Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
08/10/2024, 23:04
General
-
Target
d8c8f990cd27c40557f1ce64d25953e71b2852fe989d05388eca5d90d758d75aN.exe
-
Size
69KB
-
MD5
fbfbda2474ee80121cc7b0eea7ddb270
-
SHA1
b784745c56916fb0104a904b96e071598d66243f
-
SHA256
d8c8f990cd27c40557f1ce64d25953e71b2852fe989d05388eca5d90d758d75a
-
SHA512
319fc54fb9458b85ce55f8ee5aeb5433021668c9c5492fefffb7936b12c3cf113469c930f3afb0f23860d64d5791ed1f478369d2df7447823bba32995f58e19b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+LuvdLW:ymb3NkkiQ3mdBjF0yMlia
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d8c8f990cd27c40557f1ce64d25953e71b2852fe989d05388eca5d90d758d75aN.exe"C:\Users\Admin\AppData\Local\Temp\d8c8f990cd27c40557f1ce64d25953e71b2852fe989d05388eca5d90d758d75aN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbtnn.exec:\7hbtnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxrfrx.exec:\1xxrfrx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbnhb.exec:\ntbnhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnbtb.exec:\7tnbtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvj.exec:\dpdvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxrffr.exec:\7fxrffr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttnn.exec:\htttnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvjd.exec:\jvvjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llfrlx.exec:\3llfrlx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnbb.exec:\hbtnbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhbb.exec:\nbnhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdv.exec:\jvpdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxlrff.exec:\flxlrff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhhb.exec:\bhnhhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdjp.exec:\1pdjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rrrrrl.exec:\3rrrrrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnhh.exec:\htnnhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbhtt.exec:\7tbhtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpd.exec:\vjvpd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxlxrf.exec:\rrxlxrf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnhtt.exec:\7tnhtt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhhb.exec:\nhhhhb.exe23⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe24⤵
- Executes dropped EXE
-
\??\c:\xffxfrx.exec:\xffxfrx.exe25⤵
- Executes dropped EXE
-
\??\c:\9lffxfx.exec:\9lffxfx.exe26⤵
- Executes dropped EXE
-
\??\c:\5hbtnn.exec:\5hbtnn.exe27⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe28⤵
- Executes dropped EXE
-
\??\c:\9rfrlrl.exec:\9rfrlrl.exe29⤵
- Executes dropped EXE
-
\??\c:\1tbthb.exec:\1tbthb.exe30⤵
- Executes dropped EXE
-
\??\c:\vdjvj.exec:\vdjvj.exe31⤵
- Executes dropped EXE
-
\??\c:\lxllxfr.exec:\lxllxfr.exe32⤵
- Executes dropped EXE
-
\??\c:\xfffrlf.exec:\xfffrlf.exe33⤵
- Executes dropped EXE
-
\??\c:\bnnhbt.exec:\bnnhbt.exe34⤵
- Executes dropped EXE
-
\??\c:\hhbthh.exec:\hhbthh.exe35⤵
- Executes dropped EXE
-
\??\c:\1vvpd.exec:\1vvpd.exe36⤵
- Executes dropped EXE
-
\??\c:\7fflfxx.exec:\7fflfxx.exe37⤵
- Executes dropped EXE
-
\??\c:\frxrxxx.exec:\frxrxxx.exe38⤵
- Executes dropped EXE
-
\??\c:\httnbh.exec:\httnbh.exe39⤵
- Executes dropped EXE
-
\??\c:\hbntht.exec:\hbntht.exe40⤵
- Executes dropped EXE
-
\??\c:\3ddpj.exec:\3ddpj.exe41⤵
- Executes dropped EXE
-
\??\c:\rxxlfrl.exec:\rxxlfrl.exe42⤵
- Executes dropped EXE
-
\??\c:\xllxrfx.exec:\xllxrfx.exe43⤵
- Executes dropped EXE
-
\??\c:\httnhb.exec:\httnhb.exe44⤵
- Executes dropped EXE
-
\??\c:\tnbnhb.exec:\tnbnhb.exe45⤵
- Executes dropped EXE
