Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
27/09/2024, 01:49
General
-
Target
6558b1f2294480b5cd30587ba2ba3718657082a9fbf29734e7d3173ba94d0d75N.exe
-
Size
107KB
-
MD5
7461f95eb1b187083c509b60cfdec670
-
SHA1
1baa81647383f00fe47a80dd1d722c15a112ae01
-
SHA256
6558b1f2294480b5cd30587ba2ba3718657082a9fbf29734e7d3173ba94d0d75
-
SHA512
4b235c62e255f3d2f64268dcb4c94988c66b538bce2b951d7fb8b4ffce6b38e23d3f4767ae0d7fb9f578c7370e76790d8154d7096083101f5277cb93708ea368
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KVT+buwUGu3P3Cme:n3C9BRo7MlrWKVT+buBGu3PHe
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 38 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6558b1f2294480b5cd30587ba2ba3718657082a9fbf29734e7d3173ba94d0d75N.exe"C:\Users\Admin\AppData\Local\Temp\6558b1f2294480b5cd30587ba2ba3718657082a9fbf29734e7d3173ba94d0d75N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxlx.exec:\xllfxlx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhthh.exec:\5hhthh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhth.exec:\htnhth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlxrx.exec:\rlrlxrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvd.exec:\jdpvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdv.exec:\vpvdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnbbh.exec:\htnbbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjd.exec:\vjpjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxxrx.exec:\fxfxxrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxrx.exec:\rllfxrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnhbt.exec:\3bnhbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrfxl.exec:\xlfrfxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvpv.exec:\3vvpv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvjv.exec:\7vvjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lffrrl.exec:\3lffrrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ttntn.exec:\5ttntn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflxlfr.exec:\xflxlfr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnbt.exec:\nhtnbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnnn.exec:\nhtnnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpd.exec:\dvvpd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlllxff.exec:\xlllxff.exe23⤵
- Executes dropped EXE
-
\??\c:\9lrfrlf.exec:\9lrfrlf.exe24⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe25⤵
- Executes dropped EXE
-
\??\c:\djdpv.exec:\djdpv.exe26⤵
- Executes dropped EXE
-
\??\c:\pppdp.exec:\pppdp.exe27⤵
- Executes dropped EXE
-
\??\c:\fllxlfx.exec:\fllxlfx.exe28⤵
- Executes dropped EXE
-
\??\c:\btnnhh.exec:\btnnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\tbbtnh.exec:\tbbtnh.exe30⤵
- Executes dropped EXE
-
\??\c:\vdvpd.exec:\vdvpd.exe31⤵
- Executes dropped EXE
-
\??\c:\xlxrfxr.exec:\xlxrfxr.exe32⤵
- Executes dropped EXE
-
\??\c:\xrlxrlx.exec:\xrlxrlx.exe33⤵
- Executes dropped EXE
-
\??\c:\httnbt.exec:\httnbt.exe34⤵
- Executes dropped EXE
-
\??\c:\5djdv.exec:\5djdv.exe35⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe36⤵
- Executes dropped EXE
-
\??\c:\lllfxlf.exec:\lllfxlf.exe37⤵
- Executes dropped EXE
-
\??\c:\htnhtn.exec:\htnhtn.exe38⤵
- Executes dropped EXE
-
\??\c:\hththt.exec:\hththt.exe39⤵
- Executes dropped EXE
-
\??\c:\vjdpd.exec:\vjdpd.exe40⤵
- Executes dropped EXE
-
\??\c:\5fxrxrf.exec:\5fxrxrf.exe41⤵
- Executes dropped EXE
-
\??\c:\7htbnh.exec:\7htbnh.exe42⤵
- Executes dropped EXE
-
\??\c:\5xrfrlf.exec:\5xrfrlf.exe43⤵
- Executes dropped EXE
-
