Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
08/09/2024, 06:07
General
-
Target
a599ee1085ee575689428222304fc280N.exe
-
Size
230KB
-
MD5
a599ee1085ee575689428222304fc280
-
SHA1
a01d4a057661c1181dfdc120456069151ef20770
-
SHA256
a1c38a68b5bccf29121f4f585c719ffc70d0e1d111a0b0e15184df1a8523c209
-
SHA512
aebed0e624de3ff226cf3cfc196ee7a6e03ee9c5806e9537b469ee71ba4ceb3b774ef726b64ace6cb042585398c416fae69fbdf1d80f04d325b639ebd681a859
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLn/c1fu:n3C9BRo7MlrWKo+lxKk1fu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a599ee1085ee575689428222304fc280N.exe"C:\Users\Admin\AppData\Local\Temp\a599ee1085ee575689428222304fc280N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9nbtnb.exec:\9nbtnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jpjd.exec:\1jpjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnnhh.exec:\3bnnhh.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\222666.exec:\222666.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbthh.exec:\htbthh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\84042.exec:\84042.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u626444.exec:\u626444.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2682622.exec:\2682622.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q44822.exec:\q44822.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjd.exec:\dppjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvpj.exec:\1pvpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbtb.exec:\bhhbtb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\684040.exec:\684040.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\006044.exec:\006044.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\88808.exec:\88808.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2608266.exec:\2608266.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxxxr.exec:\llfxxxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8460604.exec:\8460604.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxxrl.exec:\rlrxxrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\422200.exec:\422200.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtb.exec:\nbhbtb.exe23⤵
- Executes dropped EXE
-
\??\c:\rlrxfrl.exec:\rlrxfrl.exe24⤵
- Executes dropped EXE
-
\??\c:\2688226.exec:\2688226.exe25⤵
- Executes dropped EXE
-
\??\c:\802266.exec:\802266.exe26⤵
- Executes dropped EXE
-
\??\c:\0260488.exec:\0260488.exe27⤵
- Executes dropped EXE
-
\??\c:\rfrfxff.exec:\rfrfxff.exe28⤵
- Executes dropped EXE
-
\??\c:\846600.exec:\846600.exe29⤵
- Executes dropped EXE
-
\??\c:\fxxrfff.exec:\fxxrfff.exe30⤵
- Executes dropped EXE
-
\??\c:\pppjp.exec:\pppjp.exe31⤵
- Executes dropped EXE
-
\??\c:\rxrxffl.exec:\rxrxffl.exe32⤵
- Executes dropped EXE
-
\??\c:\xlfxrrl.exec:\xlfxrrl.exe33⤵
- Executes dropped EXE
-
\??\c:\pvdjj.exec:\pvdjj.exe34⤵
- Executes dropped EXE
-
\??\c:\06402.exec:\06402.exe35⤵
- Executes dropped EXE
-
\??\c:\8026000.exec:\8026000.exe36⤵
- Executes dropped EXE
-
\??\c:\g2226.exec:\g2226.exe37⤵
- Executes dropped EXE
-
\??\c:\268288.exec:\268288.exe38⤵
- Executes dropped EXE
-
\??\c:\o860006.exec:\o860006.exe39⤵
- Executes dropped EXE
-
\??\c:\88046.exec:\88046.exe40⤵
- Executes dropped EXE
-
\??\c:\fxfffxx.exec:\fxfffxx.exe41⤵
- Executes dropped EXE
-
\??\c:\vdvpv.exec:\vdvpv.exe42⤵
- Executes dropped EXE
-
\??\c:\24660.exec:\24660.exe43⤵
- Executes dropped EXE
-
\??\c:\06260.exec:\06260.exe44⤵
- Executes dropped EXE
-
\??\c:\frxxrfx.exec:\frxxrfx.exe45⤵
- Executes dropped EXE
