Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
25/08/2024, 02:41
General
-
Target
a0224f122f55ac11e57d3c72e256e88f6f575a5bc4757ccd644186ce18b26e72.exe
-
Size
69KB
-
MD5
3e88103cdf4469b3fa09048c08308c3c
-
SHA1
bad18ebcf2fe06408593aac905cfa9a6b9c85166
-
SHA256
a0224f122f55ac11e57d3c72e256e88f6f575a5bc4757ccd644186ce18b26e72
-
SHA512
3f1e0db1b9d9b7e4202ee3940169abf760d45e7b5f0d1a1021c8d6a4b9133f9b40860d95b63205707d3d0d1e875632ede52cd7dbb62a2121530a141864e7655e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+Luvdv:ymb3NkkiQ3mdBjF0yMliv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a0224f122f55ac11e57d3c72e256e88f6f575a5bc4757ccd644186ce18b26e72.exe"C:\Users\Admin\AppData\Local\Temp\a0224f122f55ac11e57d3c72e256e88f6f575a5bc4757ccd644186ce18b26e72.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxrllf.exec:\5lxrllf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthbt.exec:\nnthbt.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ntnhh.exec:\1ntnhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nnnhh.exec:\7nnnhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdp.exec:\pjjdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjv.exec:\pjpjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttttb.exec:\tttttb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thbtt.exec:\5thbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdvv.exec:\7jdvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfffx.exec:\lflfffx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7thhbb.exec:\7thhbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pvvp.exec:\7pvvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllffr.exec:\fxllffr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnhn.exec:\bttnhn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnhh.exec:\nttnhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvp.exec:\vpjvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfrlf.exec:\rrlfrlf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthbn.exec:\nnthbn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbtbb.exec:\3tbtbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvv.exec:\jpvvv.exe23⤵
- Executes dropped EXE
-
\??\c:\7rrlfff.exec:\7rrlfff.exe24⤵
- Executes dropped EXE
-
\??\c:\hhttbb.exec:\hhttbb.exe25⤵
- Executes dropped EXE
-
\??\c:\bntnnt.exec:\bntnnt.exe26⤵
- Executes dropped EXE
-
\??\c:\vjddv.exec:\vjddv.exe27⤵
- Executes dropped EXE
-
\??\c:\frxxffl.exec:\frxxffl.exe28⤵
- Executes dropped EXE
-
\??\c:\lffxrrl.exec:\lffxrrl.exe29⤵
- Executes dropped EXE
-
\??\c:\btnhnn.exec:\btnhnn.exe30⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe31⤵
- Executes dropped EXE
-
\??\c:\vvddv.exec:\vvddv.exe32⤵
- Executes dropped EXE
-
\??\c:\lfxfrxf.exec:\lfxfrxf.exe33⤵
- Executes dropped EXE
-
\??\c:\1lrrxxx.exec:\1lrrxxx.exe34⤵
- Executes dropped EXE
-
\??\c:\tbnttt.exec:\tbnttt.exe35⤵
- Executes dropped EXE
-
\??\c:\7nbtnb.exec:\7nbtnb.exe36⤵
- Executes dropped EXE
-
\??\c:\1pddd.exec:\1pddd.exe37⤵
- Executes dropped EXE
-
\??\c:\rxlrllr.exec:\rxlrllr.exe38⤵
- Executes dropped EXE
-
\??\c:\xlffffx.exec:\xlffffx.exe39⤵
- Executes dropped EXE
-
\??\c:\9ntnhh.exec:\9ntnhh.exe40⤵
- Executes dropped EXE
-
\??\c:\7hnhbb.exec:\7hnhbb.exe41⤵
- Executes dropped EXE
-
\??\c:\1jpjj.exec:\1jpjj.exe42⤵
- Executes dropped EXE
-
\??\c:\jpddd.exec:\jpddd.exe43⤵
- Executes dropped EXE
-
\??\c:\xlllfxx.exec:\xlllfxx.exe44⤵
- Executes dropped EXE
-
\??\c:\xxxrrrr.exec:\xxxrrrr.exe45⤵
- Executes dropped EXE
-
