Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
03/10/2024, 09:03
General
-
Target
714b35770f29663bc046d99a3bc67c93085f766b6f5317e8df1866c6d1af2525N.exe
-
Size
57KB
-
MD5
a14dc2d35bbe74e2012eefe1744f0dd0
-
SHA1
580cc4cee05339bd276259e51adae7d588de35d7
-
SHA256
714b35770f29663bc046d99a3bc67c93085f766b6f5317e8df1866c6d1af2525
-
SHA512
8c2765bd6fecac80f1a6388168bb4ec50b8f8725e1957f7e6825e5945d63870a8e8f97840cba869132d1c864585bd0545eda7d558f824f9af401d547b1e649d0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgFC:ymb3NkkiQ3mdBjFIgFC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\714b35770f29663bc046d99a3bc67c93085f766b6f5317e8df1866c6d1af2525N.exe"C:\Users\Admin\AppData\Local\Temp\714b35770f29663bc046d99a3bc67c93085f766b6f5317e8df1866c6d1af2525N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrlxxr.exec:\3xrlxxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nntbn.exec:\1nntbn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvjp.exec:\vpvjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvp.exec:\vddvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlxrf.exec:\lfrlxrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrfxrl.exec:\rxrfxrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntttb.exec:\bntttb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjd.exec:\jdpjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxllfr.exec:\lrxllfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbthtn.exec:\tbthtn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppp.exec:\jdppp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxlrlf.exec:\rxxlrlf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thntbt.exec:\thntbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe15⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\fllrxxr.exec:\fllrxxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htthhb.exec:\htthhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhtnh.exec:\nhhtnh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjv.exec:\ddvjv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfllx.exec:\xllfllx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrllxf.exec:\rlrllxf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbthtn.exec:\tbthtn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvjj.exec:\vjvjj.exe23⤵
- Executes dropped EXE
-
\??\c:\rffxffr.exec:\rffxffr.exe24⤵
- Executes dropped EXE
-
\??\c:\1rflfrl.exec:\1rflfrl.exe25⤵
- Executes dropped EXE
-
\??\c:\btnhbt.exec:\btnhbt.exe26⤵
- Executes dropped EXE
-
\??\c:\5jddj.exec:\5jddj.exe27⤵
- Executes dropped EXE
-
\??\c:\xlrlrlf.exec:\xlrlrlf.exe28⤵
- Executes dropped EXE
-
\??\c:\llxrlfx.exec:\llxrlfx.exe29⤵
- Executes dropped EXE
-
\??\c:\hnhhbt.exec:\hnhhbt.exe30⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe31⤵
- Executes dropped EXE
-
\??\c:\tbttnh.exec:\tbttnh.exe32⤵
- Executes dropped EXE
-
\??\c:\7pvpj.exec:\7pvpj.exe33⤵
- Executes dropped EXE
-
\??\c:\rflfrrl.exec:\rflfrrl.exe34⤵
- Executes dropped EXE
-
\??\c:\bhtbnn.exec:\bhtbnn.exe35⤵
- Executes dropped EXE
-
\??\c:\btthbt.exec:\btthbt.exe36⤵
- Executes dropped EXE
-
\??\c:\jpjdv.exec:\jpjdv.exe37⤵
- Executes dropped EXE
-
\??\c:\llfrfxl.exec:\llfrfxl.exe38⤵
- Executes dropped EXE
-
\??\c:\lxxlxrl.exec:\lxxlxrl.exe39⤵
- Executes dropped EXE
-
\??\c:\hbnhbn.exec:\hbnhbn.exe40⤵
- Executes dropped EXE
-
\??\c:\7dpjv.exec:\7dpjv.exe41⤵
- Executes dropped EXE
-
\??\c:\pdvjv.exec:\pdvjv.exe42⤵
- Executes dropped EXE
-
\??\c:\xlfxllf.exec:\xlfxllf.exe43⤵
- Executes dropped EXE
-
\??\c:\fxrrfxl.exec:\fxrrfxl.exe44⤵
