Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
09/10/2024, 23:07
General
-
Target
899fc589a4a7c023e7497fe780629e6f9e04b3bd01bd2425179ce011894d5106.exe
-
Size
82KB
-
MD5
f4f8241fc9d81bfd489ebead911bd6bb
-
SHA1
33500321b4f7a3fa6d059f6df286434dac12320f
-
SHA256
899fc589a4a7c023e7497fe780629e6f9e04b3bd01bd2425179ce011894d5106
-
SHA512
dc09e95e0a13011ad9255c39f5ea1ee6abf6a10072b520990f77b2bd108c89e04fc62e35f489acb72469d4ef568e03314fafea261223629d08b6c17ec33757a5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89Q1:ymb3NkkiQ3mdBjFIIp9L9QrrA82
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 39 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\899fc589a4a7c023e7497fe780629e6f9e04b3bd01bd2425179ce011894d5106.exe"C:\Users\Admin\AppData\Local\Temp\899fc589a4a7c023e7497fe780629e6f9e04b3bd01bd2425179ce011894d5106.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpj.exec:\pdvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fllffx.exec:\9fllffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnhb.exec:\hntnhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfrfx.exec:\fflfrfx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhtn.exec:\ttnhtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdv.exec:\pdvdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfxrl.exec:\fxrfxrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpv.exec:\jpvpv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrlffr.exec:\3lrlffr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnttb.exec:\nhnttb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbnhb.exec:\1bbnhb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpvv.exec:\vjpvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxllxl.exec:\flxllxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbbhb.exec:\bhbbhb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvp.exec:\dpjvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrfrfx.exec:\xlrfrfx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntntb.exec:\tntntb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhbtb.exec:\3nhbtb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddvp.exec:\7ddvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddjv.exec:\vddjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxlxr.exec:\fxlxlxr.exe23⤵
- Executes dropped EXE
-
\??\c:\nhhhhh.exec:\nhhhhh.exe24⤵
- Executes dropped EXE
-
\??\c:\9ttnnn.exec:\9ttnnn.exe25⤵
- Executes dropped EXE
-
\??\c:\7vvvv.exec:\7vvvv.exe26⤵
- Executes dropped EXE
-
\??\c:\vdjpj.exec:\vdjpj.exe27⤵
- Executes dropped EXE
-
\??\c:\rllfxxx.exec:\rllfxxx.exe28⤵
- Executes dropped EXE
-
\??\c:\lxrllll.exec:\lxrllll.exe29⤵
- Executes dropped EXE
-
\??\c:\3tbbhn.exec:\3tbbhn.exe30⤵
- Executes dropped EXE
-
\??\c:\hhbttt.exec:\hhbttt.exe31⤵
- Executes dropped EXE
-
\??\c:\jjppj.exec:\jjppj.exe32⤵
- Executes dropped EXE
-
\??\c:\jpjvp.exec:\jpjvp.exe33⤵
- Executes dropped EXE
-
\??\c:\lllrfff.exec:\lllrfff.exe34⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\7nhbtn.exec:\7nhbtn.exe35⤵
- Executes dropped EXE
-
\??\c:\nthhbb.exec:\nthhbb.exe36⤵
- Executes dropped EXE
-
\??\c:\ppdvp.exec:\ppdvp.exe37⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe38⤵
- Executes dropped EXE
-
\??\c:\rlrxxll.exec:\rlrxxll.exe39⤵
- Executes dropped EXE
-
\??\c:\bnbbbb.exec:\bnbbbb.exe40⤵
- Executes dropped EXE
-
\??\c:\nbtttt.exec:\nbtttt.exe41⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe42⤵
- Executes dropped EXE
-
\??\c:\frfxxll.exec:\frfxxll.exe43⤵
- Executes dropped EXE
-
\??\c:\xflllll.exec:\xflllll.exe44⤵
- Executes dropped EXE
-
\??\c:\1nhbtt.exec:\1nhbtt.exe45⤵
