Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
08/09/2024, 19:20
General
-
Target
1a2321e84b672b1896ab762da561f6282448e152de5e73904ecf6b41905bcf6b.exe
-
Size
230KB
-
MD5
517281f7bd56a43094ec1300f76f4e2f
-
SHA1
26235c95e67a2e5cd3869d5e0c49658c9f6bbef6
-
SHA256
1a2321e84b672b1896ab762da561f6282448e152de5e73904ecf6b41905bcf6b
-
SHA512
d2b334d69248fe135cbbb75bd9145dc22b95ede8048302ac8bda138a16b2c3fdf60de55c531a6ced06bbfe1cd0ddc36169ebc12ac568fab67df5e043a7ac02ea
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLn/c1fE:n3C9BRo7MlrWKo+lxKk1c
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a2321e84b672b1896ab762da561f6282448e152de5e73904ecf6b41905bcf6b.exe"C:\Users\Admin\AppData\Local\Temp\1a2321e84b672b1896ab762da561f6282448e152de5e73904ecf6b41905bcf6b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbbt.exec:\tnhbbt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppvj.exec:\jppvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfflfr.exec:\rrfflfr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrffxl.exec:\xfrffxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxxxf.exec:\xxrxxxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnntn.exec:\tnnntn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjvp.exec:\pdjvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfrrl.exec:\xrlfrrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnbhh.exec:\ntnbhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpp.exec:\jvvpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7thbhh.exec:\7thbhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdj.exec:\pjjdj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jpdv.exec:\5jpdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntntb.exec:\nntntb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnbb.exec:\bttnbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpdv.exec:\pdpdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxlrl.exec:\lffxlrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnhbb.exec:\5tnhbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffrxx.exec:\rrffrxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnnn.exec:\bhnnnn.exe23⤵
- Executes dropped EXE
-
\??\c:\bbbhbt.exec:\bbbhbt.exe24⤵
- Executes dropped EXE
-
\??\c:\pvdpd.exec:\pvdpd.exe25⤵
- Executes dropped EXE
-
\??\c:\xrlfxxx.exec:\xrlfxxx.exe26⤵
- Executes dropped EXE
-
\??\c:\3bnnhh.exec:\3bnnhh.exe27⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe28⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe29⤵
- Executes dropped EXE
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe30⤵
- Executes dropped EXE
-
\??\c:\hbhbtt.exec:\hbhbtt.exe31⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe32⤵
- Executes dropped EXE
-
\??\c:\lrxrfrr.exec:\lrxrfrr.exe33⤵
- Executes dropped EXE
-
\??\c:\hbbbtt.exec:\hbbbtt.exe34⤵
- Executes dropped EXE
-
\??\c:\djvjd.exec:\djvjd.exe35⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe36⤵
- Executes dropped EXE
-
\??\c:\1fxrllf.exec:\1fxrllf.exe37⤵
- Executes dropped EXE
-
\??\c:\7ffxxxr.exec:\7ffxxxr.exe38⤵
- Executes dropped EXE
-
\??\c:\nhbbtt.exec:\nhbbtt.exe39⤵
- Executes dropped EXE
-
\??\c:\vvjdp.exec:\vvjdp.exe40⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe41⤵
- Executes dropped EXE
-
\??\c:\7llffll.exec:\7llffll.exe42⤵
- Executes dropped EXE
-
\??\c:\ffffxxr.exec:\ffffxxr.exe43⤵
- Executes dropped EXE
-
\??\c:\bbbttn.exec:\bbbttn.exe44⤵
- Executes dropped EXE
-
\??\c:\5dvvj.exec:\5dvvj.exe45⤵
