Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
04/10/2024, 14:08
General
-
Target
0d1ec1b806cc1742419653d61dcf4de5d03cc548ca0eac9190c8a60f3bea8305N.exe
-
Size
59KB
-
MD5
a50d0c8b93ee5501fdab131d957baec0
-
SHA1
c0c01a3bc75dabdb82bcccdf6a9a4c0c146aad67
-
SHA256
0d1ec1b806cc1742419653d61dcf4de5d03cc548ca0eac9190c8a60f3bea8305
-
SHA512
f05de455f218ab8f2a92a5d18f7b6f6af9328de916cad4ea92e0724963c6dd8558e377be21b6272e13da9c28369789b13e25d90965eb64725e813fae9d9da4d9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgTdx:ymb3NkkiQ3mdBjFIg/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0d1ec1b806cc1742419653d61dcf4de5d03cc548ca0eac9190c8a60f3bea8305N.exe"C:\Users\Admin\AppData\Local\Temp\0d1ec1b806cc1742419653d61dcf4de5d03cc548ca0eac9190c8a60f3bea8305N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbbht.exec:\hnbbht.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbnn.exec:\tnbbnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pdpj.exec:\5pdpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrllr.exec:\rrrrllr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllrxx.exec:\rfllrxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthhb.exec:\nnthhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhnn.exec:\hthhnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdp.exec:\jdjdp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxxxf.exec:\frlxxxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnhbb.exec:\1bnhbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdv.exec:\jdjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlflf.exec:\xrrlflf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnhn.exec:\bhnnhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnhbb.exec:\3nnhbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvp.exec:\dddvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrlff.exec:\lfxrlff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjp.exec:\jdjjp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffffxx.exec:\rffffxx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlllllf.exec:\xlllllf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvp.exec:\ppjvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxxrr.exec:\xxfxxrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxlxxl.exec:\lrxlxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\thhbnb.exec:\thhbnb.exe24⤵
- Executes dropped EXE
-
\??\c:\vdjdd.exec:\vdjdd.exe25⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe26⤵
- Executes dropped EXE
-
\??\c:\rrxrxxl.exec:\rrxrxxl.exe27⤵
- Executes dropped EXE
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe28⤵
- Executes dropped EXE
-
\??\c:\ntthtn.exec:\ntthtn.exe29⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe30⤵
- Executes dropped EXE
-
\??\c:\7lrlfff.exec:\7lrlfff.exe31⤵
- Executes dropped EXE
-
\??\c:\9nnnhh.exec:\9nnnhh.exe32⤵
- Executes dropped EXE
-
\??\c:\5thnhh.exec:\5thnhh.exe33⤵
- Executes dropped EXE
-
\??\c:\vjpjp.exec:\vjpjp.exe34⤵
- Executes dropped EXE
-
\??\c:\5pvjp.exec:\5pvjp.exe35⤵
- Executes dropped EXE
-
\??\c:\3frrxxf.exec:\3frrxxf.exe36⤵
- Executes dropped EXE
-
\??\c:\nnhbbt.exec:\nnhbbt.exe37⤵
- Executes dropped EXE
-
\??\c:\btnttt.exec:\btnttt.exe38⤵
- Executes dropped EXE
-
\??\c:\1ppvj.exec:\1ppvj.exe39⤵
- Executes dropped EXE
-
\??\c:\3pvjj.exec:\3pvjj.exe40⤵
- Executes dropped EXE
-
\??\c:\fxxlllr.exec:\fxxlllr.exe41⤵
- Executes dropped EXE
-
\??\c:\xlrrlll.exec:\xlrrlll.exe42⤵
- Executes dropped EXE
-
\??\c:\nnhhbh.exec:\nnhhbh.exe43⤵
- Executes dropped EXE
-
\??\c:\ttbnhh.exec:\ttbnhh.exe44⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe45⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe46⤵
