Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02/10/2024, 06:01
General
-
Target
a046554dc6305c61fda6c7116d20c4104361f94d8162d79aa11349db82c6586bN.exe
-
Size
71KB
-
MD5
1a1fd3ac0b6520ebacbfa48578d8f8f0
-
SHA1
16abafff7e2c954929e5052ce32d64ccd9809f30
-
SHA256
a046554dc6305c61fda6c7116d20c4104361f94d8162d79aa11349db82c6586b
-
SHA512
58cdd84cffdb816dec83ba8c8b0e4fbce2b2d3429b20f5e4603c50daf1e6c0af16c0c49eccaf8a0036a9c561408c2bb80300af3633db7d88823a54eda9bd8f28
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfj/:ymb3NkkiQ3mdBjFI4VP
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a046554dc6305c61fda6c7116d20c4104361f94d8162d79aa11349db82c6586bN.exe"C:\Users\Admin\AppData\Local\Temp\a046554dc6305c61fda6c7116d20c4104361f94d8162d79aa11349db82c6586bN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjj.exec:\dddjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfrllx.exec:\lxfrllx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxrlfx.exec:\9fxrlfx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtttt.exec:\hbtttt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrrlf.exec:\rfxrrlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhbt.exec:\bnnhbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnnh.exec:\nhtnnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdv.exec:\vppdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdp.exec:\jpjdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbh.exec:\nhnhbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdv.exec:\dvjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvdd.exec:\vvvdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxxrl.exec:\xlfxxrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnhtt.exec:\7bnhtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjv.exec:\jvpjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrffl.exec:\lxxrffl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfrrl.exec:\rflfrrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtt.exec:\btbbtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvdv.exec:\jjvdv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxrrl.exec:\xfxxrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttbt.exec:\tnttbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttnh.exec:\hbttnh.exe23⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe24⤵
- Executes dropped EXE
-
\??\c:\rlrllfl.exec:\rlrllfl.exe25⤵
- Executes dropped EXE
-
\??\c:\bhnhbt.exec:\bhnhbt.exe26⤵
- Executes dropped EXE
-
\??\c:\jddpj.exec:\jddpj.exe27⤵
- Executes dropped EXE
-
\??\c:\5lxxrxx.exec:\5lxxrxx.exe28⤵
- Executes dropped EXE
-
\??\c:\1llfxlf.exec:\1llfxlf.exe29⤵
- Executes dropped EXE
-
\??\c:\btnnhh.exec:\btnnhh.exe30⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe31⤵
- Executes dropped EXE
-
\??\c:\xrfrlfx.exec:\xrfrlfx.exe32⤵
- Executes dropped EXE
-
\??\c:\dpppj.exec:\dpppj.exe33⤵
- Executes dropped EXE
-
\??\c:\llrlllf.exec:\llrlllf.exe34⤵
- Executes dropped EXE
-
\??\c:\thnnhh.exec:\thnnhh.exe35⤵
- Executes dropped EXE
-
\??\c:\rfxfflr.exec:\rfxfflr.exe36⤵
- Executes dropped EXE
-
\??\c:\frflflf.exec:\frflflf.exe37⤵
- Executes dropped EXE
-
\??\c:\vdvvv.exec:\vdvvv.exe38⤵
- Executes dropped EXE
-
\??\c:\thnbnh.exec:\thnbnh.exe39⤵
- Executes dropped EXE
-
\??\c:\jdvpp.exec:\jdvpp.exe40⤵
- Executes dropped EXE
-
\??\c:\nnbnnt.exec:\nnbnnt.exe41⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe42⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe43⤵
- Executes dropped EXE
-
\??\c:\3fllfll.exec:\3fllfll.exe44⤵
- Executes dropped EXE
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe45⤵
- Executes dropped EXE
-
