Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
18/09/2024, 23:14
General
-
Target
790e90432053e62f7e41f8f851f36216f2f3af81fd014a26cb22453d7fc76d83.exe
-
Size
58KB
-
MD5
4d01de6bdf1632cb941a3f7519def474
-
SHA1
e300f449a7e02f34b8309f3cf94e948d3d1d345e
-
SHA256
790e90432053e62f7e41f8f851f36216f2f3af81fd014a26cb22453d7fc76d83
-
SHA512
12076f90cde5214ea8948f2d8dd11ef51aa0a68e3dd46578ce74db18ee4ebe4ee68ea988a4ff5a2525785c3b5712539ac9586c16a42f479c81f3903ef41b41ae
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgTdCo:ymb3NkkiQ3mdBjFIg0o
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\790e90432053e62f7e41f8f851f36216f2f3af81fd014a26cb22453d7fc76d83.exe"C:\Users\Admin\AppData\Local\Temp\790e90432053e62f7e41f8f851f36216f2f3af81fd014a26cb22453d7fc76d83.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1ttnnn.exec:\1ttnnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvvp.exec:\3vvvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppp.exec:\vjppp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxxr.exec:\lflfxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxfllf.exec:\5xxfllf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhhh.exec:\bthhhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjdp.exec:\5jjdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rlfllf.exec:\5rlfllf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrxxf.exec:\ffxrxxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbb.exec:\nhnhbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjj.exec:\dvjjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrrlfx.exec:\frrrlfx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrlfl.exec:\frxrlfl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnnn.exec:\tttnnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddd.exec:\pjddd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfxrrl.exec:\9xfxrrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfrrl.exec:\xllfrrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtnn.exec:\nhbtnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddd.exec:\vdddd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvvp.exec:\9vvvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nnhhn.exec:\5nnhhn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdjj.exec:\pvdjj.exe23⤵
- Executes dropped EXE
-
\??\c:\pppvv.exec:\pppvv.exe24⤵
- Executes dropped EXE
-
\??\c:\xlrxllf.exec:\xlrxllf.exe25⤵
- Executes dropped EXE
-
\??\c:\btnhbb.exec:\btnhbb.exe26⤵
- Executes dropped EXE
-
\??\c:\jpddd.exec:\jpddd.exe27⤵
- Executes dropped EXE
-
\??\c:\jddvd.exec:\jddvd.exe28⤵
- Executes dropped EXE
-
\??\c:\fxxxllr.exec:\fxxxllr.exe29⤵
- Executes dropped EXE
-
\??\c:\9hthhn.exec:\9hthhn.exe30⤵
- Executes dropped EXE
-
\??\c:\hnnbtn.exec:\hnnbtn.exe31⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe32⤵
- Executes dropped EXE
-
\??\c:\xfrfrrl.exec:\xfrfrrl.exe33⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe34⤵
- Executes dropped EXE
-
\??\c:\5ttnhh.exec:\5ttnhh.exe35⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe36⤵
- Executes dropped EXE
-
\??\c:\frrlfff.exec:\frrlfff.exe37⤵
- Executes dropped EXE
-
\??\c:\hnnhbb.exec:\hnnhbb.exe38⤵
- Executes dropped EXE
-
\??\c:\tbhbtt.exec:\tbhbtt.exe39⤵
- Executes dropped EXE
-
\??\c:\7lffxrl.exec:\7lffxrl.exe40⤵
- Executes dropped EXE
-
\??\c:\7xrlfxx.exec:\7xrlfxx.exe41⤵
- Executes dropped EXE
-
\??\c:\7tnbth.exec:\7tnbth.exe42⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe43⤵
- Executes dropped EXE
-
\??\c:\lxrlfxf.exec:\lxrlfxf.exe44⤵
- Executes dropped EXE
-
\??\c:\btnnhh.exec:\btnnhh.exe45⤵
