Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06/09/2024, 11:35
General
-
Target
fbf00f864740fdb9976f3908477d49a0N.exe
-
Size
82KB
-
MD5
fbf00f864740fdb9976f3908477d49a0
-
SHA1
408bae2e147edbfdaa456abc2b14fb6141f9a941
-
SHA256
b6d058d4e9d28e480b300d0ecdd55320cc6d57b251812569f36c77b649217c56
-
SHA512
7b3e8354ce7862134a48205a507bc43c5d5c1f23354f6f5122307e7ead1c16c5a33f144fb598dd077f82cf2328c77cb5d2e43d141dac911cb93b14710a096ddc
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89Q3:ymb3NkkiQ3mdBjFIIp9L9QrrA8O
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fbf00f864740fdb9976f3908477d49a0N.exe"C:\Users\Admin\AppData\Local\Temp\fbf00f864740fdb9976f3908477d49a0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdv.exec:\vdjdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrffx.exec:\xxxrffx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbt.exec:\nhnhbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tbttn.exec:\1tbttn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llxxrr.exec:\7llxxrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnhn.exec:\tttnhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxlflf.exec:\xrxlflf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbtt.exec:\bnhbtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppj.exec:\jpppj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrlfx.exec:\rllrlfx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxxrxr.exec:\7rxxrxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7httbt.exec:\7httbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvp.exec:\vddvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xffrrr.exec:\5xffrrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbttn.exec:\7tbttn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvp.exec:\vdjvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrfff.exec:\rrrrfff.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxfxl.exec:\rlxxfxl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnttnn.exec:\hnttnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpp.exec:\vpjpp.exe23⤵
- Executes dropped EXE
-
\??\c:\llxxxxr.exec:\llxxxxr.exe24⤵
- Executes dropped EXE
-
\??\c:\lrxrrrr.exec:\lrxrrrr.exe25⤵
- Executes dropped EXE
-
\??\c:\bnbbbb.exec:\bnbbbb.exe26⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe27⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ppjdd.exec:\ppjdd.exe28⤵
- Executes dropped EXE
-
\??\c:\fxffxfx.exec:\fxffxfx.exe29⤵
- Executes dropped EXE
-
\??\c:\vdppp.exec:\vdppp.exe30⤵
- Executes dropped EXE
-
\??\c:\fxxrllf.exec:\fxxrllf.exe31⤵
- Executes dropped EXE
-
\??\c:\rlffffx.exec:\rlffffx.exe32⤵
- Executes dropped EXE
-
\??\c:\7btthh.exec:\7btthh.exe33⤵
- Executes dropped EXE
-
\??\c:\tnnnnn.exec:\tnnnnn.exe34⤵
- Executes dropped EXE
-
\??\c:\ppvdj.exec:\ppvdj.exe35⤵
- Executes dropped EXE
-
\??\c:\jvvvv.exec:\jvvvv.exe36⤵
- Executes dropped EXE
-
\??\c:\xrxllfl.exec:\xrxllfl.exe37⤵
- Executes dropped EXE
-
\??\c:\rlrlxxr.exec:\rlrlxxr.exe38⤵
- Executes dropped EXE
-
\??\c:\ntbttt.exec:\ntbttt.exe39⤵
- Executes dropped EXE
-
\??\c:\nbbthb.exec:\nbbthb.exe40⤵
- Executes dropped EXE
-
\??\c:\djjvj.exec:\djjvj.exe41⤵
- Executes dropped EXE
-
\??\c:\5ddpd.exec:\5ddpd.exe42⤵
- Executes dropped EXE
-
\??\c:\rxxlxxr.exec:\rxxlxxr.exe43⤵
- Executes dropped EXE
-
\??\c:\lffxrrf.exec:\lffxrrf.exe44⤵
- Executes dropped EXE
-
\??\c:\hhtntn.exec:\hhtntn.exe45⤵
- Executes dropped EXE
-
\??\c:\hnhbnn.exec:\hnhbnn.exe46⤵
- Executes dropped EXE
-
