Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
10/10/2024, 03:59
General
-
Target
b69d26d08a193aa53d5a21592ee29fef8be0c25f6d445b5b8cf35128e9766d7dN.exe
-
Size
66KB
-
MD5
29a7b54cca8b8ee40972bc949edacca0
-
SHA1
57a9eeedd7234ea9ee8ccb094b18fa4aa63d21de
-
SHA256
b69d26d08a193aa53d5a21592ee29fef8be0c25f6d445b5b8cf35128e9766d7d
-
SHA512
01141ed95e51c08a34aa94bfb5e166f9bfacc3c87196f79627f8ea57db9c60ac600107618a75eba962f9f673ef211ecad341b904fc291a0198e0906d31d11ec8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxeH:ymb3NkkiQ3mdBjF0y7kbUH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b69d26d08a193aa53d5a21592ee29fef8be0c25f6d445b5b8cf35128e9766d7dN.exe"C:\Users\Admin\AppData\Local\Temp\b69d26d08a193aa53d5a21592ee29fef8be0c25f6d445b5b8cf35128e9766d7dN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvd.exec:\vjjvd.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnbt.exec:\nttnbt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tthnb.exec:\9tthnb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthtt.exec:\bbthtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrflxx.exec:\xlrflxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllffxx.exec:\rllffxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntnbt.exec:\nntnbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdjv.exec:\3jdjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxxrx.exec:\frlxxrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtht.exec:\hbbtht.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dvjd.exec:\3dvjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxrfr.exec:\xrlxrfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnnh.exec:\hbtnnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhtt.exec:\btnhtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjv.exec:\dvpjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rllfxl.exec:\1rllfxl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxfxr.exec:\llfxfxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjj.exec:\vppjj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5frlrlx.exec:\5frlrlx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbnn.exec:\ttnbnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhbhb.exec:\5nhbhb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvj.exec:\vjdvj.exe23⤵
- Executes dropped EXE
-
\??\c:\1rxflfr.exec:\1rxflfr.exe24⤵
- Executes dropped EXE
-
\??\c:\lfrffxx.exec:\lfrffxx.exe25⤵
- Executes dropped EXE
-
\??\c:\thnhhb.exec:\thnhhb.exe26⤵
- Executes dropped EXE
-
\??\c:\tnhtnt.exec:\tnhtnt.exe27⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe28⤵
- Executes dropped EXE
-
\??\c:\3dvjp.exec:\3dvjp.exe29⤵
- Executes dropped EXE
-
\??\c:\7xlfxlf.exec:\7xlfxlf.exe30⤵
- Executes dropped EXE
-
\??\c:\tbnbnh.exec:\tbnbnh.exe31⤵
- Executes dropped EXE
-
\??\c:\bhhnbn.exec:\bhhnbn.exe32⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe33⤵
- Executes dropped EXE
-
\??\c:\rfrlrlf.exec:\rfrlrlf.exe34⤵
- Executes dropped EXE
-
\??\c:\rlfrlxl.exec:\rlfrlxl.exe35⤵
- Executes dropped EXE
-
\??\c:\nnhbhb.exec:\nnhbhb.exe36⤵
- Executes dropped EXE
-
\??\c:\hbtntt.exec:\hbtntt.exe37⤵
-
\??\c:\7ddvp.exec:\7ddvp.exe38⤵
- Executes dropped EXE
-
\??\c:\xfrlfxx.exec:\xfrlfxx.exe39⤵
- Executes dropped EXE
-
\??\c:\xrxlxrl.exec:\xrxlxrl.exe40⤵
- Executes dropped EXE
-
\??\c:\1hhhhn.exec:\1hhhhn.exe41⤵
- Executes dropped EXE
-
\??\c:\9hthtb.exec:\9hthtb.exe42⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe43⤵
- Executes dropped EXE
-
\??\c:\7jdpd.exec:\7jdpd.exe44⤵
- Executes dropped EXE
-
\??\c:\rxxlffx.exec:\rxxlffx.exe45⤵