- Executes dropped EXE
-
\??\c:\rllfxxr.exec:\rllfxxr.exe46⤵
- Executes dropped EXE
-
\??\c:\9ttnht.exec:\9ttnht.exe47⤵
- Executes dropped EXE
-
\??\c:\3vvpd.exec:\3vvpd.exe48⤵
- Executes dropped EXE
-
\??\c:\lffxrlf.exec:\lffxrlf.exe49⤵
- Executes dropped EXE
-
\??\c:\lxrlxrl.exec:\lxrlxrl.exe50⤵
- Executes dropped EXE
-
\??\c:\hbnhnn.exec:\hbnhnn.exe51⤵
- Executes dropped EXE
-
\??\c:\9jjjd.exec:\9jjjd.exe52⤵
- Executes dropped EXE
-
\??\c:\vddpj.exec:\vddpj.exe53⤵
- Executes dropped EXE
-
\??\c:\lfrlxrl.exec:\lfrlxrl.exe54⤵
- Executes dropped EXE
-
\??\c:\1xfxrrl.exec:\1xfxrrl.exe55⤵
- Executes dropped EXE
-
\??\c:\bhbnhb.exec:\bhbnhb.exe56⤵
- Executes dropped EXE
-
\??\c:\thhhhh.exec:\thhhhh.exe57⤵
- Executes dropped EXE
-
\??\c:\pvdpv.exec:\pvdpv.exe58⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe59⤵
- Executes dropped EXE
-
\??\c:\rlffxrl.exec:\rlffxrl.exe60⤵
- Executes dropped EXE
-
\??\c:\fxlxrrl.exec:\fxlxrrl.exe61⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tnnhtn.exec:\tnnhtn.exe62⤵
- Executes dropped EXE
-
\??\c:\bbhbbt.exec:\bbhbbt.exe63⤵
- Executes dropped EXE
-
\??\c:\dvjvd.exec:\dvjvd.exe64⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe65⤵
- Executes dropped EXE
-
\??\c:\xrrfllr.exec:\xrrfllr.exe66⤵
-
\??\c:\rxfrlfx.exec:\rxfrlfx.exe67⤵
-
\??\c:\bbbthb.exec:\bbbthb.exe68⤵
-
\??\c:\nbhbnn.exec:\nbhbnn.exe69⤵
-
\??\c:\5vvpd.exec:\5vvpd.exe70⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe71⤵
-
\??\c:\bhhbnh.exec:\bhhbnh.exe72⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe73⤵
-
\??\c:\rllfxrr.exec:\rllfxrr.exe74⤵
-
\??\c:\rrffxxf.exec:\rrffxxf.exe75⤵
-
\??\c:\bthbnn.exec:\bthbnn.exe76⤵
-
\??\c:\btnnbt.exec:\btnnbt.exe77⤵
-
\??\c:\1vpjv.exec:\1vpjv.exe78⤵
-
\??\c:\3pjdd.exec:\3pjdd.exe79⤵
-
\??\c:\5flfrlx.exec:\5flfrlx.exe80⤵
-
\??\c:\xflfxrl.exec:\xflfxrl.exe81⤵
-
\??\c:\9btnbh.exec:\9btnbh.exe82⤵
-
\??\c:\7jjdp.exec:\7jjdp.exe83⤵
-
\??\c:\5rlrffx.exec:\5rlrffx.exe84⤵
-
\??\c:\rrrxrxl.exec:\rrrxrxl.exe85⤵
-
\??\c:\bthhbh.exec:\bthhbh.exe86⤵
-
\??\c:\bbhbhh.exec:\bbhbhh.exe87⤵
-
\??\c:\vdvdv.exec:\vdvdv.exe88⤵
-
\??\c:\1vpjv.exec:\1vpjv.exe89⤵
-
\??\c:\llrrfxl.exec:\llrrfxl.exe90⤵
-
\??\c:\flxrrrr.exec:\flxrrrr.exe91⤵
-
\??\c:\htbhhh.exec:\htbhhh.exe92⤵
-
\??\c:\dppjv.exec:\dppjv.exe93⤵
-
\??\c:\vppvj.exec:\vppvj.exe94⤵
-
\??\c:\3jjdv.exec:\3jjdv.exe95⤵
-
\??\c:\5lfxlfr.exec:\5lfxlfr.exe96⤵
-
\??\c:\3tbnhh.exec:\3tbnhh.exe97⤵
-
\??\c:\tthhtt.exec:\tthhtt.exe98⤵
-
\??\c:\jpdpj.exec:\jpdpj.exe99⤵
-
\??\c:\vddpd.exec:\vddpd.exe100⤵
-
\??\c:\xrxllfr.exec:\xrxllfr.exe101⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe102⤵
-
\??\c:\tbthbt.exec:\tbthbt.exe103⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe104⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe105⤵
-
\??\c:\flrlfff.exec:\flrlfff.exe106⤵
-
\??\c:\bthbnh.exec:\bthbnh.exe107⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe108⤵
-
\??\c:\1jvpd.exec:\1jvpd.exe109⤵
-
\??\c:\lrrlllf.exec:\lrrlllf.exe110⤵
-
\??\c:\xffrlfx.exec:\xffrlfx.exe111⤵
-
\??\c:\nnhtnb.exec:\nnhtnb.exe112⤵
-
\??\c:\tnthtt.exec:\tnthtt.exe113⤵
-
\??\c:\pddpd.exec:\pddpd.exe114⤵
-
\??\c:\pdvpd.exec:\pdvpd.exe115⤵
-
\??\c:\rlfxrrf.exec:\rlfxrrf.exe116⤵
-
\??\c:\lxlfxlf.exec:\lxlfxlf.exe117⤵
-
\??\c:\9ttnhb.exec:\9ttnhb.exe118⤵
-
\??\c:\nhtbnt.exec:\nhtbnt.exe119⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe120⤵
-
\??\c:\vjpvj.exec:\vjpvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-