Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
106s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
08/09/2024, 09:56
General
-
Target
37e3a9a9a84561752662f01ed2495200N.exe
-
Size
65KB
-
MD5
37e3a9a9a84561752662f01ed2495200
-
SHA1
f8c3ca95bcca24d1d48e4ba98b65c6978de13a9a
-
SHA256
71a55f3d8cbe5f2ae85be40a1a93201c0f7d05bf130b1972cfab78b8997fa8bb
-
SHA512
58bf401f6f5d8b0c5314579f77b0338ff20382ad2a6e3a8a8a2673a614ed0709d03b130cab294f69d35c2a2cb3c401dbbbf2437af1670a7d63ffd7dd6dc57102
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxe6a:ymb3NkkiQ3mdBjF0y7kbUv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\37e3a9a9a84561752662f01ed2495200N.exe"C:\Users\Admin\AppData\Local\Temp\37e3a9a9a84561752662f01ed2495200N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpp.exec:\vpvpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpj.exec:\vvvpj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllrrx.exec:\xrllrrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbbb.exec:\nhhbbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddv.exec:\ddddv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbntn.exec:\tnbntn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbb.exec:\nhnhbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjd.exec:\dvjjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrrxx.exec:\lrxrrxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjjj.exec:\5jjjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjpd.exec:\pjjpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhnnn.exec:\hbhnnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnnb.exec:\bthnnb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvp.exec:\jdpvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllfff.exec:\rfllfff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xffrxr.exec:\7xffrxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbttnn.exec:\bbttnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjv.exec:\jpjjv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlfff.exec:\xrrlfff.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrrrrl.exec:\5rrrrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxff.exec:\lflfxff.exe23⤵
- Executes dropped EXE
-
\??\c:\hbhtnb.exec:\hbhtnb.exe24⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe25⤵
- Executes dropped EXE
-
\??\c:\ppvdv.exec:\ppvdv.exe26⤵
- Executes dropped EXE
-
\??\c:\1rffffx.exec:\1rffffx.exe27⤵
- Executes dropped EXE
-
\??\c:\tbnnnn.exec:\tbnnnn.exe28⤵
- Executes dropped EXE
-
\??\c:\3pjdv.exec:\3pjdv.exe29⤵
- Executes dropped EXE
-
\??\c:\flllrff.exec:\flllrff.exe30⤵
- Executes dropped EXE
-
\??\c:\rxrrrxx.exec:\rxrrrxx.exe31⤵
- Executes dropped EXE
-
\??\c:\thntbn.exec:\thntbn.exe32⤵
- Executes dropped EXE
-
\??\c:\7pvvv.exec:\7pvvv.exe33⤵
- Executes dropped EXE
-
\??\c:\pdddp.exec:\pdddp.exe34⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe35⤵
- Executes dropped EXE
-
\??\c:\rrlfflf.exec:\rrlfflf.exe36⤵
- Executes dropped EXE
-
\??\c:\xxlrffl.exec:\xxlrffl.exe37⤵
- Executes dropped EXE
-
\??\c:\nhbbtn.exec:\nhbbtn.exe38⤵
- Executes dropped EXE
-
\??\c:\vpppv.exec:\vpppv.exe39⤵
- Executes dropped EXE
-
\??\c:\vvjdd.exec:\vvjdd.exe40⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe41⤵
- Executes dropped EXE
-
\??\c:\lllfffr.exec:\lllfffr.exe42⤵
- Executes dropped EXE
-
\??\c:\ffrrxll.exec:\ffrrxll.exe43⤵
- Executes dropped EXE
-
\??\c:\nbbbbh.exec:\nbbbbh.exe44⤵
- Executes dropped EXE
-
\??\c:\1dppd.exec:\1dppd.exe45⤵
- Executes dropped EXE
-
\??\c:\vvpvp.exec:\vvpvp.exe46⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe47⤵
