Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
18/09/2024, 19:18
General
-
Target
1f726e54200936fa3a52f685ee1e37cf66a7e6d3313f8bfcba42ae0363b653c1.exe
-
Size
485KB
-
MD5
a73729110af72f656a3d255bf48ae9e1
-
SHA1
64c799d5a4d60d781a5baa97239f805ec690b0a0
-
SHA256
1f726e54200936fa3a52f685ee1e37cf66a7e6d3313f8bfcba42ae0363b653c1
-
SHA512
ab6374f73f20ef42bd78c1a8d40428c26fb2dc3058749772cd7a06a75fb67ccaededf30bcbf99ad9c3820a365a09b2f69862f97dc6051a31190e55907bb0ef83
-
SSDEEP
6144:n3C9BRo7tvnJ9oH0IRgZvjkUo7tvnJ9oH0IiVByq9CPobNVV:n3C9ytvngQjgtvngSV3CPobNVV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1f726e54200936fa3a52f685ee1e37cf66a7e6d3313f8bfcba42ae0363b653c1.exe"C:\Users\Admin\AppData\Local\Temp\1f726e54200936fa3a52f685ee1e37cf66a7e6d3313f8bfcba42ae0363b653c1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5ntnhn.exec:\5ntnhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnhtt.exec:\9nnhtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfxxr.exec:\fxxfxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjv.exec:\pdpjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbthb.exec:\ntbthb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxllf.exec:\lxfxllf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvpp.exec:\3vvpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnhbb.exec:\5tnhbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvp.exec:\vvdvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllllr.exec:\lfllllr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpdv.exec:\pdpdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvj.exec:\vddvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httntn.exec:\httntn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjv.exec:\pppjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlfxl.exec:\frxlfxl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvp.exec:\dpjvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlxlrl.exec:\lrlxlrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvdp.exec:\djvdp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxlff.exec:\xrlxlff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrrfrr.exec:\lxrrfrr.exe22⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpd.exec:\vjvpd.exe23⤵
- Executes dropped EXE
-
\??\c:\7xlxlfr.exec:\7xlxlfr.exe24⤵
- Executes dropped EXE
-
\??\c:\9vdpd.exec:\9vdpd.exe25⤵
- Executes dropped EXE
-
\??\c:\xfrfrlf.exec:\xfrfrlf.exe26⤵
- Executes dropped EXE
-
\??\c:\nnbhnb.exec:\nnbhnb.exe27⤵
- Executes dropped EXE
-
\??\c:\pjpdp.exec:\pjpdp.exe28⤵
- Executes dropped EXE
-
\??\c:\lllrfrl.exec:\lllrfrl.exe29⤵
- Executes dropped EXE
-
\??\c:\hnnbtn.exec:\hnnbtn.exe30⤵
- Executes dropped EXE
-
\??\c:\1djdj.exec:\1djdj.exe31⤵
- Executes dropped EXE
-
\??\c:\lllxrlf.exec:\lllxrlf.exe32⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe33⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe34⤵
- Executes dropped EXE
-
\??\c:\lfrllfl.exec:\lfrllfl.exe35⤵
- Executes dropped EXE
-
\??\c:\jpjvv.exec:\jpjvv.exe36⤵
- Executes dropped EXE
-
\??\c:\1rrfxlf.exec:\1rrfxlf.exe37⤵
- Executes dropped EXE
-
\??\c:\bnbthb.exec:\bnbthb.exe38⤵
- Executes dropped EXE
-
\??\c:\vjjvj.exec:\vjjvj.exe39⤵
- Executes dropped EXE
-
\??\c:\9llxfxl.exec:\9llxfxl.exe40⤵
- Executes dropped EXE
-
\??\c:\tnnhtb.exec:\tnnhtb.exe41⤵
- Executes dropped EXE
-
\??\c:\1dvjv.exec:\1dvjv.exe42⤵
- Executes dropped EXE
-
\??\c:\3lfrlxl.exec:\3lfrlxl.exe43⤵
- Executes dropped EXE
-
\??\c:\rrllfxl.exec:\rrllfxl.exe44⤵
- Executes dropped EXE
-
\??\c:\bhnbtt.exec:\bhnbtt.exe45⤵
