Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02/10/2024, 04:22
General
-
Target
d99b458469d6872d89c6291210233143e983fdd4e7c4f8242610e30ecfc3c992N.exe
-
Size
65KB
-
MD5
c117e647fd185573c5a8d039a4fb48d0
-
SHA1
5e6ada561a339e0f6b25584d84d7e5c42dbf3f60
-
SHA256
d99b458469d6872d89c6291210233143e983fdd4e7c4f8242610e30ecfc3c992
-
SHA512
8fc0b601a481f8a64d12d0350789fba03b77d9f419979ec29076c799f7d1c793f3e7da1d462073841c5fb68dff6716c84e99c61ffd831669b3928e8a358093d0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxw:ymb3NkkiQ3mdBjF0y7kbW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d99b458469d6872d89c6291210233143e983fdd4e7c4f8242610e30ecfc3c992N.exe"C:\Users\Admin\AppData\Local\Temp\d99b458469d6872d89c6291210233143e983fdd4e7c4f8242610e30ecfc3c992N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbth.exec:\nhhbth.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpvv.exec:\jvpvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxllf.exec:\xxfxllf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxlxrl.exec:\flxlxrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bththb.exec:\bththb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvp.exec:\vpjvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxfllr.exec:\xxxfllr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhnbb.exec:\nhhnbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpv.exec:\pjdpv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpp.exec:\dpvpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrfrf.exec:\fffrfrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrfxr.exec:\lrxrfxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbnt.exec:\nntbnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjj.exec:\jdvjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxlxrf.exec:\1rxlxrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhbt.exec:\tbnhbt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvdp.exec:\vdvdp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtbt.exec:\btbtbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhtn.exec:\ttnhtn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvjv.exec:\7vvjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrrlf.exec:\xlfrrlf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnbt.exec:\hnnnbt.exe23⤵
- Executes dropped EXE
-
\??\c:\nbbbnb.exec:\nbbbnb.exe24⤵
- Executes dropped EXE
-
\??\c:\pjjvd.exec:\pjjvd.exe25⤵
- Executes dropped EXE
-
\??\c:\jvpdp.exec:\jvpdp.exe26⤵
- Executes dropped EXE
-
\??\c:\lxxlxlf.exec:\lxxlxlf.exe27⤵
- Executes dropped EXE
-
\??\c:\tnnntn.exec:\tnnntn.exe28⤵
- Executes dropped EXE
-
\??\c:\htbttn.exec:\htbttn.exe29⤵
- Executes dropped EXE
-
\??\c:\pjdvd.exec:\pjdvd.exe30⤵
- Executes dropped EXE
-
\??\c:\lfxlxrf.exec:\lfxlxrf.exe31⤵
- Executes dropped EXE
-
\??\c:\rrllxrf.exec:\rrllxrf.exe32⤵
- Executes dropped EXE
-
\??\c:\nhhtth.exec:\nhhtth.exe33⤵
- Executes dropped EXE
-
\??\c:\1vjdd.exec:\1vjdd.exe34⤵
- Executes dropped EXE
-
\??\c:\9jdjv.exec:\9jdjv.exe35⤵
- Executes dropped EXE
-
\??\c:\lfrfrlf.exec:\lfrfrlf.exe36⤵
- Executes dropped EXE
-
\??\c:\rllrxfx.exec:\rllrxfx.exe37⤵
- Executes dropped EXE
-
\??\c:\httnnh.exec:\httnnh.exe38⤵
- Executes dropped EXE
-
\??\c:\pjpjp.exec:\pjpjp.exe39⤵
- Executes dropped EXE
-
\??\c:\9dvpv.exec:\9dvpv.exe40⤵
- Executes dropped EXE
-
\??\c:\fxfrrlf.exec:\fxfrrlf.exe41⤵
- Executes dropped EXE
-
\??\c:\xxfllfx.exec:\xxfllfx.exe42⤵
- Executes dropped EXE
-
\??\c:\5tnbnt.exec:\5tnbnt.exe43⤵
- Executes dropped EXE
-
\??\c:\hntnhb.exec:\hntnhb.exe44⤵
- Executes dropped EXE
-
\??\c:\jjdvd.exec:\jjdvd.exe45⤵
- Executes dropped EXE
-
