Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
23/08/2024, 13:22
General
-
Target
472bd330bb99ac58fdf6b770c0a568d0N.exe
-
Size
358KB
-
MD5
472bd330bb99ac58fdf6b770c0a568d0
-
SHA1
bf817f6e596652c42ae64cbe9b2e5632948c5864
-
SHA256
55b94a4b3482bb51e521fd10a460ed780f2d0304da4f563e376783b170e6c7f0
-
SHA512
ff4abb123da17010b86af7c8654f0b2e3038796565fd086784cd5ade8295e4e4b3108fbb57fb84ff58ca06c2822c5847d1c8ef99a3c1fd13afc5cca6f51813a3
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp9FrHSwh/c/hdTWGIaxJ8TN005pWmjVwdSsyy:n3C9BRo7tvnJ9Fywhk/T7xyTpShZB
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\472bd330bb99ac58fdf6b770c0a568d0N.exe"C:\Users\Admin\AppData\Local\Temp\472bd330bb99ac58fdf6b770c0a568d0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpv.exec:\jdvpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfxrl.exec:\fxlfxrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnbb.exec:\hntnbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u882626.exec:\u882626.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\880668.exec:\880668.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\40620.exec:\40620.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnhbt.exec:\ntnhbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\86688.exec:\86688.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpj.exec:\vdvpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrxxl.exec:\rlrrxxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhhh.exec:\btnhhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8666442.exec:\8666442.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6448604.exec:\6448604.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdp.exec:\jdjdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdd.exec:\dpjdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdv.exec:\vdjdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\46282.exec:\46282.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2608446.exec:\2608446.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m4426.exec:\m4426.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppj.exec:\vvppj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhbnt.exec:\3bhbnt.exe23⤵
- Executes dropped EXE
-
\??\c:\pdvvp.exec:\pdvvp.exe24⤵
- Executes dropped EXE
-
\??\c:\1hbnbt.exec:\1hbnbt.exe25⤵
- Executes dropped EXE
-
\??\c:\8862288.exec:\8862288.exe26⤵
- Executes dropped EXE
-
\??\c:\26420.exec:\26420.exe27⤵
- Executes dropped EXE
-
\??\c:\60084.exec:\60084.exe28⤵
- Executes dropped EXE
-
\??\c:\7tbthb.exec:\7tbthb.exe29⤵
- Executes dropped EXE
-
\??\c:\86400.exec:\86400.exe30⤵
- Executes dropped EXE
-
\??\c:\5fxrlfr.exec:\5fxrlfr.exe31⤵
- Executes dropped EXE
-
\??\c:\hhnbnn.exec:\hhnbnn.exe32⤵
- Executes dropped EXE
-
\??\c:\tbthtn.exec:\tbthtn.exe33⤵
- Executes dropped EXE
-
\??\c:\228260.exec:\228260.exe34⤵
- Executes dropped EXE
-
\??\c:\rlrlrlr.exec:\rlrlrlr.exe35⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\204464.exec:\204464.exe36⤵
- Executes dropped EXE
-
\??\c:\046640.exec:\046640.exe37⤵
- Executes dropped EXE
-
\??\c:\k68222.exec:\k68222.exe38⤵
- Executes dropped EXE
-
\??\c:\tnnnhh.exec:\tnnnhh.exe39⤵
- Executes dropped EXE
-
\??\c:\w40488.exec:\w40488.exe40⤵
- Executes dropped EXE
-
\??\c:\nbthbb.exec:\nbthbb.exe41⤵
- Executes dropped EXE
-
\??\c:\2400000.exec:\2400000.exe42⤵
- Executes dropped EXE
-
\??\c:\o684804.exec:\o684804.exe43⤵
- Executes dropped EXE
-
\??\c:\bbtbth.exec:\bbtbth.exe44⤵
- Executes dropped EXE
