Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
92s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
04/10/2024, 05:37
General
-
Target
f9d4e338c995cff706c9def5d931d627093355f513b4439de4f82aa69c187873N.exe
-
Size
230KB
-
MD5
18ddcc606a221e8d20834287a92fe100
-
SHA1
57cd8c7f9e5f2ad12d0dbd37b3e263e03284ccfe
-
SHA256
f9d4e338c995cff706c9def5d931d627093355f513b4439de4f82aa69c187873
-
SHA512
217d3a43f88b5dad180cb85dcd9a72476a2caf8f0115c0bbf16e26c568a026291d7860cc506d0486478f1e3d29875633c3e5422b13ec8844f3c52406df5e6d45
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLn/c1fE:n3C9BRo7MlrWKo+lxKk1fE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f9d4e338c995cff706c9def5d931d627093355f513b4439de4f82aa69c187873N.exe"C:\Users\Admin\AppData\Local\Temp\f9d4e338c995cff706c9def5d931d627093355f513b4439de4f82aa69c187873N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrlrll.exec:\7lrlrll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnhnh.exec:\1tnhnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhbb.exec:\nnhhbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdd.exec:\jvjdd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxffllr.exec:\rxffllr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnnbh.exec:\7bnnbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpv.exec:\dvvpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrrxx.exec:\rrrrrxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnhb.exec:\bntnhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnbh.exec:\tthnbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjp.exec:\djjjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlffr.exec:\rlrlffr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnhh.exec:\hbtnhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppp.exec:\dpppp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfxxr.exec:\lllfxxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnthbn.exec:\hnthbn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdv.exec:\vjjdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlxxx.exec:\xrrlxxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhttn.exec:\bnhttn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhth.exec:\hbnhth.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjd.exec:\djpjd.exe23⤵
- Executes dropped EXE
-
\??\c:\jjppj.exec:\jjppj.exe24⤵
- Executes dropped EXE
-
\??\c:\3frxrrl.exec:\3frxrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\vdpjp.exec:\vdpjp.exe26⤵
- Executes dropped EXE
-
\??\c:\xrxrlxx.exec:\xrxrlxx.exe27⤵
- Executes dropped EXE
-
\??\c:\nttnbn.exec:\nttnbn.exe28⤵
- Executes dropped EXE
-
\??\c:\jvjvv.exec:\jvjvv.exe29⤵
- Executes dropped EXE
-
\??\c:\lfrxrxf.exec:\lfrxrxf.exe30⤵
- Executes dropped EXE
-
\??\c:\3nhnhh.exec:\3nhnhh.exe31⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe32⤵
- Executes dropped EXE
-
\??\c:\rfrlxfl.exec:\rfrlxfl.exe33⤵
- Executes dropped EXE
-
\??\c:\tntntt.exec:\tntntt.exe34⤵
- Executes dropped EXE
-
\??\c:\djjpj.exec:\djjpj.exe35⤵
- Executes dropped EXE
-
\??\c:\xlllflf.exec:\xlllflf.exe36⤵
- Executes dropped EXE
-
\??\c:\lflfxrl.exec:\lflfxrl.exe37⤵
- Executes dropped EXE
-
\??\c:\nthbtt.exec:\nthbtt.exe38⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe39⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe40⤵
- Executes dropped EXE
-
\??\c:\3rfrxxx.exec:\3rfrxxx.exe41⤵
- Executes dropped EXE
-
\??\c:\lfrffxl.exec:\lfrffxl.exe42⤵
- Executes dropped EXE
-
\??\c:\nbhbtn.exec:\nbhbtn.exe43⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe44⤵
- Executes dropped EXE
-
\??\c:\xrlxrrl.exec:\xrlxrrl.exe45⤵