-
\??\c:\262822.exec:\262822.exe46⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe47⤵
- Executes dropped EXE
-
\??\c:\e04000.exec:\e04000.exe48⤵
- Executes dropped EXE
-
\??\c:\680488.exec:\680488.exe49⤵
- Executes dropped EXE
-
\??\c:\608884.exec:\608884.exe50⤵
- Executes dropped EXE
-
\??\c:\xrffxxr.exec:\xrffxxr.exe51⤵
- Executes dropped EXE
-
\??\c:\02848.exec:\02848.exe52⤵
- Executes dropped EXE
-
\??\c:\tnhhhb.exec:\tnhhhb.exe53⤵
- Executes dropped EXE
-
\??\c:\88822.exec:\88822.exe54⤵
- Executes dropped EXE
-
\??\c:\i624882.exec:\i624882.exe55⤵
- Executes dropped EXE
-
\??\c:\3xxxxff.exec:\3xxxxff.exe56⤵
- Executes dropped EXE
-
\??\c:\s2440.exec:\s2440.exe57⤵
- Executes dropped EXE
-
\??\c:\dvdpj.exec:\dvdpj.exe58⤵
- Executes dropped EXE
-
\??\c:\802200.exec:\802200.exe59⤵
- Executes dropped EXE
-
\??\c:\466048.exec:\466048.exe60⤵
- Executes dropped EXE
-
\??\c:\llrrrrl.exec:\llrrrrl.exe61⤵
- Executes dropped EXE
-
\??\c:\thnhbb.exec:\thnhbb.exe62⤵
- Executes dropped EXE
-
\??\c:\rflfrrl.exec:\rflfrrl.exe63⤵
- Executes dropped EXE
-
\??\c:\htbbnn.exec:\htbbnn.exe64⤵
- Executes dropped EXE
-
\??\c:\lfffrrr.exec:\lfffrrr.exe65⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\88646.exec:\88646.exe66⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe67⤵
-
\??\c:\82668.exec:\82668.exe68⤵
-
\??\c:\dvppd.exec:\dvppd.exe69⤵
-
\??\c:\s6226.exec:\s6226.exe70⤵
-
\??\c:\7nhbnh.exec:\7nhbnh.exe71⤵
-
\??\c:\c066662.exec:\c066662.exe72⤵
-
\??\c:\6044448.exec:\6044448.exe73⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe74⤵
-
\??\c:\rlrfxxr.exec:\rlrfxxr.exe75⤵
-
\??\c:\002226.exec:\002226.exe76⤵
-
\??\c:\28648.exec:\28648.exe77⤵
-
\??\c:\9pjjv.exec:\9pjjv.exe78⤵
-
\??\c:\468866.exec:\468866.exe79⤵
-
\??\c:\rlfrlrl.exec:\rlfrlrl.exe80⤵
-
\??\c:\0400422.exec:\0400422.exe81⤵
-
\??\c:\xrrlxxx.exec:\xrrlxxx.exe82⤵
-
\??\c:\844488.exec:\844488.exe83⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe84⤵
-
\??\c:\vppjp.exec:\vppjp.exe85⤵
-
\??\c:\e06482.exec:\e06482.exe86⤵
-
\??\c:\6060804.exec:\6060804.exe87⤵
-
\??\c:\6004882.exec:\6004882.exe88⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe89⤵
-
\??\c:\flrlxxr.exec:\flrlxxr.exe90⤵
-
\??\c:\4404448.exec:\4404448.exe91⤵
-
\??\c:\062266.exec:\062266.exe92⤵
-
\??\c:\e80080.exec:\e80080.exe93⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe94⤵
-
\??\c:\02844.exec:\02844.exe95⤵
-
\??\c:\vpddd.exec:\vpddd.exe96⤵
-
\??\c:\888866.exec:\888866.exe97⤵
-
\??\c:\e46482.exec:\e46482.exe98⤵
-
\??\c:\40664.exec:\40664.exe99⤵
-
\??\c:\xxfxrrl.exec:\xxfxrrl.exe100⤵
-
\??\c:\lrllxxr.exec:\lrllxxr.exe101⤵
-
\??\c:\48006.exec:\48006.exe102⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe103⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe104⤵
-
\??\c:\frfxxxx.exec:\frfxxxx.exe105⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe106⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe107⤵
-
\??\c:\6408266.exec:\6408266.exe108⤵
-
\??\c:\04040.exec:\04040.exe109⤵
-
\??\c:\g2486.exec:\g2486.exe110⤵
-
\??\c:\068266.exec:\068266.exe111⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe112⤵
-
\??\c:\ddddv.exec:\ddddv.exe113⤵
-
\??\c:\842600.exec:\842600.exe114⤵
-
\??\c:\0424826.exec:\0424826.exe115⤵
-
\??\c:\4804044.exec:\4804044.exe116⤵
-
\??\c:\c464844.exec:\c464844.exe117⤵
-
\??\c:\88040.exec:\88040.exe118⤵
-
\??\c:\u060826.exec:\u060826.exe119⤵
-
\??\c:\864848.exec:\864848.exe120⤵
-
\??\c:\btnbbb.exec:\btnbbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-