxrl.exe23⤵
- Executes dropped EXE
-
\??\c:\rfllxxx.exec:\rfllxxx.exe24⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe25⤵
- Executes dropped EXE
-
\??\c:\ppdvv.exec:\ppdvv.exe26⤵
- Executes dropped EXE
-
\??\c:\djjjv.exec:\djjjv.exe27⤵
- Executes dropped EXE
-
\??\c:\xlrflfl.exec:\xlrflfl.exe28⤵
- Executes dropped EXE
-
\??\c:\thbtnn.exec:\thbtnn.exe29⤵
- Executes dropped EXE
-
\??\c:\5dvvj.exec:\5dvvj.exe30⤵
- Executes dropped EXE
-
\??\c:\rxfxrrl.exec:\rxfxrrl.exe31⤵
- Executes dropped EXE
-
\??\c:\bbtnhh.exec:\bbtnhh.exe32⤵
- Executes dropped EXE
-
\??\c:\3ppjd.exec:\3ppjd.exe33⤵
- Executes dropped EXE
-
\??\c:\lflfffl.exec:\lflfffl.exe34⤵
- Executes dropped EXE
-
\??\c:\ntbbtt.exec:\ntbbtt.exe35⤵
- Executes dropped EXE
-
\??\c:\ddpvd.exec:\ddpvd.exe36⤵
- Executes dropped EXE
-
\??\c:\vjppd.exec:\vjppd.exe37⤵
- Executes dropped EXE
-
\??\c:\rlfxlfl.exec:\rlfxlfl.exe38⤵
- Executes dropped EXE
-
\??\c:\xlfxrll.exec:\xlfxrll.exe39⤵
- Executes dropped EXE
-
\??\c:\3btnhh.exec:\3btnhh.exe40⤵
- Executes dropped EXE
-
\??\c:\1hbttt.exec:\1hbttt.exe41⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe42⤵
- Executes dropped EXE
-
\??\c:\djjdj.exec:\djjdj.exe43⤵
- Executes dropped EXE
-
\??\c:\5xlfflr.exec:\5xlfflr.exe44⤵
- Executes dropped EXE
-
\??\c:\lxffxff.exec:\lxffxff.exe45⤵
- Executes dropped EXE
-
\??\c:\bbhbtt.exec:\bbhbtt.exe46⤵
- Executes dropped EXE
-
\??\c:\htthnh.exec:\htthnh.exe47⤵
- Executes dropped EXE
-
\??\c:\djjjj.exec:\djjjj.exe48⤵
- Executes dropped EXE
-
\??\c:\5dvpd.exec:\5dvpd.exe49⤵
- Executes dropped EXE
-
\??\c:\lxlfrrl.exec:\lxlfrrl.exe50⤵
- Executes dropped EXE
-
\??\c:\rlxxrff.exec:\rlxxrff.exe51⤵
- Executes dropped EXE
-
\??\c:\nbnhbb.exec:\nbnhbb.exe52⤵
- Executes dropped EXE
-
\??\c:\nhhbtb.exec:\nhhbtb.exe53⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe54⤵
- Executes dropped EXE
-
\??\c:\dvpjj.exec:\dvpjj.exe55⤵
- Executes dropped EXE
-
\??\c:\xrrlfff.exec:\xrrlfff.exe56⤵
- Executes dropped EXE
-
\??\c:\xxffllr.exec:\xxffllr.exe57⤵
- Executes dropped EXE
-
\??\c:\hbbtnh.exec:\hbbtnh.exe58⤵
- Executes dropped EXE
-
\??\c:\tbhhhh.exec:\tbhhhh.exe59⤵
- Executes dropped EXE
-
\??\c:\5pvjj.exec:\5pvjj.exe60⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe61⤵
- Executes dropped EXE
-
\??\c:\fxfrrrx.exec:\fxfrrrx.exe62⤵
- Executes dropped EXE
-
\??\c:\llrllxx.exec:\llrllxx.exe63⤵
- Executes dropped EXE
-
\??\c:\nnnnhh.exec:\nnnnhh.exe64⤵
- Executes dropped EXE
-
\??\c:\tnbbth.exec:\tnbbth.exe65⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe66⤵
-
\??\c:\lfllfff.exec:\lfllfff.exe67⤵
-
\??\c:\7xrfrrx.exec:\7xrfrrx.exe68⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe69⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe70⤵
-
\??\c:\9dvpj.exec:\9dvpj.exe71⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe72⤵
-
\??\c:\lrrrllf.exec:\lrrrllf.exe73⤵
-
\??\c:\xlllfff.exec:\xlllfff.exe74⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe75⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe76⤵
-
\??\c:\dpddj.exec:\dpddj.exe77⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe78⤵
-
\??\c:\ffllrrx.exec:\ffllrrx.exe79⤵
-
\??\c:\tnbntn.exec:\tnbntn.exe80⤵
-
\??\c:\bhnthb.exec:\bhnthb.exe81⤵
-
\??\c:\dppvv.exec:\dppvv.exe82⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe83⤵
-
\??\c:\9xfxllx.exec:\9xfxllx.exe84⤵
-
\??\c:\xrxfxrl.exec:\xrxfxrl.exe85⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe86⤵
-
\??\c:\djjvp.exec:\djjvp.exe87⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe88⤵
-
\??\c:\xxrlrrx.exec:\xxrlrrx.exe89⤵
-
\??\c:\rfrlfrr.exec:\rfrlfrr.exe90⤵
-
\??\c:\thtttt.exec:\thtttt.exe91⤵
-
\??\c:\tttnnn.exec:\tttnnn.exe92⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe93⤵
-
\??\c:\fflflll.exec:\fflflll.exe94⤵
-
\??\c:\5lrlfff.exec:\5lrlfff.exe95⤵
-
\??\c:\rlxlxrf.exec:\rlxlxrf.exe96⤵
-
\??\c:\htttnn.exec:\htttnn.exe97⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe98⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe99⤵
-
\??\c:\lffllfl.exec:\lffllfl.exe100⤵
-
\??\c:\xlflrxl.exec:\xlflrxl.exe101⤵
-
\??\c:\tntnnh.exec:\tntnnh.exe102⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe103⤵
-
\??\c:\3ddvp.exec:\3ddvp.exe104⤵
-
\??\c:\rlllxxx.exec:\rlllxxx.exe105⤵
-
\??\c:\xxfffff.exec:\xxfffff.exe106⤵
-
\??\c:\7tthtb.exec:\7tthtb.exe107⤵
-
\??\c:\7ppjd.exec:\7ppjd.exe108⤵
-
\??\c:\3vvjd.exec:\3vvjd.exe109⤵
-
\??\c:\rlfrrlr.exec:\rlfrrlr.exe110⤵
-
\??\c:\3hhbtt.exec:\3hhbtt.exe111⤵
-
\??\c:\1tbtnn.exec:\1tbtnn.exe112⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe113⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe114⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe115⤵
-
\??\c:\llllllf.exec:\llllllf.exe116⤵
-
\??\c:\3hhhbh.exec:\3hhhbh.exe117⤵
-
\??\c:\nnbbnn.exec:\nnbbnn.exe118⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe119⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe120⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vdddp.exec:\vdddp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-