- Executes dropped EXE
-
\??\c:\7lrxrlx.exec:\7lrxrlx.exe46⤵
- Executes dropped EXE
-
\??\c:\bhhhnh.exec:\bhhhnh.exe47⤵
- Executes dropped EXE
-
\??\c:\nnhbtt.exec:\nnhbtt.exe48⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dpdvp.exec:\dpdvp.exe49⤵
- Executes dropped EXE
-
\??\c:\9fxrflf.exec:\9fxrflf.exe50⤵
- Executes dropped EXE
-
\??\c:\lllfxxf.exec:\lllfxxf.exe51⤵
- Executes dropped EXE
-
\??\c:\nnnnht.exec:\nnnnht.exe52⤵
- Executes dropped EXE
-
\??\c:\9pjdv.exec:\9pjdv.exe53⤵
- Executes dropped EXE
-
\??\c:\vjjjj.exec:\vjjjj.exe54⤵
- Executes dropped EXE
-
\??\c:\xfllffx.exec:\xfllffx.exe55⤵
- Executes dropped EXE
-
\??\c:\hbbbtt.exec:\hbbbtt.exe56⤵
- Executes dropped EXE
-
\??\c:\bthbbb.exec:\bthbbb.exe57⤵
- Executes dropped EXE
-
\??\c:\9vpjd.exec:\9vpjd.exe58⤵
- Executes dropped EXE
-
\??\c:\rllxxrl.exec:\rllxxrl.exe59⤵
- Executes dropped EXE
-
\??\c:\5llxrrl.exec:\5llxrrl.exe60⤵
- Executes dropped EXE
-
\??\c:\9hhhtt.exec:\9hhhtt.exe61⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe62⤵
- Executes dropped EXE
-
\??\c:\5xlfxll.exec:\5xlfxll.exe63⤵
- Executes dropped EXE
-
\??\c:\1xrrrrr.exec:\1xrrrrr.exe64⤵
- Executes dropped EXE
-
\??\c:\9htbtb.exec:\9htbtb.exe65⤵
- Executes dropped EXE
-
\??\c:\jjdvd.exec:\jjdvd.exe66⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe67⤵
-
\??\c:\xffffff.exec:\xffffff.exe68⤵
-
\??\c:\llffxff.exec:\llffxff.exe69⤵
-
\??\c:\bbhhhn.exec:\bbhhhn.exe70⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe71⤵
-
\??\c:\xrllfff.exec:\xrllfff.exe72⤵
-
\??\c:\lfxrrrr.exec:\lfxrrrr.exe73⤵
-
\??\c:\hhhbhh.exec:\hhhbhh.exe74⤵
-
\??\c:\ttnhbb.exec:\ttnhbb.exe75⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe76⤵
-
\??\c:\frffxxx.exec:\frffxxx.exe77⤵
-
\??\c:\lxfflll.exec:\lxfflll.exe78⤵
-
\??\c:\5nnhbb.exec:\5nnhbb.exe79⤵
-
\??\c:\djppv.exec:\djppv.exe80⤵
-
\??\c:\1vjdd.exec:\1vjdd.exe81⤵
-
\??\c:\7rxxrrl.exec:\7rxxrrl.exe82⤵
-
\??\c:\bhnhnn.exec:\bhnhnn.exe83⤵
-
\??\c:\nttbhn.exec:\nttbhn.exe84⤵
-
\??\c:\vppvp.exec:\vppvp.exe85⤵
-
\??\c:\xxfrrxr.exec:\xxfrrxr.exe86⤵
-
\??\c:\5lxrxxx.exec:\5lxrxxx.exe87⤵
-
\??\c:\hnbtnn.exec:\hnbtnn.exe88⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe89⤵
-
\??\c:\jddvp.exec:\jddvp.exe90⤵
-
\??\c:\5lfxffr.exec:\5lfxffr.exe91⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe92⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe93⤵
-
\??\c:\pvppp.exec:\pvppp.exe94⤵
-
\??\c:\rlfrfll.exec:\rlfrfll.exe95⤵
-
\??\c:\fflflfl.exec:\fflflfl.exe96⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe97⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe98⤵
-
\??\c:\5pjpj.exec:\5pjpj.exe99⤵
-
\??\c:\lxxrllf.exec:\lxxrllf.exe100⤵
-
\??\c:\flllllf.exec:\flllllf.exe101⤵
-
\??\c:\nnhhhn.exec:\nnhhhn.exe102⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe103⤵
-
\??\c:\1ddvp.exec:\1ddvp.exe104⤵
-
\??\c:\fxrrrfx.exec:\fxrrrfx.exe105⤵
-
\??\c:\nnbntb.exec:\nnbntb.exe106⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe107⤵
-
\??\c:\vvjvv.exec:\vvjvv.exe108⤵
-
\??\c:\xlrlfxx.exec:\xlrlfxx.exe109⤵
-
\??\c:\tbhnhh.exec:\tbhnhh.exe110⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe111⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe112⤵
-
\??\c:\dvddd.exec:\dvddd.exe113⤵
-
\??\c:\5rlfllf.exec:\5rlfllf.exe114⤵
-
\??\c:\bttnnh.exec:\bttnnh.exe115⤵
-
\??\c:\7hbbtt.exec:\7hbbtt.exe116⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe117⤵
-
\??\c:\lflfxxr.exec:\lflfxxr.exe118⤵
-
\??\c:\xflrlfx.exec:\xflrlfx.exe119⤵
-
\??\c:\tntntt.exec:\tntntt.exe120⤵
-
\??\c:\1bhbnn.exec:\1bhbnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-