Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
25/08/2024, 22:30
General
-
Target
08c44d1a75249042fbe0bc3e51b9a920N.exe
-
Size
96KB
-
MD5
08c44d1a75249042fbe0bc3e51b9a920
-
SHA1
6839c9eb592d17f7dee22a46ead58aa4b6c1eb82
-
SHA256
448b1d4924c92b17a3c120875e623a6af0c0fca822df9f749dd56a8349ef91a3
-
SHA512
031340d9f2e77654a3d11b1964b32e104cee2d96a09e8255381e735fd86d08c4d18690c2905e572c1b248245b2dd46760174e73c84f7e1b1a9c08e222b827fd1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP1hvZo66Ox4oq2SQwfTrp:ymb3NkkiQ3mdBjFIj+qNhvZuHQYfw4jr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\08c44d1a75249042fbe0bc3e51b9a920N.exe"C:\Users\Admin\AppData\Local\Temp\08c44d1a75249042fbe0bc3e51b9a920N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlrrx.exec:\rxrlrrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtttt.exec:\hbtttt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbhbn.exec:\thbhbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxfff.exec:\rrxxfff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbttb.exec:\hbbttb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdjd.exec:\djdjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrllf.exec:\xlrrllf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnhh.exec:\thnnhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthbhh.exec:\nthbhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdjv.exec:\dpdjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbnb.exec:\hthbnb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvp.exec:\vvpvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlffff.exec:\rxlffff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tbbhh.exec:\9tbbhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjvd.exec:\3pjvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjd.exec:\ddvjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrllf.exec:\lfxrllf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnhh.exec:\tttnhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppvp.exec:\jppvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlfxx.exec:\frrlfxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbth.exec:\thbbth.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppp.exec:\jvppp.exe23⤵
- Executes dropped EXE
-
\??\c:\rllfrrr.exec:\rllfrrr.exe24⤵
- Executes dropped EXE
-
\??\c:\bbtnhh.exec:\bbtnhh.exe25⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe26⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe27⤵
- Executes dropped EXE
-
\??\c:\ffrrlll.exec:\ffrrlll.exe28⤵
- Executes dropped EXE
-
\??\c:\3rfrlxr.exec:\3rfrlxr.exe29⤵
- Executes dropped EXE
-
\??\c:\nntnnn.exec:\nntnnn.exe30⤵
- Executes dropped EXE
-
\??\c:\vvpdj.exec:\vvpdj.exe31⤵
- Executes dropped EXE
-
\??\c:\rrrffll.exec:\rrrffll.exe32⤵
- Executes dropped EXE
-
\??\c:\nthttn.exec:\nthttn.exe33⤵
- Executes dropped EXE
-
\??\c:\vvdjd.exec:\vvdjd.exe34⤵
- Executes dropped EXE
-
\??\c:\3vvvj.exec:\3vvvj.exe35⤵
- Executes dropped EXE
-
\??\c:\rfxrffx.exec:\rfxrffx.exe36⤵
- Executes dropped EXE
-
\??\c:\lflffff.exec:\lflffff.exe37⤵
- Executes dropped EXE
-
\??\c:\hthntb.exec:\hthntb.exe38⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe39⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe40⤵
- Executes dropped EXE
-
\??\c:\lfxrrlx.exec:\lfxrrlx.exe41⤵
- Executes dropped EXE
-
\??\c:\tnbbbh.exec:\tnbbbh.exe42⤵
- Executes dropped EXE
-
\??\c:\9nbtnt.exec:\9nbtnt.exe43⤵
- Executes dropped EXE
-
\??\c:\jpvjv.exec:\jpvjv.exe44⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe45⤵
- Executes dropped EXE
-
\??\c:\dvvdd.exec:\dvvdd.exe46⤵
- Executes dropped EXE
-
\??\c:\fffxrrl.exec:\fffxrrl.exe47⤵