\??\c:\jdddp.exec:\jdddp.exe47⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe48⤵
- Executes dropped EXE
-
\??\c:\rllrlff.exec:\rllrlff.exe49⤵
- Executes dropped EXE
-
\??\c:\rxllxxx.exec:\rxllxxx.exe50⤵
- Executes dropped EXE
-
\??\c:\hhhbtn.exec:\hhhbtn.exe51⤵
- Executes dropped EXE
-
\??\c:\nnttbt.exec:\nnttbt.exe52⤵
- Executes dropped EXE
-
\??\c:\vvvjd.exec:\vvvjd.exe53⤵
- Executes dropped EXE
-
\??\c:\1rfrxrx.exec:\1rfrxrx.exe54⤵
- Executes dropped EXE
-
\??\c:\ffxrllf.exec:\ffxrllf.exe55⤵
- Executes dropped EXE
-
\??\c:\5ttnnh.exec:\5ttnnh.exe56⤵
- Executes dropped EXE
-
\??\c:\3hbtnn.exec:\3hbtnn.exe57⤵
- Executes dropped EXE
-
\??\c:\1jppj.exec:\1jppj.exe58⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe59⤵
- Executes dropped EXE
-
\??\c:\xrffxrr.exec:\xrffxrr.exe60⤵
- Executes dropped EXE
-
\??\c:\9ntnhb.exec:\9ntnhb.exe61⤵
- Executes dropped EXE
-
\??\c:\hhhbnn.exec:\hhhbnn.exe62⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe63⤵
- Executes dropped EXE
-
\??\c:\jpvjv.exec:\jpvjv.exe64⤵
- Executes dropped EXE
-
\??\c:\lrllxfx.exec:\lrllxfx.exe65⤵
- Executes dropped EXE
-
\??\c:\rlllllf.exec:\rlllllf.exe66⤵
-
\??\c:\bhthth.exec:\bhthth.exe67⤵
-
\??\c:\htbbnn.exec:\htbbnn.exe68⤵
-
\??\c:\7djdd.exec:\7djdd.exe69⤵
-
\??\c:\7vddp.exec:\7vddp.exe70⤵
-
\??\c:\flfrfrr.exec:\flfrfrr.exe71⤵
-
\??\c:\xlrlfxr.exec:\xlrlfxr.exe72⤵
-
\??\c:\httnhh.exec:\httnhh.exe73⤵
-
\??\c:\nhhnht.exec:\nhhnht.exe74⤵
-
\??\c:\5jjdj.exec:\5jjdj.exe75⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe76⤵
-
\??\c:\rrlfflr.exec:\rrlfflr.exe77⤵
-
\??\c:\flffxxr.exec:\flffxxr.exe78⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe79⤵
-
\??\c:\3jjdv.exec:\3jjdv.exe80⤵
-
\??\c:\xxxxrrr.exec:\xxxxrrr.exe81⤵
-
\??\c:\flxrrlf.exec:\flxrrlf.exe82⤵
-
\??\c:\tnntnb.exec:\tnntnb.exe83⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe84⤵
-
\??\c:\3rfxxxf.exec:\3rfxxxf.exe85⤵
-
\??\c:\tbhhbt.exec:\tbhhbt.exe86⤵
-
\??\c:\hbhnnh.exec:\hbhnnh.exe87⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe88⤵
-
\??\c:\rlrlllr.exec:\rlrlllr.exe89⤵
-
\??\c:\frrlfxr.exec:\frrlfxr.exe90⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe91⤵
-
\??\c:\btttbb.exec:\btttbb.exe92⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe93⤵
-
\??\c:\jppjd.exec:\jppjd.exe94⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe95⤵
-
\??\c:\frrllxl.exec:\frrllxl.exe96⤵
-
\??\c:\httnhh.exec:\httnhh.exe97⤵
-
\??\c:\5thbtt.exec:\5thbtt.exe98⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe99⤵
-
\??\c:\lxrrlrx.exec:\lxrrlrx.exe100⤵
-
\??\c:\hbhhhb.exec:\hbhhhb.exe101⤵
-
\??\c:\nhhhbh.exec:\nhhhbh.exe102⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe103⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe104⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe105⤵
-
\??\c:\5frllll.exec:\5frllll.exe106⤵
-
\??\c:\xlllffx.exec:\xlllffx.exe107⤵
-
\??\c:\tttnhb.exec:\tttnhb.exe108⤵
-
\??\c:\bttbth.exec:\bttbth.exe109⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe110⤵
-
\??\c:\frrlfxx.exec:\frrlfxx.exe111⤵
-
\??\c:\1xfxrlf.exec:\1xfxrlf.exe112⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe113⤵
-
\??\c:\tbbtnh.exec:\tbbtnh.exe114⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe115⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe116⤵
-
\??\c:\xrlfrrl.exec:\xrlfrrl.exe117⤵
-
\??\c:\rrrlffx.exec:\rrrlffx.exe118⤵
-
\??\c:\hhnthb.exec:\hhnthb.exe119⤵
-
\??\c:\tntbnn.exec:\tntbnn.exe120⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-