Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
05/09/2024, 10:05
General
-
Target
eaf1f5a94189ec963d5692d428d5c390N.exe
-
Size
64KB
-
MD5
eaf1f5a94189ec963d5692d428d5c390
-
SHA1
ce250897becd6dc02da5e96bd28eebea707108f8
-
SHA256
9ac72314d261bcda0fd8e985fcca41c1f520fa36b985cdca4911f05c203441cd
-
SHA512
e86e47a830b969fba79aa9be3d21f219e9b8555f88eea9a9603ad5c8f730405397feb9ff23fbf697b65999fa61e4f064f11e391e2fac6cd92031c9f5ffb35999
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzkzNL:ymb3NkkiQ3mdBjFIvlpL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\eaf1f5a94189ec963d5692d428d5c390N.exe"C:\Users\Admin\AppData\Local\Temp\eaf1f5a94189ec963d5692d428d5c390N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhhbb.exec:\5nhhbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpp.exec:\pdvpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhtht.exec:\thhtht.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhhhh.exec:\bhhhhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbhht.exec:\bhbhht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnbnn.exec:\ntnbnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrrfx.exec:\fxxrrfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffxxx.exec:\rrffxxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnntt.exec:\tnnntt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppj.exec:\pjppj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvpj.exec:\1pvpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrfxfx.exec:\rlrfxfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhbb.exec:\bhnhbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvj.exec:\dvjvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxllx.exec:\xxfxllx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnnn.exec:\httnnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdpv.exec:\jjdpv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxxfx.exec:\rxfxxfx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfflrl.exec:\rlfflrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbbbb.exec:\7bbbbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvdv.exec:\vvvdv.exe23⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe24⤵
- Executes dropped EXE
-
\??\c:\ffrrxff.exec:\ffrrxff.exe25⤵
- Executes dropped EXE
-
\??\c:\nhhnhn.exec:\nhhnhn.exe26⤵
- Executes dropped EXE
-
\??\c:\bnbthh.exec:\bnbthh.exe27⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe28⤵
- Executes dropped EXE
-
\??\c:\1vpjp.exec:\1vpjp.exe29⤵
- Executes dropped EXE
-
\??\c:\rfxlfff.exec:\rfxlfff.exe30⤵
- Executes dropped EXE
-
\??\c:\1hntnn.exec:\1hntnn.exe31⤵
- Executes dropped EXE
-
\??\c:\nhttth.exec:\nhttth.exe32⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe33⤵
- Executes dropped EXE
-
\??\c:\xxlfffr.exec:\xxlfffr.exe34⤵
- Executes dropped EXE
-
\??\c:\fxrfrfr.exec:\fxrfrfr.exe35⤵
- Executes dropped EXE
-
\??\c:\bbhhhh.exec:\bbhhhh.exe36⤵
- Executes dropped EXE
-
\??\c:\djjpj.exec:\djjpj.exe37⤵
- Executes dropped EXE
-
\??\c:\jddjp.exec:\jddjp.exe38⤵
- Executes dropped EXE
-
\??\c:\rllxrrr.exec:\rllxrrr.exe39⤵
- Executes dropped EXE
-
\??\c:\xxrrrxx.exec:\xxrrrxx.exe40⤵
- Executes dropped EXE
-
\??\c:\5nntbh.exec:\5nntbh.exe41⤵
- Executes dropped EXE
-
\??\c:\5bhhtb.exec:\5bhhtb.exe42⤵
- Executes dropped EXE
-
\??\c:\tbhnnb.exec:\tbhnnb.exe43⤵
- Executes dropped EXE
-
\??\c:\djjjd.exec:\djjjd.exe44⤵
- Executes dropped EXE
-
\??\c:\djjdd.exec:\djjdd.exe45⤵
