Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
117s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
29/09/2024, 21:56
General
-
Target
18f28bed7ab0d17eacc82f1d113c8cd5f8d4216ef0c043657b513499c87a0362N.exe
-
Size
71KB
-
MD5
97c2b47c015b7f2e0dff6dba3c36da50
-
SHA1
5d1612d3a43829242c9ef57b0cb978e6f4b84ea7
-
SHA256
18f28bed7ab0d17eacc82f1d113c8cd5f8d4216ef0c043657b513499c87a0362
-
SHA512
22d2d9a92f19e80072ccfd0f0b6879dee04124841b3917db2998b4b51d261f4fc840d7c8c8c42cc9b93090aa17e4c428c4037de0054b59e8ea37b09ed59d69b9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfjJ:ymb3NkkiQ3mdBjFI4VZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\18f28bed7ab0d17eacc82f1d113c8cd5f8d4216ef0c043657b513499c87a0362N.exe"C:\Users\Admin\AppData\Local\Temp\18f28bed7ab0d17eacc82f1d113c8cd5f8d4216ef0c043657b513499c87a0362N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvdv.exec:\1pvdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xfxrrr.exec:\7xfxrrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxlxrf.exec:\9fxlxrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtbtn.exec:\bhtbtn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvv.exec:\jvdvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxlfxr.exec:\xrxlfxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnhbt.exec:\1bnhbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjj.exec:\pdjjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfflrx.exec:\rxfflrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnhhh.exec:\5hnhhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvjd.exec:\vjvjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddpv.exec:\vddpv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrffxr.exec:\rlrffxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhthb.exec:\1bhthb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjd.exec:\pdpjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpp.exec:\pdvpp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflrrlr.exec:\xflrrlr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnntth.exec:\tnntth.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjpp.exec:\jpjpp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bhtbt.exec:\7bhtbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbtnh.exec:\5tbtnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvpd.exec:\3vvpd.exe23⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe24⤵
- Executes dropped EXE
-
\??\c:\thnbtn.exec:\thnbtn.exe25⤵
- Executes dropped EXE
-
\??\c:\hhhbtn.exec:\hhhbtn.exe26⤵
- Executes dropped EXE
-
\??\c:\pdvpd.exec:\pdvpd.exe27⤵
- Executes dropped EXE
-
\??\c:\1rxrxrx.exec:\1rxrxrx.exe28⤵
- Executes dropped EXE
-
\??\c:\nnnnbt.exec:\nnnnbt.exe29⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe30⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe31⤵
- Executes dropped EXE
-
\??\c:\5rrllff.exec:\5rrllff.exe32⤵
- Executes dropped EXE
-
\??\c:\nhnhnt.exec:\nhnhnt.exe33⤵
- Executes dropped EXE
-
\??\c:\hbbttn.exec:\hbbttn.exe34⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe35⤵
- Executes dropped EXE
-
\??\c:\xfxlfxr.exec:\xfxlfxr.exe36⤵
- Executes dropped EXE
-
\??\c:\xffxlfx.exec:\xffxlfx.exe37⤵
- Executes dropped EXE
-
\??\c:\nbtnhb.exec:\nbtnhb.exe38⤵
- Executes dropped EXE
-
\??\c:\bnthbt.exec:\bnthbt.exe39⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe40⤵
- Executes dropped EXE
-
\??\c:\frxlrxr.exec:\frxlrxr.exe41⤵
- Executes dropped EXE
-
\??\c:\fxlffrl.exec:\fxlffrl.exe42⤵
- Executes dropped EXE
-
\??\c:\1hhbnn.exec:\1hhbnn.exe43⤵
- Executes dropped EXE
-
\??\c:\7bhhbn.exec:\7bhhbn.exe44⤵
- Executes dropped EXE
-
\??\c:\7jdjj.exec:\7jdjj.exe45⤵
