Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
12/09/2024, 05:00
General
-
Target
fecfe2ce715c2e01aedfacf2036e9440N.exe
-
Size
65KB
-
MD5
fecfe2ce715c2e01aedfacf2036e9440
-
SHA1
8b9733f0cf590e244e23e51acafb24f6bff5cfa6
-
SHA256
03fc86ed07231b32ed56cddb0de78bd4359dcd3c93bf8b8078f99fec4422b0f1
-
SHA512
13bdb7bf711961ac1d940522c8f30b3e004f7449c309b9ade40329b553f683d6cf93a41d05729b81ff0c1023afb10c808f4f248958ae9b2dee8628d0196f20e5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxe/:ymb3NkkiQ3mdBjF0y7kbU/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fecfe2ce715c2e01aedfacf2036e9440N.exe"C:\Users\Admin\AppData\Local\Temp\fecfe2ce715c2e01aedfacf2036e9440N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvjj.exec:\jvvjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxlxff.exec:\3xxlxff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxxxr.exec:\lxxxxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnnhh.exec:\3bnnhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhbb.exec:\bhnhbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxffflr.exec:\xxffflr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnnn.exec:\bttnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvvp.exec:\vdvvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rllfxr.exec:\9rllfxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdpp.exec:\jpdpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ddpd.exec:\5ddpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfxxx.exec:\rflfxxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllxxl.exec:\llllxxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhhhh.exec:\3hhhhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvp.exec:\jjjvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrllll.exec:\xlrllll.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhtnn.exec:\3nhtnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvd.exec:\vvdvd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppjd.exec:\5ppjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfrrl.exec:\lflfrrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhbb.exec:\tnhhbb.exe23⤵
- Executes dropped EXE
-
\??\c:\9hnnnn.exec:\9hnnnn.exe24⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe25⤵
- Executes dropped EXE
-
\??\c:\3jdvp.exec:\3jdvp.exe26⤵
- Executes dropped EXE
-
\??\c:\7rrrrrl.exec:\7rrrrrl.exe27⤵
- Executes dropped EXE
-
\??\c:\ffllrrf.exec:\ffllrrf.exe28⤵
- Executes dropped EXE
-
\??\c:\9btbtb.exec:\9btbtb.exe29⤵
- Executes dropped EXE
-
\??\c:\1jvjv.exec:\1jvjv.exe30⤵
- Executes dropped EXE
-
\??\c:\jvpvp.exec:\jvpvp.exe31⤵
- Executes dropped EXE
-
\??\c:\flxrllr.exec:\flxrllr.exe32⤵
- Executes dropped EXE
-
\??\c:\hhnnhh.exec:\hhnnhh.exe33⤵
- Executes dropped EXE
-
\??\c:\bhbnhb.exec:\bhbnhb.exe34⤵
- Executes dropped EXE
-
\??\c:\bnnnbb.exec:\bnnnbb.exe35⤵
- Executes dropped EXE
-
\??\c:\3djjv.exec:\3djjv.exe36⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe37⤵
- Executes dropped EXE
-
\??\c:\llxrffl.exec:\llxrffl.exe38⤵
- Executes dropped EXE
-
\??\c:\fllfrlr.exec:\fllfrlr.exe39⤵
- Executes dropped EXE
-
\??\c:\nbbttn.exec:\nbbttn.exe40⤵
- Executes dropped EXE
-
\??\c:\hhthnn.exec:\hhthnn.exe41⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe42⤵
- Executes dropped EXE
-
\??\c:\lxlfxxx.exec:\lxlfxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\bnnnhb.exec:\bnnnhb.exe44⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe45⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe46⤵
- Executes dropped EXE
