Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02/09/2024, 01:04
General
-
Target
5f21ac1f06ad83af166db002e2c7a8cd0bd3473f996599ee20c081f8a781a1ed.exe
-
Size
230KB
-
MD5
d36ab0bd58ada2d5fb9f6560c8d8bf30
-
SHA1
4a5bba862c57082a57dbc212d5ea77bc8052e2c3
-
SHA256
5f21ac1f06ad83af166db002e2c7a8cd0bd3473f996599ee20c081f8a781a1ed
-
SHA512
7bfa5722700e4d1b02c93d19efdf9b5e7aaa8ca26c89e177fa2bf6dcfe66c5446e584087bd83ae7b5349c7af8d047b702a34dd4a8a5c7fff734529825cbb6d9b
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLn/c1f7:n3C9BRo7MlrWKo+lxKk1f7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5f21ac1f06ad83af166db002e2c7a8cd0bd3473f996599ee20c081f8a781a1ed.exe"C:\Users\Admin\AppData\Local\Temp\5f21ac1f06ad83af166db002e2c7a8cd0bd3473f996599ee20c081f8a781a1ed.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrfxxl.exec:\rrrfxxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhhh.exec:\bthhhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjp.exec:\jdpjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpj.exec:\dpvpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfxrl.exec:\fxxfxrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhtt.exec:\tthhtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthtbt.exec:\tthtbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvv.exec:\jdjvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvp.exec:\jpdvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlxrlf.exec:\lrlxrlf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnhbb.exec:\7hnhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttbb.exec:\btttbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdd.exec:\vpjdd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjd.exec:\vvpjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxffxxr.exec:\rxffxxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnht.exec:\hnnnht.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhhh.exec:\nbnhhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdd.exec:\vpjdd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpp.exec:\vpvpp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ffxxxr.exec:\7ffxxxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxlxx.exec:\xxxxlxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnttt.exec:\ttnttt.exe23⤵
- Executes dropped EXE
-
\??\c:\1ttbbb.exec:\1ttbbb.exe24⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe25⤵
- Executes dropped EXE
-
\??\c:\xrrlffx.exec:\xrrlffx.exe26⤵
- Executes dropped EXE
-
\??\c:\9ffxrxr.exec:\9ffxrxr.exe27⤵
- Executes dropped EXE
-
\??\c:\bbttnn.exec:\bbttnn.exe28⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe30⤵
- Executes dropped EXE
-
\??\c:\xrxlflf.exec:\xrxlflf.exe31⤵
- Executes dropped EXE
-
\??\c:\ffrrrrr.exec:\ffrrrrr.exe32⤵
- Executes dropped EXE
-
\??\c:\thhhbh.exec:\thhhbh.exe33⤵
- Executes dropped EXE
-
\??\c:\bnthbb.exec:\bnthbb.exe34⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe35⤵
- Executes dropped EXE
-
\??\c:\frlfrrl.exec:\frlfrrl.exe36⤵
- Executes dropped EXE
-
\??\c:\rflfxrl.exec:\rflfxrl.exe37⤵
- Executes dropped EXE
-
\??\c:\ntbnnh.exec:\ntbnnh.exe38⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe39⤵
- Executes dropped EXE
-
\??\c:\rxxxrxr.exec:\rxxxrxr.exe40⤵
- Executes dropped EXE
-
\??\c:\rllffxx.exec:\rllffxx.exe41⤵
- Executes dropped EXE
-
\??\c:\hbhhht.exec:\hbhhht.exe42⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe43⤵
- Executes dropped EXE
-
\??\c:\ffrrrrr.exec:\ffrrrrr.exe44⤵
- Executes dropped EXE
-
\??\c:\nntnnn.exec:\nntnnn.exe45⤵
- Executes dropped EXE
-
\??\c:\ppdvp.exec:\ppdvp.exe46⤵
- Executes dropped EXE
-
\??\c:\7ddpj.exec:\7ddpj.exe47⤵
