Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
08/10/2024, 23:12
General
-
Target
7135fa2f54b303f68dbda8225e1eda9f68b70a6dcfc765ff46b2a674ace05659.exe
-
Size
50KB
-
MD5
d0055aaf2813796f4836cff3779a8fd7
-
SHA1
f118ac31aa6ebcc137f57579d4cca3535cef30d8
-
SHA256
7135fa2f54b303f68dbda8225e1eda9f68b70a6dcfc765ff46b2a674ace05659
-
SHA512
d3751189d8fb83831aaaa57604480031c540c1de25343d95d93dd58da5d28148f775960c3b0fbab3f62579b28c84127e61b47da97cf453fe0d7442cbaf1586d8
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5IKvXB:0cdpeeBSHHMHLf9RyIKB
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7135fa2f54b303f68dbda8225e1eda9f68b70a6dcfc765ff46b2a674ace05659.exe"C:\Users\Admin\AppData\Local\Temp\7135fa2f54b303f68dbda8225e1eda9f68b70a6dcfc765ff46b2a674ace05659.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxrfxr.exec:\7lxrfxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbtt.exec:\bhhbtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddpd.exec:\dddpd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rfrflr.exec:\3rfrflr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbtnn.exec:\nbbtnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpp.exec:\pjvpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlfxl.exec:\fxxlfxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbthhb.exec:\tbthhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djddv.exec:\djddv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrrlr.exec:\xrrrrlr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxlrff.exec:\lxxlrff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnhbb.exec:\3nnhbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpj.exec:\vvvpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxrxxl.exec:\5rxrxxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhnh.exec:\ttnhnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbnh.exec:\bhhbnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpd.exec:\vdvpd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjj.exec:\dvdjj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbnbh.exec:\3hbnbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thtnn.exec:\3thtnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddv.exec:\jvddv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxrllf.exec:\7rxrllf.exe23⤵
- Executes dropped EXE
-
\??\c:\nnhnbn.exec:\nnhnbn.exe24⤵
- Executes dropped EXE
-
\??\c:\thnhnh.exec:\thnhnh.exe25⤵
- Executes dropped EXE
-
\??\c:\ppdvj.exec:\ppdvj.exe26⤵
- Executes dropped EXE
-
\??\c:\rrllfxx.exec:\rrllfxx.exe27⤵
- Executes dropped EXE
-
\??\c:\lfxlrlr.exec:\lfxlrlr.exe28⤵
- Executes dropped EXE
-
\??\c:\nbnbnh.exec:\nbnbnh.exe29⤵
- Executes dropped EXE
-
\??\c:\dddvd.exec:\dddvd.exe30⤵
- Executes dropped EXE
-
\??\c:\3lrrfxf.exec:\3lrrfxf.exe31⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\9rxrxrx.exec:\9rxrxrx.exe32⤵
- Executes dropped EXE
-
\??\c:\5nbttb.exec:\5nbttb.exe33⤵
- Executes dropped EXE
-
\??\c:\jpdvv.exec:\jpdvv.exe34⤵
- Executes dropped EXE
-
\??\c:\rfrlffx.exec:\rfrlffx.exe35⤵
- Executes dropped EXE
-
\??\c:\3lrxxxx.exec:\3lrxxxx.exe36⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe37⤵
- Executes dropped EXE
-
\??\c:\xlxrrrl.exec:\xlxrrrl.exe38⤵
- Executes dropped EXE
-
\??\c:\httnnt.exec:\httnnt.exe39⤵
- Executes dropped EXE
-
\??\c:\1jddv.exec:\1jddv.exe40⤵
- Executes dropped EXE
-
\??\c:\flrfxrl.exec:\flrfxrl.exe41⤵
- Executes dropped EXE
-
\??\c:\tnbntt.exec:\tnbntt.exe42⤵
- Executes dropped EXE
-
\??\c:\pppdv.exec:\pppdv.exe43⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe44⤵
- Executes dropped EXE
-
