Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02/09/2024, 06:17
General
-
Target
6ea8b37bcc1773f9f6a997e74e8f59c0N.exe
-
Size
49KB
-
MD5
6ea8b37bcc1773f9f6a997e74e8f59c0
-
SHA1
3e55fd32f6d35ae46d39d89f3d3d744ac6cc7af1
-
SHA256
6883d281ef6305f9355e5abfd25100c446b7048656066eb14608db4f5cdf9efa
-
SHA512
1f6334da18553eeb4b2afce045cb42d92d67cbbf7b476aed3b3f36617edb7adc4459fa05fec981c45d438dbce3c80edf0d91d5e2fad7999b9b17425732ec3951
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5IKvq:0cdpeeBSHHMHLf9RyIh
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 63 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6ea8b37bcc1773f9f6a997e74e8f59c0N.exe"C:\Users\Admin\AppData\Local\Temp\6ea8b37bcc1773f9f6a997e74e8f59c0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpdp.exec:\pvpdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflflfr.exec:\rflflfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntnnt.exec:\nntnnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpd.exec:\pvdpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxlfrl.exec:\3fxlfrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlfrlf.exec:\lrlfrlf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbhth.exec:\thbhth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjddj.exec:\vjddj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvd.exec:\dvjvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlrllr.exec:\lrlrllr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxrfx.exec:\rxfxrfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhbn.exec:\nnnhbn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjp.exec:\jdvjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvd.exec:\dpvvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlxfx.exec:\xrrlxfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbnnn.exec:\bnbnnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnbnh.exec:\3nnbnh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rlrlxl.exec:\5rlrlxl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrfrr.exec:\lfxrfrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhtbt.exec:\tnhtbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpdj.exec:\djpdj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvd.exec:\vjjvd.exe23⤵
- Executes dropped EXE
-
\??\c:\rxrrfxr.exec:\rxrrfxr.exe24⤵
- Executes dropped EXE
-
\??\c:\bhbthb.exec:\bhbthb.exe25⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe26⤵
- Executes dropped EXE
-
\??\c:\rxrflfr.exec:\rxrflfr.exe27⤵
- Executes dropped EXE
-
\??\c:\rlxlxlx.exec:\rlxlxlx.exe28⤵
- Executes dropped EXE
-
\??\c:\9xxllff.exec:\9xxllff.exe29⤵
- Executes dropped EXE
-
\??\c:\3nhbnb.exec:\3nhbnb.exe30⤵
- Executes dropped EXE
-
\??\c:\vdvjp.exec:\vdvjp.exe31⤵
- Executes dropped EXE
-
\??\c:\lxlxlrf.exec:\lxlxlrf.exe32⤵
- Executes dropped EXE
-
\??\c:\rfxrllx.exec:\rfxrllx.exe33⤵
- Executes dropped EXE
-
\??\c:\thhnbt.exec:\thhnbt.exe34⤵
- Executes dropped EXE
-
\??\c:\nhthnh.exec:\nhthnh.exe35⤵
- Executes dropped EXE
-
\??\c:\ppdpv.exec:\ppdpv.exe36⤵
- Executes dropped EXE
-
\??\c:\lrllfff.exec:\lrllfff.exe37⤵
- Executes dropped EXE
-
\??\c:\llfxrxl.exec:\llfxrxl.exe38⤵
- Executes dropped EXE
-
\??\c:\1pppv.exec:\1pppv.exe39⤵
- Executes dropped EXE
-
\??\c:\3ppdj.exec:\3ppdj.exe40⤵
- Executes dropped EXE
-
\??\c:\lrxlxrf.exec:\lrxlxrf.exe41⤵
- Executes dropped EXE
-
\??\c:\5rlfrfr.exec:\5rlfrfr.exe42⤵
- Executes dropped EXE
-
\??\c:\htnhtn.exec:\htnhtn.exe43⤵
- Executes dropped EXE
-
