Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
03/10/2024, 05:06
General
-
Target
030fb7428718f9a4169468ee9aabd9ec2a6514b57ecf202c7b9840a57b034597N.exe
-
Size
230KB
-
MD5
3a03bfb307412678a42bf2f212534f30
-
SHA1
30aabe93d127ae7e4505ab0084d55170e36454e4
-
SHA256
030fb7428718f9a4169468ee9aabd9ec2a6514b57ecf202c7b9840a57b034597
-
SHA512
73dc41108453acad827bddf39188d73d0d291885b115adb4b2c93a114fe2eb3a4ed1d102e495cbc0996ed734d51b5e5e901dc666c1ad4eab5832327e20b31e9f
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLn/c1f7:n3C9BRo7MlrWKo+lxKk1f7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\030fb7428718f9a4169468ee9aabd9ec2a6514b57ecf202c7b9840a57b034597N.exe"C:\Users\Admin\AppData\Local\Temp\030fb7428718f9a4169468ee9aabd9ec2a6514b57ecf202c7b9840a57b034597N.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjd.exec:\djpjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ffxrxr.exec:\5ffxrxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppp.exec:\vvppp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxxr.exec:\xllfxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbnn.exec:\bbbbnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddj.exec:\pdddj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrlxxr.exec:\xfrlxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppd.exec:\vpppd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fffxll.exec:\9fffxll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpvd.exec:\vdpvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdp.exec:\vvjdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fllfll.exec:\7fllfll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhnhb.exec:\thhnhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxxrl.exec:\xlxxxrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnth.exec:\bttnth.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhbn.exec:\nnbhbn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddpd.exec:\7ddpd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xfrxrr.exec:\1xfrxrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thbnn.exec:\3thbnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdp.exec:\vjjdp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xlfllx.exec:\3xlfllx.exe23⤵
- Executes dropped EXE
-
\??\c:\rrxrrrr.exec:\rrxrrrr.exe24⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe25⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ffffrrl.exec:\ffffrrl.exe26⤵
- Executes dropped EXE
-
\??\c:\7lrffxf.exec:\7lrffxf.exe27⤵
- Executes dropped EXE
-
\??\c:\7nhthb.exec:\7nhthb.exe28⤵
- Executes dropped EXE
-
\??\c:\7vpjv.exec:\7vpjv.exe29⤵
- Executes dropped EXE
-
\??\c:\5ppjv.exec:\5ppjv.exe30⤵
- Executes dropped EXE
-
\??\c:\tbhthb.exec:\tbhthb.exe31⤵
- Executes dropped EXE
-
\??\c:\pvpdp.exec:\pvpdp.exe32⤵
- Executes dropped EXE
-
\??\c:\nbnbtn.exec:\nbnbtn.exe33⤵
- Executes dropped EXE
-
\??\c:\pppvj.exec:\pppvj.exe34⤵
- Executes dropped EXE
-
\??\c:\thhbbt.exec:\thhbbt.exe35⤵
- Executes dropped EXE
-
\??\c:\5ddpj.exec:\5ddpj.exe36⤵
- Executes dropped EXE
-
\??\c:\hthttb.exec:\hthttb.exe37⤵
- Executes dropped EXE
-
\??\c:\pddpd.exec:\pddpd.exe38⤵
- Executes dropped EXE
-
\??\c:\dpppj.exec:\dpppj.exe39⤵
- Executes dropped EXE
-
\??\c:\lxxlxxl.exec:\lxxlxxl.exe40⤵
- Executes dropped EXE
-
\??\c:\hhnbnh.exec:\hhnbnh.exe41⤵
- Executes dropped EXE
-
\??\c:\9btnbt.exec:\9btnbt.exe42⤵
- Executes dropped EXE
-
\??\c:\dpvjj.exec:\dpvjj.exe43⤵
- Executes dropped EXE
-
\??\c:\3rxrlfx.exec:\3rxrlfx.exe44⤵
- Executes dropped EXE
-
\??\c:\hnhtht.exec:\hnhtht.exe45⤵
- Executes dropped EXE
-
