Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
11/09/2024, 05:23
General
-
Target
7f6fb5b7c50fa7773545c8c2112189a0N.exe
-
Size
82KB
-
MD5
7f6fb5b7c50fa7773545c8c2112189a0
-
SHA1
529b3c9ad72c977c5ad64a765c07b3ed64f0e58f
-
SHA256
a5a1c4fcf2518b4d73d53569fdaa1f36773836081975ab35080769c55461b667
-
SHA512
0aea601c91b5f4212b6f5e723557f00447c81d7284f828c7068e90e031931b5a08c1face0179fb49205f87cc3e4d8806ffb1df8e22e188df7eef4a37fdf0bacf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QFq:ymb3NkkiQ3mdBjFIIp9L9QrrA8T
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 38 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f6fb5b7c50fa7773545c8c2112189a0N.exe"C:\Users\Admin\AppData\Local\Temp\7f6fb5b7c50fa7773545c8c2112189a0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbb.exec:\nhnhbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvp.exec:\vddvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpj.exec:\pjdpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhbt.exec:\nbnhbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvpj.exec:\5dvpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxrrl.exec:\lxlxrrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnthh.exec:\thnthh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxllf.exec:\fxfxllf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtnn.exec:\tnbtnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthhb.exec:\btthhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dpjd.exec:\5dpjd.exe13⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\5jdvp.exec:\5jdvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxxllf.exec:\7rxxllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnhh.exec:\tttnhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvp.exec:\djdvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppj.exec:\vjppj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxlfff.exec:\ffxlfff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbtnh.exec:\tbbtnh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbnbb.exec:\nbbnbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjv.exec:\jdjjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfrll.exec:\rllfrll.exe23⤵
- Executes dropped EXE
-
\??\c:\btnhbb.exec:\btnhbb.exe24⤵
- Executes dropped EXE
-
\??\c:\1tnhbb.exec:\1tnhbb.exe25⤵
- Executes dropped EXE
-
\??\c:\pdpjv.exec:\pdpjv.exe26⤵
- Executes dropped EXE
-
\??\c:\jvdvj.exec:\jvdvj.exe27⤵
- Executes dropped EXE
-
\??\c:\lfxrllr.exec:\lfxrllr.exe28⤵
- Executes dropped EXE
-
\??\c:\btbhnb.exec:\btbhnb.exe29⤵
- Executes dropped EXE
-
\??\c:\vjpdd.exec:\vjpdd.exe30⤵
- Executes dropped EXE
-
\??\c:\7ppjj.exec:\7ppjj.exe31⤵
- Executes dropped EXE
-
\??\c:\lffrllf.exec:\lffrllf.exe32⤵
- Executes dropped EXE
-
\??\c:\bnttnh.exec:\bnttnh.exe33⤵
- Executes dropped EXE
-
\??\c:\pvpjd.exec:\pvpjd.exe34⤵
- Executes dropped EXE
-
\??\c:\3ppjv.exec:\3ppjv.exe35⤵
- Executes dropped EXE
-
\??\c:\lxfrfxl.exec:\lxfrfxl.exe36⤵
- Executes dropped EXE
-
\??\c:\ntnbtn.exec:\ntnbtn.exe37⤵
- Executes dropped EXE
-
\??\c:\hhbhtn.exec:\hhbhtn.exe38⤵
- Executes dropped EXE
-
\??\c:\pvpdv.exec:\pvpdv.exe39⤵
- Executes dropped EXE
-
\??\c:\vddvp.exec:\vddvp.exe40⤵
- Executes dropped EXE
-
\??\c:\rllflfr.exec:\rllflfr.exe41⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe42⤵
- Executes dropped EXE
-
\??\c:\tbhhnb.exec:\tbhhnb.exe43⤵
- Executes dropped EXE
-
\??\c:\jppjj.exec:\jppjj.exe44⤵
- Executes dropped EXE
-
\??\c:\pdvvp.exec:\pdvvp.exe45⤵
- Executes dropped EXE
-
\??\c:\7fffxrl.exec:\7fffxrl.exe46⤵