- Executes dropped EXE
-
\??\c:\5vdpv.exec:\5vdpv.exe46⤵
- Executes dropped EXE
-
\??\c:\rxfrlfr.exec:\rxfrlfr.exe47⤵
- Executes dropped EXE
-
\??\c:\xllfrfr.exec:\xllfrfr.exe48⤵
- Executes dropped EXE
-
\??\c:\1hbnth.exec:\1hbnth.exe49⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe50⤵
- Executes dropped EXE
-
\??\c:\xrfrlxl.exec:\xrfrlxl.exe51⤵
- Executes dropped EXE
-
\??\c:\5tnbbt.exec:\5tnbbt.exe52⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe53⤵
- Executes dropped EXE
-
\??\c:\7llxrfx.exec:\7llxrfx.exe54⤵
- Executes dropped EXE
-
\??\c:\7nhbnh.exec:\7nhbnh.exe55⤵
- Executes dropped EXE
-
\??\c:\djjvj.exec:\djjvj.exe56⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\rllxlfr.exec:\rllxlfr.exe58⤵
- Executes dropped EXE
-
\??\c:\nbthtn.exec:\nbthtn.exe59⤵
- Executes dropped EXE
-
\??\c:\pppdp.exec:\pppdp.exe60⤵
- Executes dropped EXE
-
\??\c:\rrffxfl.exec:\rrffxfl.exe61⤵
- Executes dropped EXE
-
\??\c:\hnthtn.exec:\hnthtn.exe62⤵
- Executes dropped EXE
-
\??\c:\3jdvp.exec:\3jdvp.exe63⤵
- Executes dropped EXE
-
\??\c:\fxrlfxf.exec:\fxrlfxf.exe64⤵
- Executes dropped EXE
-
\??\c:\xxrlxrl.exec:\xxrlxrl.exe65⤵
- Executes dropped EXE
-
\??\c:\bbhbtt.exec:\bbhbtt.exe66⤵
-
\??\c:\pddpd.exec:\pddpd.exe67⤵
-
\??\c:\rrrlxxr.exec:\rrrlxxr.exe68⤵
-
\??\c:\9nnhtn.exec:\9nnhtn.exe69⤵
-
\??\c:\djjvp.exec:\djjvp.exe70⤵
-
\??\c:\rrflfxf.exec:\rrflfxf.exe71⤵
-
\??\c:\lllfrll.exec:\lllfrll.exe72⤵
-
\??\c:\ttbtbt.exec:\ttbtbt.exe73⤵
-
\??\c:\7jdpd.exec:\7jdpd.exe74⤵
-
\??\c:\9fxlxrx.exec:\9fxlxrx.exe75⤵
- System Location Discovery: System Language Discovery
-
\??\c:\5nnbnn.exec:\5nnbnn.exe76⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe77⤵
-
\??\c:\dpjvp.exec:\dpjvp.exe78⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lxrlrrl.exec:\lxrlrrl.exe79⤵
-
\??\c:\1hhhbt.exec:\1hhhbt.exe80⤵
-
\??\c:\hbnbtn.exec:\hbnbtn.exe81⤵
-
\??\c:\vdjjp.exec:\vdjjp.exe82⤵
-
\??\c:\rrxrxrx.exec:\rrxrxrx.exe83⤵
-
\??\c:\htnbhb.exec:\htnbhb.exe84⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe85⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe86⤵
-
\??\c:\lrfrllx.exec:\lrfrllx.exe87⤵
-
\??\c:\thbnht.exec:\thbnht.exe88⤵
-
\??\c:\3bhbtb.exec:\3bhbtb.exe89⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe90⤵
-
\??\c:\xfxlxrf.exec:\xfxlxrf.exe91⤵
-
\??\c:\xrfxlxr.exec:\xrfxlxr.exe92⤵
-
\??\c:\htnbnn.exec:\htnbnn.exe93⤵
-
\??\c:\vjjdj.exec:\vjjdj.exe94⤵
-
\??\c:\frxffxl.exec:\frxffxl.exe95⤵
-
\??\c:\3bnbnb.exec:\3bnbnb.exe96⤵
-
\??\c:\pdjvj.exec:\pdjvj.exe97⤵
-
\??\c:\fxxlrll.exec:\fxxlrll.exe98⤵
-
\??\c:\rxrfrll.exec:\rxrfrll.exe99⤵
-
\??\c:\hhnhtn.exec:\hhnhtn.exe100⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe101⤵
-
\??\c:\rxrlrlr.exec:\rxrlrlr.exe102⤵
-
\??\c:\hhnhnn.exec:\hhnhnn.exe103⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe104⤵
-
\??\c:\1llxrlx.exec:\1llxrlx.exe105⤵
-
\??\c:\1lxlxrf.exec:\1lxlxrf.exe106⤵
-
\??\c:\bnhtbt.exec:\bnhtbt.exe107⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe108⤵
-
\??\c:\bhtnbh.exec:\bhtnbh.exe109⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe110⤵
-
\??\c:\3xffrrf.exec:\3xffrrf.exe111⤵
-
\??\c:\xrlfffr.exec:\xrlfffr.exe112⤵
-
\??\c:\hnnbtn.exec:\hnnbtn.exe113⤵
-
\??\c:\djpjp.exec:\djpjp.exe114⤵
-
\??\c:\rrlxllx.exec:\rrlxllx.exe115⤵
-
\??\c:\hhhtht.exec:\hhhtht.exe116⤵
-
\??\c:\7tbnht.exec:\7tbnht.exe117⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe118⤵
-
\??\c:\5llxrlx.exec:\5llxrlx.exe119⤵
-
\??\c:\hntnnh.exec:\hntnnh.exe120⤵
-
\??\c:\nhnbtb.exec:\nhnbtb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-