Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
92s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02/10/2024, 19:50
General
-
Target
70df64508365c758623d945497efa4aeafb6d4a1ab0a611650bac2324580a971N.exe
-
Size
106KB
-
MD5
196222614f4d7f8e424927d7a09ceb30
-
SHA1
8bfaaf9f1aedfbbb18088620abe80de30adde225
-
SHA256
70df64508365c758623d945497efa4aeafb6d4a1ab0a611650bac2324580a971
-
SHA512
bb029b4a94a065ba872ee0274f36da218405a49c98e3e9ba5336e358297d9a918bfcdafc9ae40933463bf6c7749cf6dc8b51d7edacd560bdb593bee2171c5116
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KVT+buwUGu3P3CA+:n3C9BRo7MlrWKVT+buBGu3PC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\70df64508365c758623d945497efa4aeafb6d4a1ab0a611650bac2324580a971N.exe"C:\Users\Admin\AppData\Local\Temp\70df64508365c758623d945497efa4aeafb6d4a1ab0a611650bac2324580a971N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9frllll.exec:\9frllll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtbhh.exec:\nbtbhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbb.exec:\nhnhbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjd.exec:\pjjjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrllf.exec:\ffxrllf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflrllf.exec:\rflrllf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhnn.exec:\hhhhnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpvj.exec:\jvpvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxfr.exec:\fxlrxfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvdp.exec:\djvdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpp.exec:\ppvpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxrfxr.exec:\5fxrfxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxffll.exec:\rlxffll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nttbb.exec:\7nttbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnbb.exec:\bttnbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjj.exec:\djpjj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxlll.exec:\lffxlll.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhhn.exec:\btbhhn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvdv.exec:\vvvdv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdp.exec:\pjpdp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxxx.exec:\rfffxxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpv.exec:\jvvpv.exe23⤵
- Executes dropped EXE
-
\??\c:\xlxrffx.exec:\xlxrffx.exe24⤵
- Executes dropped EXE
-
\??\c:\tntbtb.exec:\tntbtb.exe25⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe26⤵
- Executes dropped EXE
-
\??\c:\vvdvj.exec:\vvdvj.exe27⤵
- Executes dropped EXE
-
\??\c:\rfffxxr.exec:\rfffxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\xflllfx.exec:\xflllfx.exe29⤵
- Executes dropped EXE
-
\??\c:\tbnnhh.exec:\tbnnhh.exe30⤵
- Executes dropped EXE
-
\??\c:\3vvpj.exec:\3vvpj.exe31⤵
- Executes dropped EXE
-
\??\c:\lxrllrl.exec:\lxrllrl.exe32⤵
- Executes dropped EXE
-
\??\c:\lrxrlxx.exec:\lrxrlxx.exe33⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\htbbtn.exec:\htbbtn.exe34⤵
- Executes dropped EXE
-
\??\c:\bnnhbb.exec:\bnnhbb.exe35⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe36⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe37⤵
- Executes dropped EXE
-
\??\c:\lrrlxxx.exec:\lrrlxxx.exe38⤵
- Executes dropped EXE
-
\??\c:\xfrrxfl.exec:\xfrrxfl.exe39⤵
- Executes dropped EXE
-
\??\c:\nhhnhh.exec:\nhhnhh.exe40⤵
- Executes dropped EXE
-
\??\c:\httnhb.exec:\httnhb.exe41⤵
- Executes dropped EXE
-
\??\c:\3vppd.exec:\3vppd.exe42⤵
- Executes dropped EXE
-
\??\c:\ththhh.exec:\ththhh.exe43⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe44⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe45⤵
