Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/09/2024, 19:24
General
-
Target
37918be0fce9a8b5054840faac9bdd0b4bc30291652e6097dd0a2173b2caec37N.exe
-
Size
72KB
-
MD5
809e38221a4bb4e38ad053ebbe345500
-
SHA1
255e7190d3fe610373c7110c3b46dbe033112d37
-
SHA256
37918be0fce9a8b5054840faac9bdd0b4bc30291652e6097dd0a2173b2caec37
-
SHA512
ff1c0e1c5272596dbc4169646d632840307684f07ee127535c64a58feef90348cab1691c1d88cf1da47a1084e42334c7b0aa3298de6b5e8e8af247d692906cc0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfjfg6:ymb3NkkiQ3mdBjFI4Vvg6
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\37918be0fce9a8b5054840faac9bdd0b4bc30291652e6097dd0a2173b2caec37N.exe"C:\Users\Admin\AppData\Local\Temp\37918be0fce9a8b5054840faac9bdd0b4bc30291652e6097dd0a2173b2caec37N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdd.exec:\vppdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ddpv.exec:\3ddpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxxrx.exec:\xxfxxrx.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrfxl.exec:\xlxrfxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htthnh.exec:\htthnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhtnb.exec:\5hhtnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpv.exec:\ppvpv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlllffx.exec:\xlllffx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttnh.exec:\btttnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjd.exec:\pjpjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxllrr.exec:\lfxllrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrfxl.exec:\fxxrfxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbnht.exec:\ntbnht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdp.exec:\jpjdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpdp.exec:\pvpdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rfrlxf.exec:\3rfrlxf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbbhh.exec:\7tbbhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvj.exec:\vddvj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlffx.exec:\lrrlffx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhhh.exec:\tnhhhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbhh.exec:\bbbbhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfflxrl.exec:\xfflxrl.exe23⤵
- Executes dropped EXE
-
\??\c:\hhbbbb.exec:\hhbbbb.exe24⤵
- Executes dropped EXE
-
\??\c:\vvdpj.exec:\vvdpj.exe25⤵
- Executes dropped EXE
-
\??\c:\fxrlfff.exec:\fxrlfff.exe26⤵
- Executes dropped EXE
-
\??\c:\ttntbt.exec:\ttntbt.exe27⤵
- Executes dropped EXE
-
\??\c:\nnhbtt.exec:\nnhbtt.exe28⤵
- Executes dropped EXE
-
\??\c:\jjjvj.exec:\jjjvj.exe29⤵
- Executes dropped EXE
-
\??\c:\7jvpp.exec:\7jvpp.exe30⤵
- Executes dropped EXE
-
\??\c:\frxrllf.exec:\frxrllf.exe31⤵
- Executes dropped EXE
-
\??\c:\rlfxffr.exec:\rlfxffr.exe32⤵
- Executes dropped EXE
-
\??\c:\nhhnhh.exec:\nhhnhh.exe33⤵
- Executes dropped EXE
-
\??\c:\dvdpj.exec:\dvdpj.exe34⤵
- Executes dropped EXE
-
\??\c:\xlfxxfx.exec:\xlfxxfx.exe35⤵
- Executes dropped EXE
-
\??\c:\3xflffx.exec:\3xflffx.exe36⤵
- Executes dropped EXE
-
\??\c:\btnntt.exec:\btnntt.exe37⤵
- Executes dropped EXE
-
\??\c:\vdddv.exec:\vdddv.exe38⤵
- Executes dropped EXE
-
\??\c:\1vvpd.exec:\1vvpd.exe39⤵
- Executes dropped EXE
-
\??\c:\xfrlffx.exec:\xfrlffx.exe40⤵
- Executes dropped EXE
-
\??\c:\nhttbb.exec:\nhttbb.exe41⤵
- Executes dropped EXE
-
\??\c:\9tbthh.exec:\9tbthh.exe42⤵
- Executes dropped EXE
-
\??\c:\3vjdv.exec:\3vjdv.exe43⤵
- Executes dropped EXE
-
\??\c:\jpvdj.exec:\jpvdj.exe44⤵
- Executes dropped EXE
-
