Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14/09/2024, 04:26
General
-
Target
07d2bb369a31efed7f54403f8cd0a430N.exe
-
Size
73KB
-
MD5
07d2bb369a31efed7f54403f8cd0a430
-
SHA1
d704a51ba3cd67f817757d0076b042893ef72d49
-
SHA256
5e4d10c4af11c9880f84662b7e2a4ed542e276829fe6dc724180e7d7422f8991
-
SHA512
0a47359f59e56f1b04da126a2d59392bfcce6342e018af02d5134b0f714893ee4ccafa7f926c889e0a3d24d65ab5c7d88e0c8fb7ca7e4661e3d741a8d3b895c5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgUVyiAnfeyj:ymb3NkkiQ3mdBjFIgUEBeyj
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\07d2bb369a31efed7f54403f8cd0a430N.exe"C:\Users\Admin\AppData\Local\Temp\07d2bb369a31efed7f54403f8cd0a430N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbnh.exec:\bbhbnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvd.exec:\ppdvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdjj.exec:\jpdjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxxf.exec:\rfffxxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrrrx.exec:\frxrrrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbhn.exec:\tthbhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxffxx.exec:\rlxffxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnbth.exec:\bhnbth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpp.exec:\jpvpp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxlffx.exec:\rrxlffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxfff.exec:\rrxxfff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnnt.exec:\hbnnnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffffff.exec:\xffffff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlllrr.exec:\xrlllrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hnnnt.exec:\3hnnnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5djjp.exec:\5djjp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrrllf.exec:\lrrrllf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxllrxr.exec:\rxllrxr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttth.exec:\ttttth.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddv.exec:\pvddv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dppp.exec:\5dppp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlfff.exec:\flrlfff.exe23⤵
- Executes dropped EXE
-
\??\c:\htbbtb.exec:\htbbtb.exe24⤵
- Executes dropped EXE
-
\??\c:\hthhbb.exec:\hthhbb.exe25⤵
- Executes dropped EXE
-
\??\c:\3pvdv.exec:\3pvdv.exe26⤵
- Executes dropped EXE
-
\??\c:\llfxxxx.exec:\llfxxxx.exe27⤵
- Executes dropped EXE
-
\??\c:\nhhnnn.exec:\nhhnnn.exe28⤵
- Executes dropped EXE
-
\??\c:\hhbttt.exec:\hhbttt.exe29⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe30⤵
- Executes dropped EXE
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe31⤵
- Executes dropped EXE
-
\??\c:\tbtthn.exec:\tbtthn.exe32⤵
- Executes dropped EXE
-
\??\c:\tnhntt.exec:\tnhntt.exe33⤵
- Executes dropped EXE
-
\??\c:\ddpdp.exec:\ddpdp.exe34⤵
- Executes dropped EXE
-
\??\c:\tttttb.exec:\tttttb.exe35⤵
- Executes dropped EXE
-
\??\c:\nhbtnh.exec:\nhbtnh.exe36⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe37⤵
- Executes dropped EXE
-
\??\c:\pvjdv.exec:\pvjdv.exe38⤵
- Executes dropped EXE
-
\??\c:\lxfxfxf.exec:\lxfxfxf.exe39⤵
- Executes dropped EXE
-
\??\c:\frxxrxx.exec:\frxxrxx.exe40⤵
- Executes dropped EXE
-
\??\c:\tthbtb.exec:\tthbtb.exe41⤵
- Executes dropped EXE
-
\??\c:\nnhntb.exec:\nnhntb.exe42⤵
- Executes dropped EXE
-
\??\c:\3vppd.exec:\3vppd.exe43⤵
- Executes dropped EXE
-
\??\c:\9pddv.exec:\9pddv.exe44⤵
- Executes dropped EXE
-
\??\c:\xxlrxll.exec:\xxlrxll.exe45⤵
