Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
09/09/2024, 00:32
General
-
Target
0a5bc6bddf843584d6e6e4de9989dc60N.exe
-
Size
91KB
-
MD5
0a5bc6bddf843584d6e6e4de9989dc60
-
SHA1
d13cc260b8cc1866d0b770c09a20c99fd69f90e1
-
SHA256
eea37b14c3caef620151916fb2431fb18142076c2ac9a731454551b68e9f7c56
-
SHA512
745d5b759a5c92731cc13ab8e4babe8cce14f8dc8109f3e3a0d68bb0a4797ea1eaa78dee122afa3596a87afdff7f86ec466e9c830016069303bac57496ae1a5e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2iJvRirE0DmmdL2jqWkB3:ymb3NkkiQ3mdBjF+3TU2iBRioSumWS1h
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0a5bc6bddf843584d6e6e4de9989dc60N.exe"C:\Users\Admin\AppData\Local\Temp\0a5bc6bddf843584d6e6e4de9989dc60N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvp.exec:\jjdvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvj.exec:\pppvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffffl.exec:\xrffffl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfxfx.exec:\frlfxfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtbt.exec:\htbtbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjv.exec:\pdjjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrrrl.exec:\rrfrrrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxxlrf.exec:\lrxxlrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbnnh.exec:\nbbnnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbthh.exec:\1nbthh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjd.exec:\vjpjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrflr.exec:\xrxrflr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnnn.exec:\httnnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnhh.exec:\bttnhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvd.exec:\dvpvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxlfxx.exec:\flxlfxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbtt.exec:\nbbbtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvp.exec:\jpdvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvp.exec:\jdvvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlrrx.exec:\frrlrrx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xfxfxf.exec:\7xfxfxf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bththh.exec:\bththh.exe23⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe24⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe25⤵
- Executes dropped EXE
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe26⤵
- Executes dropped EXE
-
\??\c:\pdddd.exec:\pdddd.exe27⤵
- Executes dropped EXE
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe28⤵
- Executes dropped EXE
-
\??\c:\bthbtn.exec:\bthbtn.exe29⤵
- Executes dropped EXE
-
\??\c:\hntthh.exec:\hntthh.exe30⤵
- Executes dropped EXE
-
\??\c:\pddvd.exec:\pddvd.exe31⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe32⤵
- Executes dropped EXE
-
\??\c:\flllffx.exec:\flllffx.exe33⤵
- Executes dropped EXE
-
\??\c:\nbbbbb.exec:\nbbbbb.exe34⤵
- Executes dropped EXE
-
\??\c:\bnhbbt.exec:\bnhbbt.exe35⤵
- Executes dropped EXE
-
\??\c:\7jjdv.exec:\7jjdv.exe36⤵
- Executes dropped EXE
-
\??\c:\pjvdd.exec:\pjvdd.exe37⤵
- Executes dropped EXE
-
\??\c:\lflfrrl.exec:\lflfrrl.exe38⤵
- Executes dropped EXE
-
\??\c:\rffxrrl.exec:\rffxrrl.exe39⤵
- Executes dropped EXE
-
\??\c:\htbtnh.exec:\htbtnh.exe40⤵
- Executes dropped EXE
-
\??\c:\nhbthh.exec:\nhbthh.exe41⤵
- Executes dropped EXE
-
\??\c:\3jjjd.exec:\3jjjd.exe42⤵
- Executes dropped EXE
-
\??\c:\jjvpd.exec:\jjvpd.exe43⤵
- Executes dropped EXE
-
\??\c:\7rrrffx.exec:\7rrrffx.exe44⤵
- Executes dropped EXE
-
\??\c:\llxfffx.exec:\llxfffx.exe45⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe46⤵
