Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
09/10/2024, 01:56
General
-
Target
a7861517756489f45119cd9f4969ba3bb5b2e28dfbbc81e0d16d7dfed1e7ef81.exe
-
Size
69KB
-
MD5
b1feb290557e45a4d35598c75282706a
-
SHA1
1734e81a47e0c29d45b591421551625c0c46e3c4
-
SHA256
a7861517756489f45119cd9f4969ba3bb5b2e28dfbbc81e0d16d7dfed1e7ef81
-
SHA512
73b9b15319d762ac3a0237cb4b561d9a256da751e695c2e6bdbc694650a3878f03eabec164aeb5b2d04a7407e33fd7b3a49829ad67d52927ece25b7d6606cc26
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAcPD:ymb3NkkiQ3mdBjFIsIVcL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 38 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a7861517756489f45119cd9f4969ba3bb5b2e28dfbbc81e0d16d7dfed1e7ef81.exe"C:\Users\Admin\AppData\Local\Temp\a7861517756489f45119cd9f4969ba3bb5b2e28dfbbc81e0d16d7dfed1e7ef81.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdv.exec:\pdvdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxrll.exec:\rxfxrll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlxxl.exec:\xrrlxxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbttt.exec:\7tbttt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbttt.exec:\hhbttt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbbb.exec:\tnhbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dpjd.exec:\7dpjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\3xffxxf.exec:\3xffxxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bhnnb.exec:\9bhnnb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvp.exec:\jjjvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfxxrl.exec:\lrfxxrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnhh.exec:\hnnnhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbtt.exec:\hhhbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpv.exec:\ddvpv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrllf.exec:\lffrllf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lrrlrl.exec:\9lrrlrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhhb.exec:\nhhhhb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnhh.exec:\hbtnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jvpv.exec:\7jvpv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfflx.exec:\lllfflx.exe23⤵
- Executes dropped EXE
-
\??\c:\9bhhnn.exec:\9bhhnn.exe24⤵
- Executes dropped EXE
-
\??\c:\hhhbtn.exec:\hhhbtn.exe25⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe26⤵
- Executes dropped EXE
-
\??\c:\lflrlll.exec:\lflrlll.exe27⤵
- Executes dropped EXE
-
\??\c:\bbhttb.exec:\bbhttb.exe28⤵
- Executes dropped EXE
-
\??\c:\dpjvp.exec:\dpjvp.exe29⤵
- Executes dropped EXE
-
\??\c:\rlfrxlx.exec:\rlfrxlx.exe30⤵
- Executes dropped EXE
-
\??\c:\frlrxlr.exec:\frlrxlr.exe31⤵
- Executes dropped EXE
-
\??\c:\thnthh.exec:\thnthh.exe32⤵
- Executes dropped EXE
-
\??\c:\3pvjv.exec:\3pvjv.exe33⤵
- Executes dropped EXE
-
\??\c:\lfrlxxr.exec:\lfrlxxr.exe34⤵
- Executes dropped EXE
-
\??\c:\1tbttn.exec:\1tbttn.exe35⤵
- Executes dropped EXE
-
\??\c:\bbbhhn.exec:\bbbhhn.exe36⤵
- Executes dropped EXE
-
\??\c:\vjjpv.exec:\vjjpv.exe37⤵
- Executes dropped EXE
-
\??\c:\vjjvd.exec:\vjjvd.exe38⤵
- Executes dropped EXE
-
\??\c:\fxrfrlf.exec:\fxrfrlf.exe39⤵
- Executes dropped EXE
-
\??\c:\tntnnh.exec:\tntnnh.exe40⤵
- Executes dropped EXE
-
\??\c:\hbbttn.exec:\hbbttn.exe41⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe42⤵
- Executes dropped EXE
-
\??\c:\vvpjj.exec:\vvpjj.exe43⤵
- Executes dropped EXE
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe44⤵
- Executes dropped EXE
-
\??\c:\bnnnth.exec:\bnnnth.exe45⤵
- Executes dropped EXE
