Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
10/10/2024, 00:49
General
-
Target
b52e80380e15b9aab7cfc06c38aafb76850e775ea25c15d5be2e49e0f95b5c9a.exe
-
Size
72KB
-
MD5
366778de520f3ba12fe89324217a5d77
-
SHA1
5ac6cfafe568e64b92e4a9ce734b7babcdef0030
-
SHA256
b52e80380e15b9aab7cfc06c38aafb76850e775ea25c15d5be2e49e0f95b5c9a
-
SHA512
6614a436a29a1a1872a218a5a99e794dc26ae017cc7a8ebfe32da17b10ce4f8cb43643ed0a619889047c4ae7f5d76ee49d0c60dbf35d2705af5584cb1dba2b40
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIdiW65OA:ymb3NkkiQ3mdBjFIFdJ8bViW6r
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 39 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b52e80380e15b9aab7cfc06c38aafb76850e775ea25c15d5be2e49e0f95b5c9a.exe"C:\Users\Admin\AppData\Local\Temp\b52e80380e15b9aab7cfc06c38aafb76850e775ea25c15d5be2e49e0f95b5c9a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdd.exec:\jdjdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lllllr.exec:\3lllllr.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhnn.exec:\hbhhnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjd.exec:\vvvjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxrrl.exec:\xrfxrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlllf.exec:\fxrlllf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnhh.exec:\btnnhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdj.exec:\jdjdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfrrl.exec:\xllfrrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntthn.exec:\tntthn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ddpj.exec:\5ddpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxrrlf.exec:\3xxrrlf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbnhh.exec:\7bbnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vppj.exec:\1vppj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvp.exec:\dpdvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbtnn.exec:\9hbtnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvj.exec:\vpdvj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdv.exec:\vdjdv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlrrl.exec:\xlrlrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bttnn.exec:\9bttnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnttn.exec:\nhnttn.exe23⤵
- Executes dropped EXE
-
\??\c:\jvdvj.exec:\jvdvj.exe24⤵
- Executes dropped EXE
-
\??\c:\lllfxxr.exec:\lllfxxr.exe25⤵
- Executes dropped EXE
-
\??\c:\rfrfxxx.exec:\rfrfxxx.exe26⤵
- Executes dropped EXE
-
\??\c:\fxffxxr.exec:\fxffxxr.exe27⤵
- Executes dropped EXE
-
\??\c:\nbtnhh.exec:\nbtnhh.exe28⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe29⤵
- Executes dropped EXE
-
\??\c:\pjdjd.exec:\pjdjd.exe30⤵
- Executes dropped EXE
-
\??\c:\rrxllfl.exec:\rrxllfl.exe31⤵
- Executes dropped EXE
-
\??\c:\thbbtt.exec:\thbbtt.exe32⤵
- Executes dropped EXE
-
\??\c:\nbbhtt.exec:\nbbhtt.exe33⤵
- Executes dropped EXE
-
\??\c:\tbbhbb.exec:\tbbhbb.exe34⤵
- Executes dropped EXE
-
\??\c:\jjpjv.exec:\jjpjv.exe35⤵
- Executes dropped EXE
-
\??\c:\xrxxffl.exec:\xrxxffl.exe36⤵
- Executes dropped EXE
-
\??\c:\rfllfxx.exec:\rfllfxx.exe37⤵
- Executes dropped EXE
-
\??\c:\btnthn.exec:\btnthn.exe38⤵
- Executes dropped EXE
-
\??\c:\jddvd.exec:\jddvd.exe39⤵
- Executes dropped EXE
-
\??\c:\nthtnt.exec:\nthtnt.exe40⤵
- Executes dropped EXE
-
\??\c:\tthbtt.exec:\tthbtt.exe41⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe42⤵
- Executes dropped EXE
-
\??\c:\5vvpd.exec:\5vvpd.exe43⤵
- Executes dropped EXE
-
\??\c:\xfxlfrf.exec:\xfxlfrf.exe44⤵
