Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
12/09/2024, 15:42
General
-
Target
98823d081f9d8f5b7ec5dbd17a9e0ad0N.exe
-
Size
230KB
-
MD5
98823d081f9d8f5b7ec5dbd17a9e0ad0
-
SHA1
9da4a69ecc34731a23cc1f8c0391535c609f7bb8
-
SHA256
5bb121b3a6d6dc16354110ad8849eec1e632567eef4b3b8f55d54d6eecd81fde
-
SHA512
8fc578d1ec11c309b42fdbe50560328009579cfa78776fd07424f23c521049627e78b55a98cff6b55ab3bb1c4941f23f529b887c6d22eee4a4a203934ccf3d61
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLjBeG+d:n3C9BRo7MlrWKo+lxKu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\98823d081f9d8f5b7ec5dbd17a9e0ad0N.exe"C:\Users\Admin\AppData\Local\Temp\98823d081f9d8f5b7ec5dbd17a9e0ad0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvv.exec:\dpdvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdd.exec:\pjvdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lfxffl.exec:\5lfxffl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbthh.exec:\thbthh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpvp.exec:\vjpvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppj.exec:\vvppj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrllll.exec:\lrrllll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhbb.exec:\hbhhbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppj.exec:\vvppj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fllflf.exec:\1fllflf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbtt.exec:\hbhbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vddd.exec:\9vddd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlllf.exec:\ffrlllf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnhh.exec:\nhnnhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrlll.exec:\xxxrlll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhttnn.exec:\bhttnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbbtt.exec:\bhbbtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxlll.exec:\xrrxlll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnhh.exec:\hbnnhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvp.exec:\jddvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxfrx.exec:\rllxfrx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrllf.exec:\xlxrllf.exe23⤵
- Executes dropped EXE
-
\??\c:\nbnthb.exec:\nbnthb.exe24⤵
- Executes dropped EXE
-
\??\c:\7vdjj.exec:\7vdjj.exe25⤵
- Executes dropped EXE
-
\??\c:\frrlxfr.exec:\frrlxfr.exe26⤵
- Executes dropped EXE
-
\??\c:\ntbnht.exec:\ntbnht.exe27⤵
- Executes dropped EXE
-
\??\c:\1ntnhh.exec:\1ntnhh.exe28⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\5jdvv.exec:\5jdvv.exe29⤵
- Executes dropped EXE
-
\??\c:\9rrllfl.exec:\9rrllfl.exe30⤵
- Executes dropped EXE
-
\??\c:\ntnhbt.exec:\ntnhbt.exe31⤵
- Executes dropped EXE
-
\??\c:\ppppp.exec:\ppppp.exe32⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lxxrxxr.exec:\lxxrxxr.exe33⤵
- Executes dropped EXE
-
\??\c:\1jpjj.exec:\1jpjj.exe34⤵
- Executes dropped EXE
-
\??\c:\lffxxxx.exec:\lffxxxx.exe35⤵
- Executes dropped EXE
-
\??\c:\xlrrxxf.exec:\xlrrxxf.exe36⤵
- Executes dropped EXE
-
\??\c:\hhttbh.exec:\hhttbh.exe37⤵
- Executes dropped EXE
-
\??\c:\bbbthh.exec:\bbbthh.exe38⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe39⤵
- Executes dropped EXE
-
\??\c:\lrxrxxf.exec:\lrxrxxf.exe40⤵
- Executes dropped EXE
-
\??\c:\xxrlllf.exec:\xxrlllf.exe41⤵
- Executes dropped EXE
-
\??\c:\ntbtnn.exec:\ntbtnn.exe42⤵
- Executes dropped EXE
-
\??\c:\7vdvp.exec:\7vdvp.exe43⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe44⤵
- Executes dropped EXE
-
\??\c:\fxlfxfx.exec:\fxlfxfx.exe45⤵
- Executes dropped EXE
-