- Executes dropped EXE
-
\??\c:\ttbthh.exec:\ttbthh.exe47⤵
- Executes dropped EXE
-
\??\c:\hhnbtt.exec:\hhnbtt.exe48⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe49⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe50⤵
- Executes dropped EXE
-
\??\c:\1llfrxr.exec:\1llfrxr.exe51⤵
- Executes dropped EXE
-
\??\c:\xxfxxxx.exec:\xxfxxxx.exe52⤵
- Executes dropped EXE
-
\??\c:\nbtnnn.exec:\nbtnnn.exe53⤵
- Executes dropped EXE
-
\??\c:\thhtnt.exec:\thhtnt.exe54⤵
- Executes dropped EXE
-
\??\c:\jppjj.exec:\jppjj.exe55⤵
- Executes dropped EXE
-
\??\c:\dvjdd.exec:\dvjdd.exe56⤵
- Executes dropped EXE
-
\??\c:\xxrrlll.exec:\xxrrlll.exe57⤵
- Executes dropped EXE
-
\??\c:\rrllfxf.exec:\rrllfxf.exe58⤵
- Executes dropped EXE
-
\??\c:\hnbtnh.exec:\hnbtnh.exe59⤵
- Executes dropped EXE
-
\??\c:\5nnnhh.exec:\5nnnhh.exe60⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe61⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe62⤵
- Executes dropped EXE
-
\??\c:\xffxrlf.exec:\xffxrlf.exe63⤵
- Executes dropped EXE
-
\??\c:\fxfxffx.exec:\fxfxffx.exe64⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe65⤵
- Executes dropped EXE
-
\??\c:\nhhttn.exec:\nhhttn.exe66⤵
-
\??\c:\5jjjv.exec:\5jjjv.exe67⤵
-
\??\c:\ppppp.exec:\ppppp.exe68⤵
-
\??\c:\rffrlfr.exec:\rffrlfr.exe69⤵
-
\??\c:\bbbnbt.exec:\bbbnbt.exe70⤵
-
\??\c:\hhbbnn.exec:\hhbbnn.exe71⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe72⤵
-
\??\c:\lllxrlx.exec:\lllxrlx.exe73⤵
-
\??\c:\hbnbtt.exec:\hbnbtt.exe74⤵
-
\??\c:\bnhbbt.exec:\bnhbbt.exe75⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe76⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe77⤵
-
\??\c:\lfffrrr.exec:\lfffrrr.exe78⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bttttn.exec:\bttttn.exe79⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe80⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe81⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe82⤵
-
\??\c:\xrrlrxx.exec:\xrrlrxx.exe83⤵
-
\??\c:\rllxrrf.exec:\rllxrrf.exe84⤵
-
\??\c:\tbhnhh.exec:\tbhnhh.exe85⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe86⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe87⤵
-
\??\c:\ffrrrxx.exec:\ffrrrxx.exe88⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe89⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe90⤵
-
\??\c:\tbbbhh.exec:\tbbbhh.exe91⤵
-
\??\c:\9nttnn.exec:\9nttnn.exe92⤵
-
\??\c:\jpjdp.exec:\jpjdp.exe93⤵
-
\??\c:\xfrlllf.exec:\xfrlllf.exe94⤵
-
\??\c:\fffxrrl.exec:\fffxrrl.exe95⤵
-
\??\c:\tnbbbt.exec:\tnbbbt.exe96⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe97⤵
-
\??\c:\jdppp.exec:\jdppp.exe98⤵
-
\??\c:\3dddp.exec:\3dddp.exe99⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe100⤵
-
\??\c:\lfllxxr.exec:\lfllxxr.exe101⤵
-
\??\c:\3lxrxxr.exec:\3lxrxxr.exe102⤵
-
\??\c:\tntnbn.exec:\tntnbn.exe103⤵
-
\??\c:\nbttnt.exec:\nbttnt.exe104⤵
-
\??\c:\djpjv.exec:\djpjv.exe105⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe106⤵
-
\??\c:\lrxrrrl.exec:\lrxrrrl.exe107⤵
-
\??\c:\lrrlfff.exec:\lrrlfff.exe108⤵
-
\??\c:\nnnhtn.exec:\nnnhtn.exe109⤵
-
\??\c:\tnbbbh.exec:\tnbbbh.exe110⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe111⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe112⤵
-
\??\c:\flfrxrx.exec:\flfrxrx.exe113⤵
-
\??\c:\frlfxlf.exec:\frlfxlf.exe114⤵
-
\??\c:\hhhhtt.exec:\hhhhtt.exe115⤵
-
\??\c:\5vdvp.exec:\5vdvp.exe116⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe117⤵
-
\??\c:\xxlfrrl.exec:\xxlfrrl.exe118⤵
-
\??\c:\frrrfrl.exec:\frrrfrl.exe119⤵
-
\??\c:\lxlrlrl.exec:\lxlrlrl.exe120⤵
-
\??\c:\nbbnnn.exec:\nbbnnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-