- Executes dropped EXE
-
\??\c:\hntttt.exec:\hntttt.exe45⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe46⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\llrfrrl.exec:\llrfrrl.exe47⤵
- Executes dropped EXE
-
\??\c:\7rfxrrl.exec:\7rfxrrl.exe48⤵
- Executes dropped EXE
-
\??\c:\nhhhbt.exec:\nhhhbt.exe49⤵
- Executes dropped EXE
-
\??\c:\1nnnbn.exec:\1nnnbn.exe50⤵
- Executes dropped EXE
-
\??\c:\htttnt.exec:\htttnt.exe51⤵
- Executes dropped EXE
-
\??\c:\1jvjd.exec:\1jvjd.exe52⤵
- Executes dropped EXE
-
\??\c:\rrrlfll.exec:\rrrlfll.exe53⤵
- Executes dropped EXE
-
\??\c:\xlffxxx.exec:\xlffxxx.exe54⤵
- Executes dropped EXE
-
\??\c:\tnhbbb.exec:\tnhbbb.exe55⤵
- Executes dropped EXE
-
\??\c:\bbnhbh.exec:\bbnhbh.exe56⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\vdjdj.exec:\vdjdj.exe58⤵
- Executes dropped EXE
-
\??\c:\1frllfx.exec:\1frllfx.exe59⤵
- Executes dropped EXE
-
\??\c:\ntnhbt.exec:\ntnhbt.exe60⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\btnthh.exec:\btnthh.exe61⤵
- Executes dropped EXE
-
\??\c:\vjddv.exec:\vjddv.exe62⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe63⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe64⤵
- Executes dropped EXE
-
\??\c:\rxllflf.exec:\rxllflf.exe65⤵
- Executes dropped EXE
-
\??\c:\btbbhh.exec:\btbbhh.exe66⤵
-
\??\c:\bnhbnb.exec:\bnhbnb.exe67⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe68⤵
-
\??\c:\dddpv.exec:\dddpv.exe69⤵
-
\??\c:\5flfrrr.exec:\5flfrrr.exe70⤵
-
\??\c:\xxffrrx.exec:\xxffrrx.exe71⤵
-
\??\c:\hhtnhh.exec:\hhtnhh.exe72⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe73⤵
-
\??\c:\pvvvj.exec:\pvvvj.exe74⤵
-
\??\c:\dppjv.exec:\dppjv.exe75⤵
-
\??\c:\rffrlrr.exec:\rffrlrr.exe76⤵
-
\??\c:\rfffxxx.exec:\rfffxxx.exe77⤵
-
\??\c:\5hbbtt.exec:\5hbbtt.exe78⤵
-
\??\c:\ntnhtt.exec:\ntnhtt.exe79⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe80⤵
-
\??\c:\rlfxlxr.exec:\rlfxlxr.exe81⤵
-
\??\c:\rllffff.exec:\rllffff.exe82⤵
-
\??\c:\nthtbt.exec:\nthtbt.exe83⤵
-
\??\c:\thnbtt.exec:\thnbtt.exe84⤵
-
\??\c:\frfxxll.exec:\frfxxll.exe85⤵
-
\??\c:\3xxrxfl.exec:\3xxrxfl.exe86⤵
-
\??\c:\nnhthb.exec:\nnhthb.exe87⤵
-
\??\c:\nbthbt.exec:\nbthbt.exe88⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe89⤵
-
\??\c:\rlxrlfx.exec:\rlxrlfx.exe90⤵
-
\??\c:\xrlflfl.exec:\xrlflfl.exe91⤵
-
\??\c:\xllffff.exec:\xllffff.exe92⤵
-
\??\c:\nbbnbt.exec:\nbbnbt.exe93⤵
-
\??\c:\9pvpp.exec:\9pvpp.exe94⤵
-
\??\c:\pddpj.exec:\pddpj.exe95⤵
-
\??\c:\lxxxllf.exec:\lxxxllf.exe96⤵
-
\??\c:\fxxrxll.exec:\fxxrxll.exe97⤵
-
\??\c:\bbhthb.exec:\bbhthb.exe98⤵
-
\??\c:\jpjvj.exec:\jpjvj.exe99⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe100⤵
-
\??\c:\rffrfxl.exec:\rffrfxl.exe101⤵
-
\??\c:\7llfxrf.exec:\7llfxrf.exe102⤵
-
\??\c:\rlrrllf.exec:\rlrrllf.exe103⤵
-
\??\c:\9bthbh.exec:\9bthbh.exe104⤵
-
\??\c:\nhtnhb.exec:\nhtnhb.exe105⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe106⤵
-
\??\c:\9jvjv.exec:\9jvjv.exe107⤵
-
\??\c:\rfffrlr.exec:\rfffrlr.exe108⤵
-
\??\c:\rfxrrlf.exec:\rfxrrlf.exe109⤵
-
\??\c:\bthhbt.exec:\bthhbt.exe110⤵
-
\??\c:\bnnnbh.exec:\bnnnbh.exe111⤵
-
\??\c:\5vpjv.exec:\5vpjv.exe112⤵
-
\??\c:\5xlfffx.exec:\5xlfffx.exe113⤵
-
\??\c:\9frlrlr.exec:\9frlrlr.exe114⤵
-
\??\c:\lflffxf.exec:\lflffxf.exe115⤵
-
\??\c:\1bbhhb.exec:\1bbhhb.exe116⤵
-
\??\c:\5thbtt.exec:\5thbtt.exe117⤵
-
\??\c:\dppjv.exec:\dppjv.exe118⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe119⤵
-
\??\c:\xflfxxr.exec:\xflfxxr.exe120⤵
-
\??\c:\7fxrlrr.exec:\7fxrlrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-