- Executes dropped EXE
-
\??\c:\htbtnh.exec:\htbtnh.exe45⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe46⤵
- Executes dropped EXE
-
\??\c:\9pvvd.exec:\9pvvd.exe47⤵
- Executes dropped EXE
-
\??\c:\vjjvj.exec:\vjjvj.exe48⤵
- Executes dropped EXE
-
\??\c:\xfxrlfx.exec:\xfxrlfx.exe49⤵
- Executes dropped EXE
-
\??\c:\5lrlxrl.exec:\5lrlxrl.exe50⤵
- Executes dropped EXE
-
\??\c:\thbthb.exec:\thbthb.exe51⤵
- Executes dropped EXE
-
\??\c:\hththb.exec:\hththb.exe52⤵
- Executes dropped EXE
-
\??\c:\vjjpj.exec:\vjjpj.exe53⤵
- Executes dropped EXE
-
\??\c:\frfxrrf.exec:\frfxrrf.exe54⤵
- Executes dropped EXE
-
\??\c:\fllrlxl.exec:\fllrlxl.exe55⤵
- Executes dropped EXE
-
\??\c:\htnhtn.exec:\htnhtn.exe56⤵
- Executes dropped EXE
-
\??\c:\bhbthb.exec:\bhbthb.exe57⤵
- Executes dropped EXE
-
\??\c:\jvvjd.exec:\jvvjd.exe58⤵
- Executes dropped EXE
-
\??\c:\lxrfxlr.exec:\lxrfxlr.exe59⤵
- Executes dropped EXE
-
\??\c:\rxfxxrl.exec:\rxfxxrl.exe60⤵
- Executes dropped EXE
-
\??\c:\thhhbb.exec:\thhhbb.exe61⤵
- Executes dropped EXE
-
\??\c:\btthht.exec:\btthht.exe62⤵
- Executes dropped EXE
-
\??\c:\jpvvp.exec:\jpvvp.exe63⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe64⤵
- Executes dropped EXE
-
\??\c:\vppdp.exec:\vppdp.exe65⤵
- Executes dropped EXE
-
\??\c:\lrxrlfx.exec:\lrxrlfx.exe66⤵
-
\??\c:\btttnh.exec:\btttnh.exe67⤵
-
\??\c:\9nnnbt.exec:\9nnnbt.exe68⤵
-
\??\c:\pddpd.exec:\pddpd.exe69⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe70⤵
-
\??\c:\ffxrrff.exec:\ffxrrff.exe71⤵
-
\??\c:\ffrxlxf.exec:\ffrxlxf.exe72⤵
-
\??\c:\btnhhb.exec:\btnhhb.exe73⤵
-
\??\c:\tbbthb.exec:\tbbthb.exe74⤵
-
\??\c:\7hhbnt.exec:\7hhbnt.exe75⤵
-
\??\c:\pvpdp.exec:\pvpdp.exe76⤵
-
\??\c:\xlrlrlx.exec:\xlrlrlx.exe77⤵
-
\??\c:\xlllfxr.exec:\xlllfxr.exe78⤵
-
\??\c:\tnhhbt.exec:\tnhhbt.exe79⤵
-
\??\c:\hnnthb.exec:\hnnthb.exe80⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe81⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe82⤵
-
\??\c:\fxffxff.exec:\fxffxff.exe83⤵
-
\??\c:\tnhbnn.exec:\tnhbnn.exe84⤵
-
\??\c:\vppjp.exec:\vppjp.exe85⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe86⤵
-
\??\c:\rxxxffr.exec:\rxxxffr.exe87⤵
-
\??\c:\rflfxrl.exec:\rflfxrl.exe88⤵
-
\??\c:\ttnbbt.exec:\ttnbbt.exe89⤵
-
\??\c:\5nhbnh.exec:\5nhbnh.exe90⤵
-
\??\c:\jpjvd.exec:\jpjvd.exe91⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe92⤵
-
\??\c:\lxxrlxl.exec:\lxxrlxl.exe93⤵
-
\??\c:\flxffrr.exec:\flxffrr.exe94⤵
-
\??\c:\tnhhnh.exec:\tnhhnh.exe95⤵
-
\??\c:\btbtnh.exec:\btbtnh.exe96⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe97⤵
-
\??\c:\jpjdd.exec:\jpjdd.exe98⤵
-
\??\c:\fllxlfx.exec:\fllxlfx.exe99⤵
-
\??\c:\rllfxrl.exec:\rllfxrl.exe100⤵
-
\??\c:\bbhhhn.exec:\bbhhhn.exe101⤵
-
\??\c:\nhtnbb.exec:\nhtnbb.exe102⤵
-
\??\c:\1pppd.exec:\1pppd.exe103⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe104⤵
-
\??\c:\xxxlrlf.exec:\xxxlrlf.exe105⤵
-
\??\c:\bbbthb.exec:\bbbthb.exe106⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe107⤵
-
\??\c:\ttthbn.exec:\ttthbn.exe108⤵
-
\??\c:\jvvpv.exec:\jvvpv.exe109⤵
-
\??\c:\vppvv.exec:\vppvv.exe110⤵
-
\??\c:\lllfrlf.exec:\lllfrlf.exe111⤵
-
\??\c:\xfxrflx.exec:\xfxrflx.exe112⤵
-
\??\c:\frllffx.exec:\frllffx.exe113⤵
-
\??\c:\htbthb.exec:\htbthb.exe114⤵
-
\??\c:\nhbnnh.exec:\nhbnnh.exe115⤵
-
\??\c:\pvpvj.exec:\pvpvj.exe116⤵
-
\??\c:\djvvp.exec:\djvvp.exe117⤵
-
\??\c:\7lfrlfx.exec:\7lfrlfx.exe118⤵
-
\??\c:\ffxrllf.exec:\ffxrllf.exe119⤵
-
\??\c:\tnnnhb.exec:\tnnnhb.exe120⤵
-
\??\c:\ttttbh.exec:\ttttbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-