Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
13/09/2024, 21:44
General
-
Target
555ec86ee090a9ab3319ac75746be4e4e0f447e1f07ebf70486768b07a9e4181.exe
-
Size
64KB
-
MD5
6411652fed2bc73d96e797a3d7ab1953
-
SHA1
9dcdadd68388776606e272a952b389904b7abe2f
-
SHA256
555ec86ee090a9ab3319ac75746be4e4e0f447e1f07ebf70486768b07a9e4181
-
SHA512
6977a48ad4c75f2abb8b7ee560c1a3b90618a1ea1ca8d4d14d247f1cc762687ad7ffb9415bc1a0e1bf75be2b005dd678fdc6b098c75dc7cad0ff6e0a98d3b244
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxiT:ymb3NkkiQ3mdBjF0y7kbQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\555ec86ee090a9ab3319ac75746be4e4e0f447e1f07ebf70486768b07a9e4181.exe"C:\Users\Admin\AppData\Local\Temp\555ec86ee090a9ab3319ac75746be4e4e0f447e1f07ebf70486768b07a9e4181.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrffxf.exec:\xlrffxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btttt.exec:\9btttt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvdd.exec:\dpvdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhnhb.exec:\bnhnhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxflfl.exec:\9lxflfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffxfx.exec:\xrffxfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ttttb.exec:\7ttttb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppj.exec:\dpppj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rffxfx.exec:\3rffxfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbnhn.exec:\thbnhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbtn.exec:\bthbtn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddvp.exec:\7ddvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrrrrr.exec:\1lrrrrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhhhh.exec:\1hhhhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbtht.exec:\9hbtht.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdvp.exec:\5vdvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlxll.exec:\rrrlxll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfflrf.exec:\xxfflrf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttnn.exec:\btttnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdpj.exec:\jjdpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrlffl.exec:\5lrlffl.exe23⤵
- Executes dropped EXE
-
\??\c:\fxxxrrf.exec:\fxxxrrf.exe24⤵
- Executes dropped EXE
-
\??\c:\3nnhbt.exec:\3nnhbt.exe25⤵
- Executes dropped EXE
-
\??\c:\1tbttt.exec:\1tbttt.exe26⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe27⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe28⤵
- Executes dropped EXE
-
\??\c:\lxfxllf.exec:\lxfxllf.exe29⤵
- Executes dropped EXE
-
\??\c:\nhnhtn.exec:\nhnhtn.exe30⤵
- Executes dropped EXE
-
\??\c:\tbhtnh.exec:\tbhtnh.exe31⤵
- Executes dropped EXE
-
\??\c:\jvjjd.exec:\jvjjd.exe32⤵
- Executes dropped EXE
-
\??\c:\dppdv.exec:\dppdv.exe33⤵
- Executes dropped EXE
-
\??\c:\lxrfxlf.exec:\lxrfxlf.exe34⤵
- Executes dropped EXE
-
\??\c:\hhhtnn.exec:\hhhtnn.exe35⤵
- Executes dropped EXE
-
\??\c:\5bhbbt.exec:\5bhbbt.exe36⤵
- Executes dropped EXE
-
\??\c:\5jppp.exec:\5jppp.exe37⤵
- Executes dropped EXE
-
\??\c:\3xxrlxr.exec:\3xxrlxr.exe38⤵
- Executes dropped EXE
-
\??\c:\rffffff.exec:\rffffff.exe39⤵
- Executes dropped EXE
-
\??\c:\5hnnnn.exec:\5hnnnn.exe40⤵
- Executes dropped EXE
-
\??\c:\btnthn.exec:\btnthn.exe41⤵
-
\??\c:\9vvpd.exec:\9vvpd.exe42⤵
- Executes dropped EXE
-
\??\c:\7pppj.exec:\7pppj.exe43⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe44⤵
- Executes dropped EXE
-
\??\c:\1xfxffx.exec:\1xfxffx.exe45⤵
- Executes dropped EXE
-
\??\c:\3lrrlll.exec:\3lrrlll.exe46⤵
- Executes dropped EXE
