Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
13/09/2024, 13:59
General
-
Target
40bbdb923856f2f0102acdef46ee8590N.exe
-
Size
67KB
-
MD5
40bbdb923856f2f0102acdef46ee8590
-
SHA1
72257640e3b2bac86ff17cb91db5691961d0859e
-
SHA256
6a8a543a6a1dc056191b87d2a2c35d62315104cb09199a81feb1e990a303a58a
-
SHA512
54db672061107414e520b021f95199c62f401436da3751b2dd2dc42eb900231fa5e988a27b65076e737b96dfc7975c3f57db1327bfc5ab4b8d7a06233c773a7b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27B5QF:ymb3NkkiQ3mdBjFI9c+F
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 39 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\40bbdb923856f2f0102acdef46ee8590N.exe"C:\Users\Admin\AppData\Local\Temp\40bbdb923856f2f0102acdef46ee8590N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvp.exec:\vddvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrfxxr.exec:\lrrfxxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrlflx.exec:\7rrlflx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbhb.exec:\hthbhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdj.exec:\vpjdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxlf.exec:\lflfxlf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttbb.exec:\tnttbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdp.exec:\jpjdp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlffx.exec:\flrlffx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvp.exec:\ppjvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfrllf.exec:\flfrllf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnbnb.exec:\tbnbnb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhthb.exec:\nbhthb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rffrfr.exec:\3rffrfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxrxx.exec:\llxxrxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththtn.exec:\ththtn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbnbt.exec:\bhbnbt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrrff.exec:\lffrrff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrfxl.exec:\rfxrfxl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhnb.exec:\hhbhnb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpvp.exec:\vdpvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrfxl.exec:\fxfrfxl.exe23⤵
- Executes dropped EXE
-
\??\c:\rffxffl.exec:\rffxffl.exe24⤵
- Executes dropped EXE
-
\??\c:\hthnbt.exec:\hthnbt.exe25⤵
- Executes dropped EXE
-
\??\c:\jvdpp.exec:\jvdpp.exe26⤵
- Executes dropped EXE
-
\??\c:\vvdpd.exec:\vvdpd.exe27⤵
- Executes dropped EXE
-
\??\c:\lxfrllx.exec:\lxfrllx.exe28⤵
- Executes dropped EXE
-
\??\c:\nhtbtb.exec:\nhtbtb.exe29⤵
- Executes dropped EXE
-
\??\c:\nhbthh.exec:\nhbthh.exe30⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vvdvd.exec:\vvdvd.exe31⤵
- Executes dropped EXE
-
\??\c:\rllfrrf.exec:\rllfrrf.exe32⤵
- Executes dropped EXE
-
\??\c:\lxrfrlf.exec:\lxrfrlf.exe33⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe34⤵
- Executes dropped EXE
-
\??\c:\pdvjv.exec:\pdvjv.exe35⤵
- Executes dropped EXE
-
\??\c:\djdvp.exec:\djdvp.exe36⤵
- Executes dropped EXE
-
\??\c:\xxlxrrf.exec:\xxlxrrf.exe37⤵
- Executes dropped EXE
-
\??\c:\xxrlffx.exec:\xxrlffx.exe38⤵
- Executes dropped EXE
-
\??\c:\rflflff.exec:\rflflff.exe39⤵
- Executes dropped EXE
-
\??\c:\ttbthh.exec:\ttbthh.exe40⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe41⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe42⤵
- Executes dropped EXE
-
\??\c:\lffrfxr.exec:\lffrfxr.exe43⤵
- Executes dropped EXE
-
\??\c:\fxllrrf.exec:\fxllrrf.exe44⤵
- Executes dropped EXE
-
\??\c:\5thbhb.exec:\5thbhb.exe45⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe46⤵
- Executes dropped EXE
