Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
27/09/2024, 23:52
General
-
Target
8eb42f4f742964203a185f2f57235885b51c7585539c8cd81250f1c3a2cb48ce.exe
-
Size
70KB
-
MD5
2adf4179e2d501c51cf356be3840681e
-
SHA1
0a6d6f8f33d399288279496bcb1108781d3d56bb
-
SHA256
8eb42f4f742964203a185f2f57235885b51c7585539c8cd81250f1c3a2cb48ce
-
SHA512
07548fb09bba1d946b5580778fd23a7eda1f84b684793d7cea39c0d4cc3670b07a2e947f612af3eb040d1ffaef4ef6a40c56b4e68edb40b08014d539df4ecba0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfUcicP:ymb3NkkiQ3mdBjFI4V4ciU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8eb42f4f742964203a185f2f57235885b51c7585539c8cd81250f1c3a2cb48ce.exe"C:\Users\Admin\AppData\Local\Temp\8eb42f4f742964203a185f2f57235885b51c7585539c8cd81250f1c3a2cb48ce.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjv.exec:\vppjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxlxrf.exec:\3fxlxrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtnt.exec:\htbtnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjp.exec:\dvvjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpdp.exec:\9jpdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxrlf.exec:\frlxrlf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntthn.exec:\tntthn.exe8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhbhh.exec:\9nhbhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxrrf.exec:\lllxrrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbtn.exec:\bnhbtn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdp.exec:\dppdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxlff.exec:\xrrxlff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxxrx.exec:\lxfxxrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvdv.exec:\vvvdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrrffr.exec:\lxrrffr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtthh.exec:\nbtthh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdp.exec:\jdjdp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvj.exec:\pvdvj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fflfrl.exec:\1fflfrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbnbt.exec:\7nbnbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjd.exec:\vjpjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvj.exec:\jjdvj.exe23⤵
- Executes dropped EXE
-
\??\c:\7xrfllx.exec:\7xrfllx.exe24⤵
- Executes dropped EXE
-
\??\c:\fxrfxrf.exec:\fxrfxrf.exe25⤵
- Executes dropped EXE
-
\??\c:\3btnbn.exec:\3btnbn.exe26⤵
- Executes dropped EXE
-
\??\c:\dpdpd.exec:\dpdpd.exe27⤵
- Executes dropped EXE
-
\??\c:\lxrfrll.exec:\lxrfrll.exe28⤵
- Executes dropped EXE
-
\??\c:\thnbbn.exec:\thnbbn.exe29⤵
- Executes dropped EXE
-
\??\c:\hnbbtn.exec:\hnbbtn.exe30⤵
- Executes dropped EXE
-
\??\c:\9lfflfx.exec:\9lfflfx.exe31⤵
- Executes dropped EXE
-
\??\c:\nhhbnh.exec:\nhhbnh.exe32⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe33⤵
- Executes dropped EXE
-
\??\c:\5rfrfxr.exec:\5rfrfxr.exe34⤵
- Executes dropped EXE
-
\??\c:\nhntbb.exec:\nhntbb.exe35⤵
- Executes dropped EXE
-
\??\c:\nbthtb.exec:\nbthtb.exe36⤵
- Executes dropped EXE
-
\??\c:\3pjvd.exec:\3pjvd.exe37⤵
- Executes dropped EXE
-
\??\c:\rlxrxxr.exec:\rlxrxxr.exe38⤵
- Executes dropped EXE
-
\??\c:\5fflxfx.exec:\5fflxfx.exe39⤵
- Executes dropped EXE
-
\??\c:\thtttn.exec:\thtttn.exe40⤵
- Executes dropped EXE
-
\??\c:\5tnhtn.exec:\5tnhtn.exe41⤵
- Executes dropped EXE
-
\??\c:\7pvpd.exec:\7pvpd.exe42⤵
- Executes dropped EXE
-
\??\c:\xlxrrfl.exec:\xlxrrfl.exe43⤵
- Executes dropped EXE
-
\??\c:\xllfxrf.exec:\xllfxrf.exe44⤵
- Executes dropped EXE
-
\??\c:\hbnhbb.exec:\hbnhbb.exe45⤵