- Executes dropped EXE
-
\??\c:\rxlfxff.exec:\rxlfxff.exe46⤵
- Executes dropped EXE
-
\??\c:\xrxxrxx.exec:\xrxxrxx.exe47⤵
- Executes dropped EXE
-
\??\c:\tthntb.exec:\tthntb.exe48⤵
- Executes dropped EXE
-
\??\c:\tnbtbb.exec:\tnbtbb.exe49⤵
- Executes dropped EXE
-
\??\c:\9jpjv.exec:\9jpjv.exe50⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe51⤵
- Executes dropped EXE
-
\??\c:\rxlfxxx.exec:\rxlfxxx.exe52⤵
- Executes dropped EXE
-
\??\c:\rlxrllf.exec:\rlxrllf.exe53⤵
- Executes dropped EXE
-
\??\c:\bhttbb.exec:\bhttbb.exe54⤵
- Executes dropped EXE
-
\??\c:\htbtnn.exec:\htbtnn.exe55⤵
- Executes dropped EXE
-
\??\c:\ddvpp.exec:\ddvpp.exe56⤵
- Executes dropped EXE
-
\??\c:\xlrxrlr.exec:\xlrxrlr.exe57⤵
- Executes dropped EXE
-
\??\c:\rlxrxrl.exec:\rlxrxrl.exe58⤵
- Executes dropped EXE
-
\??\c:\tnnhtn.exec:\tnnhtn.exe59⤵
- Executes dropped EXE
-
\??\c:\5tbnbt.exec:\5tbnbt.exe60⤵
- Executes dropped EXE
-
\??\c:\9ddjv.exec:\9ddjv.exe61⤵
- Executes dropped EXE
-
\??\c:\rfxlfrx.exec:\rfxlfrx.exe62⤵
- Executes dropped EXE
-
\??\c:\rlffxrl.exec:\rlffxrl.exe63⤵
- Executes dropped EXE
-
\??\c:\frlxrfr.exec:\frlxrfr.exe64⤵
- Executes dropped EXE
-
\??\c:\thhbbt.exec:\thhbbt.exe65⤵
- Executes dropped EXE
-
\??\c:\jpppj.exec:\jpppj.exe66⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe67⤵
-
\??\c:\lxfrllx.exec:\lxfrllx.exe68⤵
-
\??\c:\3lfxrlx.exec:\3lfxrlx.exe69⤵
-
\??\c:\nnbtnh.exec:\nnbtnh.exe70⤵
-
\??\c:\9vvpj.exec:\9vvpj.exe71⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe72⤵
-
\??\c:\rfxxrrl.exec:\rfxxrrl.exe73⤵
-
\??\c:\tbbtnb.exec:\tbbtnb.exe74⤵
-
\??\c:\bntnnh.exec:\bntnnh.exe75⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe76⤵
-
\??\c:\dpjvd.exec:\dpjvd.exe77⤵
-
\??\c:\xlrrflf.exec:\xlrrflf.exe78⤵
-
\??\c:\nbtnbt.exec:\nbtnbt.exe79⤵
-
\??\c:\3ttthb.exec:\3ttthb.exe80⤵
-
\??\c:\vddvj.exec:\vddvj.exe81⤵
-
\??\c:\vppjd.exec:\vppjd.exe82⤵
-
\??\c:\3fxxflr.exec:\3fxxflr.exe83⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe84⤵
-
\??\c:\bnntht.exec:\bnntht.exe85⤵
-
\??\c:\vjvjv.exec:\vjvjv.exe86⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rllxfxl.exec:\rllxfxl.exe87⤵
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe88⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tnbthh.exec:\tnbthh.exe89⤵
-
\??\c:\7nntbt.exec:\7nntbt.exe90⤵
-
\??\c:\pvdpd.exec:\pvdpd.exe91⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe92⤵
-
\??\c:\rlfxfrf.exec:\rlfxfrf.exe93⤵
-
\??\c:\ffrrrxf.exec:\ffrrrxf.exe94⤵
-
\??\c:\bbhbnh.exec:\bbhbnh.exe95⤵
-
\??\c:\pdpdp.exec:\pdpdp.exe96⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe97⤵
-
\??\c:\ffffffx.exec:\ffffffx.exe98⤵
-
\??\c:\lxffllf.exec:\lxffllf.exe99⤵
-
\??\c:\hnttbb.exec:\hnttbb.exe100⤵
-
\??\c:\bbntnt.exec:\bbntnt.exe101⤵
-
\??\c:\ppjpp.exec:\ppjpp.exe102⤵
-
\??\c:\lfffrrr.exec:\lfffrrr.exe103⤵
-
\??\c:\rllllll.exec:\rllllll.exe104⤵
-
\??\c:\fxxxrff.exec:\fxxxrff.exe105⤵
-
\??\c:\thtnhh.exec:\thtnhh.exe106⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe107⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe108⤵
-
\??\c:\rlxxffx.exec:\rlxxffx.exe109⤵
-
\??\c:\fffffff.exec:\fffffff.exe110⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe111⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe112⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe113⤵
-
\??\c:\frfxxxx.exec:\frfxxxx.exe114⤵
-
\??\c:\xrrrllf.exec:\xrrrllf.exe115⤵
-
\??\c:\9hbbbb.exec:\9hbbbb.exe116⤵
-
\??\c:\3tnhbt.exec:\3tnhbt.exe117⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe118⤵
-
\??\c:\xxxxxll.exec:\xxxxxll.exe119⤵
-
\??\c:\flxxrrl.exec:\flxxrrl.exe120⤵
-
\??\c:\bbtttt.exec:\bbtttt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-