Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
27/09/2024, 17:56
General
-
Target
e8617478199895ce265feb19ff938eaeb195c5751190fe034092d6c12bee1c34N.exe
-
Size
65KB
-
MD5
425d153dd998d24be8e9061f34c1a380
-
SHA1
0ad1b971c8669997acd409e09534d6ba00f4e6e4
-
SHA256
e8617478199895ce265feb19ff938eaeb195c5751190fe034092d6c12bee1c34
-
SHA512
8762966a6c863910bd8a232b0263633ef7c8a6c614d5c44dfb6007083a4478fdb46277848d7e256956d045f91824cb4e08ed53e6b6c83f1fb83b7de369ab39bf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxij:ymb3NkkiQ3mdBjF0y7kbA
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e8617478199895ce265feb19ff938eaeb195c5751190fe034092d6c12bee1c34N.exe"C:\Users\Admin\AppData\Local\Temp\e8617478199895ce265feb19ff938eaeb195c5751190fe034092d6c12bee1c34N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjvp.exec:\pdjvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrrlll.exec:\lrrrlll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlxxf.exec:\fxxlxxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbtn.exec:\bbtbtn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpd.exec:\vjvpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrrlf.exec:\rxfrrlf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ttntt.exec:\7ttntt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hnnbb.exec:\3hnnbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjpp.exec:\ddjpp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxxrr.exec:\fffxxrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrlxr.exec:\rffrlxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbtn.exec:\btnbtn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdj.exec:\jpjdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdp.exec:\pjjdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxlfx.exec:\rlfxlfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbhb.exec:\tnnbhb.exe17⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\3xlllrl.exec:\3xlllrl.exe18⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjpd.exec:\dpjpd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtt.exec:\btbbtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhthb.exec:\bhhthb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjv.exec:\dvpjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjv.exec:\jvpjv.exe23⤵
- Executes dropped EXE
-
\??\c:\xrfxffx.exec:\xrfxffx.exe24⤵
- Executes dropped EXE
-
\??\c:\rfrlfxf.exec:\rfrlfxf.exe25⤵
- Executes dropped EXE
-
\??\c:\btttth.exec:\btttth.exe26⤵
- Executes dropped EXE
-
\??\c:\bhbnbt.exec:\bhbnbt.exe27⤵
- Executes dropped EXE
-
\??\c:\vjjdd.exec:\vjjdd.exe28⤵
- Executes dropped EXE
-
\??\c:\9lrlllx.exec:\9lrlllx.exe29⤵
- Executes dropped EXE
-
\??\c:\xxlfxxx.exec:\xxlfxxx.exe30⤵
- Executes dropped EXE
-
\??\c:\tnnnhn.exec:\tnnnhn.exe31⤵
- Executes dropped EXE
-
\??\c:\dppdv.exec:\dppdv.exe32⤵
- Executes dropped EXE
-
\??\c:\fxffffx.exec:\fxffffx.exe33⤵
- Executes dropped EXE
-
\??\c:\ntthbb.exec:\ntthbb.exe34⤵
- Executes dropped EXE
-
\??\c:\nbhbtb.exec:\nbhbtb.exe35⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe36⤵
- Executes dropped EXE
-
\??\c:\llxfflf.exec:\llxfflf.exe37⤵
- Executes dropped EXE
-
\??\c:\bttttt.exec:\bttttt.exe38⤵
- Executes dropped EXE
-
\??\c:\ddddj.exec:\ddddj.exe39⤵
- Executes dropped EXE
-
\??\c:\djvvd.exec:\djvvd.exe40⤵
- Executes dropped EXE
-
\??\c:\rlrlffx.exec:\rlrlffx.exe41⤵
- Executes dropped EXE
-
\??\c:\bttnnt.exec:\bttnnt.exe42⤵
- Executes dropped EXE
-
\??\c:\bnhbbb.exec:\bnhbbb.exe43⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe44⤵
- Executes dropped EXE
-
\??\c:\lfffxff.exec:\lfffxff.exe45⤵
- Executes dropped EXE
-
\??\c:\rxxrrrl.exec:\rxxrrrl.exe46⤵