-
\??\c:\tbttth.exec:\tbttth.exe47⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe48⤵
- Executes dropped EXE
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe49⤵
- Executes dropped EXE
-
\??\c:\lllrrrr.exec:\lllrrrr.exe50⤵
- Executes dropped EXE
-
\??\c:\3bhbbh.exec:\3bhbbh.exe51⤵
- Executes dropped EXE
-
\??\c:\ttnhbb.exec:\ttnhbb.exe52⤵
- Executes dropped EXE
-
\??\c:\jdvpv.exec:\jdvpv.exe53⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe54⤵
- Executes dropped EXE
-
\??\c:\fxxrrll.exec:\fxxrrll.exe55⤵
- Executes dropped EXE
-
\??\c:\xllfxlf.exec:\xllfxlf.exe56⤵
- Executes dropped EXE
-
\??\c:\tttthh.exec:\tttthh.exe57⤵
- Executes dropped EXE
-
\??\c:\bntthn.exec:\bntthn.exe58⤵
- Executes dropped EXE
-
\??\c:\vdvjd.exec:\vdvjd.exe59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vpjdd.exec:\vpjdd.exe60⤵
- Executes dropped EXE
-
\??\c:\7lrlllf.exec:\7lrlllf.exe61⤵
- Executes dropped EXE
-
\??\c:\lllrrrf.exec:\lllrrrf.exe62⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe63⤵
- Executes dropped EXE
-
\??\c:\tntnbh.exec:\tntnbh.exe64⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe65⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe66⤵
- Executes dropped EXE
-
\??\c:\rrrlfff.exec:\rrrlfff.exe67⤵
-
\??\c:\3rfxrxr.exec:\3rfxrxr.exe68⤵
-
\??\c:\nhnbbb.exec:\nhnbbb.exe69⤵
-
\??\c:\nbhbht.exec:\nbhbht.exe70⤵
-
\??\c:\jjppp.exec:\jjppp.exe71⤵
-
\??\c:\rrfxxxx.exec:\rrfxxxx.exe72⤵
-
\??\c:\fxrrlll.exec:\fxrrlll.exe73⤵
-
\??\c:\thnhnh.exec:\thnhnh.exe74⤵
-
\??\c:\nbhbtn.exec:\nbhbtn.exe75⤵
-
\??\c:\7pvpv.exec:\7pvpv.exe76⤵
-
\??\c:\1pvpj.exec:\1pvpj.exe77⤵
-
\??\c:\rxllllr.exec:\rxllllr.exe78⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe79⤵
-
\??\c:\bnntbn.exec:\bnntbn.exe80⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pvpdv.exec:\pvpdv.exe81⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe82⤵
-
\??\c:\xflfxrl.exec:\xflfxrl.exe83⤵
-
\??\c:\7xrrrrx.exec:\7xrrrrx.exe84⤵
-
\??\c:\tnhhhh.exec:\tnhhhh.exe85⤵
-
\??\c:\tnbttt.exec:\tnbttt.exe86⤵
-
\??\c:\pjppp.exec:\pjppp.exe87⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe88⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe89⤵
-
\??\c:\ntntnb.exec:\ntntnb.exe90⤵
-
\??\c:\pddvv.exec:\pddvv.exe91⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe92⤵
-
\??\c:\rllffff.exec:\rllffff.exe93⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe94⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe95⤵
-
\??\c:\9djjd.exec:\9djjd.exe96⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe97⤵
-
\??\c:\5ffxrrl.exec:\5ffxrrl.exe98⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe99⤵
-
\??\c:\htbttb.exec:\htbttb.exe100⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe101⤵
-
\??\c:\djppj.exec:\djppj.exe102⤵
-
\??\c:\rrxxrrf.exec:\rrxxrrf.exe103⤵
-
\??\c:\xxxrrrl.exec:\xxxrrrl.exe104⤵
-
\??\c:\httbnt.exec:\httbnt.exe105⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe106⤵
-
\??\c:\dppjd.exec:\dppjd.exe107⤵
-
\??\c:\7flrlxr.exec:\7flrlxr.exe108⤵
-
\??\c:\rffxrrr.exec:\rffxrrr.exe109⤵
-
\??\c:\nnbtbb.exec:\nnbtbb.exe110⤵
-
\??\c:\bttnht.exec:\bttnht.exe111⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe112⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe113⤵
-
\??\c:\lxrrflf.exec:\lxrrflf.exe114⤵
-
\??\c:\fxrlrll.exec:\fxrlrll.exe115⤵
-
\??\c:\hhbnhh.exec:\hhbnhh.exe116⤵
-
\??\c:\jpppp.exec:\jpppp.exe117⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe118⤵
-
\??\c:\lxxrfrl.exec:\lxxrfrl.exe119⤵
-
\??\c:\tbnhhb.exec:\tbnhhb.exe120⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-