-
\??\c:\1jjvj.exec:\1jjvj.exe46⤵
- Executes dropped EXE
-
\??\c:\9dvdd.exec:\9dvdd.exe47⤵
- Executes dropped EXE
-
\??\c:\lrxxrrf.exec:\lrxxrrf.exe48⤵
- Executes dropped EXE
-
\??\c:\bhnhbt.exec:\bhnhbt.exe49⤵
- Executes dropped EXE
-
\??\c:\hthbnh.exec:\hthbnh.exe50⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe51⤵
- Executes dropped EXE
-
\??\c:\rxrlfxr.exec:\rxrlfxr.exe52⤵
- Executes dropped EXE
-
\??\c:\lflfrll.exec:\lflfrll.exe53⤵
- Executes dropped EXE
-
\??\c:\tbntbb.exec:\tbntbb.exe54⤵
- Executes dropped EXE
-
\??\c:\5dpjj.exec:\5dpjj.exe55⤵
- Executes dropped EXE
-
\??\c:\fffxlfr.exec:\fffxlfr.exe56⤵
- Executes dropped EXE
-
\??\c:\xrlfxrf.exec:\xrlfxrf.exe57⤵
- Executes dropped EXE
-
\??\c:\1tbtnn.exec:\1tbtnn.exe58⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe59⤵
- Executes dropped EXE
-
\??\c:\jvpjd.exec:\jvpjd.exe60⤵
- Executes dropped EXE
-
\??\c:\5xfxrlf.exec:\5xfxrlf.exe61⤵
- Executes dropped EXE
-
\??\c:\flfxrrx.exec:\flfxrrx.exe62⤵
- Executes dropped EXE
-
\??\c:\nhbthh.exec:\nhbthh.exe63⤵
- Executes dropped EXE
-
\??\c:\3hhtbb.exec:\3hhtbb.exe64⤵
- Executes dropped EXE
-
\??\c:\vpdpd.exec:\vpdpd.exe65⤵
- Executes dropped EXE
-
\??\c:\rfxrxfr.exec:\rfxrxfr.exe66⤵
-
\??\c:\xlrlfrl.exec:\xlrlfrl.exe67⤵
-
\??\c:\nbhnht.exec:\nbhnht.exe68⤵
-
\??\c:\5nhbbt.exec:\5nhbbt.exe69⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe70⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe71⤵
-
\??\c:\1llfxxr.exec:\1llfxxr.exe72⤵
-
\??\c:\xflllll.exec:\xflllll.exe73⤵
-
\??\c:\llfrflr.exec:\llfrflr.exe74⤵
-
\??\c:\3nbnnh.exec:\3nbnnh.exe75⤵
-
\??\c:\djpdj.exec:\djpdj.exe76⤵
-
\??\c:\1dvpv.exec:\1dvpv.exe77⤵
-
\??\c:\rfflxlx.exec:\rfflxlx.exe78⤵
-
\??\c:\nhhtnh.exec:\nhhtnh.exe79⤵
-
\??\c:\htbnbb.exec:\htbnbb.exe80⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe81⤵
-
\??\c:\djjjv.exec:\djjjv.exe82⤵
-
\??\c:\7lxlxrl.exec:\7lxlxrl.exe83⤵
-
\??\c:\xffrlxx.exec:\xffrlxx.exe84⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe85⤵
-
\??\c:\vpddv.exec:\vpddv.exe86⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe87⤵
-
\??\c:\llfxrrl.exec:\llfxrrl.exe88⤵
-
\??\c:\9hbtnn.exec:\9hbtnn.exe89⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe90⤵
-
\??\c:\jvpvp.exec:\jvpvp.exe91⤵
-
\??\c:\5dvpd.exec:\5dvpd.exe92⤵
-
\??\c:\frxrxxx.exec:\frxrxxx.exe93⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe94⤵
-
\??\c:\hhtnhb.exec:\hhtnhb.exe95⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe96⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe97⤵
-
\??\c:\xrrfrrl.exec:\xrrfrrl.exe98⤵
-
\??\c:\bttbbb.exec:\bttbbb.exe99⤵
-
\??\c:\7dvvp.exec:\7dvvp.exe100⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe101⤵
-
\??\c:\llfffff.exec:\llfffff.exe102⤵
-
\??\c:\lffxxrr.exec:\lffxxrr.exe103⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe104⤵
-
\??\c:\9vjvp.exec:\9vjvp.exe105⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe106⤵
-
\??\c:\flrllrl.exec:\flrllrl.exe107⤵
-
\??\c:\hhhhbt.exec:\hhhhbt.exe108⤵
-
\??\c:\tnhbnh.exec:\tnhbnh.exe109⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe110⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pddvj.exec:\pddvj.exe111⤵
-
\??\c:\1xxrfxr.exec:\1xxrfxr.exe112⤵
-
\??\c:\1rrlllr.exec:\1rrlllr.exe113⤵
-
\??\c:\hbthbt.exec:\hbthbt.exe114⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe115⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe116⤵
-
\??\c:\fllxlxl.exec:\fllxlxl.exe117⤵
-
\??\c:\ttbbbh.exec:\ttbbbh.exe118⤵
-
\??\c:\fxflxrx.exec:\fxflxrx.exe119⤵
-
\??\c:\tnhbnn.exec:\tnhbnn.exe120⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-