Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14/09/2024, 15:28
General
-
Target
d96492f7933435b573680c264d6676e0N.exe
-
Size
74KB
-
MD5
d96492f7933435b573680c264d6676e0
-
SHA1
bf425d2e8b9500741a476b0f0e40f2f8d1e62e5c
-
SHA256
5c054451956f81dedea6d77164709751925e7002e8e7624f1dc202d239e7b3b9
-
SHA512
b01c7b95672ef27be28427696e8a8b51aa1afaea9d32e8865586b8f364d0b0e51d7a7f4502b4d65ec15d18f3fae8653c06c083c2dce2b4d9e62f006656510e97
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89OGvrFVHmPV:ymb3NkkiQ3mdBjFIvl358nLA89OMFVHw
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d96492f7933435b573680c264d6676e0N.exe"C:\Users\Admin\AppData\Local\Temp\d96492f7933435b573680c264d6676e0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5flfffx.exec:\5flfffx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbtt.exec:\nnhbtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpj.exec:\vpvpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lxrrrr.exec:\3lxrrrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxrxxr.exec:\flxrxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnbt.exec:\nnhnbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdv.exec:\dppdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxxxf.exec:\llxxxxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttnn.exec:\nnttnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vddp.exec:\5vddp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrxrr.exec:\lflrxrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnhbb.exec:\3nnhbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvp.exec:\dvdvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pdvv.exec:\9pdvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbttt.exec:\bnbttt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvv.exec:\dddvv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrlxxr.exec:\9rrlxxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtnt.exec:\tnbtnt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pdpd.exec:\5pdpd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlfrrl.exec:\rxlfrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrll.exec:\rlfxrll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hhbnh.exec:\7hhbnh.exe23⤵
- Executes dropped EXE
-
\??\c:\7pjdp.exec:\7pjdp.exe24⤵
- Executes dropped EXE
-
\??\c:\3vpjv.exec:\3vpjv.exe25⤵
- Executes dropped EXE
-
\??\c:\xlxrrrx.exec:\xlxrrrx.exe26⤵
- Executes dropped EXE
-
\??\c:\nnnnhh.exec:\nnnnhh.exe27⤵
- Executes dropped EXE
-
\??\c:\djjvj.exec:\djjvj.exe28⤵
- Executes dropped EXE
-
\??\c:\vjddv.exec:\vjddv.exe29⤵
- Executes dropped EXE
-
\??\c:\rflxxxr.exec:\rflxxxr.exe30⤵
- Executes dropped EXE
-
\??\c:\nnbttb.exec:\nnbttb.exe31⤵
- Executes dropped EXE
-
\??\c:\1ddjv.exec:\1ddjv.exe32⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jvvpv.exec:\jvvpv.exe33⤵
- Executes dropped EXE
-
\??\c:\rlxrrrx.exec:\rlxrrrx.exe34⤵
- Executes dropped EXE
-
\??\c:\bnthnh.exec:\bnthnh.exe35⤵
- Executes dropped EXE
-
\??\c:\nhbthh.exec:\nhbthh.exe36⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe37⤵
- Executes dropped EXE
-
\??\c:\7llfrrx.exec:\7llfrrx.exe38⤵
- Executes dropped EXE
-
\??\c:\fflfrrx.exec:\fflfrrx.exe39⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe40⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe41⤵
- Executes dropped EXE
-
\??\c:\jjpvp.exec:\jjpvp.exe42⤵
- Executes dropped EXE
-
\??\c:\fxxfxxf.exec:\fxxfxxf.exe43⤵
- Executes dropped EXE
-
\??\c:\9xfxllr.exec:\9xfxllr.exe44⤵
- Executes dropped EXE
-
