Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
28/09/2024, 15:05
General
-
Target
1a88103e31823ab19067765c78426d4bf54caf64a45296244cf590239492d6dcN.exe
-
Size
79KB
-
MD5
43d05b7faf0a556ceb711b75ddd85050
-
SHA1
fbff5aa86a21c6063168b109b227f6a820b5b6e5
-
SHA256
1a88103e31823ab19067765c78426d4bf54caf64a45296244cf590239492d6dc
-
SHA512
54c988dbad351a619387940c01e3581b419afd41e53421053a9fa2de1a400908154392a0e1557e63fe44139a597db18eca343938a965a86c33b81c3a307e0cb9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5rINFE4yeN:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCu4Q
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a88103e31823ab19067765c78426d4bf54caf64a45296244cf590239492d6dcN.exe"C:\Users\Admin\AppData\Local\Temp\1a88103e31823ab19067765c78426d4bf54caf64a45296244cf590239492d6dcN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\s0482.exec:\s0482.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfrrl.exec:\xrlfrrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k44426.exec:\k44426.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppdp.exec:\1ppdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\284448.exec:\284448.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jpvv.exec:\5jpvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8004226.exec:\8004226.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrfx.exec:\fxfxrfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2222660.exec:\2222660.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjjj.exec:\dpjjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4800444.exec:\4800444.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbtt.exec:\nbbbtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\46408.exec:\46408.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i248866.exec:\i248866.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjj.exec:\dvpjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\424026.exec:\424026.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\46488.exec:\46488.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfxxf.exec:\fxlfxxf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrxxxl.exec:\flrxxxl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m2044.exec:\m2044.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\468862.exec:\468862.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4404260.exec:\4404260.exe23⤵
- Executes dropped EXE
-
\??\c:\4022666.exec:\4022666.exe24⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\86826.exec:\86826.exe25⤵
- Executes dropped EXE
-
\??\c:\ddjvv.exec:\ddjvv.exe26⤵
- Executes dropped EXE
-
\??\c:\28446.exec:\28446.exe27⤵
- Executes dropped EXE
-
\??\c:\a8448.exec:\a8448.exe28⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe29⤵
- Executes dropped EXE
-
\??\c:\a4042.exec:\a4042.exe30⤵
- Executes dropped EXE
-
\??\c:\086404.exec:\086404.exe31⤵
- Executes dropped EXE
-
\??\c:\fllfrrl.exec:\fllfrrl.exe32⤵
- Executes dropped EXE
-
\??\c:\28604.exec:\28604.exe33⤵
- Executes dropped EXE
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe34⤵
- Executes dropped EXE
-
\??\c:\lfrffxl.exec:\lfrffxl.exe35⤵
- Executes dropped EXE
-
\??\c:\4660226.exec:\4660226.exe36⤵
- Executes dropped EXE
-
\??\c:\4626048.exec:\4626048.exe37⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe38⤵
- Executes dropped EXE
-
\??\c:\88220.exec:\88220.exe39⤵
- Executes dropped EXE
-
\??\c:\5rxxxff.exec:\5rxxxff.exe40⤵
- Executes dropped EXE
-
\??\c:\9hnhbh.exec:\9hnhbh.exe41⤵
- Executes dropped EXE
-
\??\c:\9xfrffx.exec:\9xfrffx.exe42⤵
- Executes dropped EXE
-
\??\c:\1xllffl.exec:\1xllffl.exe43⤵
- Executes dropped EXE
-
