Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
29/08/2024, 02:44
General
-
Target
089d461b37fd8382b3214b7c6bc011b0N.exe
-
Size
64KB
-
MD5
089d461b37fd8382b3214b7c6bc011b0
-
SHA1
1809bc045b06c5149530576ffd8843d20a87b17d
-
SHA256
b040e91da0a0d0001c459cf5d112ccb4d0aa1d43764de2bcedca92cc69e6a7e8
-
SHA512
31c8cde993ab775efc03d007e2b71dcea1abbfd249741c99e6dc39912c54ac9d49923c9ef49b76d8f2d346c87d776b6005fc33aa0a25d132e96af2c79fbd0034
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxe:ymb3NkkiQ3mdBjF0y7kbI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\089d461b37fd8382b3214b7c6bc011b0N.exe"C:\Users\Admin\AppData\Local\Temp\089d461b37fd8382b3214b7c6bc011b0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxxx.exec:\rfffxxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtbtn.exec:\bhtbtn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djdd.exec:\1djdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvj.exec:\vdjvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbttt.exec:\hbbttt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdv.exec:\jdpdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxlrl.exec:\fxlxlrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbtt.exec:\tnhbtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnbt.exec:\tttnbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjj.exec:\djjjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xffxxx.exec:\1xffxxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbhh.exec:\bnbbhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhhb.exec:\hbhhhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvjd.exec:\ppvjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxrfx.exec:\lxfxrfx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxrlf.exec:\xffxrlf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhbb.exec:\tnhhbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ddvj.exec:\3ddvj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxxxf.exec:\rrxxxxf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hhhbb.exec:\7hhhbb.exe23⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe24⤵
- Executes dropped EXE
-
\??\c:\lflllfl.exec:\lflllfl.exe25⤵
- Executes dropped EXE
-
\??\c:\rlxxrfr.exec:\rlxxrfr.exe26⤵
- Executes dropped EXE
-
\??\c:\9hbnbt.exec:\9hbnbt.exe27⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe28⤵
- Executes dropped EXE
-
\??\c:\fxffffl.exec:\fxffffl.exe29⤵
- Executes dropped EXE
-
\??\c:\ffffxrl.exec:\ffffxrl.exe30⤵
- Executes dropped EXE
-
\??\c:\ppvvd.exec:\ppvvd.exe31⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe32⤵
- Executes dropped EXE
-
\??\c:\lrlrxxf.exec:\lrlrxxf.exe33⤵
- Executes dropped EXE
-
\??\c:\rxxlxlr.exec:\rxxlxlr.exe34⤵
- Executes dropped EXE
-
\??\c:\btbbhn.exec:\btbbhn.exe35⤵
- Executes dropped EXE
-
\??\c:\dvvvj.exec:\dvvvj.exe36⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe37⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe38⤵
- Executes dropped EXE
-
\??\c:\xfxxxlx.exec:\xfxxxlx.exe39⤵
- Executes dropped EXE
-
\??\c:\ttbtnn.exec:\ttbtnn.exe40⤵
- Executes dropped EXE
-
\??\c:\5nbtnh.exec:\5nbtnh.exe41⤵
- Executes dropped EXE
-
\??\c:\nhhnnh.exec:\nhhnnh.exe42⤵
- Executes dropped EXE
-
\??\c:\jvpjd.exec:\jvpjd.exe43⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe44⤵
- Executes dropped EXE
-
\??\c:\lfxrfxx.exec:\lfxrfxx.exe45⤵
- Executes dropped EXE
-
\??\c:\rxffrrl.exec:\rxffrrl.exe46⤵
- Executes dropped EXE
