Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
30/11/2024, 05:04
General
-
Target
3102d2b1579244e3a14d73747bfa01139f0493af1ee471ab10d0bc7bca581d96N.exe
-
Size
66KB
-
MD5
0c8535cb9f7a6c49d176d0a2bb466650
-
SHA1
73b6d4f2a09888ed363b87e7b6b0823d0302ac8c
-
SHA256
3102d2b1579244e3a14d73747bfa01139f0493af1ee471ab10d0bc7bca581d96
-
SHA512
a0bedadf9905fb04b30e191671718ab8b74b96f27a2e3e20730922c312c8cd9210f1b6d7e1a0f279e71643c274de71957cfc21e3795a8482dd9a14846c6ef611
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxeQ:ymb3NkkiQ3mdBjF0y7kbUQ
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3102d2b1579244e3a14d73747bfa01139f0493af1ee471ab10d0bc7bca581d96N.exe"C:\Users\Admin\AppData\Local\Temp\3102d2b1579244e3a14d73747bfa01139f0493af1ee471ab10d0bc7bca581d96N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnnnn.exec:\3bnnnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbbn.exec:\nntbbn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjv.exec:\vpjjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxxllx.exec:\7rxxllx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbbtt.exec:\1bbbtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxrrr.exec:\xlfxrrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfrrf.exec:\fxrfrrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddv.exec:\jjddv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxrfxr.exec:\7rxrfxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxrlfx.exec:\5rxrlfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttbb.exec:\tnttbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvv.exec:\pddvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9frrrxr.exec:\9frrrxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbbn.exec:\nhtbbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjj.exec:\pppjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxrfff.exec:\7fxrfff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhhb.exec:\tbhhhb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dpjd.exec:\7dpjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpd.exec:\vjvpd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxrrr.exec:\lxxxrrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxrlf.exec:\llxxrlf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbh.exec:\nhttbh.exe23⤵
- Executes dropped EXE
-
\??\c:\nhhhbh.exec:\nhhhbh.exe24⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe25⤵
- Executes dropped EXE
-
\??\c:\1jpdv.exec:\1jpdv.exe26⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe27⤵
- Executes dropped EXE
-
\??\c:\3hnnbh.exec:\3hnnbh.exe28⤵
- Executes dropped EXE
-
\??\c:\3vvvv.exec:\3vvvv.exe29⤵
- Executes dropped EXE
-
\??\c:\9jjjv.exec:\9jjjv.exe30⤵
- Executes dropped EXE
-
\??\c:\fxlrrrl.exec:\fxlrrrl.exe31⤵
- Executes dropped EXE
-
\??\c:\bnnnhh.exec:\bnnnhh.exe32⤵
- Executes dropped EXE
-
\??\c:\tnhhbb.exec:\tnhhbb.exe33⤵
- Executes dropped EXE
-
\??\c:\pvddd.exec:\pvddd.exe34⤵
- Executes dropped EXE
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe35⤵
- Executes dropped EXE
-
\??\c:\vvddj.exec:\vvddj.exe36⤵
- Executes dropped EXE
-
\??\c:\jjjpp.exec:\jjjpp.exe37⤵
- Executes dropped EXE
-
\??\c:\lrxxrlx.exec:\lrxxrlx.exe38⤵
- Executes dropped EXE
-
\??\c:\hbtnbt.exec:\hbtnbt.exe39⤵
- Executes dropped EXE
-
\??\c:\hnhbhb.exec:\hnhbhb.exe40⤵
- Executes dropped EXE
-
\??\c:\1lrlffx.exec:\1lrlffx.exe41⤵
- Executes dropped EXE
-
\??\c:\xrxlfxr.exec:\xrxlfxr.exe42⤵
- Executes dropped EXE
-
\??\c:\tnnnnh.exec:\tnnnnh.exe43⤵
- Executes dropped EXE
-
\??\c:\jpddv.exec:\jpddv.exe44⤵