- Executes dropped EXE
-
\??\c:\lxfxxxl.exec:\lxfxxxl.exe46⤵
- Executes dropped EXE
-
\??\c:\hbnnnb.exec:\hbnnnb.exe47⤵
- Executes dropped EXE
-
\??\c:\ttnhnt.exec:\ttnhnt.exe48⤵
- Executes dropped EXE
-
\??\c:\3dppp.exec:\3dppp.exe49⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe50⤵
- Executes dropped EXE
-
\??\c:\xfxxflr.exec:\xfxxflr.exe51⤵
- Executes dropped EXE
-
\??\c:\btnbnb.exec:\btnbnb.exe52⤵
- Executes dropped EXE
-
\??\c:\tbhtbb.exec:\tbhtbb.exe53⤵
- Executes dropped EXE
-
\??\c:\vjdvv.exec:\vjdvv.exe54⤵
- Executes dropped EXE
-
\??\c:\lrrrffl.exec:\lrrrffl.exe55⤵
- Executes dropped EXE
-
\??\c:\rxfxxrf.exec:\rxfxxrf.exe56⤵
- Executes dropped EXE
-
\??\c:\nntthn.exec:\nntthn.exe57⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe58⤵
- Executes dropped EXE
-
\??\c:\9djjd.exec:\9djjd.exe59⤵
- Executes dropped EXE
-
\??\c:\fxxflxl.exec:\fxxflxl.exe60⤵
- Executes dropped EXE
-
\??\c:\thnnth.exec:\thnnth.exe61⤵
- Executes dropped EXE
-
\??\c:\nnttnn.exec:\nnttnn.exe62⤵
- Executes dropped EXE
-
\??\c:\pvddj.exec:\pvddj.exe63⤵
- Executes dropped EXE
-
\??\c:\rrrflll.exec:\rrrflll.exe64⤵
- Executes dropped EXE
-
\??\c:\rfffxxx.exec:\rfffxxx.exe65⤵
- Executes dropped EXE
-
\??\c:\nhbbhh.exec:\nhbbhh.exe66⤵
-
\??\c:\vjddp.exec:\vjddp.exe67⤵
-
\??\c:\dddvd.exec:\dddvd.exe68⤵
-
\??\c:\7rrfxrl.exec:\7rrfxrl.exe69⤵
-
\??\c:\fxxrrxx.exec:\fxxrrxx.exe70⤵
-
\??\c:\7tnnhn.exec:\7tnnhn.exe71⤵
-
\??\c:\tbhtnh.exec:\tbhtnh.exe72⤵
-
\??\c:\7ddvp.exec:\7ddvp.exe73⤵
-
\??\c:\xlfxllf.exec:\xlfxllf.exe74⤵
-
\??\c:\1rlfxxx.exec:\1rlfxxx.exe75⤵
-
\??\c:\1btnhb.exec:\1btnhb.exe76⤵
-
\??\c:\djdpp.exec:\djdpp.exe77⤵
-
\??\c:\3xxrlfx.exec:\3xxrlfx.exe78⤵
-
\??\c:\3hnnnt.exec:\3hnnnt.exe79⤵
-
\??\c:\jpddd.exec:\jpddd.exe80⤵
-
\??\c:\1vdvp.exec:\1vdvp.exe81⤵
-
\??\c:\9fxffff.exec:\9fxffff.exe82⤵
-
\??\c:\tntthb.exec:\tntthb.exe83⤵
-
\??\c:\jpdjd.exec:\jpdjd.exe84⤵
-
\??\c:\rxxrfff.exec:\rxxrfff.exe85⤵
-
\??\c:\7xflfrf.exec:\7xflfrf.exe86⤵
-
\??\c:\3bnhht.exec:\3bnhht.exe87⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe88⤵
-
\??\c:\dddvd.exec:\dddvd.exe89⤵
-
\??\c:\rxxfxxl.exec:\rxxfxxl.exe90⤵
-
\??\c:\hnbbht.exec:\hnbbht.exe91⤵
-
\??\c:\dppjd.exec:\dppjd.exe92⤵
-
\??\c:\lrxrrrl.exec:\lrxrrrl.exe93⤵
-
\??\c:\llrrxxl.exec:\llrrxxl.exe94⤵
-
\??\c:\httnht.exec:\httnht.exe95⤵
-
\??\c:\9jvpd.exec:\9jvpd.exe96⤵
-
\??\c:\xxrlffx.exec:\xxrlffx.exe97⤵
-
\??\c:\xrlfxxx.exec:\xrlfxxx.exe98⤵
-
\??\c:\bbnnhn.exec:\bbnnhn.exe99⤵
-
\??\c:\9bhbhh.exec:\9bhbhh.exe100⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe101⤵
-
\??\c:\fflrflr.exec:\fflrflr.exe102⤵
-
\??\c:\lffrllr.exec:\lffrllr.exe103⤵
-
\??\c:\hhhbbh.exec:\hhhbbh.exe104⤵
-
\??\c:\nnnbnb.exec:\nnnbnb.exe105⤵
-
\??\c:\jddvv.exec:\jddvv.exe106⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe107⤵
-
\??\c:\llrrffx.exec:\llrrffx.exe108⤵
-
\??\c:\thbbbb.exec:\thbbbb.exe109⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe110⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe111⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe112⤵
-
\??\c:\flrllxx.exec:\flrllxx.exe113⤵
-
\??\c:\hnnnhh.exec:\hnnnhh.exe114⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe115⤵
-
\??\c:\9xxffrl.exec:\9xxffrl.exe116⤵
-
\??\c:\xxfrlxr.exec:\xxfrlxr.exe117⤵
-
\??\c:\bhthnb.exec:\bhthnb.exe118⤵
-
\??\c:\5bhbhh.exec:\5bhbhh.exe119⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe120⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-