Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
25/08/2024, 08:19
General
-
Target
4508b3065128bff4d98c6a13bb8f1fb0N.exe
-
Size
59KB
-
MD5
4508b3065128bff4d98c6a13bb8f1fb0
-
SHA1
867de64fd52c80d06769b119db92bddab2fa87f0
-
SHA256
a05852291fbc686247cb432de4bf11e79baaed738f38a453699fa2b63dfaa1f5
-
SHA512
7cbd5326476d360a048a5476b99c8f208df8e721d826b15435e301bb07bc3efd267a8fd13fd9a2571a540422c440f57b00c857dd0d42b21045bdd531f1963f7c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb+8RI:ymb3NkkiQ3mdBjFIjRI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4508b3065128bff4d98c6a13bb8f1fb0N.exe"C:\Users\Admin\AppData\Local\Temp\4508b3065128bff4d98c6a13bb8f1fb0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hnttnn.exec:\hnttnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvj.exec:\jjjvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrrll.exec:\frxrrll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrrffx.exec:\rxrrffx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbttn.exec:\btbttn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppd.exec:\pjppd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhbb.exec:\ttnhbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpd.exec:\pvdpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpdp.exec:\djpdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrfrlx.exec:\xrrfrlx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbnh.exec:\bnhbnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjd.exec:\dppjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffllrl.exec:\rffllrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnhb.exec:\bttnhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhttn.exec:\5hhttn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdv.exec:\pvjdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvj.exec:\dpjvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrllxrl.exec:\lrllxrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhbn.exec:\thnhbn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnhtn.exec:\ntnhtn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrxxx.exec:\llxrxxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxfxf.exec:\lfxxfxf.exe23⤵
- Executes dropped EXE
-
\??\c:\tnbnhb.exec:\tnbnhb.exe24⤵
- Executes dropped EXE
-
\??\c:\hntbhn.exec:\hntbhn.exe25⤵
- Executes dropped EXE
-
\??\c:\vdddv.exec:\vdddv.exe26⤵
- Executes dropped EXE
-
\??\c:\lxlfxxr.exec:\lxlfxxr.exe27⤵
- Executes dropped EXE
-
\??\c:\fxxxxff.exec:\fxxxxff.exe28⤵
- Executes dropped EXE
-
\??\c:\nbhtbn.exec:\nbhtbn.exe29⤵
- Executes dropped EXE
-
\??\c:\dppdv.exec:\dppdv.exe30⤵
- Executes dropped EXE
-
\??\c:\fllffxr.exec:\fllffxr.exe31⤵
- Executes dropped EXE
-
\??\c:\frrlfrl.exec:\frrlfrl.exe32⤵
- Executes dropped EXE
-
\??\c:\httttt.exec:\httttt.exe33⤵
- Executes dropped EXE
-
\??\c:\hnntnb.exec:\hnntnb.exe34⤵
- Executes dropped EXE
-
\??\c:\jjddd.exec:\jjddd.exe35⤵
- Executes dropped EXE
-
\??\c:\pdvpp.exec:\pdvpp.exe36⤵
- Executes dropped EXE
-
\??\c:\lfxllff.exec:\lfxllff.exe37⤵
- Executes dropped EXE
-
\??\c:\nbhhhh.exec:\nbhhhh.exe38⤵
- Executes dropped EXE
-
\??\c:\9bbbnn.exec:\9bbbnn.exe39⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe40⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe41⤵
- Executes dropped EXE
-
\??\c:\dpvvj.exec:\dpvvj.exe42⤵
- Executes dropped EXE
-
\??\c:\lffffff.exec:\lffffff.exe43⤵
- Executes dropped EXE
-
\??\c:\1xfxxxl.exec:\1xfxxxl.exe44⤵
- Executes dropped EXE
-
\??\c:\7btnhb.exec:\7btnhb.exe45⤵
- Executes dropped EXE
-
