Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14/09/2024, 22:45
General
-
Target
5dff1f9213d36b3d18184aff20a62f10N.exe
-
Size
66KB
-
MD5
5dff1f9213d36b3d18184aff20a62f10
-
SHA1
8fc877dc0dc9760d0f0c9481ea2889b50023a864
-
SHA256
84aeac416aa10e32f95e9ffb24b6e245b510fb947cd5686bc4ac7a126825d804
-
SHA512
ce4f1b0c12a6f9924a031deefd36f8c989086ab175a319da0517d339a3e5ebddf9393fecc2ab39e6907a22bfe8924c77e18f7560520800b936861ed15ad571c4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27BqfR:ymb3NkkiQ3mdBjFI9cqfR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5dff1f9213d36b3d18184aff20a62f10N.exe"C:\Users\Admin\AppData\Local\Temp\5dff1f9213d36b3d18184aff20a62f10N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllflf.exec:\xfllflf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflrfl.exec:\fxflrfl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20666.exec:\20666.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8048288.exec:\8048288.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnht.exec:\bthnht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\64426.exec:\64426.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvpj.exec:\5vvpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttbh.exec:\btttbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\806082.exec:\806082.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8626622.exec:\8626622.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\800000.exec:\800000.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2406444.exec:\2406444.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\424448.exec:\424448.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxxxr.exec:\llfxxxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttnh.exec:\nhttnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0060882.exec:\0060882.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\80666.exec:\80666.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpp.exec:\jvvpp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\440488.exec:\440488.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\820444.exec:\820444.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbtnn.exec:\ntbtnn.exe23⤵
- Executes dropped EXE
-
\??\c:\jdjdp.exec:\jdjdp.exe24⤵
- Executes dropped EXE
-
\??\c:\268822.exec:\268822.exe25⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe26⤵
- Executes dropped EXE
-
\??\c:\7pddd.exec:\7pddd.exe27⤵
- Executes dropped EXE
-
\??\c:\406060.exec:\406060.exe28⤵
- Executes dropped EXE
-
\??\c:\c226048.exec:\c226048.exe29⤵
- Executes dropped EXE
-
\??\c:\060208.exec:\060208.exe30⤵
- Executes dropped EXE
-
\??\c:\vppdv.exec:\vppdv.exe31⤵
- Executes dropped EXE
-
\??\c:\a0488.exec:\a0488.exe32⤵
- Executes dropped EXE
-
\??\c:\7hbbtb.exec:\7hbbtb.exe33⤵
- Executes dropped EXE
-
\??\c:\808020.exec:\808020.exe34⤵
- Executes dropped EXE
-
\??\c:\i222066.exec:\i222066.exe35⤵
- Executes dropped EXE
-
\??\c:\0668662.exec:\0668662.exe36⤵
- Executes dropped EXE
-
\??\c:\nnnnnn.exec:\nnnnnn.exe37⤵
- Executes dropped EXE
-
\??\c:\062266.exec:\062266.exe38⤵
- Executes dropped EXE
-
\??\c:\002822.exec:\002822.exe39⤵
- Executes dropped EXE
-
\??\c:\g6282.exec:\g6282.exe40⤵
- Executes dropped EXE
-
\??\c:\xfffxxx.exec:\xfffxxx.exe41⤵
- Executes dropped EXE
-
\??\c:\nhbthh.exec:\nhbthh.exe42⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe43⤵
- Executes dropped EXE
-
\??\c:\s4666.exec:\s4666.exe44⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe45⤵
