Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
18/09/2024, 22:08
General
-
Target
fe9242e635be3c9045ed2d8b248774372ea157bf51f04f095f0a0e0e9e4fa45aN.exe
-
Size
82KB
-
MD5
2ef71c6c9977c4d36b6fc25da4472f10
-
SHA1
1ae02de6a22339f0d1ec890fab323e5dddf1c1b4
-
SHA256
fe9242e635be3c9045ed2d8b248774372ea157bf51f04f095f0a0e0e9e4fa45a
-
SHA512
49b5151f77eaa266462b33e126b8d932581e9847f6a4ed6f25e0b3d8c2582fbe447315a9146a6d9718f969298bd43ce246d7d735362db458ecf72321784bd0cf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89Qj:ymb3NkkiQ3mdBjFIIp9L9QrrA8C
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fe9242e635be3c9045ed2d8b248774372ea157bf51f04f095f0a0e0e9e4fa45aN.exe"C:\Users\Admin\AppData\Local\Temp\fe9242e635be3c9045ed2d8b248774372ea157bf51f04f095f0a0e0e9e4fa45aN.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvp.exec:\dvdvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlffff.exec:\rrlffff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnnh.exec:\tnbnnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpd.exec:\jdvpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxlrr.exec:\rrlxlrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhnn.exec:\bnnhnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddp.exec:\dvddp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdv.exec:\dvvdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rlfffr.exec:\9rlfffr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvvv.exec:\1jvvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdd.exec:\ppjdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxxxx.exec:\rrxxxxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthhn.exec:\nnthhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjj.exec:\jdpjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjj.exec:\vdjjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrrrxx.exec:\1lrrrxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhtbt.exec:\hnhtbt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppjj.exec:\9ppjj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flflfll.exec:\flflfll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nbthn.exec:\9nbthn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdpp.exec:\ppdpp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdjj.exec:\vvdjj.exe23⤵
- Executes dropped EXE
-
\??\c:\rrrrxff.exec:\rrrrxff.exe24⤵
- Executes dropped EXE
-
\??\c:\lxffxxx.exec:\lxffxxx.exe25⤵
- Executes dropped EXE
-
\??\c:\htbbbb.exec:\htbbbb.exe26⤵
- Executes dropped EXE
-
\??\c:\llxrxxf.exec:\llxrxxf.exe27⤵
- Executes dropped EXE
-
\??\c:\hhhhhh.exec:\hhhhhh.exe28⤵
- Executes dropped EXE
-
\??\c:\1hnhhh.exec:\1hnhhh.exe29⤵
- Executes dropped EXE
-
\??\c:\1vvvp.exec:\1vvvp.exe30⤵
- Executes dropped EXE
-
\??\c:\jjvpp.exec:\jjvpp.exe31⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe32⤵
- Executes dropped EXE
-
\??\c:\llrrlll.exec:\llrrlll.exe33⤵
- Executes dropped EXE
-
\??\c:\nbtbbb.exec:\nbtbbb.exe34⤵
- Executes dropped EXE
-
\??\c:\ddjpp.exec:\ddjpp.exe35⤵
- Executes dropped EXE
-
\??\c:\xlrxlfx.exec:\xlrxlfx.exe36⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xrfrffr.exec:\xrfrffr.exe37⤵
- Executes dropped EXE
-
\??\c:\ntbbbb.exec:\ntbbbb.exe38⤵
- Executes dropped EXE
-
\??\c:\5ntnnn.exec:\5ntnnn.exe39⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe40⤵
- Executes dropped EXE
-
\??\c:\9jvvv.exec:\9jvvv.exe41⤵
- Executes dropped EXE
-
\??\c:\5xxlfrl.exec:\5xxlfrl.exe42⤵
- Executes dropped EXE
-
\??\c:\hhtthh.exec:\hhtthh.exe43⤵
- Executes dropped EXE
-
\??\c:\nnnnht.exec:\nnnnht.exe44⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe45⤵
- Executes dropped EXE
-
\??\c:\rrfffxr.exec:\rrfffxr.exe46⤵
