Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
01/09/2024, 15:22
General
-
Target
cdb0d51c81abc4fddb3bec96dd7e3d081ead54f5f72e47cf4b538098cac8ede9.exe
-
Size
62KB
-
MD5
fe788810050ecfc9a0276eedd413e320
-
SHA1
f2de6793dbe79b21c1c30ecdf7e1caa5a2bb5d6a
-
SHA256
cdb0d51c81abc4fddb3bec96dd7e3d081ead54f5f72e47cf4b538098cac8ede9
-
SHA512
65a2f7204861aa3c4a4ad09d48afa2e8e49f9d834872cac3dd3d7f80c8f6fd3d7e41b8ac91b38ae9e8463190b018e8596ba3e7f309d2117a33520c69ad566f01
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDII9ZvHKES+:ymb3NkkiQ3mdBjFII9ZvHKET
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 38 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cdb0d51c81abc4fddb3bec96dd7e3d081ead54f5f72e47cf4b538098cac8ede9.exe"C:\Users\Admin\AppData\Local\Temp\cdb0d51c81abc4fddb3bec96dd7e3d081ead54f5f72e47cf4b538098cac8ede9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdd.exec:\pjjdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrffr.exec:\rlxrffr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlfxr.exec:\frrlfxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnhh.exec:\nhtnhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddvv.exec:\7ddvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrfxfx.exec:\frrfxfx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbtnh.exec:\tbbtnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdv.exec:\jdpdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxlxl.exec:\rlfxlxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hthbt.exec:\3hthbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvj.exec:\pddvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvjv.exec:\jvvjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlfxr.exec:\rxrlfxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhhb.exec:\nhnhhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvpp.exec:\5jvpp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxlxrl.exec:\lrxlxrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnhb.exec:\nttnhb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbttn.exec:\hbbttn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjd.exec:\vjpjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxrfxf.exec:\3fxrfxf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhntnh.exec:\bhntnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbnn.exec:\tbhbnn.exe23⤵
- Executes dropped EXE
-
\??\c:\pvvpd.exec:\pvvpd.exe24⤵
- Executes dropped EXE
-
\??\c:\lfxrllf.exec:\lfxrllf.exe25⤵
- Executes dropped EXE
-
\??\c:\lfflflf.exec:\lfflflf.exe26⤵
- Executes dropped EXE
-
\??\c:\nntttt.exec:\nntttt.exe27⤵
- Executes dropped EXE
-
\??\c:\3vvpd.exec:\3vvpd.exe28⤵
- Executes dropped EXE
-
\??\c:\jdddp.exec:\jdddp.exe29⤵
- Executes dropped EXE
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe30⤵
- Executes dropped EXE
-
\??\c:\ffxrllf.exec:\ffxrllf.exe31⤵
- Executes dropped EXE
-
\??\c:\nbtnhh.exec:\nbtnhh.exe32⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe33⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe34⤵
- Executes dropped EXE
-
\??\c:\xffffll.exec:\xffffll.exe35⤵
- Executes dropped EXE
-
\??\c:\nnhbtt.exec:\nnhbtt.exe36⤵
- Executes dropped EXE
-
\??\c:\bbhbbb.exec:\bbhbbb.exe37⤵
- Executes dropped EXE
-
\??\c:\nttnht.exec:\nttnht.exe38⤵
- Executes dropped EXE
-
\??\c:\nhbtbt.exec:\nhbtbt.exe39⤵
- Executes dropped EXE
-
\??\c:\hbhhtn.exec:\hbhhtn.exe40⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\pjppd.exec:\pjppd.exe41⤵
- Executes dropped EXE
-
\??\c:\1xrlxrl.exec:\1xrlxrl.exe42⤵
- Executes dropped EXE
-
\??\c:\rrrrlfx.exec:\rrrrlfx.exe43⤵
- Executes dropped EXE
-