\??\c:\7btttt.exec:\7btttt.exe45⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe46⤵
- Executes dropped EXE
-
\??\c:\1ppjv.exec:\1ppjv.exe47⤵
- Executes dropped EXE
-
\??\c:\3ppjv.exec:\3ppjv.exe48⤵
- Executes dropped EXE
-
\??\c:\lxfrfff.exec:\lxfrfff.exe49⤵
- Executes dropped EXE
-
\??\c:\tbhnhn.exec:\tbhnhn.exe50⤵
- Executes dropped EXE
-
\??\c:\7ntbnb.exec:\7ntbnb.exe51⤵
- Executes dropped EXE
-
\??\c:\5dvpp.exec:\5dvpp.exe52⤵
- Executes dropped EXE
-
\??\c:\1djdp.exec:\1djdp.exe53⤵
- Executes dropped EXE
-
\??\c:\xfxrlrl.exec:\xfxrlrl.exe54⤵
- Executes dropped EXE
-
\??\c:\fxxxrfx.exec:\fxxxrfx.exe55⤵
- Executes dropped EXE
-
\??\c:\hbbbtt.exec:\hbbbtt.exe56⤵
- Executes dropped EXE
-
\??\c:\5nnhbb.exec:\5nnhbb.exe57⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe58⤵
- Executes dropped EXE
-
\??\c:\7xfxlll.exec:\7xfxlll.exe59⤵
- Executes dropped EXE
-
\??\c:\rllfxll.exec:\rllfxll.exe60⤵
- Executes dropped EXE
-
\??\c:\bhnhbt.exec:\bhnhbt.exe61⤵
- Executes dropped EXE
-
\??\c:\7jvpd.exec:\7jvpd.exe62⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe63⤵
- Executes dropped EXE
-
\??\c:\3rflfff.exec:\3rflfff.exe64⤵
- Executes dropped EXE
-
\??\c:\hhbbtt.exec:\hhbbtt.exe65⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe66⤵
-
\??\c:\7ddvp.exec:\7ddvp.exe67⤵
-
\??\c:\fxrlxxx.exec:\fxrlxxx.exe68⤵
-
\??\c:\ntbbbb.exec:\ntbbbb.exe69⤵
-
\??\c:\jjddv.exec:\jjddv.exe70⤵
-
\??\c:\vdppp.exec:\vdppp.exe71⤵
-
\??\c:\rrfxrll.exec:\rrfxrll.exe72⤵
-
\??\c:\lxxrlfr.exec:\lxxrlfr.exe73⤵
-
\??\c:\nbhbbt.exec:\nbhbbt.exe74⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe75⤵
-
\??\c:\rxxxfff.exec:\rxxxfff.exe76⤵
-
\??\c:\nnbthb.exec:\nnbthb.exe77⤵
-
\??\c:\1ddvp.exec:\1ddvp.exe78⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe79⤵
-
\??\c:\xrrlfll.exec:\xrrlfll.exe80⤵
-
\??\c:\nntbth.exec:\nntbth.exe81⤵
-
\??\c:\thbtnb.exec:\thbtnb.exe82⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe83⤵
-
\??\c:\lrlfxxr.exec:\lrlfxxr.exe84⤵
-
\??\c:\bbbttt.exec:\bbbttt.exe85⤵
-
\??\c:\9hbthh.exec:\9hbthh.exe86⤵
-
\??\c:\dpppp.exec:\dpppp.exe87⤵
-
\??\c:\jpvdp.exec:\jpvdp.exe88⤵
-
\??\c:\xxxrxxf.exec:\xxxrxxf.exe89⤵
-
\??\c:\ffllxll.exec:\ffllxll.exe90⤵
-
\??\c:\bbbbnn.exec:\bbbbnn.exe91⤵
-
\??\c:\tbhbnn.exec:\tbhbnn.exe92⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe93⤵
-
\??\c:\rlfxrrr.exec:\rlfxrrr.exe94⤵
-
\??\c:\lxrlllf.exec:\lxrlllf.exe95⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe96⤵
-
\??\c:\3nthbn.exec:\3nthbn.exe97⤵
-
\??\c:\btbttt.exec:\btbttt.exe98⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe99⤵
-
\??\c:\7rrrrxx.exec:\7rrrrxx.exe100⤵
-
\??\c:\fxffxxr.exec:\fxffxxr.exe101⤵
-
\??\c:\bbhtbn.exec:\bbhtbn.exe102⤵
-
\??\c:\nbtnbn.exec:\nbtnbn.exe103⤵
-
\??\c:\rfxxrxr.exec:\rfxxrxr.exe104⤵
-
\??\c:\rlrlffl.exec:\rlrlffl.exe105⤵
-
\??\c:\nntbtn.exec:\nntbtn.exe106⤵
-
\??\c:\nhtnnb.exec:\nhtnnb.exe107⤵
-
\??\c:\5vdvv.exec:\5vdvv.exe108⤵
-
\??\c:\pjppj.exec:\pjppj.exe109⤵
-
\??\c:\xxllfff.exec:\xxllfff.exe110⤵
-
\??\c:\5xlxrrx.exec:\5xlxrrx.exe111⤵
-
\??\c:\3bbtnt.exec:\3bbtnt.exe112⤵
-
\??\c:\tntnbh.exec:\tntnbh.exe113⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe114⤵
-
\??\c:\pjpdp.exec:\pjpdp.exe115⤵
-
\??\c:\rlfxrrr.exec:\rlfxrrr.exe116⤵
-
\??\c:\flrxrff.exec:\flrxrff.exe117⤵
-
\??\c:\lfflfrl.exec:\lfflfrl.exe118⤵
-
\??\c:\tbhhnn.exec:\tbhhnn.exe119⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe120⤵
-
\??\c:\jjddv.exec:\jjddv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-