Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
03/09/2024, 03:41
General
-
Target
1c043c14644307d356a7cd5fff744fc0N.exe
-
Size
250KB
-
MD5
1c043c14644307d356a7cd5fff744fc0
-
SHA1
4cdc343158a046212ec6b509aba4935d3593e5d6
-
SHA256
37d229fad943ab342d039685018c9218b69eff13f38346cbd57b2c183ec01ae0
-
SHA512
139b44f932266739bb464383458122de630664a8281d41612a11e71bc4ef9befe21f91fc43e90fe1528900dd80bafb0acae67ad762a9f6f1116f070d934af68b
-
SSDEEP
6144:n3C9BRo/AIX27NHWpU00VIxas1oa3YiFRly8:n3C9uD6AUDCa4NYmRl
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1c043c14644307d356a7cd5fff744fc0N.exe"C:\Users\Admin\AppData\Local\Temp\1c043c14644307d356a7cd5fff744fc0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9xlllll.exec:\9xlllll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrrxr.exec:\rxxrrxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhnt.exec:\nhbhnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjp.exec:\ddjjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjd.exec:\jdjjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhhn.exec:\nnhhhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvv.exec:\vjvvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhnn.exec:\tthhnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrxlr.exec:\llxrxlr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrllrl.exec:\9rrllrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdv.exec:\ddjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthhnn.exec:\nthhnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjj.exec:\pjpjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfxll.exec:\rlxfxll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfllll.exec:\xlfllll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnnnh.exec:\ntnnnh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrffxxl.exec:\lrffxxl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhhn.exec:\hthhhn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvd.exec:\pjdvd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxfrxl.exec:\ffxfrxl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxxxx.exec:\rrfxxxx.exe23⤵
- Executes dropped EXE
-
\??\c:\bthhbb.exec:\bthhbb.exe24⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe25⤵
- Executes dropped EXE
-
\??\c:\pvpjp.exec:\pvpjp.exe26⤵
- Executes dropped EXE
-
\??\c:\nhtnhn.exec:\nhtnhn.exe27⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe28⤵
- Executes dropped EXE
-
\??\c:\frfffff.exec:\frfffff.exe29⤵
- Executes dropped EXE
-
\??\c:\llxlffl.exec:\llxlffl.exe30⤵
- Executes dropped EXE
-
\??\c:\9pppj.exec:\9pppj.exe31⤵
- Executes dropped EXE
-
\??\c:\jjjjp.exec:\jjjjp.exe32⤵
- Executes dropped EXE
-
\??\c:\xrfxxxx.exec:\xrfxxxx.exe33⤵
- Executes dropped EXE
-
\??\c:\pvpvv.exec:\pvpvv.exe34⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe35⤵
- Executes dropped EXE
-
\??\c:\xrffxfl.exec:\xrffxfl.exe36⤵
- Executes dropped EXE
-
\??\c:\hbhbtb.exec:\hbhbtb.exe37⤵
- Executes dropped EXE
-
\??\c:\bnhtnt.exec:\bnhtnt.exe38⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe39⤵
- Executes dropped EXE
-
\??\c:\1dvjj.exec:\1dvjj.exe40⤵
- Executes dropped EXE
-
\??\c:\5fllxfl.exec:\5fllxfl.exe41⤵
- Executes dropped EXE
-
\??\c:\rflxflr.exec:\rflxflr.exe42⤵
- Executes dropped EXE
-
\??\c:\nbttnn.exec:\nbttnn.exe43⤵
- Executes dropped EXE
-
\??\c:\1jvvd.exec:\1jvvd.exe44⤵
- Executes dropped EXE
-
\??\c:\7jppj.exec:\7jppj.exe45⤵
- Executes dropped EXE
-
\??\c:\5rfflrx.exec:\5rfflrx.exe46⤵