- Executes dropped EXE
-
\??\c:\1lfflxf.exec:\1lfflxf.exe48⤵
- Executes dropped EXE
-
\??\c:\tntthn.exec:\tntthn.exe49⤵
- Executes dropped EXE
-
\??\c:\nnnnnn.exec:\nnnnnn.exe50⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe51⤵
- Executes dropped EXE
-
\??\c:\xfrlffx.exec:\xfrlffx.exe52⤵
- Executes dropped EXE
-
\??\c:\lrrrlll.exec:\lrrrlll.exe53⤵
- Executes dropped EXE
-
\??\c:\9hhbbb.exec:\9hhbbb.exe54⤵
- Executes dropped EXE
-
\??\c:\tntnht.exec:\tntnht.exe55⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe56⤵
- Executes dropped EXE
-
\??\c:\rrfffrf.exec:\rrfffrf.exe57⤵
- Executes dropped EXE
-
\??\c:\nnhhbb.exec:\nnhhbb.exe58⤵
- Executes dropped EXE
-
\??\c:\btbtnb.exec:\btbtnb.exe59⤵
- Executes dropped EXE
-
\??\c:\7jppj.exec:\7jppj.exe60⤵
- Executes dropped EXE
-
\??\c:\lrfxxrr.exec:\lrfxxrr.exe61⤵
- Executes dropped EXE
-
\??\c:\9bbbbh.exec:\9bbbbh.exe62⤵
- Executes dropped EXE
-
\??\c:\nhnhnn.exec:\nhnhnn.exe63⤵
- Executes dropped EXE
-
\??\c:\pjpjp.exec:\pjpjp.exe64⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe65⤵
- Executes dropped EXE
-
\??\c:\5fffxxx.exec:\5fffxxx.exe66⤵
-
\??\c:\hbbbtb.exec:\hbbbtb.exe67⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe68⤵
-
\??\c:\lfrllfx.exec:\lfrllfx.exe69⤵
-
\??\c:\flxrrrf.exec:\flxrrrf.exe70⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe71⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe72⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe73⤵
-
\??\c:\rrlfxrr.exec:\rrlfxrr.exe74⤵
-
\??\c:\nnbhnn.exec:\nnbhnn.exe75⤵
-
\??\c:\tnbntn.exec:\tnbntn.exe76⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe77⤵
-
\??\c:\lfrlxxl.exec:\lfrlxxl.exe78⤵
-
\??\c:\tntnbt.exec:\tntnbt.exe79⤵
-
\??\c:\nnnhnn.exec:\nnnhnn.exe80⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe81⤵
-
\??\c:\lfxfxlf.exec:\lfxfxlf.exe82⤵
-
\??\c:\xlrrllf.exec:\xlrrllf.exe83⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe84⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nbnhbb.exec:\nbnhbb.exe85⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe86⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe87⤵
-
\??\c:\llflrxx.exec:\llflrxx.exe88⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe89⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe90⤵
-
\??\c:\9ppjd.exec:\9ppjd.exe91⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe92⤵
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe93⤵
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe94⤵
-
\??\c:\3bbtbb.exec:\3bbtbb.exe95⤵
-
\??\c:\pjppd.exec:\pjppd.exe96⤵
-
\??\c:\dvddv.exec:\dvddv.exe97⤵
-
\??\c:\1flfllf.exec:\1flfllf.exe98⤵
-
\??\c:\7rllffx.exec:\7rllffx.exe99⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe100⤵
-
\??\c:\hbtnbt.exec:\hbtnbt.exe101⤵
-
\??\c:\dpppd.exec:\dpppd.exe102⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe103⤵
-
\??\c:\llfxrrl.exec:\llfxrrl.exe104⤵
-
\??\c:\hbtnnt.exec:\hbtnnt.exe105⤵
-
\??\c:\htbthb.exec:\htbthb.exe106⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe107⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe108⤵
-
\??\c:\3xlllll.exec:\3xlllll.exe109⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe110⤵
-
\??\c:\nhnnnb.exec:\nhnnnb.exe111⤵
-
\??\c:\7jpjv.exec:\7jpjv.exe112⤵
-
\??\c:\5xfxrrr.exec:\5xfxrrr.exe113⤵
-
\??\c:\lxfxrlf.exec:\lxfxrlf.exe114⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe115⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe116⤵
-
\??\c:\jpdjd.exec:\jpdjd.exe117⤵
-
\??\c:\lfrrrrr.exec:\lfrrrrr.exe118⤵
-
\??\c:\hhhhbt.exec:\hhhhbt.exe119⤵
-
\??\c:\ddppj.exec:\ddppj.exe120⤵
-
\??\c:\djddp.exec:\djddp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-