\??\c:\nhhbbt.exec:\nhhbbt.exe46⤵
- Executes dropped EXE
-
\??\c:\tbnbtt.exec:\tbnbtt.exe47⤵
- Executes dropped EXE
-
\??\c:\dvjdv.exec:\dvjdv.exe48⤵
- Executes dropped EXE
-
\??\c:\pvdpj.exec:\pvdpj.exe49⤵
- Executes dropped EXE
-
\??\c:\xfllffl.exec:\xfllffl.exe50⤵
- Executes dropped EXE
-
\??\c:\5tbttt.exec:\5tbttt.exe51⤵
- Executes dropped EXE
-
\??\c:\3pdvj.exec:\3pdvj.exe52⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe53⤵
- Executes dropped EXE
-
\??\c:\lllffff.exec:\lllffff.exe54⤵
- Executes dropped EXE
-
\??\c:\9htntt.exec:\9htntt.exe55⤵
- Executes dropped EXE
-
\??\c:\nnbtnn.exec:\nnbtnn.exe56⤵
- Executes dropped EXE
-
\??\c:\pvvdp.exec:\pvvdp.exe57⤵
- Executes dropped EXE
-
\??\c:\flxlffx.exec:\flxlffx.exe58⤵
- Executes dropped EXE
-
\??\c:\fxfxxrr.exec:\fxfxxrr.exe59⤵
- Executes dropped EXE
-
\??\c:\5hnhhh.exec:\5hnhhh.exe60⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe61⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe62⤵
- Executes dropped EXE
-
\??\c:\lxrlxxr.exec:\lxrlxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\xlffxxr.exec:\xlffxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\5nnnhh.exec:\5nnnhh.exe65⤵
- Executes dropped EXE
-
\??\c:\9djdp.exec:\9djdp.exe66⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe67⤵
-
\??\c:\fxxlxrr.exec:\fxxlxrr.exe68⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe69⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe70⤵
-
\??\c:\jdddv.exec:\jdddv.exe71⤵
-
\??\c:\rxllfff.exec:\rxllfff.exe72⤵
-
\??\c:\nnbtbb.exec:\nnbtbb.exe73⤵
-
\??\c:\tnttnt.exec:\tnttnt.exe74⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe75⤵
-
\??\c:\rlrrllf.exec:\rlrrllf.exe76⤵
-
\??\c:\fflrrrr.exec:\fflrrrr.exe77⤵
-
\??\c:\bthbhh.exec:\bthbhh.exe78⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe79⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe80⤵
-
\??\c:\xlrlffx.exec:\xlrlffx.exe81⤵
-
\??\c:\ffllfrr.exec:\ffllfrr.exe82⤵
-
\??\c:\3hhhbh.exec:\3hhhbh.exe83⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe84⤵
-
\??\c:\rrxrflf.exec:\rrxrflf.exe85⤵
-
\??\c:\fffxllx.exec:\fffxllx.exe86⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe87⤵
-
\??\c:\7pppp.exec:\7pppp.exe88⤵
-
\??\c:\1llfffx.exec:\1llfffx.exe89⤵
-
\??\c:\lfxxrrr.exec:\lfxxrrr.exe90⤵
-
\??\c:\7nthnn.exec:\7nthnn.exe91⤵
-
\??\c:\nnbnhh.exec:\nnbnhh.exe92⤵
-
\??\c:\9vvpp.exec:\9vvpp.exe93⤵
-
\??\c:\rlrlrrr.exec:\rlrlrrr.exe94⤵
-
\??\c:\fxllxff.exec:\fxllxff.exe95⤵
-
\??\c:\bthbhb.exec:\bthbhb.exe96⤵
-
\??\c:\3dddd.exec:\3dddd.exe97⤵
-
\??\c:\7vvpj.exec:\7vvpj.exe98⤵
-
\??\c:\lfxrfff.exec:\lfxrfff.exe99⤵
-
\??\c:\ffxrxxf.exec:\ffxrxxf.exe100⤵
-
\??\c:\nhtnbb.exec:\nhtnbb.exe101⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe102⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe103⤵
-
\??\c:\7xxrfff.exec:\7xxrfff.exe104⤵
-
\??\c:\1lrlfff.exec:\1lrlfff.exe105⤵
-
\??\c:\bhnnnn.exec:\bhnnnn.exe106⤵
-
\??\c:\bbnhtn.exec:\bbnhtn.exe107⤵
-
\??\c:\1jvpp.exec:\1jvpp.exe108⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe109⤵
-
\??\c:\fflxllf.exec:\fflxllf.exe110⤵
-
\??\c:\3hnbnn.exec:\3hnbnn.exe111⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe112⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe113⤵
-
\??\c:\rlrlffl.exec:\rlrlffl.exe114⤵
-
\??\c:\5ddpj.exec:\5ddpj.exe115⤵
-
\??\c:\lrxxrxx.exec:\lrxxrxx.exe116⤵
-
\??\c:\rlllfff.exec:\rlllfff.exe117⤵
-
\??\c:\bnhthb.exec:\bnhthb.exe118⤵
-
\??\c:\djpvp.exec:\djpvp.exe119⤵
-
\??\c:\xrffxxr.exec:\xrffxxr.exe120⤵
-
\??\c:\xrllrrx.exec:\xrllrrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-