\??\c:\rrfrlfl.exec:\rrfrlfl.exe46⤵
- Executes dropped EXE
-
\??\c:\tnnhbt.exec:\tnnhbt.exe47⤵
- Executes dropped EXE
-
\??\c:\ttnbnh.exec:\ttnbnh.exe48⤵
- Executes dropped EXE
-
\??\c:\djdjd.exec:\djdjd.exe49⤵
- Executes dropped EXE
-
\??\c:\vjdvd.exec:\vjdvd.exe50⤵
- Executes dropped EXE
-
\??\c:\xrlxxrl.exec:\xrlxxrl.exe51⤵
- Executes dropped EXE
-
\??\c:\lxlfrlx.exec:\lxlfrlx.exe52⤵
- Executes dropped EXE
-
\??\c:\1nhbnn.exec:\1nhbnn.exe53⤵
- Executes dropped EXE
-
\??\c:\hthbnh.exec:\hthbnh.exe54⤵
- Executes dropped EXE
-
\??\c:\1ddpj.exec:\1ddpj.exe55⤵
- Executes dropped EXE
-
\??\c:\3dvpd.exec:\3dvpd.exe56⤵
- Executes dropped EXE
-
\??\c:\rffxrll.exec:\rffxrll.exe57⤵
- Executes dropped EXE
-
\??\c:\rrfxrfx.exec:\rrfxrfx.exe58⤵
- Executes dropped EXE
-
\??\c:\nthhnt.exec:\nthhnt.exe59⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe60⤵
- Executes dropped EXE
-
\??\c:\3ddvv.exec:\3ddvv.exe61⤵
- Executes dropped EXE
-
\??\c:\xfrlffx.exec:\xfrlffx.exe62⤵
- Executes dropped EXE
-
\??\c:\xrlxlrl.exec:\xrlxlrl.exe63⤵
- Executes dropped EXE
-
\??\c:\bnhbnh.exec:\bnhbnh.exe64⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe65⤵
- Executes dropped EXE
-
\??\c:\rrlllxf.exec:\rrlllxf.exe66⤵
-
\??\c:\frrlfxx.exec:\frrlfxx.exe67⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe68⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe69⤵
-
\??\c:\jppjd.exec:\jppjd.exe70⤵
-
\??\c:\rrrflfr.exec:\rrrflfr.exe71⤵
-
\??\c:\frflxrl.exec:\frflxrl.exe72⤵
-
\??\c:\9btnbn.exec:\9btnbn.exe73⤵
-
\??\c:\9ttntn.exec:\9ttntn.exe74⤵
-
\??\c:\1vpdp.exec:\1vpdp.exe75⤵
-
\??\c:\lxlfxxr.exec:\lxlfxxr.exe76⤵
-
\??\c:\nbbnbn.exec:\nbbnbn.exe77⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe78⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe79⤵
-
\??\c:\llffrlf.exec:\llffrlf.exe80⤵
-
\??\c:\lrxlxlx.exec:\lrxlxlx.exe81⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe82⤵
-
\??\c:\lxfrlfl.exec:\lxfrlfl.exe83⤵
-
\??\c:\xlfxllx.exec:\xlfxllx.exe84⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bhnhtn.exec:\bhnhtn.exe85⤵
-
\??\c:\ntthtn.exec:\ntthtn.exe86⤵
-
\??\c:\9vpdp.exec:\9vpdp.exe87⤵
-
\??\c:\vppjd.exec:\vppjd.exe88⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe89⤵
-
\??\c:\xrrfrlf.exec:\xrrfrlf.exe90⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe91⤵
-
\??\c:\bhhtbb.exec:\bhhtbb.exe92⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe93⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe94⤵
-
\??\c:\frrlfxr.exec:\frrlfxr.exe95⤵
-
\??\c:\frrfrff.exec:\frrfrff.exe96⤵
-
\??\c:\btbbbt.exec:\btbbbt.exe97⤵
-
\??\c:\tnthbt.exec:\tnthbt.exe98⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe99⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe100⤵
-
\??\c:\xllxrrr.exec:\xllxrrr.exe101⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe102⤵
-
\??\c:\hbthbt.exec:\hbthbt.exe103⤵
-
\??\c:\9dvpv.exec:\9dvpv.exe104⤵
-
\??\c:\vjjvd.exec:\vjjvd.exe105⤵
-
\??\c:\ffflxxl.exec:\ffflxxl.exe106⤵
-
\??\c:\xxflrxl.exec:\xxflrxl.exe107⤵
-
\??\c:\bbthbt.exec:\bbthbt.exe108⤵
-
\??\c:\vpppd.exec:\vpppd.exe109⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe110⤵
-
\??\c:\rfrllll.exec:\rfrllll.exe111⤵
-
\??\c:\xxxxlll.exec:\xxxxlll.exe112⤵
-
\??\c:\lxrrflf.exec:\lxrrflf.exe113⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe114⤵
-
\??\c:\7jpvd.exec:\7jpvd.exe115⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe116⤵
-
\??\c:\rxrfrlx.exec:\rxrfrlx.exe117⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe118⤵
-
\??\c:\hbhbnn.exec:\hbhbnn.exe119⤵
-
\??\c:\hnnhnn.exec:\hnnhnn.exe120⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-