- Executes dropped EXE
-
\??\c:\bhhhhh.exec:\bhhhhh.exe47⤵
- Executes dropped EXE
-
\??\c:\nbnhtn.exec:\nbnhtn.exe48⤵
- Executes dropped EXE
-
\??\c:\5dddd.exec:\5dddd.exe49⤵
- Executes dropped EXE
-
\??\c:\rrxrxxx.exec:\rrxrxxx.exe50⤵
- Executes dropped EXE
-
\??\c:\hhtttt.exec:\hhtttt.exe51⤵
- Executes dropped EXE
-
\??\c:\xlrrrxx.exec:\xlrrrxx.exe52⤵
- Executes dropped EXE
-
\??\c:\nntttt.exec:\nntttt.exe53⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe54⤵
- Executes dropped EXE
-
\??\c:\flrffll.exec:\flrffll.exe55⤵
- Executes dropped EXE
-
\??\c:\bthhbh.exec:\bthhbh.exe56⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe57⤵
- Executes dropped EXE
-
\??\c:\fflllrr.exec:\fflllrr.exe58⤵
- Executes dropped EXE
-
\??\c:\nbnnnn.exec:\nbnnnn.exe59⤵
- Executes dropped EXE
-
\??\c:\jvdpj.exec:\jvdpj.exe60⤵
- Executes dropped EXE
-
\??\c:\rlllrrr.exec:\rlllrrr.exe61⤵
- Executes dropped EXE
-
\??\c:\rrxllxr.exec:\rrxllxr.exe62⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe63⤵
- Executes dropped EXE
-
\??\c:\5lrrrrx.exec:\5lrrrrx.exe64⤵
- Executes dropped EXE
-
\??\c:\llrrrrr.exec:\llrrrrr.exe65⤵
- Executes dropped EXE
-
\??\c:\tnnnhh.exec:\tnnnhh.exe66⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe67⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe68⤵
-
\??\c:\rrxrxxr.exec:\rrxrxxr.exe69⤵
-
\??\c:\3bbbtt.exec:\3bbbtt.exe70⤵
-
\??\c:\bbbttt.exec:\bbbttt.exe71⤵
-
\??\c:\jddjv.exec:\jddjv.exe72⤵
-
\??\c:\rrrlfxr.exec:\rrrlfxr.exe73⤵
-
\??\c:\xrffxxr.exec:\xrffxxr.exe74⤵
-
\??\c:\tbthbb.exec:\tbthbb.exe75⤵
-
\??\c:\vjdpv.exec:\vjdpv.exe76⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe77⤵
-
\??\c:\lrrrfff.exec:\lrrrfff.exe78⤵
-
\??\c:\xrxrllr.exec:\xrxrllr.exe79⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe80⤵
-
\??\c:\hbnhbb.exec:\hbnhbb.exe81⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe82⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe83⤵
-
\??\c:\xffxrrl.exec:\xffxrrl.exe84⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe85⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe86⤵
-
\??\c:\5dpjj.exec:\5dpjj.exe87⤵
-
\??\c:\fffxxll.exec:\fffxxll.exe88⤵
-
\??\c:\hnntnb.exec:\hnntnb.exe89⤵
-
\??\c:\tbhhbt.exec:\tbhhbt.exe90⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe91⤵
-
\??\c:\rlflxrl.exec:\rlflxrl.exe92⤵
-
\??\c:\9htnnn.exec:\9htnnn.exe93⤵
-
\??\c:\bhtbth.exec:\bhtbth.exe94⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe95⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe96⤵
-
\??\c:\3lxrxfl.exec:\3lxrxfl.exe97⤵
-
\??\c:\3hbbhb.exec:\3hbbhb.exe98⤵
-
\??\c:\5tthbt.exec:\5tthbt.exe99⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe100⤵
-
\??\c:\xrxrxlf.exec:\xrxrxlf.exe101⤵
-
\??\c:\9ffxrlf.exec:\9ffxrlf.exe102⤵
-
\??\c:\3bbttt.exec:\3bbttt.exe103⤵
-
\??\c:\1vvpj.exec:\1vvpj.exe104⤵
-
\??\c:\dpjvj.exec:\dpjvj.exe105⤵
-
\??\c:\xxxrlrr.exec:\xxxrlrr.exe106⤵
-
\??\c:\xlrlffx.exec:\xlrlffx.exe107⤵
-
\??\c:\hhbtnt.exec:\hhbtnt.exe108⤵
-
\??\c:\jdddv.exec:\jdddv.exe109⤵
-
\??\c:\lfffrll.exec:\lfffrll.exe110⤵
-
\??\c:\hhtbbb.exec:\hhtbbb.exe111⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe112⤵
-
\??\c:\lxxrrrr.exec:\lxxrrrr.exe113⤵
-
\??\c:\1xxxxff.exec:\1xxxxff.exe114⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe115⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe116⤵
-
\??\c:\lxrrrxx.exec:\lxrrrxx.exe117⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe118⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe119⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xxxxxrl.exec:\xxxxxrl.exe120⤵
-
\??\c:\fxllllx.exec:\fxllllx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-