Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
12/09/2024, 14:50
General
-
Target
fef84f1303aebad11cfcadb00d040540N.exe
-
Size
316KB
-
MD5
fef84f1303aebad11cfcadb00d040540
-
SHA1
3e5da9fe11dc42bb8e23a8af090f75550dffcb45
-
SHA256
3ffbaef5883013b0235655a7bbb5f430bb72c7485da620e7768b67f238f17c5a
-
SHA512
cfb334a1e6ce1a77d2743b12e587a6e7fbe867f53f863e621bd6c21a664b6e079e1c611a70720324ea6d1dcfad118a857208133ed77119e450628fbe49ef9e55
-
SSDEEP
6144:n3C9BRo/AIX2h97aUzpbBj3+b2ziJC39QS8hDJd+Q7ZLbjwm8:n3C9uDC97aUFbZ42ziM39QS8hDJd+Q74
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fef84f1303aebad11cfcadb00d040540N.exe"C:\Users\Admin\AppData\Local\Temp\fef84f1303aebad11cfcadb00d040540N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxxxx.exec:\rrxxxxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rflfrl.exec:\5rflfrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbttt.exec:\hbbttt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbnn.exec:\hbbbnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjd.exec:\dpvjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrrrl.exec:\rfrrrrl.exe7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhhbb.exec:\bhhhbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rlllll.exec:\7rlllll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfrlll.exec:\lxfrlll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjd.exec:\pjjjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvj.exec:\vjjvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xfrlfr.exec:\1xfrlfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtn.exec:\nbhbtn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlrlx.exec:\flrlrlx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrxfxl.exec:\rxrxfxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbnht.exec:\9bbnht.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflrfxl.exec:\xflrfxl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxrlfx.exec:\5fxrlfx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbnb.exec:\bhhbnb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpd.exec:\jvdpd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxffllr.exec:\rxffllr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpv.exec:\ppvpv.exe23⤵
- Executes dropped EXE
-
\??\c:\djjpd.exec:\djjpd.exe24⤵
- Executes dropped EXE
-
\??\c:\ttbtht.exec:\ttbtht.exe25⤵
- Executes dropped EXE
-
\??\c:\hbthth.exec:\hbthth.exe26⤵
- Executes dropped EXE
-
\??\c:\jvvvj.exec:\jvvvj.exe27⤵
- Executes dropped EXE
-
\??\c:\9ttnbt.exec:\9ttnbt.exe28⤵
- Executes dropped EXE
-
\??\c:\ppdvj.exec:\ppdvj.exe29⤵
- Executes dropped EXE
-
\??\c:\rrrfrfr.exec:\rrrfrfr.exe30⤵
- Executes dropped EXE
-
\??\c:\lrlxlxl.exec:\lrlxlxl.exe31⤵
- Executes dropped EXE
-
\??\c:\btbttn.exec:\btbttn.exe32⤵
- Executes dropped EXE
-
\??\c:\7pvvp.exec:\7pvvp.exe33⤵
- Executes dropped EXE
-
\??\c:\lrxfrll.exec:\lrxfrll.exe34⤵
- Executes dropped EXE
-
\??\c:\hnbttt.exec:\hnbttt.exe35⤵
- Executes dropped EXE
-
\??\c:\jjpvp.exec:\jjpvp.exe36⤵
- Executes dropped EXE
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe37⤵
- Executes dropped EXE
-
\??\c:\1hnhbt.exec:\1hnhbt.exe38⤵
- Executes dropped EXE
-
\??\c:\bbnbhb.exec:\bbnbhb.exe39⤵
- Executes dropped EXE
-
\??\c:\1dvjd.exec:\1dvjd.exe40⤵
- Executes dropped EXE
-
\??\c:\frrlrfx.exec:\frrlrfx.exe41⤵
- Executes dropped EXE
-
\??\c:\bnnhbt.exec:\bnnhbt.exe42⤵
- Executes dropped EXE
-
\??\c:\bbnntn.exec:\bbnntn.exe43⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe44⤵
- Executes dropped EXE
-
\??\c:\5rxxxxx.exec:\5rxxxxx.exe45⤵
- Executes dropped EXE
-