-
\??\c:\02886.exec:\02886.exe45⤵
- Executes dropped EXE
-
\??\c:\680600.exec:\680600.exe46⤵
- Executes dropped EXE
-
\??\c:\084260.exec:\084260.exe47⤵
- Executes dropped EXE
-
\??\c:\nhnhnb.exec:\nhnhnb.exe48⤵
- Executes dropped EXE
-
\??\c:\6288226.exec:\6288226.exe49⤵
- Executes dropped EXE
-
\??\c:\486060.exec:\486060.exe50⤵
- Executes dropped EXE
-
\??\c:\2006022.exec:\2006022.exe51⤵
- Executes dropped EXE
-
\??\c:\hntbtt.exec:\hntbtt.exe52⤵
- Executes dropped EXE
-
\??\c:\xxrrxxf.exec:\xxrrxxf.exe53⤵
- Executes dropped EXE
-
\??\c:\rfrlxxf.exec:\rfrlxxf.exe54⤵
- Executes dropped EXE
-
\??\c:\8040262.exec:\8040262.exe55⤵
- Executes dropped EXE
-
\??\c:\6682644.exec:\6682644.exe56⤵
- Executes dropped EXE
-
\??\c:\nbhbtn.exec:\nbhbtn.exe57⤵
- Executes dropped EXE
-
\??\c:\ddvjp.exec:\ddvjp.exe58⤵
- Executes dropped EXE
-
\??\c:\6288660.exec:\6288660.exe59⤵
- Executes dropped EXE
-
\??\c:\6806000.exec:\6806000.exe60⤵
- Executes dropped EXE
-
\??\c:\6848660.exec:\6848660.exe61⤵
- Executes dropped EXE
-
\??\c:\842644.exec:\842644.exe62⤵
- Executes dropped EXE
-
\??\c:\02600.exec:\02600.exe63⤵
- Executes dropped EXE
-
\??\c:\0262886.exec:\0262886.exe64⤵
- Executes dropped EXE
-
\??\c:\46062.exec:\46062.exe65⤵
- Executes dropped EXE
-
\??\c:\fffxxxx.exec:\fffxxxx.exe66⤵
-
\??\c:\84620.exec:\84620.exe67⤵
-
\??\c:\6004882.exec:\6004882.exe68⤵
-
\??\c:\3rrllfx.exec:\3rrllfx.exe69⤵
-
\??\c:\2048222.exec:\2048222.exe70⤵
-
\??\c:\s8082.exec:\s8082.exe71⤵
-
\??\c:\pjppv.exec:\pjppv.exe72⤵
-
\??\c:\xlxrlrr.exec:\xlxrlrr.exe73⤵
-
\??\c:\4244884.exec:\4244884.exe74⤵
-
\??\c:\888442.exec:\888442.exe75⤵
-
\??\c:\5dpjj.exec:\5dpjj.exe76⤵
-
\??\c:\42862.exec:\42862.exe77⤵
-
\??\c:\9xrlxxl.exec:\9xrlxxl.exe78⤵
-
\??\c:\pddvv.exec:\pddvv.exe79⤵
-
\??\c:\vppjj.exec:\vppjj.exe80⤵
-
\??\c:\m6648.exec:\m6648.exe81⤵
-
\??\c:\rffrfrf.exec:\rffrfrf.exe82⤵
-
\??\c:\c664820.exec:\c664820.exe83⤵
-
\??\c:\4440408.exec:\4440408.exe84⤵
-
\??\c:\flxllxf.exec:\flxllxf.exe85⤵
-
\??\c:\24486.exec:\24486.exe86⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe87⤵
-
\??\c:\826426.exec:\826426.exe88⤵
-
\??\c:\lxxlfxl.exec:\lxxlfxl.exe89⤵
-
\??\c:\hbbthb.exec:\hbbthb.exe90⤵
-
\??\c:\lxlxxrr.exec:\lxlxxrr.exe91⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe92⤵
-
\??\c:\frxlflx.exec:\frxlflx.exe93⤵
-
\??\c:\0020424.exec:\0020424.exe94⤵
-
\??\c:\66260.exec:\66260.exe95⤵
-
\??\c:\40228.exec:\40228.exe96⤵
-
\??\c:\jvvjv.exec:\jvvjv.exe97⤵
-
\??\c:\xflxlfx.exec:\xflxlfx.exe98⤵
-
\??\c:\2882648.exec:\2882648.exe99⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe100⤵
-
\??\c:\6860448.exec:\6860448.exe101⤵
-
\??\c:\068200.exec:\068200.exe102⤵
-
\??\c:\q86488.exec:\q86488.exe103⤵
-
\??\c:\2026048.exec:\2026048.exe104⤵
-
\??\c:\llxfxlf.exec:\llxfxlf.exe105⤵
-
\??\c:\rrlxrlf.exec:\rrlxrlf.exe106⤵
-
\??\c:\dppvv.exec:\dppvv.exe107⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe108⤵
-
\??\c:\446222.exec:\446222.exe109⤵
-
\??\c:\1tnhhh.exec:\1tnhhh.exe110⤵
-
\??\c:\rlrlffl.exec:\rlrlffl.exe111⤵
-
\??\c:\8286604.exec:\8286604.exe112⤵
-
\??\c:\xrrllll.exec:\xrrllll.exe113⤵
-
\??\c:\c464888.exec:\c464888.exe114⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe115⤵
-
\??\c:\xflffxx.exec:\xflffxx.exe116⤵
-
\??\c:\5pjjd.exec:\5pjjd.exe117⤵
-
\??\c:\7nbtbb.exec:\7nbtbb.exe118⤵
-
\??\c:\xfxlfxr.exec:\xfxlfxr.exe119⤵
-
\??\c:\440444.exec:\440444.exe120⤵
-
\??\c:\080048.exec:\080048.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-