- Executes dropped EXE
-
\??\c:\llfllfr.exec:\llfllfr.exe47⤵
- Executes dropped EXE
-
\??\c:\bntnhb.exec:\bntnhb.exe48⤵
- Executes dropped EXE
-
\??\c:\bbtnhh.exec:\bbtnhh.exe49⤵
- Executes dropped EXE
-
\??\c:\jvvjv.exec:\jvvjv.exe50⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe51⤵
- Executes dropped EXE
-
\??\c:\1xxrlfx.exec:\1xxrlfx.exe52⤵
- Executes dropped EXE
-
\??\c:\flxxxff.exec:\flxxxff.exe53⤵
- Executes dropped EXE
-
\??\c:\3hnhnh.exec:\3hnhnh.exe54⤵
- Executes dropped EXE
-
\??\c:\tbhbnb.exec:\tbhbnb.exe55⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe56⤵
- Executes dropped EXE
-
\??\c:\pvppj.exec:\pvppj.exe57⤵
- Executes dropped EXE
-
\??\c:\lffxfxf.exec:\lffxfxf.exe58⤵
- Executes dropped EXE
-
\??\c:\rrrrlll.exec:\rrrrlll.exe59⤵
- Executes dropped EXE
-
\??\c:\7btnhb.exec:\7btnhb.exe60⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe61⤵
- Executes dropped EXE
-
\??\c:\pvdpj.exec:\pvdpj.exe62⤵
- Executes dropped EXE
-
\??\c:\7xxxlxr.exec:\7xxxlxr.exe63⤵
- Executes dropped EXE
-
\??\c:\rlxxrrl.exec:\rlxxrrl.exe64⤵
- Executes dropped EXE
-
\??\c:\bhhbhh.exec:\bhhbhh.exe65⤵
- Executes dropped EXE
-
\??\c:\hnttbt.exec:\hnttbt.exe66⤵
-
\??\c:\7djdj.exec:\7djdj.exe67⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe68⤵
-
\??\c:\xllfxxr.exec:\xllfxxr.exe69⤵
-
\??\c:\7bnnnn.exec:\7bnnnn.exe70⤵
-
\??\c:\hbtnhn.exec:\hbtnhn.exe71⤵
-
\??\c:\bbhbnn.exec:\bbhbnn.exe72⤵
-
\??\c:\9pvjd.exec:\9pvjd.exe73⤵
-
\??\c:\5fxrffx.exec:\5fxrffx.exe74⤵
-
\??\c:\1rxxrrx.exec:\1rxxrrx.exe75⤵
-
\??\c:\lxfxrrr.exec:\lxfxrrr.exe76⤵
-
\??\c:\hnnnhb.exec:\hnnnhb.exe77⤵
-
\??\c:\jpvdj.exec:\jpvdj.exe78⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe79⤵
-
\??\c:\rlrlxxr.exec:\rlrlxxr.exe80⤵
-
\??\c:\5rlffff.exec:\5rlffff.exe81⤵
-
\??\c:\tbhhbb.exec:\tbhhbb.exe82⤵
-
\??\c:\nntntn.exec:\nntntn.exe83⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe84⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe85⤵
-
\??\c:\9frlxxr.exec:\9frlxxr.exe86⤵
-
\??\c:\lrrrrrr.exec:\lrrrrrr.exe87⤵
-
\??\c:\nttnhb.exec:\nttnhb.exe88⤵
-
\??\c:\1nnhtt.exec:\1nnhtt.exe89⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe90⤵
-
\??\c:\vjjpd.exec:\vjjpd.exe91⤵
-
\??\c:\rrxrffx.exec:\rrxrffx.exe92⤵
-
\??\c:\xlflllx.exec:\xlflllx.exe93⤵
-
\??\c:\nhbbtn.exec:\nhbbtn.exe94⤵
-
\??\c:\hbhhbh.exec:\hbhhbh.exe95⤵
-
\??\c:\ppddp.exec:\ppddp.exe96⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe97⤵
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe98⤵
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe99⤵
-
\??\c:\tnhbbt.exec:\tnhbbt.exe100⤵
-
\??\c:\bttntt.exec:\bttntt.exe101⤵
-
\??\c:\9vdvp.exec:\9vdvp.exe102⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe103⤵
-
\??\c:\lrxrrlf.exec:\lrxrrlf.exe104⤵
-
\??\c:\lfllfrl.exec:\lfllfrl.exe105⤵
-
\??\c:\xxlxffx.exec:\xxlxffx.exe106⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe107⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe108⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe109⤵
-
\??\c:\dvddp.exec:\dvddp.exe110⤵
-
\??\c:\lrlfflx.exec:\lrlfflx.exe111⤵
-
\??\c:\bttbtt.exec:\bttbtt.exe112⤵
-
\??\c:\nhbttn.exec:\nhbttn.exe113⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe114⤵
-
\??\c:\jpppj.exec:\jpppj.exe115⤵
-
\??\c:\rrrlxxr.exec:\rrrlxxr.exe116⤵
-
\??\c:\xfllfll.exec:\xfllfll.exe117⤵
-
\??\c:\nhbhbb.exec:\nhbhbb.exe118⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe119⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe120⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-