-
\??\c:\1nbhtn.exec:\1nbhtn.exe47⤵
- Executes dropped EXE
-
\??\c:\tntbnb.exec:\tntbnb.exe48⤵
- Executes dropped EXE
-
\??\c:\vdpvp.exec:\vdpvp.exe49⤵
- Executes dropped EXE
-
\??\c:\lrxfxxx.exec:\lrxfxxx.exe50⤵
- Executes dropped EXE
-
\??\c:\fflffxx.exec:\fflffxx.exe51⤵
- Executes dropped EXE
-
\??\c:\hbbttt.exec:\hbbttt.exe52⤵
- Executes dropped EXE
-
\??\c:\hhhbtt.exec:\hhhbtt.exe53⤵
- Executes dropped EXE
-
\??\c:\5jjvp.exec:\5jjvp.exe54⤵
- Executes dropped EXE
-
\??\c:\1jjjv.exec:\1jjjv.exe55⤵
- Executes dropped EXE
-
\??\c:\1ddpd.exec:\1ddpd.exe56⤵
- Executes dropped EXE
-
\??\c:\lxxrrrr.exec:\lxxrrrr.exe57⤵
- Executes dropped EXE
-
\??\c:\lxxxrxr.exec:\lxxxrxr.exe58⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe60⤵
- Executes dropped EXE
-
\??\c:\9pjdj.exec:\9pjdj.exe61⤵
- Executes dropped EXE
-
\??\c:\djjjd.exec:\djjjd.exe62⤵
- Executes dropped EXE
-
\??\c:\7fflxxx.exec:\7fflxxx.exe63⤵
- Executes dropped EXE
-
\??\c:\lxrlrlf.exec:\lxrlrlf.exe64⤵
- Executes dropped EXE
-
\??\c:\hhbthb.exec:\hhbthb.exe65⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe66⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe67⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe68⤵
-
\??\c:\rxxrlfx.exec:\rxxrlfx.exe69⤵
-
\??\c:\hnhhhb.exec:\hnhhhb.exe70⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe71⤵
-
\??\c:\dddpj.exec:\dddpj.exe72⤵
-
\??\c:\9llxxrx.exec:\9llxxrx.exe73⤵
-
\??\c:\frflllf.exec:\frflllf.exe74⤵
-
\??\c:\bnnntt.exec:\bnnntt.exe75⤵
-
\??\c:\nbnbnh.exec:\nbnbnh.exe76⤵
-
\??\c:\djppj.exec:\djppj.exe77⤵
-
\??\c:\dpddd.exec:\dpddd.exe78⤵
-
\??\c:\fxlfllr.exec:\fxlfllr.exe79⤵
-
\??\c:\xfrlfxx.exec:\xfrlfxx.exe80⤵
-
\??\c:\ffxrrfx.exec:\ffxrrfx.exe81⤵
-
\??\c:\hhhnhn.exec:\hhhnhn.exe82⤵
-
\??\c:\nthtnh.exec:\nthtnh.exe83⤵
-
\??\c:\vjdpp.exec:\vjdpp.exe84⤵
-
\??\c:\fxrlffx.exec:\fxrlffx.exe85⤵
-
\??\c:\fllfxxf.exec:\fllfxxf.exe86⤵
-
\??\c:\xrrrllf.exec:\xrrrllf.exe87⤵
-
\??\c:\tnbttt.exec:\tnbttt.exe88⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe89⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe90⤵
-
\??\c:\xxffrrl.exec:\xxffrrl.exe91⤵
-
\??\c:\nhnnhb.exec:\nhnnhb.exe92⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe93⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe94⤵
-
\??\c:\fxxrlll.exec:\fxxrlll.exe95⤵
-
\??\c:\rfffxxr.exec:\rfffxxr.exe96⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe97⤵
-
\??\c:\thntnn.exec:\thntnn.exe98⤵
-
\??\c:\dppjj.exec:\dppjj.exe99⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe100⤵
-
\??\c:\rxflrrx.exec:\rxflrrx.exe101⤵
-
\??\c:\rxxrlll.exec:\rxxrlll.exe102⤵
-
\??\c:\5tnnbb.exec:\5tnnbb.exe103⤵
-
\??\c:\bbbbnb.exec:\bbbbnb.exe104⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe105⤵
-
\??\c:\9jpjd.exec:\9jpjd.exe106⤵
-
\??\c:\fxfxllf.exec:\fxfxllf.exe107⤵
-
\??\c:\btnhhn.exec:\btnhhn.exe108⤵
-
\??\c:\3btthh.exec:\3btthh.exe109⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe110⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe111⤵
-
\??\c:\rxfxxxx.exec:\rxfxxxx.exe112⤵
-
\??\c:\flrrllf.exec:\flrrllf.exe113⤵
-
\??\c:\nthhhh.exec:\nthhhh.exe114⤵
-
\??\c:\hnnnnn.exec:\hnnnnn.exe115⤵
-
\??\c:\3dpdj.exec:\3dpdj.exe116⤵
-
\??\c:\dvddv.exec:\dvddv.exe117⤵
-
\??\c:\xlrlflf.exec:\xlrlflf.exe118⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe119⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe120⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-