Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
11/09/2024, 10:06
General
-
Target
b0caad2c7f83a89d0cc9a391cf2f871355a1fd63f0f821164035d382b79faf36.exe
-
Size
64KB
-
MD5
9a6b6b4f4e785bb958c9f7081c82add4
-
SHA1
edaa8204e0b1bdf788abdbdba554bb45a06630cb
-
SHA256
b0caad2c7f83a89d0cc9a391cf2f871355a1fd63f0f821164035d382b79faf36
-
SHA512
d5ccf6c5f1adb6fc31463e77a10c5dfaf8e8d5dc65d508074e19027629332a834c7cea7356923423dab3eb1cce46e187a46dfddf8c5477b737bef20472cd949a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qPt5:ymb3NkkiQ3mdBjFIj+qX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b0caad2c7f83a89d0cc9a391cf2f871355a1fd63f0f821164035d382b79faf36.exe"C:\Users\Admin\AppData\Local\Temp\b0caad2c7f83a89d0cc9a391cf2f871355a1fd63f0f821164035d382b79faf36.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhbb.exec:\tbhhbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhnt.exec:\bbbhnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjd.exec:\dpvjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxlfx.exec:\xffxlfx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbtt.exec:\thhbtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvdp.exec:\5dvdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjv.exec:\vppjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rllxrr.exec:\5rllxrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhnnb.exec:\nhhnnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbttt.exec:\7tbttt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdv.exec:\pjpdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlxlrf.exec:\xxlxlrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntntn.exec:\tntntn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tbtth.exec:\1tbtth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjd.exec:\dvvjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvp.exec:\dvdvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxrffr.exec:\xfxrffr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nbtnn.exec:\9nbtnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnhh.exec:\nnnnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpd.exec:\ddvpd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxlll.exec:\rxfxlll.exe23⤵
- Executes dropped EXE
-
\??\c:\rffrllf.exec:\rffrllf.exe24⤵
- Executes dropped EXE
-
\??\c:\bnhhbb.exec:\bnhhbb.exe25⤵
- Executes dropped EXE
-
\??\c:\hntnbb.exec:\hntnbb.exe26⤵
- Executes dropped EXE
-
\??\c:\pvjpd.exec:\pvjpd.exe27⤵
- Executes dropped EXE
-
\??\c:\fxxxxrx.exec:\fxxxxrx.exe28⤵
- Executes dropped EXE
-
\??\c:\xrxrllf.exec:\xrxrllf.exe29⤵
- Executes dropped EXE
-
\??\c:\ntbbtt.exec:\ntbbtt.exe30⤵
- Executes dropped EXE
-
\??\c:\7jjdv.exec:\7jjdv.exe31⤵
- Executes dropped EXE
-
\??\c:\1pjdv.exec:\1pjdv.exe32⤵
- Executes dropped EXE
-
\??\c:\dvddp.exec:\dvddp.exe33⤵
- Executes dropped EXE
-
\??\c:\rxxrllf.exec:\rxxrllf.exe34⤵
- Executes dropped EXE
-
\??\c:\ttnhbb.exec:\ttnhbb.exe35⤵
- Executes dropped EXE
-
\??\c:\5hnbbb.exec:\5hnbbb.exe36⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe37⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe38⤵
- Executes dropped EXE
-
\??\c:\dppjv.exec:\dppjv.exe39⤵
- Executes dropped EXE
-
\??\c:\xrrrfff.exec:\xrrrfff.exe40⤵
- Executes dropped EXE
-
\??\c:\1lfrlxl.exec:\1lfrlxl.exe41⤵
- Executes dropped EXE
-
\??\c:\xlrlxrf.exec:\xlrlxrf.exe42⤵
- Executes dropped EXE
-
\??\c:\nhhbbn.exec:\nhhbbn.exe43⤵
- Executes dropped EXE
-
\??\c:\5bbntn.exec:\5bbntn.exe44⤵
- Executes dropped EXE
-
\??\c:\7nbnbn.exec:\7nbnbn.exe45⤵
- Executes dropped EXE
-
\??\c:\dpjdp.exec:\dpjdp.exe46⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe47⤵
