Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14/09/2024, 18:57
General
-
Target
ea449a2b035626109c6710e991fe7cd0N.exe
-
Size
63KB
-
MD5
ea449a2b035626109c6710e991fe7cd0
-
SHA1
e5daf26c325a8bc62a46e03b454c33f4750d6834
-
SHA256
4dfbf94d18fbb4faac21ae7e79124145c47dbd9089dba6bd629ba4ee5fbc2b9d
-
SHA512
c0714a5e2fa87bfaee1dff5b8ee9485b0fd558c1072010a0d8f73166745db6e96ef1477e6ce462c3d21a5b9452caff41109ab0dcee2c073b99d0a5e454f61dd5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbsN:ymb3NkkiQ3mdBjF0y7kbE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ea449a2b035626109c6710e991fe7cd0N.exe"C:\Users\Admin\AppData\Local\Temp\ea449a2b035626109c6710e991fe7cd0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1rlxrll.exec:\1rlxrll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtntn.exec:\nhtntn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdp.exec:\pvjdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddv.exec:\vpddv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpd.exec:\pjdpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllrrx.exec:\lfllrrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthbtn.exec:\nthbtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtnn.exec:\hbbtnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpp.exec:\vjvpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllrrf.exec:\llllrrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlllr.exec:\rfrlllr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbtbt.exec:\thbtbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjp.exec:\dvpjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxrr.exec:\xllfxrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfxxr.exec:\frlfxxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllfff.exec:\xfllfff.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnh.exec:\tnttnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllffx.exec:\lfllffx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrrllf.exec:\frrrllf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtbbb.exec:\nbtbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe24⤵
- Executes dropped EXE
-
\??\c:\vvvpv.exec:\vvvpv.exe25⤵
- Executes dropped EXE
-
\??\c:\xrrrllr.exec:\xrrrllr.exe26⤵
- Executes dropped EXE
-
\??\c:\lrxxrrr.exec:\lrxxrrr.exe27⤵
- Executes dropped EXE
-
\??\c:\httbbb.exec:\httbbb.exe28⤵
- Executes dropped EXE
-
\??\c:\bhhtnb.exec:\bhhtnb.exe29⤵
- Executes dropped EXE
-
\??\c:\7pddv.exec:\7pddv.exe30⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe31⤵
- Executes dropped EXE
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe32⤵
- Executes dropped EXE
-
\??\c:\lxffffx.exec:\lxffffx.exe33⤵
- Executes dropped EXE
-
\??\c:\bbhbbb.exec:\bbhbbb.exe34⤵
- Executes dropped EXE
-
\??\c:\5ntnhh.exec:\5ntnhh.exe35⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe36⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe37⤵
- Executes dropped EXE
-
\??\c:\fxxrrll.exec:\fxxrrll.exe38⤵
- Executes dropped EXE
-
\??\c:\xlrllxx.exec:\xlrllxx.exe39⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe40⤵
- Executes dropped EXE
-
\??\c:\btnhhh.exec:\btnhhh.exe41⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe42⤵
- Executes dropped EXE
-
\??\c:\dvpdv.exec:\dvpdv.exe43⤵
- Executes dropped EXE
-
\??\c:\rlrlxxr.exec:\rlrlxxr.exe44⤵
- Executes dropped EXE
-
\??\c:\fxrrllf.exec:\fxrrllf.exe45⤵
- Executes dropped EXE
-
\??\c:\thbthh.exec:\thbthh.exe46⤵
- Executes dropped EXE
-
\??\c:\bhnhtt.exec:\bhnhtt.exe47⤵
- Executes dropped EXE
-
