Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
08/09/2024, 19:06
General
-
Target
150d68770dd1daebd5489d5d068590640d2fd495898a863836e69db5a8378e54.exe
-
Size
383KB
-
MD5
e10912ffc2ce6d07940672e9f6dee201
-
SHA1
bd4aa760ce86808e11cbc8efc976640f9e2d5c8c
-
SHA256
150d68770dd1daebd5489d5d068590640d2fd495898a863836e69db5a8378e54
-
SHA512
0e6d55450664835cacafb40c662a94afb3dccacfb8f6799b5d0e54c5ac160fe4bff5282b630cebeed2ee3249bed909a2c39530787b9740be606f8b4826ac096a
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwv:n3C9uYA7okVqdKwaO5CVS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\150d68770dd1daebd5489d5d068590640d2fd495898a863836e69db5a8378e54.exe"C:\Users\Admin\AppData\Local\Temp\150d68770dd1daebd5489d5d068590640d2fd495898a863836e69db5a8378e54.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpv.exec:\dpvpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxffx.exec:\xrfxffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbbbb.exec:\hnbbbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djdp.exec:\1djdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddj.exec:\pjddj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhht.exec:\hhnhht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjdd.exec:\9jjdd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrfrrx.exec:\xrrfrrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrxfx.exec:\lrxrxfx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflfxf.exec:\llflfxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlfxr.exec:\flrlfxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnbb.exec:\hhtnbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtttt.exec:\nbtttt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnntt.exec:\nhnntt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbttn.exec:\hbbttn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jpjv.exec:\5jpjv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlflfl.exec:\fxlflfl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpjd.exec:\7vpjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnhh.exec:\nhnnhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddv.exec:\vdddv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlfff.exec:\lfrlfff.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhbhb.exec:\5bhbhb.exe23⤵
- Executes dropped EXE
-
\??\c:\fflfxxr.exec:\fflfxxr.exe24⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe25⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe26⤵
- Executes dropped EXE
-
\??\c:\btbbnn.exec:\btbbnn.exe27⤵
- Executes dropped EXE
-
\??\c:\hhhhbt.exec:\hhhhbt.exe28⤵
- Executes dropped EXE
-
\??\c:\fflffxr.exec:\fflffxr.exe29⤵
- Executes dropped EXE
-
\??\c:\nnbhbb.exec:\nnbhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\flxrlfx.exec:\flxrlfx.exe31⤵
- Executes dropped EXE
-
\??\c:\bhthnn.exec:\bhthnn.exe32⤵
- Executes dropped EXE
-
\??\c:\fxxfxff.exec:\fxxfxff.exe33⤵
- Executes dropped EXE
-
\??\c:\hnnnbb.exec:\hnnnbb.exe34⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe35⤵
- Executes dropped EXE
-
\??\c:\7jddd.exec:\7jddd.exe36⤵
- Executes dropped EXE
-
\??\c:\lfrlffx.exec:\lfrlffx.exe37⤵
- Executes dropped EXE
-
\??\c:\btttbb.exec:\btttbb.exe38⤵
- Executes dropped EXE
-
\??\c:\hhbbtn.exec:\hhbbtn.exe39⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe40⤵
- Executes dropped EXE
-
\??\c:\rxfxxlr.exec:\rxfxxlr.exe41⤵
- Executes dropped EXE
-
\??\c:\lrrxrxr.exec:\lrrxrxr.exe42⤵
- Executes dropped EXE
-
\??\c:\ntbbbb.exec:\ntbbbb.exe43⤵
- Executes dropped EXE
-
\??\c:\9nnhtn.exec:\9nnhtn.exe44⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe45⤵
- Executes dropped EXE
-