\??\c:\7thbnh.exec:\7thbnh.exe46⤵
- Executes dropped EXE
-
\??\c:\tnhbnn.exec:\tnhbnn.exe47⤵
- Executes dropped EXE
-
\??\c:\9ppjd.exec:\9ppjd.exe48⤵
- Executes dropped EXE
-
\??\c:\dpppv.exec:\dpppv.exe49⤵
- Executes dropped EXE
-
\??\c:\lffxxfx.exec:\lffxxfx.exe50⤵
- Executes dropped EXE
-
\??\c:\ffxlfff.exec:\ffxlfff.exe51⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe52⤵
- Executes dropped EXE
-
\??\c:\1pvpp.exec:\1pvpp.exe53⤵
- Executes dropped EXE
-
\??\c:\jppvp.exec:\jppvp.exe54⤵
- Executes dropped EXE
-
\??\c:\xlxfrff.exec:\xlxfrff.exe55⤵
- Executes dropped EXE
-
\??\c:\nbhnnt.exec:\nbhnnt.exe56⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe57⤵
- Executes dropped EXE
-
\??\c:\pjjdj.exec:\pjjdj.exe58⤵
- Executes dropped EXE
-
\??\c:\xffxxxr.exec:\xffxxxr.exe59⤵
- Executes dropped EXE
-
\??\c:\rlffffx.exec:\rlffffx.exe60⤵
- Executes dropped EXE
-
\??\c:\5nhhtn.exec:\5nhhtn.exe61⤵
- Executes dropped EXE
-
\??\c:\1btnnn.exec:\1btnnn.exe62⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe63⤵
- Executes dropped EXE
-
\??\c:\vddvj.exec:\vddvj.exe64⤵
- Executes dropped EXE
-
\??\c:\xlxrrrr.exec:\xlxrrrr.exe65⤵
- Executes dropped EXE
-
\??\c:\rflxlfr.exec:\rflxlfr.exe66⤵
-
\??\c:\tnhtnn.exec:\tnhtnn.exe67⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe68⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe69⤵
-
\??\c:\xrxrllf.exec:\xrxrllf.exe70⤵
-
\??\c:\rlllrrr.exec:\rlllrrr.exe71⤵
-
\??\c:\bbhtnt.exec:\bbhtnt.exe72⤵
-
\??\c:\hhhhbh.exec:\hhhhbh.exe73⤵
-
\??\c:\ppddj.exec:\ppddj.exe74⤵
-
\??\c:\5djdj.exec:\5djdj.exe75⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe76⤵
-
\??\c:\xrfflll.exec:\xrfflll.exe77⤵
-
\??\c:\fflfxxr.exec:\fflfxxr.exe78⤵
-
\??\c:\nnttnh.exec:\nnttnh.exe79⤵
-
\??\c:\vvddv.exec:\vvddv.exe80⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe81⤵
-
\??\c:\hbbnnn.exec:\hbbnnn.exe82⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe83⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe84⤵
-
\??\c:\1jjvv.exec:\1jjvv.exe85⤵
-
\??\c:\fffrfrr.exec:\fffrfrr.exe86⤵
-
\??\c:\9thhtb.exec:\9thhtb.exe87⤵
-
\??\c:\nbhhbt.exec:\nbhhbt.exe88⤵
-
\??\c:\pdddv.exec:\pdddv.exe89⤵
-
\??\c:\pjppj.exec:\pjppj.exe90⤵
-
\??\c:\9frrffx.exec:\9frrffx.exe91⤵
-
\??\c:\5tbtnn.exec:\5tbtnn.exe92⤵
-
\??\c:\thhnht.exec:\thhnht.exe93⤵
-
\??\c:\jjppp.exec:\jjppp.exe94⤵
-
\??\c:\ffxrrrl.exec:\ffxrrrl.exe95⤵
-
\??\c:\rlrllfx.exec:\rlrllfx.exe96⤵
-
\??\c:\nnhbbb.exec:\nnhbbb.exe97⤵
-
\??\c:\hbnhtt.exec:\hbnhtt.exe98⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe99⤵
-
\??\c:\lfrlrxf.exec:\lfrlrxf.exe100⤵
-
\??\c:\9tnhbb.exec:\9tnhbb.exe101⤵
-
\??\c:\nthbbb.exec:\nthbbb.exe102⤵
-
\??\c:\vjppd.exec:\vjppd.exe103⤵
-
\??\c:\jpppd.exec:\jpppd.exe104⤵
-
\??\c:\lxrlffx.exec:\lxrlffx.exe105⤵
-
\??\c:\lrrfxfx.exec:\lrrfxfx.exe106⤵
-
\??\c:\bnnntb.exec:\bnnntb.exe107⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe108⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe109⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe110⤵
-
\??\c:\rrrffxr.exec:\rrrffxr.exe111⤵
-
\??\c:\5xrrllf.exec:\5xrrllf.exe112⤵
-
\??\c:\bbtttt.exec:\bbtttt.exe113⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe114⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe115⤵
-
\??\c:\3xxrflf.exec:\3xxrflf.exe116⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe117⤵
-
\??\c:\nbbnnn.exec:\nbbnnn.exe118⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe119⤵
-
\??\c:\dpjvd.exec:\dpjvd.exe120⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-