Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
30/09/2024, 06:35
General
-
Target
71565bc0d58b7a2e369988d935550f7ed32ef9a5cc221eff985a95903cdc3764N.exe
-
Size
82KB
-
MD5
43fece1f89a797acee543c174ed7abf0
-
SHA1
a9a0b33b8dcca231929cbcc49cf912054a5c4c59
-
SHA256
71565bc0d58b7a2e369988d935550f7ed32ef9a5cc221eff985a95903cdc3764
-
SHA512
0d289313da1bece1d747daf206017e5aeaf4fc2b3579c86d731e68a14d765a802744bec08bf247af4a39f23bee284276b26670861382b4c785f07111893416f8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QE:ymb3NkkiQ3mdBjFIIp9L9QrrA8l
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\71565bc0d58b7a2e369988d935550f7ed32ef9a5cc221eff985a95903cdc3764N.exe"C:\Users\Admin\AppData\Local\Temp\71565bc0d58b7a2e369988d935550f7ed32ef9a5cc221eff985a95903cdc3764N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbtn.exec:\thnbtn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtht.exec:\tnbtht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdp.exec:\vppdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xxlrrl.exec:\9xxlrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfrlf.exec:\rllfrlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttbh.exec:\btttbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpd.exec:\jdvpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvpv.exec:\jjvpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxrrx.exec:\xrfxrrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnbbt.exec:\htnbbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvv.exec:\vvdvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfrlf.exec:\xrlfrlf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrlfr.exec:\rffrlfr.exe14⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbbn.exec:\hnnbbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhthb.exec:\hhhthb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppj.exec:\jpppj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxlffl.exec:\llxlffl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbhn.exec:\btnbhn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppd.exec:\vjppd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djdp.exec:\1djdp.exe21⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbtn.exec:\hnnbtn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pvvj.exec:\7pvvj.exe23⤵
- Executes dropped EXE
-
\??\c:\lxffxrr.exec:\lxffxrr.exe24⤵
- Executes dropped EXE
-
\??\c:\dvjjd.exec:\dvjjd.exe25⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe26⤵
- Executes dropped EXE
-
\??\c:\5rrrlrl.exec:\5rrrlrl.exe27⤵
- Executes dropped EXE
-
\??\c:\3bnhnn.exec:\3bnhnn.exe28⤵
- Executes dropped EXE
-
\??\c:\djpjv.exec:\djpjv.exe29⤵
- Executes dropped EXE
-
\??\c:\rfxrfff.exec:\rfxrfff.exe30⤵
- Executes dropped EXE
-
\??\c:\xlllfxx.exec:\xlllfxx.exe31⤵
- Executes dropped EXE
-
\??\c:\nnntnn.exec:\nnntnn.exe32⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe33⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe34⤵
- Executes dropped EXE
-
\??\c:\rlrlxxr.exec:\rlrlxxr.exe35⤵
- Executes dropped EXE
-
\??\c:\hnbbbb.exec:\hnbbbb.exe36⤵
- Executes dropped EXE
-
\??\c:\ttbtbb.exec:\ttbtbb.exe37⤵
- Executes dropped EXE
-
\??\c:\vdpdp.exec:\vdpdp.exe38⤵
- Executes dropped EXE
-
\??\c:\3vvpd.exec:\3vvpd.exe39⤵
- Executes dropped EXE
-
\??\c:\xxlxxlx.exec:\xxlxxlx.exe40⤵
- Executes dropped EXE
-
\??\c:\5rrrllf.exec:\5rrrllf.exe41⤵
- Executes dropped EXE
-
\??\c:\ttbbbb.exec:\ttbbbb.exe42⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe43⤵
- Executes dropped EXE
-
\??\c:\jdjpp.exec:\jdjpp.exe44⤵
- Executes dropped EXE
-
\??\c:\9flfxrr.exec:\9flfxrr.exe45⤵