- Executes dropped EXE
-
\??\c:\hhttbh.exec:\hhttbh.exe47⤵
- Executes dropped EXE
-
\??\c:\thttth.exec:\thttth.exe48⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe49⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe50⤵
- Executes dropped EXE
-
\??\c:\fllfflr.exec:\fllfflr.exe51⤵
- Executes dropped EXE
-
\??\c:\7bnhnn.exec:\7bnhnn.exe52⤵
- Executes dropped EXE
-
\??\c:\hbhhnn.exec:\hbhhnn.exe53⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe54⤵
- Executes dropped EXE
-
\??\c:\5jjjj.exec:\5jjjj.exe55⤵
- Executes dropped EXE
-
\??\c:\frffxlf.exec:\frffxlf.exe56⤵
- Executes dropped EXE
-
\??\c:\rfllfll.exec:\rfllfll.exe57⤵
- Executes dropped EXE
-
\??\c:\ntbbbb.exec:\ntbbbb.exe58⤵
- Executes dropped EXE
-
\??\c:\3ppjj.exec:\3ppjj.exe59⤵
- Executes dropped EXE
-
\??\c:\pjvvp.exec:\pjvvp.exe60⤵
- Executes dropped EXE
-
\??\c:\rlxxrxx.exec:\rlxxrxx.exe61⤵
- Executes dropped EXE
-
\??\c:\fflfffx.exec:\fflfffx.exe62⤵
- Executes dropped EXE
-
\??\c:\bnbbbh.exec:\bnbbbh.exe63⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe64⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe65⤵
- Executes dropped EXE
-
\??\c:\1xxllll.exec:\1xxllll.exe66⤵
-
\??\c:\bbbtbb.exec:\bbbtbb.exe67⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe68⤵
-
\??\c:\7vddd.exec:\7vddd.exe69⤵
-
\??\c:\llrffff.exec:\llrffff.exe70⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe71⤵
-
\??\c:\vdvdp.exec:\vdvdp.exe72⤵
-
\??\c:\rrxxrxx.exec:\rrxxrxx.exe73⤵
-
\??\c:\bhbbnt.exec:\bhbbnt.exe74⤵
-
\??\c:\5tttnt.exec:\5tttnt.exe75⤵
-
\??\c:\ppddd.exec:\ppddd.exe76⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe77⤵
-
\??\c:\fffxllr.exec:\fffxllr.exe78⤵
-
\??\c:\htbttb.exec:\htbttb.exe79⤵
-
\??\c:\7jvvv.exec:\7jvvv.exe80⤵
-
\??\c:\rfrllrr.exec:\rfrllrr.exe81⤵
-
\??\c:\7bbttb.exec:\7bbttb.exe82⤵
-
\??\c:\7ntnnt.exec:\7ntnnt.exe83⤵
-
\??\c:\pjppp.exec:\pjppp.exe84⤵
-
\??\c:\lrxxlrr.exec:\lrxxlrr.exe85⤵
-
\??\c:\rlfrxfx.exec:\rlfrxfx.exe86⤵
-
\??\c:\htbbnn.exec:\htbbnn.exe87⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe88⤵
-
\??\c:\ddddv.exec:\ddddv.exe89⤵
-
\??\c:\rxffxxr.exec:\rxffxxr.exe90⤵
-
\??\c:\llxflrx.exec:\llxflrx.exe91⤵
-
\??\c:\7ntbbh.exec:\7ntbbh.exe92⤵
-
\??\c:\7jjpp.exec:\7jjpp.exe93⤵
-
\??\c:\dpddd.exec:\dpddd.exe94⤵
-
\??\c:\rfxxflr.exec:\rfxxflr.exe95⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe96⤵
-
\??\c:\5tbtnt.exec:\5tbtnt.exe97⤵
-
\??\c:\ppddp.exec:\ppddp.exe98⤵
-
\??\c:\fffxrxx.exec:\fffxrxx.exe99⤵
-
\??\c:\rrxxxff.exec:\rrxxxff.exe100⤵
-
\??\c:\tbtthn.exec:\tbtthn.exe101⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe102⤵
-
\??\c:\3vvvp.exec:\3vvvp.exe103⤵
-
\??\c:\xrrxxfr.exec:\xrrxxfr.exe104⤵
-
\??\c:\lfrlllf.exec:\lfrlllf.exe105⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe106⤵
-
\??\c:\bthbhn.exec:\bthbhn.exe107⤵
-
\??\c:\5vjvj.exec:\5vjvj.exe108⤵
-
\??\c:\3btthh.exec:\3btthh.exe109⤵
-
\??\c:\7jppp.exec:\7jppp.exe110⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe111⤵
-
\??\c:\5lrrrll.exec:\5lrrrll.exe112⤵
-
\??\c:\hnnbbh.exec:\hnnbbh.exe113⤵
-
\??\c:\tbhhnn.exec:\tbhhnn.exe114⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe115⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe116⤵
-
\??\c:\llrlfff.exec:\llrlfff.exe117⤵
-
\??\c:\rrllxxx.exec:\rrllxxx.exe118⤵
-
\??\c:\3ntnnt.exec:\3ntnnt.exe119⤵
-
\??\c:\7vddv.exec:\7vddv.exe120⤵
-
\??\c:\djvvv.exec:\djvvv.exe121⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-