- Executes dropped EXE
-
\??\c:\lxffxxr.exec:\lxffxxr.exe46⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe47⤵
- Executes dropped EXE
-
\??\c:\9xllffx.exec:\9xllffx.exe48⤵
- Executes dropped EXE
-
\??\c:\xlrlllf.exec:\xlrlllf.exe49⤵
- Executes dropped EXE
-
\??\c:\bbntbb.exec:\bbntbb.exe50⤵
- Executes dropped EXE
-
\??\c:\9tnhbb.exec:\9tnhbb.exe51⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe52⤵
- Executes dropped EXE
-
\??\c:\vjdpp.exec:\vjdpp.exe53⤵
- Executes dropped EXE
-
\??\c:\9flfxxx.exec:\9flfxxx.exe54⤵
- Executes dropped EXE
-
\??\c:\bbtnnh.exec:\bbtnnh.exe55⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nntntb.exec:\nntntb.exe56⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vpjjd.exec:\vpjjd.exe58⤵
- Executes dropped EXE
-
\??\c:\rllfxxx.exec:\rllfxxx.exe59⤵
- Executes dropped EXE
-
\??\c:\9rxxxll.exec:\9rxxxll.exe60⤵
- Executes dropped EXE
-
\??\c:\tnnnhh.exec:\tnnnhh.exe61⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe62⤵
- Executes dropped EXE
-
\??\c:\3vdvd.exec:\3vdvd.exe63⤵
- Executes dropped EXE
-
\??\c:\rrxrrrx.exec:\rrxrrrx.exe64⤵
- Executes dropped EXE
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe65⤵
- Executes dropped EXE
-
\??\c:\5nbbhh.exec:\5nbbhh.exe66⤵
-
\??\c:\thhttt.exec:\thhttt.exe67⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe68⤵
-
\??\c:\jdddp.exec:\jdddp.exe69⤵
-
\??\c:\flllxfl.exec:\flllxfl.exe70⤵
-
\??\c:\5pjjp.exec:\5pjjp.exe71⤵
-
\??\c:\lflfxrr.exec:\lflfxrr.exe72⤵
-
\??\c:\llllxxl.exec:\llllxxl.exe73⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe74⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe75⤵
-
\??\c:\djvpp.exec:\djvpp.exe76⤵
-
\??\c:\rlllxxr.exec:\rlllxxr.exe77⤵
-
\??\c:\lffxxff.exec:\lffxxff.exe78⤵
-
\??\c:\tnbtbh.exec:\tnbtbh.exe79⤵
-
\??\c:\hbnnhn.exec:\hbnnhn.exe80⤵
-
\??\c:\jdppj.exec:\jdppj.exe81⤵
-
\??\c:\xxlllll.exec:\xxlllll.exe82⤵
-
\??\c:\lxlllll.exec:\lxlllll.exe83⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe84⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe85⤵
-
\??\c:\rlfxfff.exec:\rlfxfff.exe86⤵
-
\??\c:\fxxffrl.exec:\fxxffrl.exe87⤵
-
\??\c:\5httnn.exec:\5httnn.exe88⤵
-
\??\c:\vppjd.exec:\vppjd.exe89⤵
-
\??\c:\lfflfff.exec:\lfflfff.exe90⤵
-
\??\c:\rlxxrrr.exec:\rlxxrrr.exe91⤵
-
\??\c:\thbttt.exec:\thbttt.exe92⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe93⤵
-
\??\c:\jjvjd.exec:\jjvjd.exe94⤵
-
\??\c:\rrxflrx.exec:\rrxflrx.exe95⤵
-
\??\c:\7hnhnn.exec:\7hnhnn.exe96⤵
-
\??\c:\1hbttt.exec:\1hbttt.exe97⤵
-
\??\c:\jddvj.exec:\jddvj.exe98⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe99⤵
-
\??\c:\xrlfllr.exec:\xrlfllr.exe100⤵
-
\??\c:\nnttbb.exec:\nnttbb.exe101⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe102⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe103⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe104⤵
-
\??\c:\fxlflfl.exec:\fxlflfl.exe105⤵
-
\??\c:\bnhbbh.exec:\bnhbbh.exe106⤵
-
\??\c:\tbnbtb.exec:\tbnbtb.exe107⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe108⤵
-
\??\c:\xllfxxr.exec:\xllfxxr.exe109⤵
-
\??\c:\lffxxrr.exec:\lffxxrr.exe110⤵
-
\??\c:\tntttt.exec:\tntttt.exe111⤵
-
\??\c:\djdpd.exec:\djdpd.exe112⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe113⤵
-
\??\c:\fflxrlf.exec:\fflxrlf.exe114⤵
-
\??\c:\htbttt.exec:\htbttt.exe115⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe116⤵
-
\??\c:\nnttnt.exec:\nnttnt.exe117⤵
-
\??\c:\jvddd.exec:\jvddd.exe118⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe119⤵
-
\??\c:\7xxxxxx.exec:\7xxxxxx.exe120⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-