\??\c:\lrflrxf.exec:\lrflrxf.exe46⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe47⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe48⤵
- Executes dropped EXE
-
\??\c:\frxfrxx.exec:\frxfrxx.exe49⤵
- Executes dropped EXE
-
\??\c:\llfrlrr.exec:\llfrlrr.exe50⤵
- Executes dropped EXE
-
\??\c:\nttnhb.exec:\nttnhb.exe51⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe52⤵
- Executes dropped EXE
-
\??\c:\lrxlxxr.exec:\lrxlxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\frxrllf.exec:\frxrllf.exe54⤵
- Executes dropped EXE
-
\??\c:\thhbtt.exec:\thhbtt.exe55⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe56⤵
- Executes dropped EXE
-
\??\c:\dvjdd.exec:\dvjdd.exe57⤵
- Executes dropped EXE
-
\??\c:\rrllfxx.exec:\rrllfxx.exe58⤵
- Executes dropped EXE
-
\??\c:\bthbbb.exec:\bthbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\nbhbtb.exec:\nbhbtb.exe60⤵
- Executes dropped EXE
-
\??\c:\jvjdd.exec:\jvjdd.exe61⤵
- Executes dropped EXE
-
\??\c:\nnhhhh.exec:\nnhhhh.exe62⤵
- Executes dropped EXE
-
\??\c:\9pvpv.exec:\9pvpv.exe63⤵
- Executes dropped EXE
-
\??\c:\9rrrlxx.exec:\9rrrlxx.exe64⤵
- Executes dropped EXE
-
\??\c:\rrxrxxr.exec:\rrxrxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe66⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe67⤵
-
\??\c:\7vjdd.exec:\7vjdd.exe68⤵
-
\??\c:\frxxrrr.exec:\frxxrrr.exe69⤵
-
\??\c:\btbbbt.exec:\btbbbt.exe70⤵
-
\??\c:\bbhbhh.exec:\bbhbhh.exe71⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe72⤵
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe73⤵
-
\??\c:\frffxxx.exec:\frffxxx.exe74⤵
-
\??\c:\9ntnhh.exec:\9ntnhh.exe75⤵
-
\??\c:\7bnhnt.exec:\7bnhnt.exe76⤵
-
\??\c:\vppjd.exec:\vppjd.exe77⤵
-
\??\c:\vjddv.exec:\vjddv.exe78⤵
-
\??\c:\3llfxrl.exec:\3llfxrl.exe79⤵
-
\??\c:\btbtbt.exec:\btbtbt.exe80⤵
-
\??\c:\thhbbt.exec:\thhbbt.exe81⤵
-
\??\c:\5vpjd.exec:\5vpjd.exe82⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe83⤵
-
\??\c:\5rrfxxx.exec:\5rrfxxx.exe84⤵
-
\??\c:\3frlffx.exec:\3frlffx.exe85⤵
-
\??\c:\hnbbbb.exec:\hnbbbb.exe86⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe87⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe88⤵
-
\??\c:\rlxfffx.exec:\rlxfffx.exe89⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe90⤵
-
\??\c:\hbhbtb.exec:\hbhbtb.exe91⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe92⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe93⤵
-
\??\c:\ttthbb.exec:\ttthbb.exe94⤵
-
\??\c:\hthbtt.exec:\hthbtt.exe95⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe96⤵
-
\??\c:\9dddv.exec:\9dddv.exe97⤵
-
\??\c:\fxxxxrx.exec:\fxxxxrx.exe98⤵
-
\??\c:\lxfxrxr.exec:\lxfxrxr.exe99⤵
-
\??\c:\tnbbht.exec:\tnbbht.exe100⤵
-
\??\c:\vpppj.exec:\vpppj.exe101⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe102⤵
-
\??\c:\jpjdj.exec:\jpjdj.exe103⤵
-
\??\c:\lfxrrrr.exec:\lfxrrrr.exe104⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe105⤵
-
\??\c:\nhbhhh.exec:\nhbhhh.exe106⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe107⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe108⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe109⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe110⤵
-
\??\c:\lffxxrl.exec:\lffxxrl.exe111⤵
-
\??\c:\xllffxx.exec:\xllffxx.exe112⤵
-
\??\c:\hbhbbt.exec:\hbhbbt.exe113⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe114⤵
-
\??\c:\xrxrxrx.exec:\xrxrxrx.exe115⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe116⤵
-
\??\c:\nbhbbn.exec:\nbhbbn.exe117⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe118⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe119⤵
-
\??\c:\xxlxxxf.exec:\xxlxxxf.exe120⤵
-
\??\c:\5xrfxfl.exec:\5xrfxfl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-