- Executes dropped EXE
-
\??\c:\3bhhbt.exec:\3bhhbt.exe46⤵
- Executes dropped EXE
-
\??\c:\3ntttb.exec:\3ntttb.exe47⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe48⤵
- Executes dropped EXE
-
\??\c:\lfrlflf.exec:\lfrlflf.exe49⤵
- Executes dropped EXE
-
\??\c:\3bhbtn.exec:\3bhbtn.exe50⤵
- Executes dropped EXE
-
\??\c:\nnbbbh.exec:\nnbbbh.exe51⤵
- Executes dropped EXE
-
\??\c:\ppjdd.exec:\ppjdd.exe52⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe53⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rrlfxrr.exec:\rrlfxrr.exe54⤵
- Executes dropped EXE
-
\??\c:\xxxrrlx.exec:\xxxrrlx.exe55⤵
- Executes dropped EXE
-
\??\c:\7rrffrx.exec:\7rrffrx.exe56⤵
- Executes dropped EXE
-
\??\c:\nbthnt.exec:\nbthnt.exe57⤵
- Executes dropped EXE
-
\??\c:\9pvpj.exec:\9pvpj.exe58⤵
- Executes dropped EXE
-
\??\c:\xxrlffx.exec:\xxrlffx.exe59⤵
- Executes dropped EXE
-
\??\c:\xxffxrl.exec:\xxffxrl.exe60⤵
- Executes dropped EXE
-
\??\c:\tbbhht.exec:\tbbhht.exe61⤵
- Executes dropped EXE
-
\??\c:\nthhtt.exec:\nthhtt.exe62⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe63⤵
- Executes dropped EXE
-
\??\c:\fffxrrl.exec:\fffxrrl.exe64⤵
- Executes dropped EXE
-
\??\c:\xfxflfr.exec:\xfxflfr.exe65⤵
- Executes dropped EXE
-
\??\c:\xfffrfr.exec:\xfffrfr.exe66⤵
-
\??\c:\htttnn.exec:\htttnn.exe67⤵
-
\??\c:\7ppjd.exec:\7ppjd.exe68⤵
-
\??\c:\dvddd.exec:\dvddd.exe69⤵
-
\??\c:\xxrlllr.exec:\xxrlllr.exe70⤵
-
\??\c:\9xfxffl.exec:\9xfxffl.exe71⤵
-
\??\c:\tthbtn.exec:\tthbtn.exe72⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe73⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe74⤵
-
\??\c:\1xxrrrx.exec:\1xxrrrx.exe75⤵
-
\??\c:\rlllffx.exec:\rlllffx.exe76⤵
-
\??\c:\tnntnt.exec:\tnntnt.exe77⤵
-
\??\c:\thhbtn.exec:\thhbtn.exe78⤵
-
\??\c:\5ddvj.exec:\5ddvj.exe79⤵
-
\??\c:\7llfrrl.exec:\7llfrrl.exe80⤵
-
\??\c:\7ntnhn.exec:\7ntnhn.exe81⤵
-
\??\c:\pvddv.exec:\pvddv.exe82⤵
-
\??\c:\xrllfxr.exec:\xrllfxr.exe83⤵
-
\??\c:\7rxfxrl.exec:\7rxfxrl.exe84⤵
-
\??\c:\hbtnnt.exec:\hbtnnt.exe85⤵
-
\??\c:\5thbtn.exec:\5thbtn.exe86⤵
-
\??\c:\jddjd.exec:\jddjd.exe87⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe88⤵
-
\??\c:\rlllxxr.exec:\rlllxxr.exe89⤵
-
\??\c:\rlllfff.exec:\rlllfff.exe90⤵
-
\??\c:\9tttbt.exec:\9tttbt.exe91⤵
-
\??\c:\bntbnh.exec:\bntbnh.exe92⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe93⤵
-
\??\c:\3vvpp.exec:\3vvpp.exe94⤵
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe95⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe96⤵
-
\??\c:\5btnbb.exec:\5btnbb.exe97⤵
-
\??\c:\9vpjd.exec:\9vpjd.exe98⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe99⤵
-
\??\c:\lfrlxfr.exec:\lfrlxfr.exe100⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe101⤵
-
\??\c:\5tnbht.exec:\5tnbht.exe102⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe103⤵
-
\??\c:\lxxlfxx.exec:\lxxlfxx.exe104⤵
-
\??\c:\1rfxrlf.exec:\1rfxrlf.exe105⤵
-
\??\c:\bthnhb.exec:\bthnhb.exe106⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe107⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe108⤵
-
\??\c:\rxxfxff.exec:\rxxfxff.exe109⤵
-
\??\c:\xxrfxrl.exec:\xxrfxrl.exe110⤵
-
\??\c:\ttnnnh.exec:\ttnnnh.exe111⤵
-
\??\c:\3bnnth.exec:\3bnnth.exe112⤵
-
\??\c:\jvjvj.exec:\jvjvj.exe113⤵
-
\??\c:\lfrlxrf.exec:\lfrlxrf.exe114⤵
-
\??\c:\rlflfrf.exec:\rlflfrf.exe115⤵
-
\??\c:\1thbnt.exec:\1thbnt.exe116⤵
-
\??\c:\thnhtb.exec:\thnhtb.exe117⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe118⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe119⤵
-
\??\c:\lfxlxxl.exec:\lfxlxxl.exe120⤵
-
\??\c:\5rxrflf.exec:\5rxrflf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-