- Executes dropped EXE
-
\??\c:\828222.exec:\828222.exe46⤵
- Executes dropped EXE
-
\??\c:\m4660.exec:\m4660.exe47⤵
- Executes dropped EXE
-
\??\c:\frxrlll.exec:\frxrlll.exe48⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe49⤵
- Executes dropped EXE
-
\??\c:\e84826.exec:\e84826.exe50⤵
- Executes dropped EXE
-
\??\c:\28844.exec:\28844.exe51⤵
- Executes dropped EXE
-
\??\c:\q84044.exec:\q84044.exe52⤵
- Executes dropped EXE
-
\??\c:\btbthh.exec:\btbthh.exe53⤵
- Executes dropped EXE
-
\??\c:\6844888.exec:\6844888.exe54⤵
- Executes dropped EXE
-
\??\c:\rxrxrxx.exec:\rxrxrxx.exe55⤵
- Executes dropped EXE
-
\??\c:\20266.exec:\20266.exe56⤵
- Executes dropped EXE
-
\??\c:\lxfxrrx.exec:\lxfxrrx.exe57⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe58⤵
- Executes dropped EXE
-
\??\c:\hnbthh.exec:\hnbthh.exe59⤵
- Executes dropped EXE
-
\??\c:\g4606.exec:\g4606.exe60⤵
- Executes dropped EXE
-
\??\c:\84820.exec:\84820.exe61⤵
- Executes dropped EXE
-
\??\c:\tbnbtt.exec:\tbnbtt.exe62⤵
- Executes dropped EXE
-
\??\c:\8244828.exec:\8244828.exe63⤵
- Executes dropped EXE
-
\??\c:\1nnnth.exec:\1nnnth.exe64⤵
- Executes dropped EXE
-
\??\c:\5lfxrrx.exec:\5lfxrrx.exe65⤵
- Executes dropped EXE
-
\??\c:\pjpvp.exec:\pjpvp.exe66⤵
-
\??\c:\lxxrrrx.exec:\lxxrrrx.exe67⤵
-
\??\c:\40248.exec:\40248.exe68⤵
-
\??\c:\a6848.exec:\a6848.exe69⤵
-
\??\c:\60406.exec:\60406.exe70⤵
-
\??\c:\u244882.exec:\u244882.exe71⤵
-
\??\c:\nbbbbb.exec:\nbbbbb.exe72⤵
-
\??\c:\9xllrrf.exec:\9xllrrf.exe73⤵
-
\??\c:\llfxflx.exec:\llfxflx.exe74⤵
-
\??\c:\664400.exec:\664400.exe75⤵
-
\??\c:\a4004.exec:\a4004.exe76⤵
-
\??\c:\xrllflf.exec:\xrllflf.exe77⤵
-
\??\c:\24601b.exec:\24601b.exe78⤵
-
\??\c:\xlrrrfr.exec:\xlrrrfr.exe79⤵
-
\??\c:\lxlllff.exec:\lxlllff.exe80⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe81⤵
-
\??\c:\rrrrrll.exec:\rrrrrll.exe82⤵
-
\??\c:\6622628.exec:\6622628.exe83⤵
-
\??\c:\7lrllll.exec:\7lrllll.exe84⤵
-
\??\c:\8226666.exec:\8226666.exe85⤵
-
\??\c:\o222660.exec:\o222660.exe86⤵
-
\??\c:\006224.exec:\006224.exe87⤵
-
\??\c:\042226.exec:\042226.exe88⤵
-
\??\c:\lflfrrx.exec:\lflfrrx.exe89⤵
-
\??\c:\s6222.exec:\s6222.exe90⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe91⤵
-
\??\c:\40260.exec:\40260.exe92⤵
-
\??\c:\5tttnn.exec:\5tttnn.exe93⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe94⤵
-
\??\c:\002202.exec:\002202.exe95⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe96⤵
-
\??\c:\9xxrlll.exec:\9xxrlll.exe97⤵
-
\??\c:\dvppj.exec:\dvppj.exe98⤵
-
\??\c:\7fxllrx.exec:\7fxllrx.exe99⤵
-
\??\c:\g8484.exec:\g8484.exe100⤵
-
\??\c:\i440048.exec:\i440048.exe101⤵
-
\??\c:\xrlrxxx.exec:\xrlrxxx.exe102⤵
-
\??\c:\btttnn.exec:\btttnn.exe103⤵
-
\??\c:\tnhhhh.exec:\tnhhhh.exe104⤵
-
\??\c:\08886.exec:\08886.exe105⤵
-
\??\c:\o682004.exec:\o682004.exe106⤵
-
\??\c:\8466000.exec:\8466000.exe107⤵
-
\??\c:\68444.exec:\68444.exe108⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe109⤵
-
\??\c:\4088622.exec:\4088622.exe110⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe111⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hbbttn.exec:\hbbttn.exe112⤵
-
\??\c:\vdjvp.exec:\vdjvp.exe113⤵
-
\??\c:\vdddp.exec:\vdddp.exe114⤵
-
\??\c:\i804222.exec:\i804222.exe115⤵
-
\??\c:\24000.exec:\24000.exe116⤵
-
\??\c:\htttnn.exec:\htttnn.exe117⤵
-
\??\c:\ntbbhh.exec:\ntbbhh.exe118⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe119⤵
-
\??\c:\dpddd.exec:\dpddd.exe120⤵
-
\??\c:\4648226.exec:\4648226.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-