Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
05/10/2024, 12:11
General
-
Target
5b473ca2046c88e4c4dc071d106c403aeed6a41db2578cb55669d1e727ede51dN.exe
-
Size
70KB
-
MD5
8548bff631248a0a2d2ffd3b76d88c50
-
SHA1
acf97f0b02aa3d935e46eccbdd9cad97fe7fa7e0
-
SHA256
5b473ca2046c88e4c4dc071d106c403aeed6a41db2578cb55669d1e727ede51d
-
SHA512
71e3d29495ebc701403a354eace730ab6c477bafb027735d3cfeb8aa7eb093edd2bf6eda530a765207162d65a266b2d25d4b1d2b5babf297cbdbfb9606e0b8dc
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfUcicZfU:ymb3NkkiQ3mdBjFI4V4ciX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5b473ca2046c88e4c4dc071d106c403aeed6a41db2578cb55669d1e727ede51dN.exe"C:\Users\Admin\AppData\Local\Temp\5b473ca2046c88e4c4dc071d106c403aeed6a41db2578cb55669d1e727ede51dN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrrll.exec:\rlrrrll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tbthb.exec:\9tbthb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbnnb.exec:\hnbnnb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvp.exec:\vpvvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnhbt.exec:\7tnhbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbnbt.exec:\bhbnbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vpjp.exec:\3vpjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdv.exec:\vjpdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrlxrf.exec:\7rrlxrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthtn.exec:\bbthtn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjpj.exec:\jpjpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfffx.exec:\xllfffx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rrlffx.exec:\3rrlffx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbttt.exec:\5tbttt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vdpd.exec:\3vdpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrlrrl.exec:\9xrlrrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrrffr.exec:\1xrrffr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhbb.exec:\tnhhbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdp.exec:\pvjdp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdp.exec:\vdjdp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlxxr.exec:\fxxlxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnhh.exec:\httnhh.exe23⤵
- Executes dropped EXE
-
\??\c:\5ppjv.exec:\5ppjv.exe24⤵
- Executes dropped EXE
-
\??\c:\5vvvj.exec:\5vvvj.exe25⤵
- Executes dropped EXE
-
\??\c:\lfrfrlx.exec:\lfrfrlx.exe26⤵
- Executes dropped EXE
-
\??\c:\lfxfrlf.exec:\lfxfrlf.exe27⤵
- Executes dropped EXE
-
\??\c:\5hnnbb.exec:\5hnnbb.exe28⤵
- Executes dropped EXE
-
\??\c:\3jdvj.exec:\3jdvj.exe29⤵
- Executes dropped EXE
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe30⤵
- Executes dropped EXE
-
\??\c:\5tbtbb.exec:\5tbtbb.exe31⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bntnhh.exec:\bntnhh.exe32⤵
- Executes dropped EXE
-
\??\c:\vjpjp.exec:\vjpjp.exe33⤵
- Executes dropped EXE
-
\??\c:\3jvpp.exec:\3jvpp.exe34⤵
- Executes dropped EXE
-
\??\c:\9rrlxxr.exec:\9rrlxxr.exe35⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe36⤵
- Executes dropped EXE
-
\??\c:\5dpjd.exec:\5dpjd.exe37⤵
- Executes dropped EXE
-
\??\c:\fllfffx.exec:\fllfffx.exe38⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe39⤵
- Executes dropped EXE
-
\??\c:\llrlfff.exec:\llrlfff.exe40⤵
- Executes dropped EXE
-
\??\c:\btthbb.exec:\btthbb.exe41⤵
- Executes dropped EXE
-
\??\c:\fxlxrfx.exec:\fxlxrfx.exe42⤵
- Executes dropped EXE
-
\??\c:\dvdpj.exec:\dvdpj.exe43⤵
- Executes dropped EXE
-
\??\c:\3bhhbh.exec:\3bhhbh.exe44⤵
- Executes dropped EXE
-
