Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
25/09/2024, 09:45
General
-
Target
34dbebbd60567a61015dd638ef44f58fcf42594a4efc2559de3887c8a8dc2f55N.exe
-
Size
65KB
-
MD5
d3b85f7c04f24ed881373477bcf50af0
-
SHA1
746bb10f0750140e4deafcf50bb4eca14499b76d
-
SHA256
34dbebbd60567a61015dd638ef44f58fcf42594a4efc2559de3887c8a8dc2f55
-
SHA512
fb2605e99df6c79bb697ae1e4ec83c8de1973f8f3dae286cabe65d15e033705f85e5db70484913bf46c035aeaa8d797a8c7478bb882812de18947d5f2d4523fc
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27Bqfm:ymb3NkkiQ3mdBjFI9cqfm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\34dbebbd60567a61015dd638ef44f58fcf42594a4efc2559de3887c8a8dc2f55N.exe"C:\Users\Admin\AppData\Local\Temp\34dbebbd60567a61015dd638ef44f58fcf42594a4efc2559de3887c8a8dc2f55N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnhh.exec:\tntnhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddv.exec:\vvddv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxrll.exec:\xrfxrll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbtn.exec:\hbhbtn.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhnt.exec:\nhnhnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvpj.exec:\1vvpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhnhh.exec:\9hhnhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvd.exec:\vjvvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rfrffr.exec:\7rfrffr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbtb.exec:\tbbbtb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthtn.exec:\ttthtn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjp.exec:\vpjjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlffl.exec:\lrrlffl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbhb.exec:\bnhbhb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbbb.exec:\bntbbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjvv.exec:\djjvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrfxr.exec:\rffrfxr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhthhb.exec:\nhthhb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pppd.exec:\7pppd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jpdv.exec:\5jpdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbnb.exec:\btnbnb.exe23⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe24⤵
- Executes dropped EXE
-
\??\c:\xllxlxx.exec:\xllxlxx.exe25⤵
- Executes dropped EXE
-
\??\c:\1nnthb.exec:\1nnthb.exe26⤵
- Executes dropped EXE
-
\??\c:\djpdj.exec:\djpdj.exe27⤵
- Executes dropped EXE
-
\??\c:\pdvdp.exec:\pdvdp.exe28⤵
- Executes dropped EXE
-
\??\c:\lffrflx.exec:\lffrflx.exe29⤵
- Executes dropped EXE
-
\??\c:\btntnh.exec:\btntnh.exe30⤵
- Executes dropped EXE
-
\??\c:\thnhtb.exec:\thnhtb.exe31⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe32⤵
- Executes dropped EXE
-
\??\c:\rxlffrr.exec:\rxlffrr.exe33⤵
- Executes dropped EXE
-
\??\c:\hbtnhb.exec:\hbtnhb.exe34⤵
- Executes dropped EXE
-
\??\c:\nbbnbb.exec:\nbbnbb.exe35⤵
- Executes dropped EXE
-
\??\c:\vvpdp.exec:\vvpdp.exe36⤵
- Executes dropped EXE
-
\??\c:\lrxrlfx.exec:\lrxrlfx.exe37⤵
- Executes dropped EXE
-
\??\c:\7bnbtn.exec:\7bnbtn.exe38⤵
- Executes dropped EXE
-
\??\c:\bhnnhb.exec:\bhnnhb.exe39⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe40⤵
- Executes dropped EXE
-
\??\c:\5jvjv.exec:\5jvjv.exe41⤵
- Executes dropped EXE
-
\??\c:\rxxrffr.exec:\rxxrffr.exe42⤵
- Executes dropped EXE
-
\??\c:\nhtnnb.exec:\nhtnnb.exe43⤵
- Executes dropped EXE
-
\??\c:\5ppjd.exec:\5ppjd.exe44⤵
- Executes dropped EXE
-
\??\c:\vvjvd.exec:\vvjvd.exe45⤵
- Executes dropped EXE