-
\??\c:\5htthb.exec:\5htthb.exe46⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe47⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe48⤵
- Executes dropped EXE
-
\??\c:\xrxrfxr.exec:\xrxrfxr.exe49⤵
- Executes dropped EXE
-
\??\c:\nntthh.exec:\nntthh.exe50⤵
- Executes dropped EXE
-
\??\c:\nhnhhb.exec:\nhnhhb.exe51⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe52⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dvjdv.exec:\dvjdv.exe53⤵
- Executes dropped EXE
-
\??\c:\3fxrlff.exec:\3fxrlff.exe54⤵
- Executes dropped EXE
-
\??\c:\fxffxxl.exec:\fxffxxl.exe55⤵
- Executes dropped EXE
-
\??\c:\nhtntt.exec:\nhtntt.exe56⤵
- Executes dropped EXE
-
\??\c:\dvdpv.exec:\dvdpv.exe57⤵
- Executes dropped EXE
-
\??\c:\ppvpd.exec:\ppvpd.exe58⤵
- Executes dropped EXE
-
\??\c:\lxlfllf.exec:\lxlfllf.exe59⤵
- Executes dropped EXE
-
\??\c:\hhhbtb.exec:\hhhbtb.exe60⤵
- Executes dropped EXE
-
\??\c:\nhnhbh.exec:\nhnhbh.exe61⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe62⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe63⤵
- Executes dropped EXE
-
\??\c:\lrrlrlf.exec:\lrrlrlf.exe64⤵
- Executes dropped EXE
-
\??\c:\xxxxxxr.exec:\xxxxxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\tbbtnn.exec:\tbbtnn.exe66⤵
-
\??\c:\bhbthh.exec:\bhbthh.exe67⤵
-
\??\c:\pvjpj.exec:\pvjpj.exe68⤵
-
\??\c:\xxrrflr.exec:\xxrrflr.exe69⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe70⤵
-
\??\c:\thnnhb.exec:\thnnhb.exe71⤵
-
\??\c:\3vjjd.exec:\3vjjd.exe72⤵
-
\??\c:\lrxfxxr.exec:\lrxfxxr.exe73⤵
-
\??\c:\rxxrxlf.exec:\rxxrxlf.exe74⤵
-
\??\c:\9nbbhh.exec:\9nbbhh.exe75⤵
-
\??\c:\9vdvp.exec:\9vdvp.exe76⤵
-
\??\c:\jpjvp.exec:\jpjvp.exe77⤵
-
\??\c:\rrllrlx.exec:\rrllrlx.exe78⤵
-
\??\c:\nntnhh.exec:\nntnhh.exe79⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe80⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe81⤵
-
\??\c:\xrxrrll.exec:\xrxrrll.exe82⤵
-
\??\c:\xxfxllx.exec:\xxfxllx.exe83⤵
-
\??\c:\5bttnn.exec:\5bttnn.exe84⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe85⤵
-
\??\c:\3vdjd.exec:\3vdjd.exe86⤵
-
\??\c:\flxrrxr.exec:\flxrrxr.exe87⤵
-
\??\c:\fxlfllr.exec:\fxlfllr.exe88⤵
-
\??\c:\htbhbt.exec:\htbhbt.exe89⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe90⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe91⤵
-
\??\c:\rlffxxx.exec:\rlffxxx.exe92⤵
-
\??\c:\flfxrfx.exec:\flfxrfx.exe93⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe94⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe95⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe96⤵
-
\??\c:\xxxlffl.exec:\xxxlffl.exe97⤵
-
\??\c:\lrxxxxr.exec:\lrxxxxr.exe98⤵
-
\??\c:\thnnhn.exec:\thnnhn.exe99⤵
-
\??\c:\tbhhbb.exec:\tbhhbb.exe100⤵
-
\??\c:\vdjpd.exec:\vdjpd.exe101⤵
-
\??\c:\3fxffff.exec:\3fxffff.exe102⤵
-
\??\c:\flfrxrr.exec:\flfrxrr.exe103⤵
-
\??\c:\tnbbtt.exec:\tnbbtt.exe104⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe105⤵
-
\??\c:\vdjvv.exec:\vdjvv.exe106⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe107⤵
-
\??\c:\rrrflfl.exec:\rrrflfl.exe108⤵
-
\??\c:\bbnhhh.exec:\bbnhhh.exe109⤵
-
\??\c:\tbbnht.exec:\tbbnht.exe110⤵
-
\??\c:\pppjd.exec:\pppjd.exe111⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe112⤵
-
\??\c:\rflfxrf.exec:\rflfxrf.exe113⤵
-
\??\c:\llrfxxr.exec:\llrfxxr.exe114⤵
-
\??\c:\nntnhh.exec:\nntnhh.exe115⤵
-
\??\c:\bbhbnt.exec:\bbhbnt.exe116⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe117⤵
-
\??\c:\ddddv.exec:\ddddv.exe118⤵
-
\??\c:\llxrlll.exec:\llxrlll.exe119⤵
-
\??\c:\bhtthb.exec:\bhtthb.exe120⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-