- Executes dropped EXE
-
\??\c:\rfrxrxr.exec:\rfrxrxr.exe46⤵
- Executes dropped EXE
-
\??\c:\bnnnhb.exec:\bnnnhb.exe47⤵
- Executes dropped EXE
-
\??\c:\bbbbtb.exec:\bbbbtb.exe48⤵
- Executes dropped EXE
-
\??\c:\vddjj.exec:\vddjj.exe49⤵
- Executes dropped EXE
-
\??\c:\jvvjd.exec:\jvvjd.exe50⤵
- Executes dropped EXE
-
\??\c:\rrlrflx.exec:\rrlrflx.exe51⤵
- Executes dropped EXE
-
\??\c:\lflfxxl.exec:\lflfxxl.exe52⤵
- Executes dropped EXE
-
\??\c:\nnhhnt.exec:\nnhhnt.exe53⤵
- Executes dropped EXE
-
\??\c:\tthnhh.exec:\tthnhh.exe54⤵
- Executes dropped EXE
-
\??\c:\pjpvp.exec:\pjpvp.exe55⤵
- Executes dropped EXE
-
\??\c:\vvdjd.exec:\vvdjd.exe56⤵
- Executes dropped EXE
-
\??\c:\rxrlflf.exec:\rxrlflf.exe57⤵
- Executes dropped EXE
-
\??\c:\xrxxxff.exec:\xrxxxff.exe58⤵
- Executes dropped EXE
-
\??\c:\hnbbnt.exec:\hnbbnt.exe59⤵
- Executes dropped EXE
-
\??\c:\tthhbh.exec:\tthhbh.exe60⤵
- Executes dropped EXE
-
\??\c:\bbhbtb.exec:\bbhbtb.exe61⤵
- Executes dropped EXE
-
\??\c:\pvjjd.exec:\pvjjd.exe62⤵
- Executes dropped EXE
-
\??\c:\7vdvp.exec:\7vdvp.exe63⤵
- Executes dropped EXE
-
\??\c:\rxflffl.exec:\rxflffl.exe64⤵
- Executes dropped EXE
-
\??\c:\xxxxxxr.exec:\xxxxxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\ttnnnt.exec:\ttnnnt.exe66⤵
-
\??\c:\nhhbbt.exec:\nhhbbt.exe67⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe68⤵
-
\??\c:\dddvj.exec:\dddvj.exe69⤵
-
\??\c:\llllxrr.exec:\llllxrr.exe70⤵
-
\??\c:\fxrrrxx.exec:\fxrrrxx.exe71⤵
-
\??\c:\nnnntt.exec:\nnnntt.exe72⤵
-
\??\c:\bthntb.exec:\bthntb.exe73⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe74⤵
-
\??\c:\djppp.exec:\djppp.exe75⤵
-
\??\c:\lrxffff.exec:\lrxffff.exe76⤵
-
\??\c:\lflllll.exec:\lflllll.exe77⤵
-
\??\c:\nnhttb.exec:\nnhttb.exe78⤵
-
\??\c:\hhbhhn.exec:\hhbhhn.exe79⤵
-
\??\c:\ntnntt.exec:\ntnntt.exe80⤵
-
\??\c:\5pvvv.exec:\5pvvv.exe81⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe82⤵
-
\??\c:\xrrllll.exec:\xrrllll.exe83⤵
-
\??\c:\rxfxxrl.exec:\rxfxxrl.exe84⤵
-
\??\c:\htnntb.exec:\htnntb.exe85⤵
-
\??\c:\tbhbhn.exec:\tbhbhn.exe86⤵
-
\??\c:\tnhbhn.exec:\tnhbhn.exe87⤵
-
\??\c:\vpddv.exec:\vpddv.exe88⤵
-
\??\c:\vpddd.exec:\vpddd.exe89⤵
-
\??\c:\rlrrlrr.exec:\rlrrlrr.exe90⤵
-
\??\c:\btttnn.exec:\btttnn.exe91⤵
-
\??\c:\djjjp.exec:\djjjp.exe92⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe93⤵
-
\??\c:\xflffff.exec:\xflffff.exe94⤵
-
\??\c:\bhbbbh.exec:\bhbbbh.exe95⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe96⤵
-
\??\c:\rrfllrr.exec:\rrfllrr.exe97⤵
-
\??\c:\llfflrr.exec:\llfflrr.exe98⤵
-
\??\c:\xfxxxxf.exec:\xfxxxxf.exe99⤵
-
\??\c:\bnbbtb.exec:\bnbbtb.exe100⤵
-
\??\c:\tbhnhn.exec:\tbhnhn.exe101⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe102⤵
-
\??\c:\lrllxrf.exec:\lrllxrf.exe103⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe104⤵
-
\??\c:\tnbbtb.exec:\tnbbtb.exe105⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe106⤵
-
\??\c:\pjppj.exec:\pjppj.exe107⤵
-
\??\c:\fxlfxff.exec:\fxlfxff.exe108⤵
-
\??\c:\llrrrxx.exec:\llrrrxx.exe109⤵
-
\??\c:\bbbhht.exec:\bbbhht.exe110⤵
-
\??\c:\bthbhh.exec:\bthbhh.exe111⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe112⤵
-
\??\c:\jdppj.exec:\jdppj.exe113⤵
-
\??\c:\jdddd.exec:\jdddd.exe114⤵
-
\??\c:\ffllrrx.exec:\ffllrrx.exe115⤵
-
\??\c:\flxfxfl.exec:\flxfxfl.exe116⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe117⤵
-
\??\c:\1vjjj.exec:\1vjjj.exe118⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe119⤵
-
\??\c:\llffffx.exec:\llffffx.exe120⤵
-
\??\c:\xffffff.exec:\xffffff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-