-
\??\c:\xxxrrxf.exec:\xxxrrxf.exe46⤵
- Executes dropped EXE
-
\??\c:\btbbhb.exec:\btbbhb.exe47⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe48⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe49⤵
- Executes dropped EXE
-
\??\c:\lfllffl.exec:\lfllffl.exe50⤵
- Executes dropped EXE
-
\??\c:\tnnnbt.exec:\tnnnbt.exe51⤵
- Executes dropped EXE
-
\??\c:\ttnbtb.exec:\ttnbtb.exe52⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe53⤵
- Executes dropped EXE
-
\??\c:\rfrxxrf.exec:\rfrxxrf.exe54⤵
- Executes dropped EXE
-
\??\c:\tbnhhb.exec:\tbnhhb.exe55⤵
- Executes dropped EXE
-
\??\c:\nbhbtt.exec:\nbhbtt.exe56⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\djvvv.exec:\djvvv.exe57⤵
- Executes dropped EXE
-
\??\c:\1fffllr.exec:\1fffllr.exe58⤵
- Executes dropped EXE
-
\??\c:\5nnhnn.exec:\5nnhnn.exe59⤵
- Executes dropped EXE
-
\??\c:\dpdpd.exec:\dpdpd.exe60⤵
- Executes dropped EXE
-
\??\c:\llffxfl.exec:\llffxfl.exe61⤵
- Executes dropped EXE
-
\??\c:\lxfxrlf.exec:\lxfxrlf.exe62⤵
- Executes dropped EXE
-
\??\c:\5nnhtt.exec:\5nnhtt.exe63⤵
- Executes dropped EXE
-
\??\c:\nbbbnb.exec:\nbbbnb.exe64⤵
- Executes dropped EXE
-
\??\c:\vvvpp.exec:\vvvpp.exe65⤵
- Executes dropped EXE
-
\??\c:\vddvv.exec:\vddvv.exe66⤵
-
\??\c:\rfxlxrl.exec:\rfxlxrl.exe67⤵
-
\??\c:\nhbhbt.exec:\nhbhbt.exe68⤵
-
\??\c:\dpjvp.exec:\dpjvp.exe69⤵
-
\??\c:\djpjv.exec:\djpjv.exe70⤵
-
\??\c:\lffrllf.exec:\lffrllf.exe71⤵
-
\??\c:\ppppj.exec:\ppppj.exe72⤵
-
\??\c:\7jpjd.exec:\7jpjd.exe73⤵
-
\??\c:\lfflxlf.exec:\lfflxlf.exe74⤵
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe75⤵
-
\??\c:\7bhbnn.exec:\7bhbnn.exe76⤵
-
\??\c:\5dvpp.exec:\5dvpp.exe77⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe78⤵
-
\??\c:\xrxrlfx.exec:\xrxrlfx.exe79⤵
-
\??\c:\bnnhnn.exec:\bnnhnn.exe80⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe81⤵
-
\??\c:\1dvjv.exec:\1dvjv.exe82⤵
-
\??\c:\xffxffr.exec:\xffxffr.exe83⤵
-
\??\c:\rrfxlfr.exec:\rrfxlfr.exe84⤵
-
\??\c:\nnbnhb.exec:\nnbnhb.exe85⤵
-
\??\c:\jdddp.exec:\jdddp.exe86⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe87⤵
-
\??\c:\xxrfrlf.exec:\xxrfrlf.exe88⤵
-
\??\c:\9nnbhb.exec:\9nnbhb.exe89⤵
-
\??\c:\nbhnnh.exec:\nbhnnh.exe90⤵
-
\??\c:\hbhthb.exec:\hbhthb.exe91⤵
-
\??\c:\djdpd.exec:\djdpd.exe92⤵
-
\??\c:\vjpdp.exec:\vjpdp.exe93⤵
-
\??\c:\xxrlflx.exec:\xxrlflx.exe94⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe95⤵
-
\??\c:\9ddpd.exec:\9ddpd.exe96⤵
-
\??\c:\dpjvd.exec:\dpjvd.exe97⤵
-
\??\c:\frrlxxr.exec:\frrlxxr.exe98⤵
-
\??\c:\hnbthb.exec:\hnbthb.exe99⤵
-
\??\c:\nnbthb.exec:\nnbthb.exe100⤵
-
\??\c:\ntbthb.exec:\ntbthb.exe101⤵
-
\??\c:\jppjv.exec:\jppjv.exe102⤵
-
\??\c:\rflfrrr.exec:\rflfrrr.exe103⤵
-
\??\c:\fxrfrll.exec:\fxrfrll.exe104⤵
-
\??\c:\htnnnn.exec:\htnnnn.exe105⤵
-
\??\c:\bttbnh.exec:\bttbnh.exe106⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe107⤵
-
\??\c:\xlrlfff.exec:\xlrlfff.exe108⤵
-
\??\c:\3frrllx.exec:\3frrllx.exe109⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe110⤵
-
\??\c:\httnbt.exec:\httnbt.exe111⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe112⤵
-
\??\c:\xxffxll.exec:\xxffxll.exe113⤵
-
\??\c:\3rrfrlf.exec:\3rrfrlf.exe114⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe115⤵
-
\??\c:\tbbtbb.exec:\tbbtbb.exe116⤵
-
\??\c:\djppj.exec:\djppj.exe117⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe118⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe119⤵
-
\??\c:\rrfxffx.exec:\rrfxffx.exe120⤵
-
\??\c:\xlllfxl.exec:\xlllfxl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-