Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02/10/2024, 22:13
General
-
Target
8202cac402db2a20ef7787012659180a20f126c76438cb7a3fea95298a91a5f8N.exe
-
Size
64KB
-
MD5
a36d3b9fbe4e5f29220b5d4566c47790
-
SHA1
41736eb9e71d5808278e306522cfc8e56d01615f
-
SHA256
8202cac402db2a20ef7787012659180a20f126c76438cb7a3fea95298a91a5f8
-
SHA512
71b18f5ac4925c4ee2764f0d68ba082cdb11f397a544e3cd0d9fba5c28b82a7c0cb24e7d4a83e216ab5d7f4d4cee423f97b26ffadd61901067956353da5ddac5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxiP:ymb3NkkiQ3mdBjF0y7kbK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8202cac402db2a20ef7787012659180a20f126c76438cb7a3fea95298a91a5f8N.exe"C:\Users\Admin\AppData\Local\Temp\8202cac402db2a20ef7787012659180a20f126c76438cb7a3fea95298a91a5f8N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbthb.exec:\nhbthb.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdp.exec:\ddjdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvpp.exec:\5vvpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfrfx.exec:\xrlfrfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlrlf.exec:\lrrlrlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhthb.exec:\nbhthb.exe7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjd.exec:\dddjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xfxxff.exec:\5xfxxff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbthb.exec:\thbthb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjddv.exec:\vjddv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9djdj.exec:\9djdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlfxl.exec:\xxxlfxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbtt.exec:\bbhbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtnh.exec:\htbtnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjvp.exec:\3pjvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxxrl.exec:\fxfxxrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tnbhb.exec:\3tnbhb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnhn.exec:\httnhn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djjj.exec:\7djjj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrxrxr.exec:\7lrxrxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbnn.exec:\tbbbnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpjd.exec:\9vpjd.exe23⤵
- Executes dropped EXE
-
\??\c:\lfxrrrl.exec:\lfxrrrl.exe24⤵
- Executes dropped EXE
-
\??\c:\hhbhnn.exec:\hhbhnn.exe25⤵
- Executes dropped EXE
-
\??\c:\ddjjp.exec:\ddjjp.exe26⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe27⤵
- Executes dropped EXE
-
\??\c:\fxlfxxr.exec:\fxlfxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\lfxfffx.exec:\lfxfffx.exe29⤵
- Executes dropped EXE
-
\??\c:\ntnnhh.exec:\ntnnhh.exe30⤵
- Executes dropped EXE
-
\??\c:\pjddv.exec:\pjddv.exe31⤵
- Executes dropped EXE
-
\??\c:\lxrlrrl.exec:\lxrlrrl.exe32⤵
- Executes dropped EXE
-
\??\c:\dvdpj.exec:\dvdpj.exe33⤵
- Executes dropped EXE
-
\??\c:\dpjjd.exec:\dpjjd.exe34⤵
- Executes dropped EXE
-
\??\c:\lxfxrrf.exec:\lxfxrrf.exe35⤵
- Executes dropped EXE
-
\??\c:\flrrrrx.exec:\flrrrrx.exe36⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe37⤵
- Executes dropped EXE
-
\??\c:\tnnhtn.exec:\tnnhtn.exe38⤵
- Executes dropped EXE
-
\??\c:\pvpjd.exec:\pvpjd.exe39⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe40⤵
- Executes dropped EXE
-
\??\c:\llllxfr.exec:\llllxfr.exe41⤵
- Executes dropped EXE
-
\??\c:\1fllflf.exec:\1fllflf.exe42⤵
- Executes dropped EXE
-
\??\c:\5vddv.exec:\5vddv.exe43⤵
- Executes dropped EXE
-
\??\c:\rllrxll.exec:\rllrxll.exe44⤵
- Executes dropped EXE
-
\??\c:\nhnhnn.exec:\nhnhnn.exe45⤵