\??\c:\lxrfllf.exec:\lxrfllf.exe45⤵
- Executes dropped EXE
-
\??\c:\1ntntt.exec:\1ntntt.exe46⤵
- Executes dropped EXE
-
\??\c:\hhbttt.exec:\hhbttt.exe47⤵
- Executes dropped EXE
-
\??\c:\9jjvp.exec:\9jjvp.exe48⤵
- Executes dropped EXE
-
\??\c:\5djdp.exec:\5djdp.exe49⤵
- Executes dropped EXE
-
\??\c:\7fffxll.exec:\7fffxll.exe50⤵
- Executes dropped EXE
-
\??\c:\thhnhb.exec:\thhnhb.exe51⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe52⤵
- Executes dropped EXE
-
\??\c:\xfrfxrr.exec:\xfrfxrr.exe53⤵
- Executes dropped EXE
-
\??\c:\xxfflfl.exec:\xxfflfl.exe54⤵
- Executes dropped EXE
-
\??\c:\ntbhhh.exec:\ntbhhh.exe55⤵
- Executes dropped EXE
-
\??\c:\bbtnbt.exec:\bbtnbt.exe56⤵
- Executes dropped EXE
-
\??\c:\ppppd.exec:\ppppd.exe57⤵
- Executes dropped EXE
-
\??\c:\ppvdp.exec:\ppvdp.exe58⤵
- Executes dropped EXE
-
\??\c:\fxrfxrl.exec:\fxrfxrl.exe59⤵
- Executes dropped EXE
-
\??\c:\3bhhnt.exec:\3bhhnt.exe60⤵
- Executes dropped EXE
-
\??\c:\btnhnt.exec:\btnhnt.exe61⤵
- Executes dropped EXE
-
\??\c:\jjdvv.exec:\jjdvv.exe62⤵
- Executes dropped EXE
-
\??\c:\flxllrf.exec:\flxllrf.exe63⤵
- Executes dropped EXE
-
\??\c:\fxffxff.exec:\fxffxff.exe64⤵
- Executes dropped EXE
-
\??\c:\hntnbn.exec:\hntnbn.exe65⤵
- Executes dropped EXE
-
\??\c:\5lxrffx.exec:\5lxrffx.exe66⤵
-
\??\c:\rllflff.exec:\rllflff.exe67⤵
-
\??\c:\tttbbb.exec:\tttbbb.exe68⤵
-
\??\c:\pppdd.exec:\pppdd.exe69⤵
-
\??\c:\jddvp.exec:\jddvp.exe70⤵
-
\??\c:\xfflllx.exec:\xfflllx.exe71⤵
-
\??\c:\9bbtnb.exec:\9bbtnb.exe72⤵
-
\??\c:\nthhhh.exec:\nthhhh.exe73⤵
-
\??\c:\jddvv.exec:\jddvv.exe74⤵
-
\??\c:\1ddvp.exec:\1ddvp.exe75⤵
-
\??\c:\fllrxff.exec:\fllrxff.exe76⤵
-
\??\c:\bbtttt.exec:\bbtttt.exe77⤵
-
\??\c:\1hhbbh.exec:\1hhbbh.exe78⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe79⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe80⤵
-
\??\c:\rrxrrll.exec:\rrxrrll.exe81⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe82⤵
-
\??\c:\pvddp.exec:\pvddp.exe83⤵
-
\??\c:\rlrlfxr.exec:\rlrlfxr.exe84⤵
-
\??\c:\bnbbnn.exec:\bnbbnn.exe85⤵
-
\??\c:\ttbttt.exec:\ttbttt.exe86⤵
-
\??\c:\jdddp.exec:\jdddp.exe87⤵
-
\??\c:\1flfflf.exec:\1flfflf.exe88⤵
-
\??\c:\xrrrrrf.exec:\xrrrrrf.exe89⤵
-
\??\c:\nhbnhh.exec:\nhbnhh.exe90⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe91⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe92⤵
-
\??\c:\lxrflfl.exec:\lxrflfl.exe93⤵
-
\??\c:\lffxrlf.exec:\lffxrlf.exe94⤵
-
\??\c:\1hhbnn.exec:\1hhbnn.exe95⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe96⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe97⤵
-
\??\c:\vdvvd.exec:\vdvvd.exe98⤵
-
\??\c:\frrlllf.exec:\frrlllf.exe99⤵
-
\??\c:\thnnhb.exec:\thnnhb.exe100⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe101⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe102⤵
-
\??\c:\1xrrfll.exec:\1xrrfll.exe103⤵
-
\??\c:\rrfrrlr.exec:\rrfrrlr.exe104⤵
-
\??\c:\nhnhbt.exec:\nhnhbt.exe105⤵
-
\??\c:\nbbbbt.exec:\nbbbbt.exe106⤵
-
\??\c:\9jpjj.exec:\9jpjj.exe107⤵
-
\??\c:\pppjd.exec:\pppjd.exe108⤵
-
\??\c:\xllfrff.exec:\xllfrff.exe109⤵
- System Location Discovery: System Language Discovery
-
\??\c:\llffxff.exec:\llffxff.exe110⤵
-
\??\c:\tthntt.exec:\tthntt.exe111⤵
-
\??\c:\bnhthb.exec:\bnhthb.exe112⤵
-
\??\c:\pvddv.exec:\pvddv.exe113⤵
-
\??\c:\frrxrrf.exec:\frrxrrf.exe114⤵
-
\??\c:\tntttt.exec:\tntttt.exe115⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe116⤵
-
\??\c:\djjdd.exec:\djjdd.exe117⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe118⤵
-
\??\c:\flxrxrf.exec:\flxrxrf.exe119⤵
-
\??\c:\nbnnhb.exec:\nbnnhb.exe120⤵
-
\??\c:\bnnnbh.exec:\bnnnbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-