\??\c:\htbthh.exec:\htbthh.exe46⤵
- Executes dropped EXE
-
\??\c:\ppjpd.exec:\ppjpd.exe47⤵
- Executes dropped EXE
-
\??\c:\ddvpd.exec:\ddvpd.exe48⤵
- Executes dropped EXE
-
\??\c:\xlxlxrl.exec:\xlxlxrl.exe49⤵
- Executes dropped EXE
-
\??\c:\bnhbtn.exec:\bnhbtn.exe50⤵
- Executes dropped EXE
-
\??\c:\ppdpd.exec:\ppdpd.exe51⤵
- Executes dropped EXE
-
\??\c:\jppjp.exec:\jppjp.exe52⤵
- Executes dropped EXE
-
\??\c:\3llflfl.exec:\3llflfl.exe53⤵
- Executes dropped EXE
-
\??\c:\1hhhnn.exec:\1hhhnn.exe54⤵
- Executes dropped EXE
-
\??\c:\1bbnhb.exec:\1bbnhb.exe55⤵
- Executes dropped EXE
-
\??\c:\ddvpp.exec:\ddvpp.exe56⤵
- Executes dropped EXE
-
\??\c:\1rxllff.exec:\1rxllff.exe57⤵
- Executes dropped EXE
-
\??\c:\xxrlfxr.exec:\xxrlfxr.exe58⤵
- Executes dropped EXE
-
\??\c:\hhnbht.exec:\hhnbht.exe59⤵
- Executes dropped EXE
-
\??\c:\djdvv.exec:\djdvv.exe60⤵
- Executes dropped EXE
-
\??\c:\lfxrxrr.exec:\lfxrxrr.exe61⤵
- Executes dropped EXE
-
\??\c:\xrxrrlf.exec:\xrxrrlf.exe62⤵
- Executes dropped EXE
-
\??\c:\ttnbth.exec:\ttnbth.exe63⤵
- Executes dropped EXE
-
\??\c:\3dpjd.exec:\3dpjd.exe64⤵
- Executes dropped EXE
-
\??\c:\rlxlxrl.exec:\rlxlxrl.exe65⤵
- Executes dropped EXE
-
\??\c:\xffxrlf.exec:\xffxrlf.exe66⤵
-
\??\c:\bhhbhb.exec:\bhhbhb.exe67⤵
-
\??\c:\1nhthh.exec:\1nhthh.exe68⤵
-
\??\c:\9jdvj.exec:\9jdvj.exe69⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe70⤵
-
\??\c:\fflxlfx.exec:\fflxlfx.exe71⤵
-
\??\c:\nbthbn.exec:\nbthbn.exe72⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe73⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe74⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xlfxlfr.exec:\xlfxlfr.exe75⤵
-
\??\c:\htnhtn.exec:\htnhtn.exe76⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jdjdv.exec:\jdjdv.exe77⤵
-
\??\c:\rrrfrll.exec:\rrrfrll.exe78⤵
-
\??\c:\tttnbb.exec:\tttnbb.exe79⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe80⤵
-
\??\c:\5ffrrff.exec:\5ffrrff.exe81⤵
-
\??\c:\9hbtnh.exec:\9hbtnh.exe82⤵
-
\??\c:\tttbnn.exec:\tttbnn.exe83⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe84⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe85⤵
-
\??\c:\xrrrlxr.exec:\xrrrlxr.exe86⤵
-
\??\c:\9nbtht.exec:\9nbtht.exe87⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe88⤵
-
\??\c:\xxxxxfl.exec:\xxxxxfl.exe89⤵
-
\??\c:\lrlfxxr.exec:\lrlfxxr.exe90⤵
-
\??\c:\5hnbhh.exec:\5hnbhh.exe91⤵
-
\??\c:\pppjv.exec:\pppjv.exe92⤵
-
\??\c:\jppvd.exec:\jppvd.exe93⤵
-
\??\c:\frxlfxl.exec:\frxlfxl.exe94⤵
-
\??\c:\1rrfxlr.exec:\1rrfxlr.exe95⤵
-
\??\c:\btbhth.exec:\btbhth.exe96⤵
-
\??\c:\7bthtn.exec:\7bthtn.exe97⤵
-
\??\c:\9jpjp.exec:\9jpjp.exe98⤵
-
\??\c:\xrrlxrr.exec:\xrrlxrr.exe99⤵
-
\??\c:\hhnhtt.exec:\hhnhtt.exe100⤵
-
\??\c:\7hhbtn.exec:\7hhbtn.exe101⤵
-
\??\c:\jddvp.exec:\jddvp.exe102⤵
-
\??\c:\5jjpj.exec:\5jjpj.exe103⤵
-
\??\c:\1rlxlfx.exec:\1rlxlfx.exe104⤵
-
\??\c:\3bthtb.exec:\3bthtb.exe105⤵
-
\??\c:\1ddpv.exec:\1ddpv.exe106⤵
-
\??\c:\vpppd.exec:\vpppd.exe107⤵
-
\??\c:\llrlxfr.exec:\llrlxfr.exe108⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3nbtnh.exec:\3nbtnh.exe109⤵
-
\??\c:\vjppd.exec:\vjppd.exe110⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe111⤵
-
\??\c:\fllxlfx.exec:\fllxlfx.exe112⤵
-
\??\c:\xlrlxfx.exec:\xlrlxfx.exe113⤵
-
\??\c:\hbbnhn.exec:\hbbnhn.exe114⤵
-
\??\c:\hhhbth.exec:\hhhbth.exe115⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe116⤵
-
\??\c:\xlfrlfx.exec:\xlfrlfx.exe117⤵
-
\??\c:\nbnhbt.exec:\nbnhbt.exe118⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe119⤵
-
\??\c:\fxxfllf.exec:\fxxfllf.exe120⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-