\??\c:\lllfrrr.exec:\lllfrrr.exe45⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe46⤵
- Executes dropped EXE
-
\??\c:\3tthbb.exec:\3tthbb.exe47⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe48⤵
- Executes dropped EXE
-
\??\c:\dvdpd.exec:\dvdpd.exe49⤵
- Executes dropped EXE
-
\??\c:\xlrlfxf.exec:\xlrlfxf.exe50⤵
- Executes dropped EXE
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe51⤵
- Executes dropped EXE
-
\??\c:\nbnttt.exec:\nbnttt.exe52⤵
- Executes dropped EXE
-
\??\c:\hnhbnh.exec:\hnhbnh.exe53⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vppjj.exec:\vppjj.exe54⤵
- Executes dropped EXE
-
\??\c:\rxlfxxr.exec:\rxlfxxr.exe55⤵
- Executes dropped EXE
-
\??\c:\rffxrrl.exec:\rffxrrl.exe56⤵
- Executes dropped EXE
-
\??\c:\btnnbt.exec:\btnnbt.exe57⤵
- Executes dropped EXE
-
\??\c:\nhnnhh.exec:\nhnnhh.exe58⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe59⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe60⤵
- Executes dropped EXE
-
\??\c:\rxffxxr.exec:\rxffxxr.exe61⤵
- Executes dropped EXE
-
\??\c:\9nbhhh.exec:\9nbhhh.exe62⤵
- Executes dropped EXE
-
\??\c:\thnnbb.exec:\thnnbb.exe63⤵
- Executes dropped EXE
-
\??\c:\djvvp.exec:\djvvp.exe64⤵
- Executes dropped EXE
-
\??\c:\pvvvp.exec:\pvvvp.exe65⤵
- Executes dropped EXE
-
\??\c:\xrxflrx.exec:\xrxflrx.exe66⤵
-
\??\c:\lfxlfff.exec:\lfxlfff.exe67⤵
-
\??\c:\tnttnt.exec:\tnttnt.exe68⤵
-
\??\c:\9dvpj.exec:\9dvpj.exe69⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe70⤵
-
\??\c:\rxxrllf.exec:\rxxrllf.exe71⤵
-
\??\c:\xlrrlxx.exec:\xlrrlxx.exe72⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe73⤵
-
\??\c:\thtbtt.exec:\thtbtt.exe74⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe75⤵
-
\??\c:\pjddj.exec:\pjddj.exe76⤵
-
\??\c:\rllxrrr.exec:\rllxrrr.exe77⤵
-
\??\c:\ffxxrrf.exec:\ffxxrrf.exe78⤵
-
\??\c:\nnhnth.exec:\nnhnth.exe79⤵
-
\??\c:\7jjjv.exec:\7jjjv.exe80⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe81⤵
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe82⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe83⤵
-
\??\c:\bttbbb.exec:\bttbbb.exe84⤵
-
\??\c:\tbbthh.exec:\tbbthh.exe85⤵
-
\??\c:\jdpdd.exec:\jdpdd.exe86⤵
-
\??\c:\5bnnbb.exec:\5bnnbb.exe87⤵
-
\??\c:\thnthh.exec:\thnthh.exe88⤵
-
\??\c:\vdpjp.exec:\vdpjp.exe89⤵
-
\??\c:\dppjj.exec:\dppjj.exe90⤵
-
\??\c:\fxxfxfx.exec:\fxxfxfx.exe91⤵
-
\??\c:\rlllllf.exec:\rlllllf.exe92⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe93⤵
-
\??\c:\httthh.exec:\httthh.exe94⤵
-
\??\c:\dpjjd.exec:\dpjjd.exe95⤵
-
\??\c:\5jjdd.exec:\5jjdd.exe96⤵
-
\??\c:\xrxlfxx.exec:\xrxlfxx.exe97⤵
-
\??\c:\1nnhnh.exec:\1nnhnh.exe98⤵
-
\??\c:\7jpjv.exec:\7jpjv.exe99⤵
-
\??\c:\rllrfff.exec:\rllrfff.exe100⤵
-
\??\c:\rrrxrxx.exec:\rrrxrxx.exe101⤵
-
\??\c:\bhhbtt.exec:\bhhbtt.exe102⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe103⤵
-
\??\c:\djpjd.exec:\djpjd.exe104⤵
-
\??\c:\xllfxxx.exec:\xllfxxx.exe105⤵
-
\??\c:\rlrlxrx.exec:\rlrlxrx.exe106⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe107⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vjppj.exec:\vjppj.exe108⤵
-
\??\c:\jdppv.exec:\jdppv.exe109⤵
-
\??\c:\llxxllf.exec:\llxxllf.exe110⤵
-
\??\c:\lfxrxxl.exec:\lfxrxxl.exe111⤵
-
\??\c:\thnnhn.exec:\thnnhn.exe112⤵
-
\??\c:\djvpv.exec:\djvpv.exe113⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe114⤵
-
\??\c:\rlrlllx.exec:\rlrlllx.exe115⤵
-
\??\c:\lxxrrrf.exec:\lxxrrrf.exe116⤵
-
\??\c:\ththhb.exec:\ththhb.exe117⤵
-
\??\c:\nhnhhb.exec:\nhnhhb.exe118⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe119⤵
-
\??\c:\jvpvj.exec:\jvpvj.exe120⤵
-
\??\c:\rffrfff.exec:\rffrfff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-