- Executes dropped EXE
-
\??\c:\pjpvp.exec:\pjpvp.exe46⤵
- Executes dropped EXE
-
\??\c:\1dvdv.exec:\1dvdv.exe47⤵
- Executes dropped EXE
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe48⤵
- Executes dropped EXE
-
\??\c:\xlxrllf.exec:\xlxrllf.exe49⤵
- Executes dropped EXE
-
\??\c:\hbbhbb.exec:\hbbhbb.exe50⤵
- Executes dropped EXE
-
\??\c:\nnhhtt.exec:\nnhhtt.exe51⤵
- Executes dropped EXE
-
\??\c:\dpvdv.exec:\dpvdv.exe52⤵
- Executes dropped EXE
-
\??\c:\xfflxrr.exec:\xfflxrr.exe53⤵
- Executes dropped EXE
-
\??\c:\lrffxff.exec:\lrffxff.exe54⤵
- Executes dropped EXE
-
\??\c:\bnhhhh.exec:\bnhhhh.exe55⤵
- Executes dropped EXE
-
\??\c:\1tnnhb.exec:\1tnnhb.exe56⤵
- Executes dropped EXE
-
\??\c:\ppdvp.exec:\ppdvp.exe57⤵
- Executes dropped EXE
-
\??\c:\xxrrrrr.exec:\xxrrrrr.exe58⤵
- Executes dropped EXE
-
\??\c:\5nnnnn.exec:\5nnnnn.exe59⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe60⤵
- Executes dropped EXE
-
\??\c:\xrxrrlf.exec:\xrxrrlf.exe61⤵
- Executes dropped EXE
-
\??\c:\7tbtnn.exec:\7tbtnn.exe62⤵
- Executes dropped EXE
-
\??\c:\tntnhh.exec:\tntnhh.exe63⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe64⤵
- Executes dropped EXE
-
\??\c:\pdvvp.exec:\pdvvp.exe65⤵
- Executes dropped EXE
-
\??\c:\ffxlxlx.exec:\ffxlxlx.exe66⤵
-
\??\c:\3tbbbh.exec:\3tbbbh.exe67⤵
-
\??\c:\bnnbnb.exec:\bnnbnb.exe68⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe69⤵
-
\??\c:\9pdvv.exec:\9pdvv.exe70⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe71⤵
-
\??\c:\djpjj.exec:\djpjj.exe72⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe73⤵
-
\??\c:\xlxxflr.exec:\xlxxflr.exe74⤵
-
\??\c:\thtnht.exec:\thtnht.exe75⤵
-
\??\c:\dddvd.exec:\dddvd.exe76⤵
-
\??\c:\xllxrlf.exec:\xllxrlf.exe77⤵
-
\??\c:\hnhhbb.exec:\hnhhbb.exe78⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe79⤵
-
\??\c:\3ppdp.exec:\3ppdp.exe80⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe81⤵
-
\??\c:\thbtnh.exec:\thbtnh.exe82⤵
-
\??\c:\jdddp.exec:\jdddp.exe83⤵
-
\??\c:\1xlllfl.exec:\1xlllfl.exe84⤵
-
\??\c:\flffffx.exec:\flffffx.exe85⤵
-
\??\c:\nhhtnn.exec:\nhhtnn.exe86⤵
-
\??\c:\5jjjd.exec:\5jjjd.exe87⤵
-
\??\c:\lrlfxrl.exec:\lrlfxrl.exe88⤵
-
\??\c:\9btnnn.exec:\9btnnn.exe89⤵
-
\??\c:\3nbnbb.exec:\3nbnbb.exe90⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe91⤵
-
\??\c:\rrxrxrx.exec:\rrxrxrx.exe92⤵
-
\??\c:\9fxrrll.exec:\9fxrrll.exe93⤵
-
\??\c:\rfxlxxl.exec:\rfxlxxl.exe94⤵
-
\??\c:\nhbnhb.exec:\nhbnhb.exe95⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe96⤵
-
\??\c:\lfrlfff.exec:\lfrlfff.exe97⤵
-
\??\c:\3nnnhh.exec:\3nnnhh.exe98⤵
-
\??\c:\3pvjv.exec:\3pvjv.exe99⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe100⤵
-
\??\c:\3dvpj.exec:\3dvpj.exe101⤵
-
\??\c:\xfxrrxr.exec:\xfxrrxr.exe102⤵
-
\??\c:\hhnhtn.exec:\hhnhtn.exe103⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe104⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe105⤵
-
\??\c:\bbtbbh.exec:\bbtbbh.exe106⤵
-
\??\c:\9nhhbt.exec:\9nhhbt.exe107⤵
-
\??\c:\pppdp.exec:\pppdp.exe108⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe109⤵
-
\??\c:\ffxrffx.exec:\ffxrffx.exe110⤵
-
\??\c:\thhntt.exec:\thhntt.exe111⤵
-
\??\c:\bttthb.exec:\bttthb.exe112⤵
-
\??\c:\lffrrrl.exec:\lffrrrl.exe113⤵
-
\??\c:\7lffllf.exec:\7lffllf.exe114⤵
-
\??\c:\tttnhb.exec:\tttnhb.exe115⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe116⤵
-
\??\c:\jpvjj.exec:\jpvjj.exe117⤵
-
\??\c:\ffrlrlx.exec:\ffrlrlx.exe118⤵
-
\??\c:\flfrfrl.exec:\flfrfrl.exe119⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe120⤵
-
\??\c:\9nnhhh.exec:\9nnhhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-