\??\c:\frfrrxx.exec:\frfrrxx.exe44⤵
- Executes dropped EXE
-
\??\c:\5hbtnh.exec:\5hbtnh.exe45⤵
- Executes dropped EXE
-
\??\c:\7tbnbt.exec:\7tbnbt.exe46⤵
- Executes dropped EXE
-
\??\c:\3pjdp.exec:\3pjdp.exe47⤵
- Executes dropped EXE
-
\??\c:\ffrlxrf.exec:\ffrlxrf.exe48⤵
- Executes dropped EXE
-
\??\c:\xrxrfxx.exec:\xrxrfxx.exe49⤵
- Executes dropped EXE
-
\??\c:\hnhbhh.exec:\hnhbhh.exe50⤵
- Executes dropped EXE
-
\??\c:\tttnbt.exec:\tttnbt.exe51⤵
- Executes dropped EXE
-
\??\c:\pvpjv.exec:\pvpjv.exe52⤵
- Executes dropped EXE
-
\??\c:\pvvdp.exec:\pvvdp.exe53⤵
- Executes dropped EXE
-
\??\c:\rxffrrl.exec:\rxffrrl.exe54⤵
- Executes dropped EXE
-
\??\c:\rflxrfx.exec:\rflxrfx.exe55⤵
- Executes dropped EXE
-
\??\c:\htnhtn.exec:\htnhtn.exe56⤵
- Executes dropped EXE
-
\??\c:\hbhhtn.exec:\hbhhtn.exe57⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe58⤵
- Executes dropped EXE
-
\??\c:\xlxlxlr.exec:\xlxlxlr.exe59⤵
- Executes dropped EXE
-
\??\c:\9tthtn.exec:\9tthtn.exe60⤵
- Executes dropped EXE
-
\??\c:\3tnhtn.exec:\3tnhtn.exe61⤵
- Executes dropped EXE
-
\??\c:\9vvvj.exec:\9vvvj.exe62⤵
- Executes dropped EXE
-
\??\c:\rfffllx.exec:\rfffllx.exe63⤵
- Executes dropped EXE
-
\??\c:\tbnbtt.exec:\tbnbtt.exe64⤵
- Executes dropped EXE
-
\??\c:\nhnnbt.exec:\nhnnbt.exe65⤵
- Executes dropped EXE
-
\??\c:\pvppv.exec:\pvppv.exe66⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe67⤵
-
\??\c:\5frfxrf.exec:\5frfxrf.exe68⤵
-
\??\c:\htnhbn.exec:\htnhbn.exe69⤵
-
\??\c:\7dpjv.exec:\7dpjv.exe70⤵
-
\??\c:\xlrrrfx.exec:\xlrrrfx.exe71⤵
-
\??\c:\1btnhb.exec:\1btnhb.exe72⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe73⤵
-
\??\c:\djjjj.exec:\djjjj.exe74⤵
-
\??\c:\xlfrxrl.exec:\xlfrxrl.exe75⤵
-
\??\c:\ttnbnh.exec:\ttnbnh.exe76⤵
-
\??\c:\hnbnhb.exec:\hnbnhb.exe77⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe78⤵
-
\??\c:\rxffrrr.exec:\rxffrrr.exe79⤵
-
\??\c:\rlfxfff.exec:\rlfxfff.exe80⤵
-
\??\c:\hbtbtt.exec:\hbtbtt.exe81⤵
-
\??\c:\3pvvj.exec:\3pvvj.exe82⤵
-
\??\c:\vjvjv.exec:\vjvjv.exe83⤵
-
\??\c:\rxrxlxx.exec:\rxrxlxx.exe84⤵
-
\??\c:\rfrffxx.exec:\rfrffxx.exe85⤵
-
\??\c:\ttnbnn.exec:\ttnbnn.exe86⤵
-
\??\c:\5jjdd.exec:\5jjdd.exe87⤵
-
\??\c:\pvdpd.exec:\pvdpd.exe88⤵
-
\??\c:\lllflxr.exec:\lllflxr.exe89⤵
-
\??\c:\rxfrfrf.exec:\rxfrfrf.exe90⤵
-
\??\c:\tbbntn.exec:\tbbntn.exe91⤵
-
\??\c:\1btntb.exec:\1btntb.exe92⤵
-
\??\c:\jvvjv.exec:\jvvjv.exe93⤵
-
\??\c:\rflflfx.exec:\rflflfx.exe94⤵
-
\??\c:\xrlxxrr.exec:\xrlxxrr.exe95⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe96⤵
-
\??\c:\nhbhtn.exec:\nhbhtn.exe97⤵
-
\??\c:\djddp.exec:\djddp.exe98⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe99⤵
-
\??\c:\lxrlxxl.exec:\lxrlxxl.exe100⤵
-
\??\c:\fxfrfxx.exec:\fxfrfxx.exe101⤵
-
\??\c:\nnhthb.exec:\nnhthb.exe102⤵
-
\??\c:\thnttb.exec:\thnttb.exe103⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe104⤵
-
\??\c:\7dvjj.exec:\7dvjj.exe105⤵
-
\??\c:\rxlxfrl.exec:\rxlxfrl.exe106⤵
-
\??\c:\9rlxlfr.exec:\9rlxlfr.exe107⤵
-
\??\c:\7bthth.exec:\7bthth.exe108⤵
-
\??\c:\nhhtbt.exec:\nhhtbt.exe109⤵
-
\??\c:\9vpdp.exec:\9vpdp.exe110⤵
-
\??\c:\1xrlrlf.exec:\1xrlrlf.exe111⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nbnhth.exec:\nbnhth.exe112⤵
-
\??\c:\bhhthb.exec:\bhhthb.exe113⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe114⤵
-
\??\c:\1vvjj.exec:\1vvjj.exe115⤵
-
\??\c:\lxrlxrl.exec:\lxrlxrl.exe116⤵
-
\??\c:\5hnhhb.exec:\5hnhhb.exe117⤵
-
\??\c:\bnnbbt.exec:\bnnbbt.exe118⤵
-
\??\c:\1vvpj.exec:\1vvpj.exe119⤵
-
\??\c:\btnhbt.exec:\btnhbt.exe120⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-