-
\??\c:\rxffrfr.exec:\rxffrfr.exe47⤵
- Executes dropped EXE
-
\??\c:\htthbt.exec:\htthbt.exe48⤵
- Executes dropped EXE
-
\??\c:\hnhbnn.exec:\hnhbnn.exe49⤵
- Executes dropped EXE
-
\??\c:\dvjdv.exec:\dvjdv.exe50⤵
- Executes dropped EXE
-
\??\c:\jvdvj.exec:\jvdvj.exe51⤵
- Executes dropped EXE
-
\??\c:\lxrrlff.exec:\lxrrlff.exe52⤵
- Executes dropped EXE
-
\??\c:\rllxrxr.exec:\rllxrxr.exe53⤵
- Executes dropped EXE
-
\??\c:\7rxxrlf.exec:\7rxxrlf.exe54⤵
- Executes dropped EXE
-
\??\c:\bhnhtn.exec:\bhnhtn.exe55⤵
- Executes dropped EXE
-
\??\c:\1ntnbt.exec:\1ntnbt.exe56⤵
- Executes dropped EXE
-
\??\c:\3dpjd.exec:\3dpjd.exe57⤵
- Executes dropped EXE
-
\??\c:\9ppdd.exec:\9ppdd.exe58⤵
- Executes dropped EXE
-
\??\c:\lllfrlf.exec:\lllfrlf.exe59⤵
- Executes dropped EXE
-
\??\c:\5rfxlfx.exec:\5rfxlfx.exe60⤵
- Executes dropped EXE
-
\??\c:\tnhbnh.exec:\tnhbnh.exe61⤵
- Executes dropped EXE
-
\??\c:\ththhh.exec:\ththhh.exe62⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe63⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe64⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe65⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\llrlxrl.exec:\llrlxrl.exe66⤵
-
\??\c:\lrrlrfl.exec:\lrrlrfl.exe67⤵
-
\??\c:\btbthb.exec:\btbthb.exe68⤵
-
\??\c:\1tnhtt.exec:\1tnhtt.exe69⤵
-
\??\c:\tbtnbn.exec:\tbtnbn.exe70⤵
-
\??\c:\3pvjv.exec:\3pvjv.exe71⤵
-
\??\c:\vdvjv.exec:\vdvjv.exe72⤵
-
\??\c:\ffrllfr.exec:\ffrllfr.exe73⤵
-
\??\c:\fxrllfx.exec:\fxrllfx.exe74⤵
-
\??\c:\nnbthb.exec:\nnbthb.exe75⤵
-
\??\c:\hntnth.exec:\hntnth.exe76⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe77⤵
-
\??\c:\7ppjv.exec:\7ppjv.exe78⤵
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe79⤵
-
\??\c:\lrrfxrl.exec:\lrrfxrl.exe80⤵
-
\??\c:\nnnhnn.exec:\nnnhnn.exe81⤵
-
\??\c:\3ntnbh.exec:\3ntnbh.exe82⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe83⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe84⤵
-
\??\c:\xlllxrf.exec:\xlllxrf.exe85⤵
-
\??\c:\rlrlxxx.exec:\rlrlxxx.exe86⤵
-
\??\c:\xlxfflr.exec:\xlxfflr.exe87⤵
-
\??\c:\btbhnb.exec:\btbhnb.exe88⤵
-
\??\c:\nbtbbh.exec:\nbtbbh.exe89⤵
-
\??\c:\xllxllf.exec:\xllxllf.exe90⤵
-
\??\c:\xflfrlx.exec:\xflfrlx.exe91⤵
-
\??\c:\xffxrlf.exec:\xffxrlf.exe92⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe93⤵
-
\??\c:\rfrlxrl.exec:\rfrlxrl.exe94⤵
-
\??\c:\fxxfxfr.exec:\fxxfxfr.exe95⤵
-
\??\c:\9xxrfrf.exec:\9xxrfrf.exe96⤵
-
\??\c:\htttnn.exec:\htttnn.exe97⤵
-
\??\c:\5hhhtn.exec:\5hhhtn.exe98⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe99⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe100⤵
-
\??\c:\fffxrrr.exec:\fffxrrr.exe101⤵
-
\??\c:\1xffllr.exec:\1xffllr.exe102⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe103⤵
-
\??\c:\nntntn.exec:\nntntn.exe104⤵
-
\??\c:\3vjjj.exec:\3vjjj.exe105⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe106⤵
-
\??\c:\rllfrrl.exec:\rllfrrl.exe107⤵
-
\??\c:\tnbnnh.exec:\tnbnnh.exe108⤵
-
\??\c:\pvpdp.exec:\pvpdp.exe109⤵
-
\??\c:\fxfrrlx.exec:\fxfrrlx.exe110⤵
-
\??\c:\5frxxfr.exec:\5frxxfr.exe111⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe112⤵
-
\??\c:\bttnnh.exec:\bttnnh.exe113⤵
-
\??\c:\jpvjd.exec:\jpvjd.exe114⤵
-
\??\c:\jddpj.exec:\jddpj.exe115⤵
-
\??\c:\9xffxff.exec:\9xffxff.exe116⤵
-
\??\c:\ntbbtn.exec:\ntbbtn.exe117⤵
-
\??\c:\hhnhnn.exec:\hhnhnn.exe118⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe119⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe120⤵
-
\??\c:\xlfrfxr.exec:\xlfrfxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-