- Executes dropped EXE
-
\??\c:\nntnnb.exec:\nntnnb.exe46⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe47⤵
- Executes dropped EXE
-
\??\c:\1rxlfxl.exec:\1rxlfxl.exe48⤵
- Executes dropped EXE
-
\??\c:\hhntht.exec:\hhntht.exe49⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tnnthh.exec:\tnnthh.exe50⤵
- Executes dropped EXE
-
\??\c:\vjjdd.exec:\vjjdd.exe51⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe52⤵
- Executes dropped EXE
-
\??\c:\rlxrlfx.exec:\rlxrlfx.exe53⤵
- Executes dropped EXE
-
\??\c:\bhnttt.exec:\bhnttt.exe54⤵
- Executes dropped EXE
-
\??\c:\nhnnnt.exec:\nhnnnt.exe55⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe56⤵
- Executes dropped EXE
-
\??\c:\pjpjp.exec:\pjpjp.exe57⤵
- Executes dropped EXE
-
\??\c:\rfxxrrr.exec:\rfxxrrr.exe58⤵
- Executes dropped EXE
-
\??\c:\rrrfxrl.exec:\rrrfxrl.exe59⤵
- Executes dropped EXE
-
\??\c:\nttbtt.exec:\nttbtt.exe60⤵
- Executes dropped EXE
-
\??\c:\3vvjd.exec:\3vvjd.exe61⤵
- Executes dropped EXE
-
\??\c:\jvpdd.exec:\jvpdd.exe62⤵
- Executes dropped EXE
-
\??\c:\llfxrlf.exec:\llfxrlf.exe63⤵
- Executes dropped EXE
-
\??\c:\bhnbtn.exec:\bhnbtn.exe64⤵
- Executes dropped EXE
-
\??\c:\hbbtht.exec:\hbbtht.exe65⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe66⤵
-
\??\c:\9lxxrrr.exec:\9lxxrrr.exe67⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe68⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe69⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe70⤵
-
\??\c:\rrrlxxr.exec:\rrrlxxr.exe71⤵
-
\??\c:\rlrxfxf.exec:\rlrxfxf.exe72⤵
-
\??\c:\bbhnhh.exec:\bbhnhh.exe73⤵
-
\??\c:\jddvv.exec:\jddvv.exe74⤵
-
\??\c:\3fxlxrr.exec:\3fxlxrr.exe75⤵
-
\??\c:\lxfffll.exec:\lxfffll.exe76⤵
-
\??\c:\ttbthh.exec:\ttbthh.exe77⤵
-
\??\c:\nttbbb.exec:\nttbbb.exe78⤵
-
\??\c:\7vjdj.exec:\7vjdj.exe79⤵
-
\??\c:\jddvj.exec:\jddvj.exe80⤵
-
\??\c:\lfllllr.exec:\lfllllr.exe81⤵
-
\??\c:\bhbtnn.exec:\bhbtnn.exe82⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe83⤵
-
\??\c:\jdddv.exec:\jdddv.exe84⤵
-
\??\c:\xrffrxl.exec:\xrffrxl.exe85⤵
-
\??\c:\fllxlxr.exec:\fllxlxr.exe86⤵
-
\??\c:\httnhb.exec:\httnhb.exe87⤵
-
\??\c:\nbnhbb.exec:\nbnhbb.exe88⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe89⤵
-
\??\c:\vppjj.exec:\vppjj.exe90⤵
-
\??\c:\frfxrrr.exec:\frfxrrr.exe91⤵
-
\??\c:\tnhtnh.exec:\tnhtnh.exe92⤵
-
\??\c:\thbnht.exec:\thbnht.exe93⤵
-
\??\c:\vddvp.exec:\vddvp.exe94⤵
-
\??\c:\3rlfrlf.exec:\3rlfrlf.exe95⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3lfllll.exec:\3lfllll.exe96⤵
-
\??\c:\bhbbbt.exec:\bhbbbt.exe97⤵
-
\??\c:\hnhbnh.exec:\hnhbnh.exe98⤵
-
\??\c:\5dvpv.exec:\5dvpv.exe99⤵
-
\??\c:\rlfxrll.exec:\rlfxrll.exe100⤵
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe101⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe102⤵
-
\??\c:\3pjdv.exec:\3pjdv.exe103⤵
-
\??\c:\djvpd.exec:\djvpd.exe104⤵
-
\??\c:\1xxrffx.exec:\1xxrffx.exe105⤵
-
\??\c:\5rfxrlf.exec:\5rfxrlf.exe106⤵
-
\??\c:\nhhhbn.exec:\nhhhbn.exe107⤵
-
\??\c:\1nnhhh.exec:\1nnhhh.exe108⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe109⤵
-
\??\c:\9xlfrrl.exec:\9xlfrrl.exe110⤵
-
\??\c:\llffxxx.exec:\llffxxx.exe111⤵
-
\??\c:\btttnn.exec:\btttnn.exe112⤵
-
\??\c:\nbbtnt.exec:\nbbtnt.exe113⤵
-
\??\c:\pvddp.exec:\pvddp.exe114⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe115⤵
-
\??\c:\1frfxrl.exec:\1frfxrl.exe116⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe117⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe118⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe119⤵
-
\??\c:\1ddvv.exec:\1ddvv.exe120⤵
-
\??\c:\3rxrlrl.exec:\3rxrlrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-