- Executes dropped EXE
-
\??\c:\rxxrlfr.exec:\rxxrlfr.exe46⤵
- Executes dropped EXE
-
\??\c:\5tttnh.exec:\5tttnh.exe47⤵
- Executes dropped EXE
-
\??\c:\3ppdj.exec:\3ppdj.exe48⤵
- Executes dropped EXE
-
\??\c:\3vdjj.exec:\3vdjj.exe49⤵
- Executes dropped EXE
-
\??\c:\xllflfx.exec:\xllflfx.exe50⤵
- Executes dropped EXE
-
\??\c:\frlfxrf.exec:\frlfxrf.exe51⤵
- Executes dropped EXE
-
\??\c:\3bthhb.exec:\3bthhb.exe52⤵
- Executes dropped EXE
-
\??\c:\bthbtn.exec:\bthbtn.exe53⤵
- Executes dropped EXE
-
\??\c:\9jdpd.exec:\9jdpd.exe54⤵
- Executes dropped EXE
-
\??\c:\vjvjv.exec:\vjvjv.exe55⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe56⤵
- Executes dropped EXE
-
\??\c:\7xfxxff.exec:\7xfxxff.exe57⤵
- Executes dropped EXE
-
\??\c:\thbnnh.exec:\thbnnh.exe58⤵
- Executes dropped EXE
-
\??\c:\3thtnn.exec:\3thtnn.exe59⤵
- Executes dropped EXE
-
\??\c:\vddpv.exec:\vddpv.exe60⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe61⤵
- Executes dropped EXE
-
\??\c:\xxfrrlr.exec:\xxfrrlr.exe62⤵
- Executes dropped EXE
-
\??\c:\9hbthn.exec:\9hbthn.exe63⤵
- Executes dropped EXE
-
\??\c:\7bthtn.exec:\7bthtn.exe64⤵
- Executes dropped EXE
-
\??\c:\jvpdj.exec:\jvpdj.exe65⤵
- Executes dropped EXE
-
\??\c:\jjdpv.exec:\jjdpv.exe66⤵
- Executes dropped EXE
-
\??\c:\rxlrflx.exec:\rxlrflx.exe67⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe68⤵
-
\??\c:\btnhnh.exec:\btnhnh.exe69⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe70⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe71⤵
-
\??\c:\fxfrxxr.exec:\fxfrxxr.exe72⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe73⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe74⤵
-
\??\c:\xxxlxxr.exec:\xxxlxxr.exe75⤵
-
\??\c:\7bbttn.exec:\7bbttn.exe76⤵
-
\??\c:\nhnhnh.exec:\nhnhnh.exe77⤵
-
\??\c:\7hbtbt.exec:\7hbtbt.exe78⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe79⤵
-
\??\c:\xxlflrx.exec:\xxlflrx.exe80⤵
-
\??\c:\frrrllf.exec:\frrrllf.exe81⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe82⤵
-
\??\c:\pppjv.exec:\pppjv.exe83⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe84⤵
-
\??\c:\xlflxrf.exec:\xlflxrf.exe85⤵
-
\??\c:\lfrlxlr.exec:\lfrlxlr.exe86⤵
-
\??\c:\9thtbb.exec:\9thtbb.exe87⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe88⤵
-
\??\c:\pddvv.exec:\pddvv.exe89⤵
-
\??\c:\rffrxrl.exec:\rffrxrl.exe90⤵
-
\??\c:\1llxrll.exec:\1llxrll.exe91⤵
-
\??\c:\nbhbhb.exec:\nbhbhb.exe92⤵
-
\??\c:\9pdvp.exec:\9pdvp.exe93⤵
-
\??\c:\djdvj.exec:\djdvj.exe94⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe95⤵
-
\??\c:\lxxxlfx.exec:\lxxxlfx.exe96⤵
-
\??\c:\rfxlxrl.exec:\rfxlxrl.exe97⤵
-
\??\c:\hhhbnh.exec:\hhhbnh.exe98⤵
-
\??\c:\htbbnt.exec:\htbbnt.exe99⤵
-
\??\c:\5dpjv.exec:\5dpjv.exe100⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe101⤵
-
\??\c:\rlxrxrx.exec:\rlxrxrx.exe102⤵
-
\??\c:\xfffrlr.exec:\xfffrlr.exe103⤵
-
\??\c:\bttntn.exec:\bttntn.exe104⤵
-
\??\c:\bhtnbb.exec:\bhtnbb.exe105⤵
-
\??\c:\jpppv.exec:\jpppv.exe106⤵
-
\??\c:\rxxlxxx.exec:\rxxlxxx.exe107⤵
-
\??\c:\lxrrlfr.exec:\lxrrlfr.exe108⤵
-
\??\c:\hbtnhn.exec:\hbtnhn.exe109⤵
-
\??\c:\bbtnnh.exec:\bbtnnh.exe110⤵
-
\??\c:\pddpd.exec:\pddpd.exe111⤵
-
\??\c:\vvjpj.exec:\vvjpj.exe112⤵
-
\??\c:\llfrlxf.exec:\llfrlxf.exe113⤵
-
\??\c:\9bbnht.exec:\9bbnht.exe114⤵
-
\??\c:\hbbnbt.exec:\hbbnbt.exe115⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe116⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe117⤵
-
\??\c:\rxxrfxl.exec:\rxxrfxl.exe118⤵
-
\??\c:\lrrfrlf.exec:\lrrfrlf.exe119⤵
-
\??\c:\bttttn.exec:\bttttn.exe120⤵
-
\??\c:\3tthtn.exec:\3tthtn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-