- Executes dropped EXE
-
\??\c:\9nhhtn.exec:\9nhhtn.exe46⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe47⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe48⤵
- Executes dropped EXE
-
\??\c:\rxlfrlx.exec:\rxlfrlx.exe49⤵
- Executes dropped EXE
-
\??\c:\lxrlxrf.exec:\lxrlxrf.exe50⤵
- Executes dropped EXE
-
\??\c:\bthtbn.exec:\bthtbn.exe51⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe52⤵
- Executes dropped EXE
-
\??\c:\9dpdp.exec:\9dpdp.exe53⤵
- Executes dropped EXE
-
\??\c:\lxffxrl.exec:\lxffxrl.exe54⤵
- Executes dropped EXE
-
\??\c:\thbnbn.exec:\thbnbn.exe55⤵
- Executes dropped EXE
-
\??\c:\thhthb.exec:\thhthb.exe56⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe57⤵
- Executes dropped EXE
-
\??\c:\jvpdd.exec:\jvpdd.exe58⤵
- Executes dropped EXE
-
\??\c:\rlrffxl.exec:\rlrffxl.exe59⤵
- Executes dropped EXE
-
\??\c:\nhtnbb.exec:\nhtnbb.exe60⤵
- Executes dropped EXE
-
\??\c:\tnhhhh.exec:\tnhhhh.exe61⤵
- Executes dropped EXE
-
\??\c:\pdvpd.exec:\pdvpd.exe62⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe63⤵
- Executes dropped EXE
-
\??\c:\lfxlrxl.exec:\lfxlrxl.exe64⤵
- Executes dropped EXE
-
\??\c:\rrxrlfr.exec:\rrxrlfr.exe65⤵
- Executes dropped EXE
-
\??\c:\tthhht.exec:\tthhht.exe66⤵
-
\??\c:\7ddvp.exec:\7ddvp.exe67⤵
-
\??\c:\1jpdv.exec:\1jpdv.exe68⤵
-
\??\c:\rxfrfxf.exec:\rxfrfxf.exe69⤵
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe70⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hbhbhb.exec:\hbhbhb.exe71⤵
-
\??\c:\nbtnbt.exec:\nbtnbt.exe72⤵
-
\??\c:\1jpdd.exec:\1jpdd.exe73⤵
-
\??\c:\jppdp.exec:\jppdp.exe74⤵
-
\??\c:\frxlxrf.exec:\frxlxrf.exe75⤵
-
\??\c:\frlfrlf.exec:\frlfrlf.exe76⤵
-
\??\c:\3hnhtn.exec:\3hnhtn.exe77⤵
-
\??\c:\vddpd.exec:\vddpd.exe78⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe79⤵
-
\??\c:\rfrffxx.exec:\rfrffxx.exe80⤵
-
\??\c:\rxfxlll.exec:\rxfxlll.exe81⤵
-
\??\c:\htthbt.exec:\htthbt.exe82⤵
-
\??\c:\bhhbtt.exec:\bhhbtt.exe83⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe84⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe85⤵
-
\??\c:\xxxfrxx.exec:\xxxfrxx.exe86⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe87⤵
-
\??\c:\nttntn.exec:\nttntn.exe88⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe89⤵
-
\??\c:\1vdvj.exec:\1vdvj.exe90⤵
-
\??\c:\lrrlffr.exec:\lrrlffr.exe91⤵
-
\??\c:\flrlxrl.exec:\flrlxrl.exe92⤵
-
\??\c:\tbnnbt.exec:\tbnnbt.exe93⤵
-
\??\c:\nnthbt.exec:\nnthbt.exe94⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe95⤵
-
\??\c:\7djdv.exec:\7djdv.exe96⤵
-
\??\c:\rxxlrll.exec:\rxxlrll.exe97⤵
-
\??\c:\rxxxrlx.exec:\rxxxrlx.exe98⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe99⤵
-
\??\c:\7pvpp.exec:\7pvpp.exe100⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe101⤵
-
\??\c:\llllxrr.exec:\llllxrr.exe102⤵
-
\??\c:\xrxlffl.exec:\xrxlffl.exe103⤵
-
\??\c:\1hbtnh.exec:\1hbtnh.exe104⤵
-
\??\c:\hbtntn.exec:\hbtntn.exe105⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe106⤵
-
\??\c:\7jjvj.exec:\7jjvj.exe107⤵
-
\??\c:\flrlxrl.exec:\flrlxrl.exe108⤵
-
\??\c:\lffxlfx.exec:\lffxlfx.exe109⤵
-
\??\c:\btnhbt.exec:\btnhbt.exe110⤵
-
\??\c:\3nbtnn.exec:\3nbtnn.exe111⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe112⤵
-
\??\c:\lrxlfxr.exec:\lrxlfxr.exe113⤵
-
\??\c:\3xxlfxr.exec:\3xxlfxr.exe114⤵
-
\??\c:\nttnhb.exec:\nttnhb.exe115⤵
-
\??\c:\hnbnhn.exec:\hnbnhn.exe116⤵
-
\??\c:\3dvpd.exec:\3dvpd.exe117⤵
-
\??\c:\5djdj.exec:\5djdj.exe118⤵
-
\??\c:\rfflrlf.exec:\rfflrlf.exe119⤵
-
\??\c:\xrrlflf.exec:\xrrlflf.exe120⤵
-
\??\c:\bhhthh.exec:\bhhthh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-