\??\c:\44688.exec:\44688.exe44⤵
- Executes dropped EXE
-
\??\c:\nnhhbb.exec:\nnhhbb.exe45⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe46⤵
- Executes dropped EXE
-
\??\c:\5lrlfll.exec:\5lrlfll.exe47⤵
- Executes dropped EXE
-
\??\c:\9htttt.exec:\9htttt.exe48⤵
- Executes dropped EXE
-
\??\c:\thhhnn.exec:\thhhnn.exe49⤵
- Executes dropped EXE
-
\??\c:\2204886.exec:\2204886.exe50⤵
- Executes dropped EXE
-
\??\c:\68666.exec:\68666.exe51⤵
- Executes dropped EXE
-
\??\c:\hthhnn.exec:\hthhnn.exe52⤵
- Executes dropped EXE
-
\??\c:\0464484.exec:\0464484.exe53⤵
- Executes dropped EXE
-
\??\c:\a0044.exec:\a0044.exe54⤵
- Executes dropped EXE
-
\??\c:\2660482.exec:\2660482.exe55⤵
- Executes dropped EXE
-
\??\c:\0022266.exec:\0022266.exe56⤵
- Executes dropped EXE
-
\??\c:\flffxrl.exec:\flffxrl.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nbbhbt.exec:\nbbhbt.exe58⤵
- Executes dropped EXE
-
\??\c:\vppvp.exec:\vppvp.exe59⤵
- Executes dropped EXE
-
\??\c:\rrrfrlx.exec:\rrrfrlx.exe60⤵
- Executes dropped EXE
-
\??\c:\2868642.exec:\2868642.exe61⤵
- Executes dropped EXE
-
\??\c:\3fxflxf.exec:\3fxflxf.exe62⤵
- Executes dropped EXE
-
\??\c:\488488.exec:\488488.exe63⤵
- Executes dropped EXE
-
\??\c:\lxrrfxl.exec:\lxrrfxl.exe64⤵
- Executes dropped EXE
-
\??\c:\rxfxxxr.exec:\rxfxxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\i660448.exec:\i660448.exe66⤵
- System Location Discovery: System Language Discovery
-
\??\c:\m8826.exec:\m8826.exe67⤵
-
\??\c:\824046.exec:\824046.exe68⤵
-
\??\c:\tntttb.exec:\tntttb.exe69⤵
-
\??\c:\bnttth.exec:\bnttth.exe70⤵
-
\??\c:\62266.exec:\62266.exe71⤵
-
\??\c:\04660.exec:\04660.exe72⤵
-
\??\c:\4608428.exec:\4608428.exe73⤵
-
\??\c:\9nnhnn.exec:\9nnhnn.exe74⤵
-
\??\c:\2068226.exec:\2068226.exe75⤵
-
\??\c:\4026666.exec:\4026666.exe76⤵
-
\??\c:\22606.exec:\22606.exe77⤵
-
\??\c:\5fxrfxr.exec:\5fxrfxr.exe78⤵
-
\??\c:\xrxrlrr.exec:\xrxrlrr.exe79⤵
-
\??\c:\84482.exec:\84482.exe80⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1rxrlfx.exec:\1rxrlfx.exe81⤵
-
\??\c:\flxllfx.exec:\flxllfx.exe82⤵
-
\??\c:\9btnhh.exec:\9btnhh.exe83⤵
-
\??\c:\1xrrlff.exec:\1xrrlff.exe84⤵
-
\??\c:\xxlfrfr.exec:\xxlfrfr.exe85⤵
-
\??\c:\9ttnnh.exec:\9ttnnh.exe86⤵
-
\??\c:\40062.exec:\40062.exe87⤵
-
\??\c:\224422.exec:\224422.exe88⤵
-
\??\c:\fxrxllf.exec:\fxrxllf.exe89⤵
-
\??\c:\a0000.exec:\a0000.exe90⤵
-
\??\c:\rxffxrr.exec:\rxffxrr.exe91⤵
-
\??\c:\bbhbnn.exec:\bbhbnn.exe92⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe93⤵
-
\??\c:\frrxrlr.exec:\frrxrlr.exe94⤵
-
\??\c:\lfxflll.exec:\lfxflll.exe95⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe96⤵
-
\??\c:\9rlfrlf.exec:\9rlfrlf.exe97⤵
-
\??\c:\208260.exec:\208260.exe98⤵
-
\??\c:\e68204.exec:\e68204.exe99⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe100⤵
-
\??\c:\i260884.exec:\i260884.exe101⤵
-
\??\c:\20204.exec:\20204.exe102⤵
-
\??\c:\040420.exec:\040420.exe103⤵
-
\??\c:\i448260.exec:\i448260.exe104⤵
-
\??\c:\rxxrllx.exec:\rxxrllx.exe105⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe106⤵
-
\??\c:\42808.exec:\42808.exe107⤵
-
\??\c:\httthh.exec:\httthh.exe108⤵
-
\??\c:\tnnhtb.exec:\tnnhtb.exe109⤵
-
\??\c:\rllfffx.exec:\rllfffx.exe110⤵
-
\??\c:\u626048.exec:\u626048.exe111⤵
-
\??\c:\lxrrlfx.exec:\lxrrlfx.exe112⤵
-
\??\c:\5rfrfff.exec:\5rfrfff.exe113⤵
-
\??\c:\3tttnh.exec:\3tttnh.exe114⤵
-
\??\c:\btnbbt.exec:\btnbbt.exe115⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe116⤵
-
\??\c:\btntnt.exec:\btntnt.exe117⤵
-
\??\c:\k88266.exec:\k88266.exe118⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe119⤵
-
\??\c:\684860.exec:\684860.exe120⤵
-
\??\c:\lfxxrrl.exec:\lfxxrrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-