- Executes dropped EXE
-
\??\c:\bnttnn.exec:\bnttnn.exe47⤵
- Executes dropped EXE
-
\??\c:\pdppj.exec:\pdppj.exe48⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe49⤵
- Executes dropped EXE
-
\??\c:\xrxrfff.exec:\xrxrfff.exe50⤵
- Executes dropped EXE
-
\??\c:\lfrxrxx.exec:\lfrxrxx.exe51⤵
- Executes dropped EXE
-
\??\c:\tnttbh.exec:\tnttbh.exe52⤵
- Executes dropped EXE
-
\??\c:\tnnnnb.exec:\tnnnnb.exe53⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe54⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe55⤵
- Executes dropped EXE
-
\??\c:\xxlllxx.exec:\xxlllxx.exe56⤵
- Executes dropped EXE
-
\??\c:\5btnnh.exec:\5btnnh.exe57⤵
- Executes dropped EXE
-
\??\c:\nbhhtn.exec:\nbhhtn.exe58⤵
- Executes dropped EXE
-
\??\c:\dvjjd.exec:\dvjjd.exe59⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe60⤵
- Executes dropped EXE
-
\??\c:\rffxlll.exec:\rffxlll.exe61⤵
- Executes dropped EXE
-
\??\c:\hhttbb.exec:\hhttbb.exe62⤵
- Executes dropped EXE
-
\??\c:\nnnbtb.exec:\nnnbtb.exe63⤵
- Executes dropped EXE
-
\??\c:\nhbttt.exec:\nhbttt.exe64⤵
- Executes dropped EXE
-
\??\c:\dpjjj.exec:\dpjjj.exe65⤵
- Executes dropped EXE
-
\??\c:\lfxrxxf.exec:\lfxrxxf.exe66⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe67⤵
-
\??\c:\hhbhnt.exec:\hhbhnt.exe68⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe69⤵
-
\??\c:\jddvp.exec:\jddvp.exe70⤵
-
\??\c:\jdppv.exec:\jdppv.exe71⤵
-
\??\c:\lfxxlll.exec:\lfxxlll.exe72⤵
-
\??\c:\tntttb.exec:\tntttb.exe73⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe74⤵
-
\??\c:\frrxrrr.exec:\frrxrrr.exe75⤵
-
\??\c:\3xffxxr.exec:\3xffxxr.exe76⤵
-
\??\c:\tntntt.exec:\tntntt.exe77⤵
-
\??\c:\7hhhtt.exec:\7hhhtt.exe78⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe79⤵
-
\??\c:\rrllrrr.exec:\rrllrrr.exe80⤵
-
\??\c:\flxxrff.exec:\flxxrff.exe81⤵
-
\??\c:\thnbtb.exec:\thnbtb.exe82⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe83⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe84⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe85⤵
-
\??\c:\fxxxlrr.exec:\fxxxlrr.exe86⤵
-
\??\c:\xxflxxf.exec:\xxflxxf.exe87⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe88⤵
-
\??\c:\bbbttt.exec:\bbbttt.exe89⤵
-
\??\c:\pvppd.exec:\pvppd.exe90⤵
-
\??\c:\1vvvp.exec:\1vvvp.exe91⤵
-
\??\c:\fxffllx.exec:\fxffllx.exe92⤵
-
\??\c:\nbbhbb.exec:\nbbhbb.exe93⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe94⤵
-
\??\c:\hhbhbb.exec:\hhbhbb.exe95⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe96⤵
-
\??\c:\xxlfxxx.exec:\xxlfxxx.exe97⤵
-
\??\c:\flxlrxf.exec:\flxlrxf.exe98⤵
-
\??\c:\tbnnhh.exec:\tbnnhh.exe99⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe100⤵
-
\??\c:\pvvvj.exec:\pvvvj.exe101⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe102⤵
-
\??\c:\lfrxllx.exec:\lfrxllx.exe103⤵
-
\??\c:\bhbtnt.exec:\bhbtnt.exe104⤵
-
\??\c:\3nnnbb.exec:\3nnnbb.exe105⤵
-
\??\c:\pdddv.exec:\pdddv.exe106⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe107⤵
- System Location Discovery: System Language Discovery
-
\??\c:\7rxrlxx.exec:\7rxrlxx.exe108⤵
-
\??\c:\rxffxfx.exec:\rxffxfx.exe109⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe110⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe111⤵
-
\??\c:\5dvpp.exec:\5dvpp.exe112⤵
-
\??\c:\7ddpv.exec:\7ddpv.exe113⤵
-
\??\c:\fxllrxf.exec:\fxllrxf.exe114⤵
-
\??\c:\9thnnt.exec:\9thnnt.exe115⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe116⤵
-
\??\c:\9btnht.exec:\9btnht.exe117⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe118⤵
-
\??\c:\7frrxxx.exec:\7frrxxx.exe119⤵
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe120⤵
-
\??\c:\bbnbnn.exec:\bbnbnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-