- Executes dropped EXE
-
\??\c:\xrrfxrr.exec:\xrrfxrr.exe48⤵
- Executes dropped EXE
-
\??\c:\fxrxxrl.exec:\fxrxxrl.exe49⤵
- Executes dropped EXE
-
\??\c:\rrxlxlx.exec:\rrxlxlx.exe50⤵
- Executes dropped EXE
-
\??\c:\thnhhb.exec:\thnhhb.exe51⤵
- Executes dropped EXE
-
\??\c:\thbntn.exec:\thbntn.exe52⤵
- Executes dropped EXE
-
\??\c:\djjjj.exec:\djjjj.exe53⤵
- Executes dropped EXE
-
\??\c:\5vvdp.exec:\5vvdp.exe54⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe55⤵
- Executes dropped EXE
-
\??\c:\lflxrrl.exec:\lflxrrl.exe56⤵
- Executes dropped EXE
-
\??\c:\rfrrxrr.exec:\rfrrxrr.exe57⤵
- Executes dropped EXE
-
\??\c:\bbbthb.exec:\bbbthb.exe58⤵
- Executes dropped EXE
-
\??\c:\nbtbnb.exec:\nbtbnb.exe59⤵
- Executes dropped EXE
-
\??\c:\vjpvp.exec:\vjpvp.exe60⤵
- Executes dropped EXE
-
\??\c:\jpjpd.exec:\jpjpd.exe61⤵
- Executes dropped EXE
-
\??\c:\dppdj.exec:\dppdj.exe62⤵
- Executes dropped EXE
-
\??\c:\1lfrfxl.exec:\1lfrfxl.exe63⤵
- Executes dropped EXE
-
\??\c:\frfxlfx.exec:\frfxlfx.exe64⤵
- Executes dropped EXE
-
\??\c:\nnbhhn.exec:\nnbhhn.exe65⤵
- Executes dropped EXE
-
\??\c:\pjpdd.exec:\pjpdd.exe66⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe67⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe68⤵
-
\??\c:\5llflfx.exec:\5llflfx.exe69⤵
-
\??\c:\xxfxrrl.exec:\xxfxrrl.exe70⤵
-
\??\c:\htthtn.exec:\htthtn.exe71⤵
-
\??\c:\tnnbnh.exec:\tnnbnh.exe72⤵
-
\??\c:\bnhthb.exec:\bnhthb.exe73⤵
-
\??\c:\jddjp.exec:\jddjp.exe74⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe75⤵
-
\??\c:\rlfrfxr.exec:\rlfrfxr.exe76⤵
-
\??\c:\frlrfrf.exec:\frlrfrf.exe77⤵
-
\??\c:\btnhhb.exec:\btnhhb.exe78⤵
-
\??\c:\bnnbnh.exec:\bnnbnh.exe79⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe80⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe81⤵
-
\??\c:\lxrlrlf.exec:\lxrlrlf.exe82⤵
-
\??\c:\lrrfllr.exec:\lrrfllr.exe83⤵
-
\??\c:\rfffxfx.exec:\rfffxfx.exe84⤵
-
\??\c:\9nnbtn.exec:\9nnbtn.exe85⤵
-
\??\c:\vjjdj.exec:\vjjdj.exe86⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe87⤵
-
\??\c:\rrxfrll.exec:\rrxfrll.exe88⤵
-
\??\c:\lflrlxx.exec:\lflrlxx.exe89⤵
-
\??\c:\nhhtnh.exec:\nhhtnh.exe90⤵
-
\??\c:\1bhbhb.exec:\1bhbhb.exe91⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe92⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe93⤵
-
\??\c:\xfxlfxl.exec:\xfxlfxl.exe94⤵
-
\??\c:\lrxrffx.exec:\lrxrffx.exe95⤵
-
\??\c:\ttnnbb.exec:\ttnnbb.exe96⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe97⤵
-
\??\c:\rxxlffx.exec:\rxxlffx.exe98⤵
-
\??\c:\1xxxrll.exec:\1xxxrll.exe99⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe100⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe101⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe102⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe103⤵
-
\??\c:\7lrffrr.exec:\7lrffrr.exe104⤵
-
\??\c:\btnthb.exec:\btnthb.exe105⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe106⤵
-
\??\c:\1tnhhh.exec:\1tnhhh.exe107⤵
-
\??\c:\vddjp.exec:\vddjp.exe108⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe109⤵
-
\??\c:\7jddp.exec:\7jddp.exe110⤵
-
\??\c:\rxffxxx.exec:\rxffxxx.exe111⤵
-
\??\c:\9bhhbh.exec:\9bhhbh.exe112⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe113⤵
-
\??\c:\djjjp.exec:\djjjp.exe114⤵
-
\??\c:\lfrxfrx.exec:\lfrxfrx.exe115⤵
-
\??\c:\rfxxxxx.exec:\rfxxxxx.exe116⤵
-
\??\c:\3lllfff.exec:\3lllfff.exe117⤵
-
\??\c:\btnhnn.exec:\btnhnn.exe118⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe119⤵
-
\??\c:\rlfxxxr.exec:\rlfxxxr.exe120⤵
-
\??\c:\tntttt.exec:\tntttt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-