- Executes dropped EXE
-
\??\c:\xrflflr.exec:\xrflflr.exe46⤵
- Executes dropped EXE
-
\??\c:\7llfxrl.exec:\7llfxrl.exe47⤵
- Executes dropped EXE
-
\??\c:\bnbntn.exec:\bnbntn.exe48⤵
- Executes dropped EXE
-
\??\c:\jvpjj.exec:\jvpjj.exe49⤵
- Executes dropped EXE
-
\??\c:\vppdv.exec:\vppdv.exe50⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe51⤵
- Executes dropped EXE
-
\??\c:\lrrxlxl.exec:\lrrxlxl.exe52⤵
- Executes dropped EXE
-
\??\c:\hhbttn.exec:\hhbttn.exe53⤵
- Executes dropped EXE
-
\??\c:\jjjpp.exec:\jjjpp.exe54⤵
- Executes dropped EXE
-
\??\c:\pvvpv.exec:\pvvpv.exe55⤵
- Executes dropped EXE
-
\??\c:\frxxxrx.exec:\frxxxrx.exe56⤵
- Executes dropped EXE
-
\??\c:\htthnh.exec:\htthnh.exe57⤵
- Executes dropped EXE
-
\??\c:\ntthtn.exec:\ntthtn.exe58⤵
- Executes dropped EXE
-
\??\c:\pppdv.exec:\pppdv.exe59⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe60⤵
- Executes dropped EXE
-
\??\c:\xrrfxlx.exec:\xrrfxlx.exe61⤵
- Executes dropped EXE
-
\??\c:\btnbnh.exec:\btnbnh.exe62⤵
- Executes dropped EXE
-
\??\c:\ntbhnb.exec:\ntbhnb.exe63⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe64⤵
- Executes dropped EXE
-
\??\c:\djpdj.exec:\djpdj.exe65⤵
- Executes dropped EXE
-
\??\c:\9rfrlll.exec:\9rfrlll.exe66⤵
-
\??\c:\3xffxxr.exec:\3xffxxr.exe67⤵
-
\??\c:\nbtnbt.exec:\nbtnbt.exe68⤵
-
\??\c:\1hhbbt.exec:\1hhbbt.exe69⤵
-
\??\c:\pdpdp.exec:\pdpdp.exe70⤵
-
\??\c:\rlflfxx.exec:\rlflfxx.exe71⤵
-
\??\c:\rfllflx.exec:\rfllflx.exe72⤵
-
\??\c:\7lfxrrl.exec:\7lfxrrl.exe73⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe74⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe75⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe76⤵
-
\??\c:\frrfxrx.exec:\frrfxrx.exe77⤵
-
\??\c:\tnbhnh.exec:\tnbhnh.exe78⤵
-
\??\c:\tbbntn.exec:\tbbntn.exe79⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe80⤵
-
\??\c:\7vvvp.exec:\7vvvp.exe81⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe82⤵
-
\??\c:\1xfxllr.exec:\1xfxllr.exe83⤵
-
\??\c:\1rlfffx.exec:\1rlfffx.exe84⤵
-
\??\c:\tnhnnb.exec:\tnhnnb.exe85⤵
-
\??\c:\1bbttt.exec:\1bbttt.exe86⤵
-
\??\c:\jddjj.exec:\jddjj.exe87⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe88⤵
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe89⤵
-
\??\c:\btnnhh.exec:\btnnhh.exe90⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe91⤵
-
\??\c:\dpvjv.exec:\dpvjv.exe92⤵
-
\??\c:\xrxxrll.exec:\xrxxrll.exe93⤵
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe94⤵
-
\??\c:\bttntt.exec:\bttntt.exe95⤵
-
\??\c:\tbhbnh.exec:\tbhbnh.exe96⤵
-
\??\c:\dvddv.exec:\dvddv.exe97⤵
-
\??\c:\ffrfxrl.exec:\ffrfxrl.exe98⤵
-
\??\c:\nnnntt.exec:\nnnntt.exe99⤵
-
\??\c:\bttttb.exec:\bttttb.exe100⤵
-
\??\c:\xrxrrrx.exec:\xrxrrrx.exe101⤵
-
\??\c:\3nnhtn.exec:\3nnhtn.exe102⤵
-
\??\c:\tnhhbt.exec:\tnhhbt.exe103⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jdpvp.exec:\jdpvp.exe104⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe105⤵
-
\??\c:\rfffxxr.exec:\rfffxxr.exe106⤵
-
\??\c:\rfxrxxx.exec:\rfxrxxx.exe107⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe108⤵
-
\??\c:\1ntttb.exec:\1ntttb.exe109⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe110⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe111⤵
-
\??\c:\lffxllf.exec:\lffxllf.exe112⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe113⤵
-
\??\c:\1tbnbt.exec:\1tbnbt.exe114⤵
-
\??\c:\pjddv.exec:\pjddv.exe115⤵
-
\??\c:\5ddvp.exec:\5ddvp.exe116⤵
-
\??\c:\xxlfflr.exec:\xxlfflr.exe117⤵
-
\??\c:\hnntnb.exec:\hnntnb.exe118⤵
-
\??\c:\nbtttt.exec:\nbtttt.exe119⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe120⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-