\??\c:\7vvvp.exec:\7vvvp.exe48⤵
- Executes dropped EXE
-
\??\c:\jjjpv.exec:\jjjpv.exe49⤵
- Executes dropped EXE
-
\??\c:\djvvj.exec:\djvvj.exe50⤵
- Executes dropped EXE
-
\??\c:\rrxxrrr.exec:\rrxxrrr.exe51⤵
- Executes dropped EXE
-
\??\c:\nhhbbb.exec:\nhhbbb.exe52⤵
- Executes dropped EXE
-
\??\c:\tbnbtt.exec:\tbnbtt.exe53⤵
- Executes dropped EXE
-
\??\c:\thhbtb.exec:\thhbtb.exe54⤵
- Executes dropped EXE
-
\??\c:\jdddd.exec:\jdddd.exe55⤵
- Executes dropped EXE
-
\??\c:\dpvdv.exec:\dpvdv.exe56⤵
- Executes dropped EXE
-
\??\c:\lxffrrx.exec:\lxffrrx.exe57⤵
- Executes dropped EXE
-
\??\c:\nhbtnn.exec:\nhbtnn.exe58⤵
- Executes dropped EXE
-
\??\c:\vvpvv.exec:\vvpvv.exe59⤵
- Executes dropped EXE
-
\??\c:\rlfxlxx.exec:\rlfxlxx.exe60⤵
- Executes dropped EXE
-
\??\c:\xlxxxxr.exec:\xlxxxxr.exe61⤵
- Executes dropped EXE
-
\??\c:\hbtttt.exec:\hbtttt.exe62⤵
- Executes dropped EXE
-
\??\c:\nhbttt.exec:\nhbttt.exe63⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe64⤵
- Executes dropped EXE
-
\??\c:\pdpdj.exec:\pdpdj.exe65⤵
- Executes dropped EXE
-
\??\c:\flxrffx.exec:\flxrffx.exe66⤵
-
\??\c:\xlllxfr.exec:\xlllxfr.exe67⤵
-
\??\c:\bnhtnt.exec:\bnhtnt.exe68⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe69⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe70⤵
-
\??\c:\1xffrrr.exec:\1xffrrr.exe71⤵
-
\??\c:\ffxfffr.exec:\ffxfffr.exe72⤵
-
\??\c:\bbnhbb.exec:\bbnhbb.exe73⤵
-
\??\c:\1ttnnn.exec:\1ttnnn.exe74⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ppjdv.exec:\ppjdv.exe75⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe76⤵
-
\??\c:\xflfrrr.exec:\xflfrrr.exe77⤵
-
\??\c:\rrllrlr.exec:\rrllrlr.exe78⤵
-
\??\c:\tbhhhh.exec:\tbhhhh.exe79⤵
-
\??\c:\bnnbnh.exec:\bnnbnh.exe80⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe81⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe82⤵
-
\??\c:\frlfxxr.exec:\frlfxxr.exe83⤵
-
\??\c:\1xxrllf.exec:\1xxrllf.exe84⤵
-
\??\c:\fllfxlf.exec:\fllfxlf.exe85⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe86⤵
-
\??\c:\pdpvp.exec:\pdpvp.exe87⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe88⤵
-
\??\c:\xxlfffl.exec:\xxlfffl.exe89⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe90⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe91⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe92⤵
-
\??\c:\xlrllll.exec:\xlrllll.exe93⤵
-
\??\c:\thhtbb.exec:\thhtbb.exe94⤵
-
\??\c:\nnnnbb.exec:\nnnnbb.exe95⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe96⤵
-
\??\c:\1jdjv.exec:\1jdjv.exe97⤵
-
\??\c:\rxrlxxr.exec:\rxrlxxr.exe98⤵
-
\??\c:\lfxrllf.exec:\lfxrllf.exe99⤵
-
\??\c:\nthtbn.exec:\nthtbn.exe100⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe101⤵
-
\??\c:\3jdpd.exec:\3jdpd.exe102⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe103⤵
-
\??\c:\rfrxlxl.exec:\rfrxlxl.exe104⤵
-
\??\c:\9rlxrlf.exec:\9rlxrlf.exe105⤵
-
\??\c:\htntht.exec:\htntht.exe106⤵
-
\??\c:\nhthtn.exec:\nhthtn.exe107⤵
-
\??\c:\btbnhb.exec:\btbnhb.exe108⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe109⤵
-
\??\c:\7pdpd.exec:\7pdpd.exe110⤵
-
\??\c:\fxrxlxf.exec:\fxrxlxf.exe111⤵
-
\??\c:\hthtbn.exec:\hthtbn.exe112⤵
-
\??\c:\bthbnh.exec:\bthbnh.exe113⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pdjvj.exec:\pdjvj.exe114⤵
-
\??\c:\jvddj.exec:\jvddj.exe115⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe116⤵
-
\??\c:\xrxrfxr.exec:\xrxrfxr.exe117⤵
-
\??\c:\rxlfrrl.exec:\rxlfrrl.exe118⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe119⤵
-
\??\c:\5nnbnh.exec:\5nnbnh.exe120⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-