\??\c:\bthbhb.exec:\bthbhb.exe44⤵
- Executes dropped EXE
-
\??\c:\htnhtt.exec:\htnhtt.exe45⤵
- Executes dropped EXE
-
\??\c:\jdjvj.exec:\jdjvj.exe46⤵
- Executes dropped EXE
-
\??\c:\pdddp.exec:\pdddp.exe47⤵
- Executes dropped EXE
-
\??\c:\frlfrll.exec:\frlfrll.exe48⤵
- Executes dropped EXE
-
\??\c:\lfflfll.exec:\lfflfll.exe49⤵
- Executes dropped EXE
-
\??\c:\hntnhh.exec:\hntnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\tnhbnh.exec:\tnhbnh.exe51⤵
- Executes dropped EXE
-
\??\c:\dpvpd.exec:\dpvpd.exe52⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe53⤵
- Executes dropped EXE
-
\??\c:\rlrxfxr.exec:\rlrxfxr.exe54⤵
- Executes dropped EXE
-
\??\c:\fxlfrrf.exec:\fxlfrrf.exe55⤵
- Executes dropped EXE
-
\??\c:\bnnhtt.exec:\bnnhtt.exe56⤵
- Executes dropped EXE
-
\??\c:\bttbtn.exec:\bttbtn.exe57⤵
- Executes dropped EXE
-
\??\c:\pjjpv.exec:\pjjpv.exe58⤵
- Executes dropped EXE
-
\??\c:\pvdpd.exec:\pvdpd.exe59⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe60⤵
- Executes dropped EXE
-
\??\c:\rrrfrlf.exec:\rrrfrlf.exe61⤵
- Executes dropped EXE
-
\??\c:\5llllfx.exec:\5llllfx.exe62⤵
- Executes dropped EXE
-
\??\c:\hhbttn.exec:\hhbttn.exe63⤵
- Executes dropped EXE
-
\??\c:\tttbtt.exec:\tttbtt.exe64⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe65⤵
- Executes dropped EXE
-
\??\c:\jjpdj.exec:\jjpdj.exe66⤵
-
\??\c:\lfrlfxr.exec:\lfrlfxr.exe67⤵
-
\??\c:\llxrlxl.exec:\llxrlxl.exe68⤵
-
\??\c:\tnbtnh.exec:\tnbtnh.exe69⤵
-
\??\c:\thbthh.exec:\thbthh.exe70⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe71⤵
-
\??\c:\jvvpv.exec:\jvvpv.exe72⤵
-
\??\c:\lllfllf.exec:\lllfllf.exe73⤵
-
\??\c:\lxxlfff.exec:\lxxlfff.exe74⤵
-
\??\c:\hthhhb.exec:\hthhhb.exe75⤵
-
\??\c:\hbbhtb.exec:\hbbhtb.exe76⤵
-
\??\c:\djjdp.exec:\djjdp.exe77⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe78⤵
-
\??\c:\frlfrll.exec:\frlfrll.exe79⤵
-
\??\c:\lxxrffx.exec:\lxxrffx.exe80⤵
-
\??\c:\httnhh.exec:\httnhh.exe81⤵
-
\??\c:\nbbnbb.exec:\nbbnbb.exe82⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe83⤵
-
\??\c:\pppjv.exec:\pppjv.exe84⤵
-
\??\c:\xxlfxrr.exec:\xxlfxrr.exe85⤵
-
\??\c:\xrlfxrl.exec:\xrlfxrl.exe86⤵
-
\??\c:\3hhhbb.exec:\3hhhbb.exe87⤵
-
\??\c:\hbtnbt.exec:\hbtnbt.exe88⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe89⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe90⤵
-
\??\c:\7ffxxxl.exec:\7ffxxxl.exe91⤵
-
\??\c:\fflxrrf.exec:\fflxrrf.exe92⤵
-
\??\c:\bnnhhb.exec:\bnnhhb.exe93⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe94⤵
-
\??\c:\1ppjd.exec:\1ppjd.exe95⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe96⤵
-
\??\c:\9xxlfxr.exec:\9xxlfxr.exe97⤵
-
\??\c:\xffxllr.exec:\xffxllr.exe98⤵
-
\??\c:\hnnhtt.exec:\hnnhtt.exe99⤵
-
\??\c:\nbnhnn.exec:\nbnhnn.exe100⤵
-
\??\c:\1pjdv.exec:\1pjdv.exe101⤵
-
\??\c:\1vvpp.exec:\1vvpp.exe102⤵
-
\??\c:\lxrlxxr.exec:\lxrlxxr.exe103⤵
-
\??\c:\3fxlrrx.exec:\3fxlrrx.exe104⤵
-
\??\c:\nbbtnb.exec:\nbbtnb.exe105⤵
-
\??\c:\5bttnh.exec:\5bttnh.exe106⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe107⤵
-
\??\c:\djjjd.exec:\djjjd.exe108⤵
-
\??\c:\lxxrfxf.exec:\lxxrfxf.exe109⤵
-
\??\c:\fflfffl.exec:\fflfffl.exe110⤵
-
\??\c:\nbtnhb.exec:\nbtnhb.exe111⤵
-
\??\c:\thhbhb.exec:\thhbhb.exe112⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe113⤵
-
\??\c:\7vpvj.exec:\7vpvj.exe114⤵
-
\??\c:\7jjdd.exec:\7jjdd.exe115⤵
-
\??\c:\rfxrlxl.exec:\rfxrlxl.exe116⤵
-
\??\c:\5htnbb.exec:\5htnbb.exe117⤵
-
\??\c:\1vpdp.exec:\1vpdp.exe118⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe119⤵
-
\??\c:\3rrfrrf.exec:\3rrfrrf.exe120⤵
-
\??\c:\htntnh.exec:\htntnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-