Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
24/08/2024, 00:12
General
-
Target
8a70452c242e05c369eaea355195d600N.exe
-
Size
445KB
-
MD5
8a70452c242e05c369eaea355195d600
-
SHA1
b69b7cce0137fe213088af52cd702fc8e5a4139c
-
SHA256
5b3c04c6d97746fd514c2be784aabce7af36049d41fee7e0927107b8228a3d33
-
SHA512
23f8a5a116661aea008dc8b8a238d1fbee340c326263966738641780b1542361894035602af5bb548d810aea7792a0d05574722319a777a1a192395f42d8ceb0
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/T4i37K3BoKg0p5WI09Jg:n3C9ytvn8whkb4i3e3GFO6Jg
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8a70452c242e05c369eaea355195d600N.exe"C:\Users\Admin\AppData\Local\Temp\8a70452c242e05c369eaea355195d600N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbth.exec:\bttbth.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvj.exec:\dpjvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvjd.exec:\7dvjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxllxx.exec:\lxxllxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbb.exec:\tnnhbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjd.exec:\dvpjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffffflf.exec:\ffffflf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1htthb.exec:\1htthb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvdd.exec:\dpvdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjvv.exec:\ddjvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdd.exec:\ddjdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdp.exec:\jjjdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrrl.exec:\lffxrrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbhb.exec:\nhnbhb.exe15⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdp.exec:\vjjdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frffrlf.exec:\frffrlf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbtn.exec:\tnnbtn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnhh.exec:\bttnhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddv.exec:\jdddv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrlff.exec:\xrxrlff.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhhh.exec:\nhhhhh.exe23⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe24⤵
- Executes dropped EXE
-
\??\c:\xxxrlfx.exec:\xxxrlfx.exe25⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe26⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe27⤵
- Executes dropped EXE
-
\??\c:\xfxlxrl.exec:\xfxlxrl.exe28⤵
- Executes dropped EXE
-
\??\c:\ttnhbb.exec:\ttnhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe30⤵
- Executes dropped EXE
-
\??\c:\flfxxxr.exec:\flfxxxr.exe31⤵
- Executes dropped EXE
-
\??\c:\xxxrrrx.exec:\xxxrrrx.exe32⤵
- Executes dropped EXE
-
\??\c:\htnhtb.exec:\htnhtb.exe33⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe34⤵
- Executes dropped EXE
-
\??\c:\dvvvv.exec:\dvvvv.exe35⤵
- Executes dropped EXE
-
\??\c:\xrffxxx.exec:\xrffxxx.exe36⤵
-
\??\c:\rrfrlfx.exec:\rrfrlfx.exe37⤵
- Executes dropped EXE
-
\??\c:\tnhbtt.exec:\tnhbtt.exe38⤵
- Executes dropped EXE
-
\??\c:\vdvvp.exec:\vdvvp.exe39⤵
- Executes dropped EXE
-
\??\c:\rlrlllf.exec:\rlrlllf.exe40⤵
- Executes dropped EXE
-
\??\c:\tnbttn.exec:\tnbttn.exe41⤵
- Executes dropped EXE
-
\??\c:\bbnnhh.exec:\bbnnhh.exe42⤵
- Executes dropped EXE
-
\??\c:\dvjdv.exec:\dvjdv.exe43⤵
- Executes dropped EXE
-
\??\c:\frflrrx.exec:\frflrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\fflfxrr.exec:\fflfxrr.exe45⤵
- Executes dropped EXE
-
\??\c:\tnhtnn.exec:\tnhtnn.exe46⤵
- Executes dropped EXE
-
\??\c:\djddj.exec:\djddj.exe47⤵
