Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/09/2024, 07:49
General
-
Target
2b95f3f33e0ad83cb777a5b2f24c2ad666571e36ee2a366cd09a414f28785308N.exe
-
Size
68KB
-
MD5
170e0d450d0b9b23a4ab9f5055cb4700
-
SHA1
c2ecaea7c6dad88c8c654c5abea63ffca8e5432a
-
SHA256
2b95f3f33e0ad83cb777a5b2f24c2ad666571e36ee2a366cd09a414f28785308
-
SHA512
cf21353c7b73f35139cf940335c827d849aa28d243e6671f0526749897a9a467ee712d78e0c2e651d2dcb2acb4b9ff283ac4a292e1330c003d5dc1449d000032
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAcZ:ymb3NkkiQ3mdBjFIsIVcZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2b95f3f33e0ad83cb777a5b2f24c2ad666571e36ee2a366cd09a414f28785308N.exe"C:\Users\Admin\AppData\Local\Temp\2b95f3f33e0ad83cb777a5b2f24c2ad666571e36ee2a366cd09a414f28785308N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhbh.exec:\tbhhbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04864.exec:\04864.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnbn.exec:\hhnnbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6842048.exec:\6842048.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxfxx.exec:\fxfxfxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4022604.exec:\4022604.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\068604.exec:\068604.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxxrx.exec:\fxfxxrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\846860.exec:\846860.exe10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\026486.exec:\026486.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrlff.exec:\lffrlff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o286626.exec:\o286626.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbtn.exec:\bttbtn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g2642.exec:\g2642.exe15⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnthb.exec:\nbnthb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\26282.exec:\26282.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a0088.exec:\a0088.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbbnh.exec:\7bbbnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\44642.exec:\44642.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\426202.exec:\426202.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdj.exec:\jvjdj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhbh.exec:\bbbhbh.exe23⤵
- Executes dropped EXE
-
\??\c:\thbnbt.exec:\thbnbt.exe24⤵
- Executes dropped EXE
-
\??\c:\ddvpd.exec:\ddvpd.exe25⤵
- Executes dropped EXE
-
\??\c:\42048.exec:\42048.exe26⤵
- Executes dropped EXE
-
\??\c:\5dppd.exec:\5dppd.exe27⤵
- Executes dropped EXE
-
\??\c:\1xfxllf.exec:\1xfxllf.exe28⤵
- Executes dropped EXE
-
\??\c:\hththb.exec:\hththb.exe29⤵
- Executes dropped EXE
-
\??\c:\k64864.exec:\k64864.exe30⤵
- Executes dropped EXE
-
\??\c:\i448220.exec:\i448220.exe31⤵
- Executes dropped EXE
-
\??\c:\jdddd.exec:\jdddd.exe32⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe33⤵
- Executes dropped EXE
-
\??\c:\8642042.exec:\8642042.exe34⤵
- Executes dropped EXE
-
\??\c:\28826.exec:\28826.exe35⤵
- Executes dropped EXE
-
\??\c:\46220.exec:\46220.exe36⤵
- Executes dropped EXE
-
\??\c:\8844882.exec:\8844882.exe37⤵
- Executes dropped EXE
-
\??\c:\m4820.exec:\m4820.exe38⤵
- Executes dropped EXE
-
\??\c:\xlxfflr.exec:\xlxfflr.exe39⤵
- Executes dropped EXE
-
\??\c:\1hbhbn.exec:\1hbhbn.exe40⤵
- Executes dropped EXE
-
\??\c:\4260482.exec:\4260482.exe41⤵
- Executes dropped EXE
-
\??\c:\djdvj.exec:\djdvj.exe42⤵
- Executes dropped EXE
-
\??\c:\xlfrfxf.exec:\xlfrfxf.exe43⤵