\??\c:\nnnbbn.exec:\nnnbbn.exe46⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe47⤵
- Executes dropped EXE
-
\??\c:\vdppj.exec:\vdppj.exe48⤵
- Executes dropped EXE
-
\??\c:\frrrrxx.exec:\frrrrxx.exe49⤵
- Executes dropped EXE
-
\??\c:\xrrlfrr.exec:\xrrlfrr.exe50⤵
- Executes dropped EXE
-
\??\c:\nttnhh.exec:\nttnhh.exe51⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe52⤵
- Executes dropped EXE
-
\??\c:\vddvj.exec:\vddvj.exe53⤵
- Executes dropped EXE
-
\??\c:\llrxrff.exec:\llrxrff.exe54⤵
- Executes dropped EXE
-
\??\c:\nnnhhb.exec:\nnnhhb.exe55⤵
- Executes dropped EXE
-
\??\c:\tbhbhn.exec:\tbhbhn.exe56⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe57⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe58⤵
- Executes dropped EXE
-
\??\c:\rrffxxf.exec:\rrffxxf.exe59⤵
- Executes dropped EXE
-
\??\c:\tnntnt.exec:\tnntnt.exe60⤵
- Executes dropped EXE
-
\??\c:\hbbttt.exec:\hbbttt.exe61⤵
- Executes dropped EXE
-
\??\c:\5vjvp.exec:\5vjvp.exe62⤵
- Executes dropped EXE
-
\??\c:\xlrlffx.exec:\xlrlffx.exe63⤵
- Executes dropped EXE
-
\??\c:\9xffxff.exec:\9xffxff.exe64⤵
- Executes dropped EXE
-
\??\c:\nnhtbt.exec:\nnhtbt.exe65⤵
- Executes dropped EXE
-
\??\c:\9djjd.exec:\9djjd.exe66⤵
-
\??\c:\llxlrlf.exec:\llxlrlf.exe67⤵
-
\??\c:\nbbbtb.exec:\nbbbtb.exe68⤵
-
\??\c:\bnbttn.exec:\bnbttn.exe69⤵
-
\??\c:\3pjvp.exec:\3pjvp.exe70⤵
-
\??\c:\pdvdv.exec:\pdvdv.exe71⤵
-
\??\c:\rlxrxrr.exec:\rlxrxrr.exe72⤵
-
\??\c:\bthtth.exec:\bthtth.exe73⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe74⤵
-
\??\c:\3bhhbb.exec:\3bhhbb.exe75⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe76⤵
-
\??\c:\flfffrr.exec:\flfffrr.exe77⤵
-
\??\c:\3thhhh.exec:\3thhhh.exe78⤵
-
\??\c:\btntbt.exec:\btntbt.exe79⤵
-
\??\c:\pppjj.exec:\pppjj.exe80⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe81⤵
-
\??\c:\flxrfll.exec:\flxrfll.exe82⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe83⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe84⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe85⤵
-
\??\c:\lrxlxxr.exec:\lrxlxxr.exe86⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe87⤵
-
\??\c:\5bhhtt.exec:\5bhhtt.exe88⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe89⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jppjd.exec:\jppjd.exe90⤵
-
\??\c:\xxfxrrr.exec:\xxfxrrr.exe91⤵
-
\??\c:\rrllfll.exec:\rrllfll.exe92⤵
-
\??\c:\1nttnt.exec:\1nttnt.exe93⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe94⤵
-
\??\c:\fflffrl.exec:\fflffrl.exe95⤵
-
\??\c:\fffxllr.exec:\fffxllr.exe96⤵
-
\??\c:\1nbbth.exec:\1nbbth.exe97⤵
-
\??\c:\nhhntb.exec:\nhhntb.exe98⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe99⤵
-
\??\c:\rxffrrr.exec:\rxffrrr.exe100⤵
-
\??\c:\7lrrlll.exec:\7lrrlll.exe101⤵
-
\??\c:\nhtnhn.exec:\nhtnhn.exe102⤵
-
\??\c:\ppppp.exec:\ppppp.exe103⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe104⤵
-
\??\c:\9llfxxx.exec:\9llfxxx.exe105⤵
-
\??\c:\7hhhbb.exec:\7hhhbb.exe106⤵
-
\??\c:\httbtt.exec:\httbtt.exe107⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe108⤵
-
\??\c:\9flrrxl.exec:\9flrrxl.exe109⤵
-
\??\c:\1flffxx.exec:\1flffxx.exe110⤵
-
\??\c:\5lrlffx.exec:\5lrlffx.exe111⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe112⤵
-
\??\c:\5lfxlll.exec:\5lfxlll.exe113⤵
-
\??\c:\rxrrlrl.exec:\rxrrlrl.exe114⤵
-
\??\c:\hbhthb.exec:\hbhthb.exe115⤵
-
\??\c:\7djpj.exec:\7djpj.exe116⤵
-
\??\c:\xrlfxfl.exec:\xrlfxfl.exe117⤵
-
\??\c:\rlrllxx.exec:\rlrllxx.exe118⤵
-
\??\c:\ttbnhh.exec:\ttbnhh.exe119⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe120⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pdjdv.exec:\pdjdv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-