\??\c:\3nhhbb.exec:\3nhhbb.exe46⤵
- Executes dropped EXE
-
\??\c:\1bbnnb.exec:\1bbnnb.exe47⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe48⤵
- Executes dropped EXE
-
\??\c:\dvvpv.exec:\dvvpv.exe49⤵
- Executes dropped EXE
-
\??\c:\5rrlxrr.exec:\5rrlxrr.exe50⤵
- Executes dropped EXE
-
\??\c:\9rfxffl.exec:\9rfxffl.exe51⤵
- Executes dropped EXE
-
\??\c:\btbhbb.exec:\btbhbb.exe52⤵
- Executes dropped EXE
-
\??\c:\7bhbbh.exec:\7bhbbh.exe53⤵
- Executes dropped EXE
-
\??\c:\djppd.exec:\djppd.exe54⤵
- Executes dropped EXE
-
\??\c:\jpdpp.exec:\jpdpp.exe55⤵
- Executes dropped EXE
-
\??\c:\5rxfrrl.exec:\5rxfrrl.exe56⤵
- Executes dropped EXE
-
\??\c:\llxxffr.exec:\llxxffr.exe57⤵
- Executes dropped EXE
-
\??\c:\hhbbtt.exec:\hhbbtt.exe58⤵
- Executes dropped EXE
-
\??\c:\7btnhh.exec:\7btnhh.exe59⤵
- Executes dropped EXE
-
\??\c:\5pvpp.exec:\5pvpp.exe60⤵
- Executes dropped EXE
-
\??\c:\pdvpp.exec:\pdvpp.exe61⤵
- Executes dropped EXE
-
\??\c:\xrfxrrl.exec:\xrfxrrl.exe62⤵
- Executes dropped EXE
-
\??\c:\9rlflrl.exec:\9rlflrl.exe63⤵
- Executes dropped EXE
-
\??\c:\5nbbth.exec:\5nbbth.exe64⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe65⤵
- Executes dropped EXE
-
\??\c:\9jpjv.exec:\9jpjv.exe66⤵
-
\??\c:\dvddv.exec:\dvddv.exe67⤵
-
\??\c:\xllfxrl.exec:\xllfxrl.exe68⤵
-
\??\c:\5ffxxxr.exec:\5ffxxxr.exe69⤵
-
\??\c:\bnbtnb.exec:\bnbtnb.exe70⤵
-
\??\c:\bnbtnn.exec:\bnbtnn.exe71⤵
-
\??\c:\vppjj.exec:\vppjj.exe72⤵
-
\??\c:\pvddp.exec:\pvddp.exe73⤵
-
\??\c:\xfrlxxx.exec:\xfrlxxx.exe74⤵
-
\??\c:\fllllll.exec:\fllllll.exe75⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe76⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe77⤵
-
\??\c:\3nnhtt.exec:\3nnhtt.exe78⤵
-
\??\c:\vddvp.exec:\vddvp.exe79⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe80⤵
-
\??\c:\lfxrrrf.exec:\lfxrrrf.exe81⤵
-
\??\c:\lfrrrxr.exec:\lfrrrxr.exe82⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe83⤵
-
\??\c:\ttbthh.exec:\ttbthh.exe84⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe85⤵
-
\??\c:\jddvj.exec:\jddvj.exe86⤵
-
\??\c:\xffxffx.exec:\xffxffx.exe87⤵
-
\??\c:\ffllfxr.exec:\ffllfxr.exe88⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe89⤵
-
\??\c:\bnhbnh.exec:\bnhbnh.exe90⤵
-
\??\c:\pvjdd.exec:\pvjdd.exe91⤵
-
\??\c:\9pjdp.exec:\9pjdp.exe92⤵
-
\??\c:\rxfrrlf.exec:\rxfrrlf.exe93⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe94⤵
-
\??\c:\3ttntn.exec:\3ttntn.exe95⤵
-
\??\c:\bbnhtb.exec:\bbnhtb.exe96⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe97⤵
-
\??\c:\fxxlffx.exec:\fxxlffx.exe98⤵
-
\??\c:\fxrxlll.exec:\fxrxlll.exe99⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe100⤵
-
\??\c:\9nhtbt.exec:\9nhtbt.exe101⤵
-
\??\c:\xxxfxxr.exec:\xxxfxxr.exe102⤵
-
\??\c:\rllfrlf.exec:\rllfrlf.exe103⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe104⤵
-
\??\c:\btnhhh.exec:\btnhhh.exe105⤵
-
\??\c:\9jjvj.exec:\9jjvj.exe106⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe107⤵
-
\??\c:\xflxlfx.exec:\xflxlfx.exe108⤵
-
\??\c:\xlrllff.exec:\xlrllff.exe109⤵
-
\??\c:\7tbtnt.exec:\7tbtnt.exe110⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe111⤵
-
\??\c:\jpppd.exec:\jpppd.exe112⤵
-
\??\c:\3ffrfxl.exec:\3ffrfxl.exe113⤵
-
\??\c:\thtttb.exec:\thtttb.exe114⤵
-
\??\c:\7nhhnn.exec:\7nhhnn.exe115⤵
-
\??\c:\3jjvj.exec:\3jjvj.exe116⤵
-
\??\c:\9pvpj.exec:\9pvpj.exe117⤵
-
\??\c:\5frlxrl.exec:\5frlxrl.exe118⤵
-
\??\c:\llrfrrf.exec:\llrfrrf.exe119⤵
-
\??\c:\bbbthh.exec:\bbbthh.exe120⤵
-
\??\c:\hnhbtt.exec:\hnhbtt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-