- Executes dropped EXE
-
\??\c:\4226082.exec:\4226082.exe44⤵
- Executes dropped EXE
-
\??\c:\0004820.exec:\0004820.exe45⤵
- Executes dropped EXE
-
\??\c:\0444444.exec:\0444444.exe46⤵
- Executes dropped EXE
-
\??\c:\tnhhhn.exec:\tnhhhn.exe47⤵
- Executes dropped EXE
-
\??\c:\1vpdj.exec:\1vpdj.exe48⤵
- Executes dropped EXE
-
\??\c:\c804264.exec:\c804264.exe49⤵
- Executes dropped EXE
-
\??\c:\666462.exec:\666462.exe50⤵
- Executes dropped EXE
-
\??\c:\a0080.exec:\a0080.exe51⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe52⤵
- Executes dropped EXE
-
\??\c:\062082.exec:\062082.exe53⤵
- Executes dropped EXE
-
\??\c:\pddpv.exec:\pddpv.exe54⤵
- Executes dropped EXE
-
\??\c:\2404866.exec:\2404866.exe55⤵
- Executes dropped EXE
-
\??\c:\5thnhb.exec:\5thnhb.exe56⤵
- Executes dropped EXE
-
\??\c:\9lrlxxr.exec:\9lrlxxr.exe57⤵
- Executes dropped EXE
-
\??\c:\068222.exec:\068222.exe58⤵
- Executes dropped EXE
-
\??\c:\g2208.exec:\g2208.exe59⤵
- Executes dropped EXE
-
\??\c:\86686.exec:\86686.exe60⤵
- Executes dropped EXE
-
\??\c:\5pvjj.exec:\5pvjj.exe61⤵
- Executes dropped EXE
-
\??\c:\vjdpj.exec:\vjdpj.exe62⤵
- Executes dropped EXE
-
\??\c:\lrrfxlx.exec:\lrrfxlx.exe63⤵
- Executes dropped EXE
-
\??\c:\e62204.exec:\e62204.exe64⤵
- Executes dropped EXE
-
\??\c:\bhntbt.exec:\bhntbt.exe65⤵
- Executes dropped EXE
-
\??\c:\86086.exec:\86086.exe66⤵
-
\??\c:\6804866.exec:\6804866.exe67⤵
-
\??\c:\86480.exec:\86480.exe68⤵
-
\??\c:\6442620.exec:\6442620.exe69⤵
-
\??\c:\frxllxr.exec:\frxllxr.exe70⤵
-
\??\c:\4000486.exec:\4000486.exe71⤵
-
\??\c:\rffllrr.exec:\rffllrr.exe72⤵
-
\??\c:\tnnnnh.exec:\tnnnnh.exe73⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe74⤵
-
\??\c:\826644.exec:\826644.exe75⤵
-
\??\c:\a4420.exec:\a4420.exe76⤵
-
\??\c:\4282604.exec:\4282604.exe77⤵
-
\??\c:\nbtntn.exec:\nbtntn.exe78⤵
-
\??\c:\rlrrxxx.exec:\rlrrxxx.exe79⤵
-
\??\c:\5fxlrll.exec:\5fxlrll.exe80⤵
-
\??\c:\02220.exec:\02220.exe81⤵
-
\??\c:\m4486.exec:\m4486.exe82⤵
-
\??\c:\a4082.exec:\a4082.exe83⤵
-
\??\c:\8282660.exec:\8282660.exe84⤵
-
\??\c:\200488.exec:\200488.exe85⤵
-
\??\c:\0680260.exec:\0680260.exe86⤵
-
\??\c:\s8864.exec:\s8864.exe87⤵
-
\??\c:\lrrflfx.exec:\lrrflfx.exe88⤵
-
\??\c:\vdpdp.exec:\vdpdp.exe89⤵
-
\??\c:\w60420.exec:\w60420.exe90⤵
-
\??\c:\444888.exec:\444888.exe91⤵
-
\??\c:\pvpdj.exec:\pvpdj.exe92⤵
-
\??\c:\o064866.exec:\o064866.exe93⤵
-
\??\c:\xrxxxxf.exec:\xrxxxxf.exe94⤵
-
\??\c:\frlxflx.exec:\frlxflx.exe95⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe96⤵
-
\??\c:\804228.exec:\804228.exe97⤵
-
\??\c:\3hbnbt.exec:\3hbnbt.exe98⤵
-
\??\c:\62648.exec:\62648.exe99⤵
-
\??\c:\frxrxxf.exec:\frxrxxf.exe100⤵
-
\??\c:\9rrlxrf.exec:\9rrlxrf.exe101⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe102⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe103⤵
-
\??\c:\86042.exec:\86042.exe104⤵
-
\??\c:\882648.exec:\882648.exe105⤵
-
\??\c:\a6264.exec:\a6264.exe106⤵
-
\??\c:\5hhthh.exec:\5hhthh.exe107⤵
-
\??\c:\e06664.exec:\e06664.exe108⤵
-
\??\c:\frfrfxl.exec:\frfrfxl.exe109⤵
-
\??\c:\4406004.exec:\4406004.exe110⤵
-
\??\c:\xrfrrlf.exec:\xrfrrlf.exe111⤵
-
\??\c:\m8260.exec:\m8260.exe112⤵
-
\??\c:\6042088.exec:\6042088.exe113⤵
-
\??\c:\7nnbbt.exec:\7nnbbt.exe114⤵
-
\??\c:\084264.exec:\084264.exe115⤵
-
\??\c:\tntttn.exec:\tntttn.exe116⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe117⤵
-
\??\c:\022648.exec:\022648.exe118⤵
-
\??\c:\00064.exec:\00064.exe119⤵
-
\??\c:\1llxfxr.exec:\1llxfxr.exe120⤵
-
\??\c:\bhbtnh.exec:\bhbtnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-