- Executes dropped EXE
-
\??\c:\fxfxffl.exec:\fxfxffl.exe45⤵
- Executes dropped EXE
-
\??\c:\xfrlllf.exec:\xfrlllf.exe46⤵
- Executes dropped EXE
-
\??\c:\bbhbtn.exec:\bbhbtn.exe47⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe48⤵
- Executes dropped EXE
-
\??\c:\vjvpd.exec:\vjvpd.exe49⤵
- Executes dropped EXE
-
\??\c:\rffxxrr.exec:\rffxxrr.exe50⤵
- Executes dropped EXE
-
\??\c:\bhhbtn.exec:\bhhbtn.exe51⤵
- Executes dropped EXE
-
\??\c:\vjjpj.exec:\vjjpj.exe52⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe53⤵
- Executes dropped EXE
-
\??\c:\flfxlfx.exec:\flfxlfx.exe54⤵
- Executes dropped EXE
-
\??\c:\1frfxrl.exec:\1frfxrl.exe55⤵
- Executes dropped EXE
-
\??\c:\tnnnhh.exec:\tnnnhh.exe56⤵
- Executes dropped EXE
-
\??\c:\vddvv.exec:\vddvv.exe57⤵
- Executes dropped EXE
-
\??\c:\7pjdv.exec:\7pjdv.exe58⤵
- Executes dropped EXE
-
\??\c:\xxxlfxl.exec:\xxxlfxl.exe59⤵
- Executes dropped EXE
-
\??\c:\nbtnhh.exec:\nbtnhh.exe60⤵
- Executes dropped EXE
-
\??\c:\bnnhtn.exec:\bnnhtn.exe61⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe62⤵
- Executes dropped EXE
-
\??\c:\fxfxllr.exec:\fxfxllr.exe63⤵
- Executes dropped EXE
-
\??\c:\btbthb.exec:\btbthb.exe64⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe65⤵
- Executes dropped EXE
-
\??\c:\hhhhbh.exec:\hhhhbh.exe66⤵
-
\??\c:\jjpdp.exec:\jjpdp.exe67⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe68⤵
-
\??\c:\frllxfx.exec:\frllxfx.exe69⤵
-
\??\c:\ttbtnn.exec:\ttbtnn.exe70⤵
-
\??\c:\jdddv.exec:\jdddv.exe71⤵
-
\??\c:\jjppp.exec:\jjppp.exe72⤵
-
\??\c:\1xxrfff.exec:\1xxrfff.exe73⤵
-
\??\c:\3nhbnn.exec:\3nhbnn.exe74⤵
-
\??\c:\djpjv.exec:\djpjv.exe75⤵
-
\??\c:\vdddp.exec:\vdddp.exe76⤵
-
\??\c:\1fxrffx.exec:\1fxrffx.exe77⤵
-
\??\c:\5lfrllf.exec:\5lfrllf.exe78⤵
-
\??\c:\tntntt.exec:\tntntt.exe79⤵
-
\??\c:\vpppj.exec:\vpppj.exe80⤵
-
\??\c:\xflfxxr.exec:\xflfxxr.exe81⤵
-
\??\c:\xfffffx.exec:\xfffffx.exe82⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe83⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe84⤵
-
\??\c:\rxfrlll.exec:\rxfrlll.exe85⤵
-
\??\c:\tnnnhb.exec:\tnnnhb.exe86⤵
-
\??\c:\5nttth.exec:\5nttth.exe87⤵
-
\??\c:\9vjjd.exec:\9vjjd.exe88⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe89⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe90⤵
-
\??\c:\tbhbnh.exec:\tbhbnh.exe91⤵
-
\??\c:\vppjv.exec:\vppjv.exe92⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe93⤵
-
\??\c:\fxlfrrf.exec:\fxlfrrf.exe94⤵
-
\??\c:\xrllffx.exec:\xrllffx.exe95⤵
-
\??\c:\bntttt.exec:\bntttt.exe96⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe97⤵
-
\??\c:\pddvv.exec:\pddvv.exe98⤵
-
\??\c:\llxrfxr.exec:\llxrfxr.exe99⤵
-
\??\c:\bttttt.exec:\bttttt.exe100⤵
-
\??\c:\djjdv.exec:\djjdv.exe101⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe102⤵
-
\??\c:\rlxxrrl.exec:\rlxxrrl.exe103⤵
-
\??\c:\1ntttt.exec:\1ntttt.exe104⤵
-
\??\c:\1hhbnn.exec:\1hhbnn.exe105⤵
-
\??\c:\pppjv.exec:\pppjv.exe106⤵
-
\??\c:\rrxrxxl.exec:\rrxrxxl.exe107⤵
-
\??\c:\xlrllll.exec:\xlrllll.exe108⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe109⤵
-
\??\c:\jddpd.exec:\jddpd.exe110⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe111⤵
-
\??\c:\frxxlll.exec:\frxxlll.exe112⤵
-
\??\c:\tbbttt.exec:\tbbttt.exe113⤵
-
\??\c:\tnbhth.exec:\tnbhth.exe114⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe115⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe116⤵
-
\??\c:\rlfxllf.exec:\rlfxllf.exe117⤵
-
\??\c:\rflxxff.exec:\rflxxff.exe118⤵
-
\??\c:\hnbhtb.exec:\hnbhtb.exe119⤵
-
\??\c:\jdddp.exec:\jdddp.exe120⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-