\??\c:\tnnbhb.exec:\tnnbhb.exe44⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe45⤵
- Executes dropped EXE
-
\??\c:\rxxlxrl.exec:\rxxlxrl.exe46⤵
- Executes dropped EXE
-
\??\c:\thhbtn.exec:\thhbtn.exe47⤵
- Executes dropped EXE
-
\??\c:\7thnbn.exec:\7thnbn.exe48⤵
- Executes dropped EXE
-
\??\c:\jpvjd.exec:\jpvjd.exe49⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe50⤵
- Executes dropped EXE
-
\??\c:\rrxllfx.exec:\rrxllfx.exe51⤵
- Executes dropped EXE
-
\??\c:\1xrrlxr.exec:\1xrrlxr.exe52⤵
- Executes dropped EXE
-
\??\c:\rlxrfxr.exec:\rlxrfxr.exe53⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe54⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe55⤵
- Executes dropped EXE
-
\??\c:\7vjvj.exec:\7vjvj.exe56⤵
- Executes dropped EXE
-
\??\c:\1lfxlfx.exec:\1lfxlfx.exe57⤵
- Executes dropped EXE
-
\??\c:\llrfxrr.exec:\llrfxrr.exe58⤵
- Executes dropped EXE
-
\??\c:\5nbtnh.exec:\5nbtnh.exe59⤵
- Executes dropped EXE
-
\??\c:\ppvjd.exec:\ppvjd.exe60⤵
- Executes dropped EXE
-
\??\c:\vvdvj.exec:\vvdvj.exe61⤵
- Executes dropped EXE
-
\??\c:\lrlfrlf.exec:\lrlfrlf.exe62⤵
- Executes dropped EXE
-
\??\c:\5fflfrr.exec:\5fflfrr.exe63⤵
- Executes dropped EXE
-
\??\c:\nbtntn.exec:\nbtntn.exe64⤵
- Executes dropped EXE
-
\??\c:\1tbtht.exec:\1tbtht.exe65⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe66⤵
-
\??\c:\5rrflfx.exec:\5rrflfx.exe67⤵
-
\??\c:\lrxxrrl.exec:\lrxxrrl.exe68⤵
-
\??\c:\htbnbb.exec:\htbnbb.exe69⤵
-
\??\c:\hnnbtn.exec:\hnnbtn.exe70⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe71⤵
-
\??\c:\xrlrflf.exec:\xrlrflf.exe72⤵
-
\??\c:\xffxlfr.exec:\xffxlfr.exe73⤵
-
\??\c:\3nnhnn.exec:\3nnhnn.exe74⤵
-
\??\c:\9bbtnb.exec:\9bbtnb.exe75⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe76⤵
-
\??\c:\rlrlrlx.exec:\rlrlrlx.exe77⤵
-
\??\c:\xlrrrlf.exec:\xlrrrlf.exe78⤵
-
\??\c:\bnntnt.exec:\bnntnt.exe79⤵
-
\??\c:\3tnnhh.exec:\3tnnhh.exe80⤵
-
\??\c:\jddvj.exec:\jddvj.exe81⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe82⤵
-
\??\c:\xrxlxlf.exec:\xrxlxlf.exe83⤵
-
\??\c:\3xxxxrr.exec:\3xxxxrr.exe84⤵
-
\??\c:\ntnbhh.exec:\ntnbhh.exe85⤵
-
\??\c:\ttbtbh.exec:\ttbtbh.exe86⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe87⤵
-
\??\c:\5vjvv.exec:\5vjvv.exe88⤵
-
\??\c:\lffrrfl.exec:\lffrrfl.exe89⤵
-
\??\c:\frrlfxr.exec:\frrlfxr.exe90⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe91⤵
-
\??\c:\nnhthn.exec:\nnhthn.exe92⤵
-
\??\c:\7vpjv.exec:\7vpjv.exe93⤵
-
\??\c:\jpppd.exec:\jpppd.exe94⤵
-
\??\c:\rfxlxrl.exec:\rfxlxrl.exe95⤵
-
\??\c:\9rrfrlf.exec:\9rrfrlf.exe96⤵
-
\??\c:\3ttnbt.exec:\3ttnbt.exe97⤵
-
\??\c:\ntnbnh.exec:\ntnbnh.exe98⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dddvj.exec:\dddvj.exe99⤵
-
\??\c:\vppdp.exec:\vppdp.exe100⤵
-
\??\c:\lxlfffl.exec:\lxlfffl.exe101⤵
-
\??\c:\rffxrlx.exec:\rffxrlx.exe102⤵
-
\??\c:\7hbnhb.exec:\7hbnhb.exe103⤵
-
\??\c:\vppjp.exec:\vppjp.exe104⤵
-
\??\c:\pvjvd.exec:\pvjvd.exe105⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe106⤵
-
\??\c:\lrxlfxr.exec:\lrxlfxr.exe107⤵
-
\??\c:\rrrfrlx.exec:\rrrfrlx.exe108⤵
-
\??\c:\bbhbnh.exec:\bbhbnh.exe109⤵
-
\??\c:\3bhbbt.exec:\3bhbbt.exe110⤵
-
\??\c:\1pjdv.exec:\1pjdv.exe111⤵
-
\??\c:\5pvjd.exec:\5pvjd.exe112⤵
-
\??\c:\jpjpd.exec:\jpjpd.exe113⤵
-
\??\c:\rxfxflf.exec:\rxfxflf.exe114⤵
-
\??\c:\lffxlfx.exec:\lffxlfx.exe115⤵
-
\??\c:\fffrfxr.exec:\fffrfxr.exe116⤵
-
\??\c:\hbthbn.exec:\hbthbn.exe117⤵
-
\??\c:\djdvj.exec:\djdvj.exe118⤵
-
\??\c:\ppvjv.exec:\ppvjv.exe119⤵
-
\??\c:\lrlfrlf.exec:\lrlfrlf.exe120⤵
-
\??\c:\rlfxffr.exec:\rlfxffr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-