Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
03/09/2024, 21:38
General
-
Target
4cc15348dc0fb2327b69f4b22434e5027ccf5c6f06b76b83515542a30d013203.exe
-
Size
593KB
-
MD5
d3bb638ec9454f8a0089189e3157cc17
-
SHA1
640ae0f4c3da443a71b4f97d4cd8ba107fea8588
-
SHA256
4cc15348dc0fb2327b69f4b22434e5027ccf5c6f06b76b83515542a30d013203
-
SHA512
1d300a3298e9430276fbaa38426c6e93da7b642e78f546690b5cb61233c8833e1702961d36846ecfb668038d6afba71f58ab1370f454d112099fe1fe58394643
-
SSDEEP
6144:n3C9BRIj+ebjcSbcY+CaQdaFOY4iGFYtRdzzoyYxJAyfgayLAw:n3C9Lebz+xt4vFeFmgayX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4cc15348dc0fb2327b69f4b22434e5027ccf5c6f06b76b83515542a30d013203.exe"C:\Users\Admin\AppData\Local\Temp\4cc15348dc0fb2327b69f4b22434e5027ccf5c6f06b76b83515542a30d013203.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhbb.exec:\nbhhbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntntt.exec:\hntntt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrrllf.exec:\1rrrllf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbtnb.exec:\thbtnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrllx.exec:\rrxrllx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjp.exec:\jvpjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddd.exec:\jpddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvjd.exec:\vjvjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lllfff.exec:\7lllfff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthbt.exec:\btthbt.exe11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxffll.exec:\rlxffll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvj.exec:\ddpvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvv.exec:\jdpvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlllrx.exec:\rxlllrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdp.exec:\vvjdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvdv.exec:\vjvdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffflr.exec:\rrffflr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppd.exec:\jjppd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrxxxr.exec:\flrxxxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppvv.exec:\dppvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvj.exec:\dpvvj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjpp.exec:\pvjpp.exe23⤵
- Executes dropped EXE
-
\??\c:\fxlrrlr.exec:\fxlrrlr.exe24⤵
- Executes dropped EXE
-
\??\c:\htbhnb.exec:\htbhnb.exe25⤵
- Executes dropped EXE
-
\??\c:\xlxxxff.exec:\xlxxxff.exe26⤵
- Executes dropped EXE
-
\??\c:\hnhnbh.exec:\hnhnbh.exe27⤵
- Executes dropped EXE
-
\??\c:\bnnhhh.exec:\bnnhhh.exe28⤵
- Executes dropped EXE
-
\??\c:\5xrllrr.exec:\5xrllrr.exe29⤵
- Executes dropped EXE
-
\??\c:\bbhbhn.exec:\bbhbhn.exe30⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jvpdj.exec:\jvpdj.exe31⤵
- Executes dropped EXE
-
\??\c:\vvvjp.exec:\vvvjp.exe32⤵
- Executes dropped EXE
-
\??\c:\9vdvp.exec:\9vdvp.exe33⤵
- Executes dropped EXE
-
\??\c:\frffrrl.exec:\frffrrl.exe34⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe35⤵
- Executes dropped EXE
-
\??\c:\flrrrrr.exec:\flrrrrr.exe36⤵
- Executes dropped EXE
-
\??\c:\hnhbbh.exec:\hnhbbh.exe37⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe38⤵
- Executes dropped EXE
-
\??\c:\ffrllrl.exec:\ffrllrl.exe39⤵
- Executes dropped EXE
-
\??\c:\3htnbh.exec:\3htnbh.exe40⤵
- Executes dropped EXE
-
\??\c:\djjdd.exec:\djjdd.exe41⤵
- Executes dropped EXE
-
\??\c:\flrlfrl.exec:\flrlfrl.exe42⤵
- Executes dropped EXE
-
\??\c:\hnhnth.exec:\hnhnth.exe43⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe44⤵
- Executes dropped EXE
-
\??\c:\xlrxrrx.exec:\xlrxrrx.exe45⤵
- Executes dropped EXE
-