\??\c:\ffrrrrr.exec:\ffrrrrr.exe46⤵
- Executes dropped EXE
-
\??\c:\xfxrllf.exec:\xfxrllf.exe47⤵
- Executes dropped EXE
-
\??\c:\hbtttb.exec:\hbtttb.exe48⤵
- Executes dropped EXE
-
\??\c:\nthbtt.exec:\nthbtt.exe49⤵
- Executes dropped EXE
-
\??\c:\dpvjd.exec:\dpvjd.exe50⤵
- Executes dropped EXE
-
\??\c:\fffxllr.exec:\fffxllr.exe51⤵
- Executes dropped EXE
-
\??\c:\tnnnhn.exec:\tnnnhn.exe52⤵
- Executes dropped EXE
-
\??\c:\btbbnn.exec:\btbbnn.exe53⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe54⤵
- Executes dropped EXE
-
\??\c:\rfrxxxr.exec:\rfrxxxr.exe55⤵
- Executes dropped EXE
-
\??\c:\5lrrrrr.exec:\5lrrrrr.exe56⤵
- Executes dropped EXE
-
\??\c:\hnnhbb.exec:\hnnhbb.exe57⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe58⤵
- Executes dropped EXE
-
\??\c:\jpjjp.exec:\jpjjp.exe59⤵
- Executes dropped EXE
-
\??\c:\rlxxxrx.exec:\rlxxxrx.exe60⤵
- Executes dropped EXE
-
\??\c:\fxlffll.exec:\fxlffll.exe61⤵
- Executes dropped EXE
-
\??\c:\ntbbtt.exec:\ntbbtt.exe62⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe63⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe64⤵
- Executes dropped EXE
-
\??\c:\llllflf.exec:\llllflf.exe65⤵
- Executes dropped EXE
-
\??\c:\btthhh.exec:\btthhh.exe66⤵
-
\??\c:\hntbtn.exec:\hntbtn.exe67⤵
-
\??\c:\vvddp.exec:\vvddp.exe68⤵
-
\??\c:\3flxrrx.exec:\3flxrrx.exe69⤵
-
\??\c:\fxlflll.exec:\fxlflll.exe70⤵
-
\??\c:\hnthbh.exec:\hnthbh.exe71⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe72⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe73⤵
-
\??\c:\lrxrxrl.exec:\lrxrxrl.exe74⤵
-
\??\c:\rlrrrrl.exec:\rlrrrrl.exe75⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe76⤵
-
\??\c:\btbttt.exec:\btbttt.exe77⤵
-
\??\c:\pddvj.exec:\pddvj.exe78⤵
-
\??\c:\xrrrlff.exec:\xrrrlff.exe79⤵
-
\??\c:\bthhbt.exec:\bthhbt.exe80⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe81⤵
-
\??\c:\fflxrlf.exec:\fflxrlf.exe82⤵
-
\??\c:\frfflrf.exec:\frfflrf.exe83⤵
-
\??\c:\ttbtnn.exec:\ttbtnn.exe84⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe85⤵
-
\??\c:\7jjjd.exec:\7jjjd.exe86⤵
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe87⤵
-
\??\c:\lxlllll.exec:\lxlllll.exe88⤵
-
\??\c:\hhbtnn.exec:\hhbtnn.exe89⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe90⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe91⤵
-
\??\c:\llrrxff.exec:\llrrxff.exe92⤵
-
\??\c:\xrlfxxl.exec:\xrlfxxl.exe93⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe94⤵
-
\??\c:\thhbbb.exec:\thhbbb.exe95⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe96⤵
-
\??\c:\7frrlll.exec:\7frrlll.exe97⤵
-
\??\c:\rfllfff.exec:\rfllfff.exe98⤵
-
\??\c:\bhttbt.exec:\bhttbt.exe99⤵
-
\??\c:\ppjdj.exec:\ppjdj.exe100⤵
-
\??\c:\rxffffx.exec:\rxffffx.exe101⤵
-
\??\c:\frfflll.exec:\frfflll.exe102⤵
-
\??\c:\htnnbb.exec:\htnnbb.exe103⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe104⤵
-
\??\c:\9pdvp.exec:\9pdvp.exe105⤵
-
\??\c:\lllxxxx.exec:\lllxxxx.exe106⤵
-
\??\c:\rflfrxr.exec:\rflfrxr.exe107⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe108⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe109⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe110⤵
-
\??\c:\lxfxxxf.exec:\lxfxxxf.exe111⤵
-
\??\c:\3fflllf.exec:\3fflllf.exe112⤵
-
\??\c:\tnbttt.exec:\tnbttt.exe113⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe114⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe115⤵
-
\??\c:\fxfxrff.exec:\fxfxrff.exe116⤵
-
\??\c:\bbtbnn.exec:\bbtbnn.exe117⤵
-
\??\c:\5nnhbb.exec:\5nnhbb.exe118⤵
-
\??\c:\vppjv.exec:\vppjv.exe119⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe120⤵
-
\??\c:\lrrfrxl.exec:\lrrfrxl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-