- Executes dropped EXE
-
\??\c:\3vdvd.exec:\3vdvd.exe48⤵
- Executes dropped EXE
-
\??\c:\rfxlfrl.exec:\rfxlfrl.exe49⤵
- Executes dropped EXE
-
\??\c:\nnhbtb.exec:\nnhbtb.exe50⤵
- Executes dropped EXE
-
\??\c:\9tbthh.exec:\9tbthh.exe51⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe52⤵
- Executes dropped EXE
-
\??\c:\5rrlflf.exec:\5rrlflf.exe53⤵
- Executes dropped EXE
-
\??\c:\rrxrlll.exec:\rrxrlll.exe54⤵
- Executes dropped EXE
-
\??\c:\nhntnh.exec:\nhntnh.exe55⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe56⤵
- Executes dropped EXE
-
\??\c:\5jpjj.exec:\5jpjj.exe57⤵
- Executes dropped EXE
-
\??\c:\lffxfxr.exec:\lffxfxr.exe58⤵
- Executes dropped EXE
-
\??\c:\fffrfxf.exec:\fffrfxf.exe59⤵
- Executes dropped EXE
-
\??\c:\bhhbnh.exec:\bhhbnh.exe60⤵
- Executes dropped EXE
-
\??\c:\vdvvv.exec:\vdvvv.exe61⤵
- Executes dropped EXE
-
\??\c:\rxxrrrr.exec:\rxxrrrr.exe62⤵
- Executes dropped EXE
-
\??\c:\9xllffx.exec:\9xllffx.exe63⤵
- Executes dropped EXE
-
\??\c:\bthtbb.exec:\bthtbb.exe64⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe65⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe66⤵
- Executes dropped EXE
-
\??\c:\xlrlfxr.exec:\xlrlfxr.exe67⤵
-
\??\c:\fxxrlll.exec:\fxxrlll.exe68⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hbtnhb.exec:\hbtnhb.exe69⤵
-
\??\c:\vvppd.exec:\vvppd.exe70⤵
-
\??\c:\pjppv.exec:\pjppv.exe71⤵
-
\??\c:\1xrlxrf.exec:\1xrlxrf.exe72⤵
-
\??\c:\rxrxlrx.exec:\rxrxlrx.exe73⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe74⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe75⤵
-
\??\c:\3djjd.exec:\3djjd.exe76⤵
-
\??\c:\xxlfllr.exec:\xxlfllr.exe77⤵
-
\??\c:\rxxrllf.exec:\rxxrllf.exe78⤵
-
\??\c:\pjppv.exec:\pjppv.exe79⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe80⤵
-
\??\c:\rflrrrr.exec:\rflrrrr.exe81⤵
-
\??\c:\1bhhnh.exec:\1bhhnh.exe82⤵
-
\??\c:\tthbtn.exec:\tthbtn.exe83⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe84⤵
-
\??\c:\xxffxff.exec:\xxffxff.exe85⤵
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe86⤵
-
\??\c:\3tnnnn.exec:\3tnnnn.exe87⤵
-
\??\c:\hnhhbh.exec:\hnhhbh.exe88⤵
-
\??\c:\pjppj.exec:\pjppj.exe89⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe90⤵
-
\??\c:\rxrrrrr.exec:\rxrrrrr.exe91⤵
-
\??\c:\hnnbbt.exec:\hnnbbt.exe92⤵
-
\??\c:\bbnhbt.exec:\bbnhbt.exe93⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe94⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe95⤵
-
\??\c:\rllfrll.exec:\rllfrll.exe96⤵
-
\??\c:\tnbtnh.exec:\tnbtnh.exe97⤵
-
\??\c:\3hhbnn.exec:\3hhbnn.exe98⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jddvp.exec:\jddvp.exe99⤵
-
\??\c:\5jppp.exec:\5jppp.exe100⤵
-
\??\c:\lfrlfff.exec:\lfrlfff.exe101⤵
-
\??\c:\ttnnnt.exec:\ttnnnt.exe102⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe103⤵
-
\??\c:\9jdvp.exec:\9jdvp.exe104⤵
-
\??\c:\9lfrxxl.exec:\9lfrxxl.exe105⤵
-
\??\c:\llfllrx.exec:\llfllrx.exe106⤵
-
\??\c:\3tnhbt.exec:\3tnhbt.exe107⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe108⤵
-
\??\c:\3xfxrrf.exec:\3xfxrrf.exe109⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe110⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe111⤵
-
\??\c:\nbbthb.exec:\nbbthb.exe112⤵
-
\??\c:\jjjpp.exec:\jjjpp.exe113⤵
-
\??\c:\lxrfrxr.exec:\lxrfrxr.exe114⤵
-
\??\c:\lrllrxl.exec:\lrllrxl.exe115⤵
-
\??\c:\hnnhhh.exec:\hnnhhh.exe116⤵
-
\??\c:\pjppj.exec:\pjppj.exe117⤵
-
\??\c:\7btbht.exec:\7btbht.exe118⤵
-
\??\c:\5pppj.exec:\5pppj.exe119⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe120⤵
-
\??\c:\xfrlffx.exec:\xfrlffx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-