\??\c:\hhtnbb.exec:\hhtnbb.exe46⤵
- Executes dropped EXE
-
\??\c:\ppjjj.exec:\ppjjj.exe47⤵
- Executes dropped EXE
-
\??\c:\thntbn.exec:\thntbn.exe48⤵
- Executes dropped EXE
-
\??\c:\pppvj.exec:\pppvj.exe49⤵
- Executes dropped EXE
-
\??\c:\rrlllll.exec:\rrlllll.exe50⤵
- Executes dropped EXE
-
\??\c:\bbnntb.exec:\bbnntb.exe51⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe52⤵
- Executes dropped EXE
-
\??\c:\xllfrrr.exec:\xllfrrr.exe53⤵
- Executes dropped EXE
-
\??\c:\ttnthn.exec:\ttnthn.exe54⤵
- Executes dropped EXE
-
\??\c:\jvjjd.exec:\jvjjd.exe55⤵
- Executes dropped EXE
-
\??\c:\tnnbbn.exec:\tnnbbn.exe56⤵
- Executes dropped EXE
-
\??\c:\pvvvv.exec:\pvvvv.exe57⤵
- Executes dropped EXE
-
\??\c:\llllfff.exec:\llllfff.exe58⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe59⤵
- Executes dropped EXE
-
\??\c:\fflffrf.exec:\fflffrf.exe60⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jpvvp.exec:\jpvvp.exe61⤵
- Executes dropped EXE
-
\??\c:\vjddd.exec:\vjddd.exe62⤵
- Executes dropped EXE
-
\??\c:\9xllfrf.exec:\9xllfrf.exe63⤵
- Executes dropped EXE
-
\??\c:\xxlrxfl.exec:\xxlrxfl.exe64⤵
- Executes dropped EXE
-
\??\c:\jvvdp.exec:\jvvdp.exe65⤵
- Executes dropped EXE
-
\??\c:\5xllllx.exec:\5xllllx.exe66⤵
-
\??\c:\bbtnnn.exec:\bbtnnn.exe67⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe68⤵
-
\??\c:\fxlxxxl.exec:\fxlxxxl.exe69⤵
-
\??\c:\nnnbtb.exec:\nnnbtb.exe70⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe71⤵
-
\??\c:\llxxrxr.exec:\llxxrxr.exe72⤵
-
\??\c:\bthbhh.exec:\bthbhh.exe73⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe74⤵
-
\??\c:\xrfrxfl.exec:\xrfrxfl.exe75⤵
-
\??\c:\bhnnth.exec:\bhnnth.exe76⤵
-
\??\c:\pddvp.exec:\pddvp.exe77⤵
-
\??\c:\3rfrrxf.exec:\3rfrrxf.exe78⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe79⤵
-
\??\c:\pddjj.exec:\pddjj.exe80⤵
-
\??\c:\7ffxrrr.exec:\7ffxrrr.exe81⤵
-
\??\c:\bntnnh.exec:\bntnnh.exe82⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe83⤵
-
\??\c:\lfrfrfr.exec:\lfrfrfr.exe84⤵
-
\??\c:\bbnhnh.exec:\bbnhnh.exe85⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe86⤵
-
\??\c:\llrrxll.exec:\llrrxll.exe87⤵
-
\??\c:\bhnntn.exec:\bhnntn.exe88⤵
-
\??\c:\jjppv.exec:\jjppv.exe89⤵
-
\??\c:\llrllrr.exec:\llrllrr.exe90⤵
-
\??\c:\9bhhht.exec:\9bhhht.exe91⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe92⤵
-
\??\c:\jdddj.exec:\jdddj.exe93⤵
-
\??\c:\flrlrlx.exec:\flrlrlx.exe94⤵
-
\??\c:\dddjj.exec:\dddjj.exe95⤵
-
\??\c:\rlxrlff.exec:\rlxrlff.exe96⤵
-
\??\c:\3xfffff.exec:\3xfffff.exe97⤵
-
\??\c:\tbtntt.exec:\tbtntt.exe98⤵
-
\??\c:\5xlfrrf.exec:\5xlfrrf.exe99⤵
-
\??\c:\xxxrxxf.exec:\xxxrxxf.exe100⤵
-
\??\c:\htbbtn.exec:\htbbtn.exe101⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe102⤵
-
\??\c:\llxrflx.exec:\llxrflx.exe103⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe104⤵
-
\??\c:\ffrlflf.exec:\ffrlflf.exe105⤵
-
\??\c:\tnbhhn.exec:\tnbhhn.exe106⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe107⤵
-
\??\c:\lxffxxx.exec:\lxffxxx.exe108⤵
-
\??\c:\ttbtnt.exec:\ttbtnt.exe109⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe110⤵
-
\??\c:\lfxfrrx.exec:\lfxfrrx.exe111⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe112⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe113⤵
-
\??\c:\9lrxxxx.exec:\9lrxxxx.exe114⤵
-
\??\c:\bnnttt.exec:\bnnttt.exe115⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe116⤵
-
\??\c:\7ffxfff.exec:\7ffxfff.exe117⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe118⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe119⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3xfrllf.exec:\3xfrllf.exe120⤵
-
\??\c:\bbhnhh.exec:\bbhnhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-