\??\c:\tttnhb.exec:\tttnhb.exe45⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe46⤵
- Executes dropped EXE
-
\??\c:\lfrllfl.exec:\lfrllfl.exe47⤵
- Executes dropped EXE
-
\??\c:\fffflrr.exec:\fffflrr.exe48⤵
- Executes dropped EXE
-
\??\c:\bbbthn.exec:\bbbthn.exe49⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe50⤵
- Executes dropped EXE
-
\??\c:\pdpvp.exec:\pdpvp.exe51⤵
- Executes dropped EXE
-
\??\c:\9frlffx.exec:\9frlffx.exe52⤵
- Executes dropped EXE
-
\??\c:\xfllfxl.exec:\xfllfxl.exe53⤵
- Executes dropped EXE
-
\??\c:\tnhbth.exec:\tnhbth.exe54⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe55⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe56⤵
- Executes dropped EXE
-
\??\c:\rllfffx.exec:\rllfffx.exe57⤵
- Executes dropped EXE
-
\??\c:\nhntnh.exec:\nhntnh.exe58⤵
- Executes dropped EXE
-
\??\c:\3nthbb.exec:\3nthbb.exe59⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe60⤵
- Executes dropped EXE
-
\??\c:\xflfrfx.exec:\xflfrfx.exe61⤵
- Executes dropped EXE
-
\??\c:\flllffx.exec:\flllffx.exe62⤵
- Executes dropped EXE
-
\??\c:\nttnhb.exec:\nttnhb.exe63⤵
- Executes dropped EXE
-
\??\c:\dpppp.exec:\dpppp.exe64⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe65⤵
- Executes dropped EXE
-
\??\c:\pvdvj.exec:\pvdvj.exe66⤵
- Executes dropped EXE
-
\??\c:\lfrrllx.exec:\lfrrllx.exe67⤵
-
\??\c:\frffxxx.exec:\frffxxx.exe68⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe69⤵
-
\??\c:\jvpjj.exec:\jvpjj.exe70⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe71⤵
-
\??\c:\xllfrrl.exec:\xllfrrl.exe72⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe73⤵
-
\??\c:\dpvjp.exec:\dpvjp.exe74⤵
-
\??\c:\5jdvp.exec:\5jdvp.exe75⤵
-
\??\c:\lxrlxrl.exec:\lxrlxrl.exe76⤵
-
\??\c:\nbnhbb.exec:\nbnhbb.exe77⤵
-
\??\c:\1dvjd.exec:\1dvjd.exe78⤵
-
\??\c:\5frlrrf.exec:\5frlrrf.exe79⤵
-
\??\c:\5llfxrl.exec:\5llfxrl.exe80⤵
-
\??\c:\bhnthh.exec:\bhnthh.exe81⤵
-
\??\c:\hbbhtt.exec:\hbbhtt.exe82⤵
-
\??\c:\7pjdp.exec:\7pjdp.exe83⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe84⤵
-
\??\c:\ffrrxxr.exec:\ffrrxxr.exe85⤵
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe86⤵
-
\??\c:\7tthbt.exec:\7tthbt.exe87⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe88⤵
-
\??\c:\jjppd.exec:\jjppd.exe89⤵
-
\??\c:\rxrrfff.exec:\rxrrfff.exe90⤵
-
\??\c:\xffxrll.exec:\xffxrll.exe91⤵
-
\??\c:\thnbhb.exec:\thnbhb.exe92⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe93⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe94⤵
-
\??\c:\xrxrrrx.exec:\xrxrrrx.exe95⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xxrrxxx.exec:\xxrrxxx.exe96⤵
-
\??\c:\hhbtbt.exec:\hhbtbt.exe97⤵
-
\??\c:\vvjvv.exec:\vvjvv.exe98⤵
-
\??\c:\rxrlxrl.exec:\rxrlxrl.exe99⤵
-
\??\c:\lfffxfx.exec:\lfffxfx.exe100⤵
-
\??\c:\bhhhbn.exec:\bhhhbn.exe101⤵
-
\??\c:\hnnhtn.exec:\hnnhtn.exe102⤵
-
\??\c:\vddvj.exec:\vddvj.exe103⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe104⤵
-
\??\c:\xrllrrr.exec:\xrllrrr.exe105⤵
-
\??\c:\3nnnnn.exec:\3nnnnn.exe106⤵
-
\??\c:\nbbnbb.exec:\nbbnbb.exe107⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe108⤵
-
\??\c:\pddvj.exec:\pddvj.exe109⤵
-
\??\c:\fllxlfr.exec:\fllxlfr.exe110⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe111⤵
-
\??\c:\hbbhbb.exec:\hbbhbb.exe112⤵
-
\??\c:\jppdp.exec:\jppdp.exe113⤵
-
\??\c:\lxrrfxr.exec:\lxrrfxr.exe114⤵
-
\??\c:\1llxrlx.exec:\1llxrlx.exe115⤵
-
\??\c:\tbhhbb.exec:\tbhhbb.exe116⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe117⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe118⤵
-
\??\c:\pdddv.exec:\pdddv.exe119⤵
-
\??\c:\frfrrrx.exec:\frfrrrx.exe120⤵
-
\??\c:\jpppj.exec:\jpppj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-