- Executes dropped EXE
-
\??\c:\xrrrrff.exec:\xrrrrff.exe48⤵
- Executes dropped EXE
-
\??\c:\hhbtth.exec:\hhbtth.exe49⤵
- Executes dropped EXE
-
\??\c:\3ppvv.exec:\3ppvv.exe50⤵
- Executes dropped EXE
-
\??\c:\fxlllxr.exec:\fxlllxr.exe51⤵
- Executes dropped EXE
-
\??\c:\ffffflr.exec:\ffffflr.exe52⤵
- Executes dropped EXE
-
\??\c:\nntnbb.exec:\nntnbb.exe53⤵
- Executes dropped EXE
-
\??\c:\jjjjv.exec:\jjjjv.exe54⤵
- Executes dropped EXE
-
\??\c:\5jppj.exec:\5jppj.exe55⤵
- Executes dropped EXE
-
\??\c:\rrlxxfr.exec:\rrlxxfr.exe56⤵
- Executes dropped EXE
-
\??\c:\ffllfll.exec:\ffllfll.exe57⤵
- Executes dropped EXE
-
\??\c:\nntnnn.exec:\nntnnn.exe58⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe59⤵
- Executes dropped EXE
-
\??\c:\1dpjj.exec:\1dpjj.exe60⤵
- Executes dropped EXE
-
\??\c:\lxllfll.exec:\lxllfll.exe61⤵
- Executes dropped EXE
-
\??\c:\fxrrrrr.exec:\fxrrrrr.exe62⤵
- Executes dropped EXE
-
\??\c:\nhhntb.exec:\nhhntb.exe63⤵
- Executes dropped EXE
-
\??\c:\nntnhh.exec:\nntnhh.exe64⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe65⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe66⤵
-
\??\c:\9xfllrl.exec:\9xfllrl.exe67⤵
-
\??\c:\frxffff.exec:\frxffff.exe68⤵
-
\??\c:\3bbhnb.exec:\3bbhnb.exe69⤵
-
\??\c:\3pvvj.exec:\3pvvj.exe70⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe71⤵
-
\??\c:\frrlfff.exec:\frrlfff.exe72⤵
-
\??\c:\lxrrrxf.exec:\lxrrrxf.exe73⤵
-
\??\c:\htbbtn.exec:\htbbtn.exe74⤵
-
\??\c:\tbnhhn.exec:\tbnhhn.exe75⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe76⤵
-
\??\c:\pdppj.exec:\pdppj.exe77⤵
-
\??\c:\rllrxfx.exec:\rllrxfx.exe78⤵
-
\??\c:\djjjd.exec:\djjjd.exe79⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe80⤵
-
\??\c:\lllxrff.exec:\lllxrff.exe81⤵
-
\??\c:\5hnnnh.exec:\5hnnnh.exe82⤵
-
\??\c:\hhhbbt.exec:\hhhbbt.exe83⤵
-
\??\c:\pddvj.exec:\pddvj.exe84⤵
-
\??\c:\xrxxrrl.exec:\xrxxrrl.exe85⤵
-
\??\c:\rlxxffl.exec:\rlxxffl.exe86⤵
-
\??\c:\hhtnnn.exec:\hhtnnn.exe87⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe88⤵
-
\??\c:\vppjj.exec:\vppjj.exe89⤵
-
\??\c:\rlxrfxr.exec:\rlxrfxr.exe90⤵
-
\??\c:\tnttnt.exec:\tnttnt.exe91⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe92⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe93⤵
-
\??\c:\llffrrl.exec:\llffrrl.exe94⤵
-
\??\c:\7hbbbb.exec:\7hbbbb.exe95⤵
-
\??\c:\thbbbb.exec:\thbbbb.exe96⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe97⤵
-
\??\c:\fxrlfff.exec:\fxrlfff.exe98⤵
-
\??\c:\xrxrllf.exec:\xrxrllf.exe99⤵
-
\??\c:\3nnhbb.exec:\3nnhbb.exe100⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe101⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe102⤵
-
\??\c:\3vvvp.exec:\3vvvp.exe103⤵
-
\??\c:\3lxxxrl.exec:\3lxxxrl.exe104⤵
-
\??\c:\3rrrrrl.exec:\3rrrrrl.exe105⤵
-
\??\c:\7ttthh.exec:\7ttthh.exe106⤵
-
\??\c:\nbbtnb.exec:\nbbtnb.exe107⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe108⤵
-
\??\c:\rllffxr.exec:\rllffxr.exe109⤵
-
\??\c:\7ntttb.exec:\7ntttb.exe110⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe111⤵
-
\??\c:\jpdpj.exec:\jpdpj.exe112⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe113⤵
-
\??\c:\5rflxlx.exec:\5rflxlx.exe114⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lllrrrr.exec:\lllrrrr.exe115⤵
-
\??\c:\1hhttt.exec:\1hhttt.exe116⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe117⤵
-
\??\c:\vdddd.exec:\vdddd.exe118⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe119⤵
-
\??\c:\1frlllf.exec:\1frlllf.exe120⤵
-
\??\c:\lfxrllr.exec:\lfxrllr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-