- Executes dropped EXE
-
\??\c:\hhntbb.exec:\hhntbb.exe48⤵
- Executes dropped EXE
-
\??\c:\pdvvv.exec:\pdvvv.exe49⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe50⤵
- Executes dropped EXE
-
\??\c:\flrlfll.exec:\flrlfll.exe51⤵
- Executes dropped EXE
-
\??\c:\rrffxxx.exec:\rrffxxx.exe52⤵
- Executes dropped EXE
-
\??\c:\3htnhh.exec:\3htnhh.exe53⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe54⤵
- Executes dropped EXE
-
\??\c:\9djjd.exec:\9djjd.exe55⤵
- Executes dropped EXE
-
\??\c:\xrxlffl.exec:\xrxlffl.exe56⤵
- Executes dropped EXE
-
\??\c:\frxxxxx.exec:\frxxxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\tnnhhh.exec:\tnnhhh.exe58⤵
- Executes dropped EXE
-
\??\c:\3bnhhb.exec:\3bnhhb.exe59⤵
- Executes dropped EXE
-
\??\c:\pvpvj.exec:\pvpvj.exe60⤵
- Executes dropped EXE
-
\??\c:\9fffxrr.exec:\9fffxrr.exe61⤵
- Executes dropped EXE
-
\??\c:\rrxrrrl.exec:\rrxrrrl.exe62⤵
- Executes dropped EXE
-
\??\c:\7xffxxr.exec:\7xffxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\bhhhhh.exec:\bhhhhh.exe64⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe65⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe66⤵
-
\??\c:\rlxlrrr.exec:\rlxlrrr.exe67⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe68⤵
-
\??\c:\tnbhbn.exec:\tnbhbn.exe69⤵
-
\??\c:\pjddv.exec:\pjddv.exe70⤵
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe71⤵
-
\??\c:\xllrrff.exec:\xllrrff.exe72⤵
-
\??\c:\ntnbbb.exec:\ntnbbb.exe73⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe74⤵
-
\??\c:\9pvpd.exec:\9pvpd.exe75⤵
-
\??\c:\lffxllf.exec:\lffxllf.exe76⤵
-
\??\c:\xrllllr.exec:\xrllllr.exe77⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nnnhnn.exec:\nnnhnn.exe78⤵
-
\??\c:\hnbbth.exec:\hnbbth.exe79⤵
-
\??\c:\vpddp.exec:\vpddp.exe80⤵
-
\??\c:\rrfrxxf.exec:\rrfrxxf.exe81⤵
-
\??\c:\rlrfxxr.exec:\rlrfxxr.exe82⤵
-
\??\c:\nhtnbh.exec:\nhtnbh.exe83⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe84⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe85⤵
-
\??\c:\rlrxxxl.exec:\rlrxxxl.exe86⤵
-
\??\c:\flllfxr.exec:\flllfxr.exe87⤵
-
\??\c:\hbhnnt.exec:\hbhnnt.exe88⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe89⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe90⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe91⤵
-
\??\c:\xrfrxlx.exec:\xrfrxlx.exe92⤵
-
\??\c:\hnthtn.exec:\hnthtn.exe93⤵
-
\??\c:\dvddd.exec:\dvddd.exe94⤵
-
\??\c:\vdpjp.exec:\vdpjp.exe95⤵
-
\??\c:\frfrfll.exec:\frfrfll.exe96⤵
-
\??\c:\hbnhbn.exec:\hbnhbn.exe97⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe98⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe99⤵
-
\??\c:\flrffxx.exec:\flrffxx.exe100⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe101⤵
-
\??\c:\hnhhtn.exec:\hnhhtn.exe102⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe103⤵
-
\??\c:\rxlfxxx.exec:\rxlfxxx.exe104⤵
-
\??\c:\7lllffx.exec:\7lllffx.exe105⤵
-
\??\c:\bbbttn.exec:\bbbttn.exe106⤵
-
\??\c:\7ntntt.exec:\7ntntt.exe107⤵
-
\??\c:\jdddv.exec:\jdddv.exe108⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe109⤵
-
\??\c:\fxlfxlf.exec:\fxlfxlf.exe110⤵
-
\??\c:\ffffffr.exec:\ffffffr.exe111⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe112⤵
-
\??\c:\7hnhnn.exec:\7hnhnn.exe113⤵
-
\??\c:\7dddv.exec:\7dddv.exe114⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pvpdv.exec:\pvpdv.exe115⤵
-
\??\c:\9lfxlrl.exec:\9lfxlrl.exe116⤵
-
\??\c:\xrlffxr.exec:\xrlffxr.exe117⤵
-
\??\c:\tbbtbb.exec:\tbbtbb.exe118⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe119⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe120⤵
-
\??\c:\rllllfx.exec:\rllllfx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-