- Executes dropped EXE
-
\??\c:\fxxxxff.exec:\fxxxxff.exe47⤵
- Executes dropped EXE
-
\??\c:\frxrlff.exec:\frxrlff.exe48⤵
- Executes dropped EXE
-
\??\c:\3ttnnn.exec:\3ttnnn.exe49⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe50⤵
- Executes dropped EXE
-
\??\c:\5vjpv.exec:\5vjpv.exe51⤵
- Executes dropped EXE
-
\??\c:\flxxfrl.exec:\flxxfrl.exe52⤵
- Executes dropped EXE
-
\??\c:\7fxflfl.exec:\7fxflfl.exe53⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe54⤵
- Executes dropped EXE
-
\??\c:\bthbbb.exec:\bthbbb.exe55⤵
- Executes dropped EXE
-
\??\c:\hbhbnn.exec:\hbhbnn.exe56⤵
- Executes dropped EXE
-
\??\c:\jdddp.exec:\jdddp.exe57⤵
- Executes dropped EXE
-
\??\c:\9ffxllf.exec:\9ffxllf.exe58⤵
- Executes dropped EXE
-
\??\c:\7xfffff.exec:\7xfffff.exe59⤵
- Executes dropped EXE
-
\??\c:\rlxxxxx.exec:\rlxxxxx.exe60⤵
- Executes dropped EXE
-
\??\c:\tnbbbh.exec:\tnbbbh.exe61⤵
- Executes dropped EXE
-
\??\c:\bthhbb.exec:\bthhbb.exe62⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe63⤵
- Executes dropped EXE
-
\??\c:\pvjjv.exec:\pvjjv.exe64⤵
- Executes dropped EXE
-
\??\c:\fflfxxr.exec:\fflfxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\bntbbb.exec:\bntbbb.exe66⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe67⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe68⤵
-
\??\c:\7vdvp.exec:\7vdvp.exe69⤵
-
\??\c:\3rxrrrr.exec:\3rxrrrr.exe70⤵
-
\??\c:\xlxfxfx.exec:\xlxfxfx.exe71⤵
-
\??\c:\hnbtnn.exec:\hnbtnn.exe72⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe73⤵
-
\??\c:\jdppv.exec:\jdppv.exe74⤵
-
\??\c:\lllrlrr.exec:\lllrlrr.exe75⤵
-
\??\c:\xlrrlff.exec:\xlrrlff.exe76⤵
-
\??\c:\nbbbbb.exec:\nbbbbb.exe77⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe78⤵
-
\??\c:\pvppd.exec:\pvppd.exe79⤵
-
\??\c:\7jvvp.exec:\7jvvp.exe80⤵
-
\??\c:\ffrlxlf.exec:\ffrlxlf.exe81⤵
-
\??\c:\xrxxfxf.exec:\xrxxfxf.exe82⤵
-
\??\c:\nbbnhh.exec:\nbbnhh.exe83⤵
-
\??\c:\htttnn.exec:\htttnn.exe84⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe85⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe86⤵
-
\??\c:\rfrffxl.exec:\rfrffxl.exe87⤵
-
\??\c:\9flllrr.exec:\9flllrr.exe88⤵
-
\??\c:\7xfffrr.exec:\7xfffrr.exe89⤵
-
\??\c:\tnbbbt.exec:\tnbbbt.exe90⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe91⤵
-
\??\c:\jdddv.exec:\jdddv.exe92⤵
-
\??\c:\5ddvv.exec:\5ddvv.exe93⤵
-
\??\c:\1xflxxx.exec:\1xflxxx.exe94⤵
-
\??\c:\3lffxrr.exec:\3lffxrr.exe95⤵
-
\??\c:\ntthhn.exec:\ntthhn.exe96⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe97⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rxfrfxl.exec:\rxfrfxl.exe98⤵
-
\??\c:\lxrlxrl.exec:\lxrlxrl.exe99⤵
-
\??\c:\thbtnh.exec:\thbtnh.exe100⤵
-
\??\c:\nththb.exec:\nththb.exe101⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe102⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe103⤵
-
\??\c:\xxrlxlf.exec:\xxrlxlf.exe104⤵
-
\??\c:\xffrfxr.exec:\xffrfxr.exe105⤵
-
\??\c:\bnhbnh.exec:\bnhbnh.exe106⤵
-
\??\c:\nnbtbb.exec:\nnbtbb.exe107⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe108⤵
-
\??\c:\1ddpj.exec:\1ddpj.exe109⤵
-
\??\c:\xlfrfxl.exec:\xlfrfxl.exe110⤵
-
\??\c:\xlfrfxf.exec:\xlfrfxf.exe111⤵
-
\??\c:\9btnbb.exec:\9btnbb.exe112⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe113⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe114⤵
-
\??\c:\fxrrflf.exec:\fxrrflf.exe115⤵
-
\??\c:\lxxxrrf.exec:\lxxxrrf.exe116⤵
-
\??\c:\tnbthh.exec:\tnbthh.exe117⤵
-
\??\c:\tnhtbt.exec:\tnhtbt.exe118⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe119⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe120⤵
-
\??\c:\rrlxfxl.exec:\rrlxfxl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-