-
\??\c:\pdjvd.exec:\pdjvd.exe47⤵
- Executes dropped EXE
-
\??\c:\3rlfxxx.exec:\3rlfxxx.exe48⤵
- Executes dropped EXE
-
\??\c:\xlrrxfr.exec:\xlrrxfr.exe49⤵
- Executes dropped EXE
-
\??\c:\thnnhh.exec:\thnnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\thtnhh.exec:\thtnhh.exe51⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe52⤵
- Executes dropped EXE
-
\??\c:\rrfrffx.exec:\rrfrffx.exe53⤵
- Executes dropped EXE
-
\??\c:\rflfllr.exec:\rflfllr.exe54⤵
- Executes dropped EXE
-
\??\c:\hnttnn.exec:\hnttnn.exe55⤵
- Executes dropped EXE
-
\??\c:\bhhbtt.exec:\bhhbtt.exe56⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe57⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe58⤵
- Executes dropped EXE
-
\??\c:\llllffx.exec:\llllffx.exe59⤵
- Executes dropped EXE
-
\??\c:\3nntnn.exec:\3nntnn.exe60⤵
- Executes dropped EXE
-
\??\c:\bbbttt.exec:\bbbttt.exe61⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe62⤵
- Executes dropped EXE
-
\??\c:\5dddp.exec:\5dddp.exe63⤵
- Executes dropped EXE
-
\??\c:\rxxrlll.exec:\rxxrlll.exe64⤵
- Executes dropped EXE
-
\??\c:\tbbbnn.exec:\tbbbnn.exe65⤵
- Executes dropped EXE
-
\??\c:\hbbhbb.exec:\hbbhbb.exe66⤵
-
\??\c:\djvpd.exec:\djvpd.exe67⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe68⤵
-
\??\c:\xrffffl.exec:\xrffffl.exe69⤵
-
\??\c:\rxlrrrr.exec:\rxlrrrr.exe70⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe71⤵
-
\??\c:\thnntb.exec:\thnntb.exe72⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe73⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe74⤵
-
\??\c:\rllfffr.exec:\rllfffr.exe75⤵
-
\??\c:\lxrlfff.exec:\lxrlfff.exe76⤵
-
\??\c:\ttbbhh.exec:\ttbbhh.exe77⤵
-
\??\c:\1tnhtb.exec:\1tnhtb.exe78⤵
-
\??\c:\7vddd.exec:\7vddd.exe79⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe80⤵
-
\??\c:\flxrllf.exec:\flxrllf.exe81⤵
-
\??\c:\rxrrrrr.exec:\rxrrrrr.exe82⤵
-
\??\c:\nbntnn.exec:\nbntnn.exe83⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe84⤵
-
\??\c:\3jjdv.exec:\3jjdv.exe85⤵
-
\??\c:\xrllfff.exec:\xrllfff.exe86⤵
-
\??\c:\lxxrllf.exec:\lxxrllf.exe87⤵
-
\??\c:\nhntbb.exec:\nhntbb.exe88⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe89⤵
-
\??\c:\rlrlllx.exec:\rlrlllx.exe90⤵
-
\??\c:\frrrllf.exec:\frrrllf.exe91⤵
-
\??\c:\fxxfffx.exec:\fxxfffx.exe92⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe93⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe94⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe95⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe96⤵
-
\??\c:\ffxrrfr.exec:\ffxrrfr.exe97⤵
-
\??\c:\lffxffr.exec:\lffxffr.exe98⤵
-
\??\c:\flrrlll.exec:\flrrlll.exe99⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe100⤵
-
\??\c:\5tbbnn.exec:\5tbbnn.exe101⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe102⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe103⤵
-
\??\c:\xxxrffx.exec:\xxxrffx.exe104⤵
-
\??\c:\xrrffrl.exec:\xrrffrl.exe105⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe106⤵
-
\??\c:\tnbbtb.exec:\tnbbtb.exe107⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe108⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe109⤵
-
\??\c:\lxxrlrr.exec:\lxxrlrr.exe110⤵
-
\??\c:\lffxrlf.exec:\lffxrlf.exe111⤵
-
\??\c:\rrrrfff.exec:\rrrrfff.exe112⤵
-
\??\c:\3bhbtt.exec:\3bhbtt.exe113⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe114⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe115⤵
-
\??\c:\3lffrrr.exec:\3lffrrr.exe116⤵
-
\??\c:\xxrrlff.exec:\xxrrlff.exe117⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe118⤵
-
\??\c:\thbhth.exec:\thbhth.exe119⤵
-
\??\c:\hhnntn.exec:\hhnntn.exe120⤵
-
\??\c:\jpddv.exec:\jpddv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-