Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
18/12/2024, 22:57
General
-
Target
b9bfde52331d733a7121d06bcd7eedd0a808e7176888f001df7341d263da49a9N.exe
-
Size
82KB
-
MD5
4ee152c31e1671b2e904510a13db0a70
-
SHA1
5f48b6a05fe1a676160096ed842d6cac672ddba7
-
SHA256
b9bfde52331d733a7121d06bcd7eedd0a808e7176888f001df7341d263da49a9
-
SHA512
0baef0e2e84e51aaf89fcb7a04a800e4285024bc9bd5e64a088b37a7100568fe0760a01e7f5389a49401da3391e850842a32f50b27c6e583e64e754b6332b14c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73tgygQwKjiawEmB5Gth:ymb3NkkiQ3mdBjFo73thgQ/wEko
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b9bfde52331d733a7121d06bcd7eedd0a808e7176888f001df7341d263da49a9N.exe"C:\Users\Admin\AppData\Local\Temp\b9bfde52331d733a7121d06bcd7eedd0a808e7176888f001df7341d263da49a9N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbbbh.exec:\1bbbbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvp.exec:\pjvvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppj.exec:\pjppj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxllffx.exec:\rxllffx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnnn.exec:\hnnnnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdd.exec:\pjjdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnbbh.exec:\hhnbbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtttb.exec:\thtttb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvv.exec:\pvdvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvv.exec:\ddpvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxfffx.exec:\rfxfffx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhnhn.exec:\bnhnhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjj.exec:\jddjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflrrx.exec:\xrflrrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrlrr.exec:\rlrrlrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnht.exec:\bttnht.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvj.exec:\ppvvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjpj.exec:\vjjpj.exe19⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\5frrxrf.exec:\5frrxrf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtnn.exec:\ttbtnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpjd.exec:\7vpjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjd.exec:\jdjjd.exe23⤵
- Executes dropped EXE
-
\??\c:\frlrlxx.exec:\frlrlxx.exe24⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe25⤵
- Executes dropped EXE
-
\??\c:\vjjjp.exec:\vjjjp.exe26⤵
- Executes dropped EXE
-
\??\c:\rfflffx.exec:\rfflffx.exe27⤵
- Executes dropped EXE
-
\??\c:\btnhhb.exec:\btnhhb.exe28⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe29⤵
- Executes dropped EXE
-
\??\c:\rllfxrl.exec:\rllfxrl.exe30⤵
- Executes dropped EXE
-
\??\c:\7tbtnh.exec:\7tbtnh.exe31⤵
- Executes dropped EXE
-
\??\c:\9vddv.exec:\9vddv.exe32⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe33⤵
- Executes dropped EXE
-
\??\c:\llxfrxr.exec:\llxfrxr.exe34⤵
- Executes dropped EXE
-
\??\c:\xfrxffl.exec:\xfrxffl.exe35⤵
- Executes dropped EXE
-
\??\c:\nhtntn.exec:\nhtntn.exe36⤵
- Executes dropped EXE
-
\??\c:\hbbttn.exec:\hbbttn.exe37⤵
- Executes dropped EXE
-
\??\c:\dvjdd.exec:\dvjdd.exe38⤵
- Executes dropped EXE
-
\??\c:\xfrrrxx.exec:\xfrrrxx.exe39⤵
- Executes dropped EXE
-
\??\c:\lffxxxx.exec:\lffxxxx.exe40⤵
- Executes dropped EXE
-
\??\c:\9hbtbb.exec:\9hbtbb.exe41⤵
- Executes dropped EXE
-
\??\c:\3dpvv.exec:\3dpvv.exe42⤵
- Executes dropped EXE
-
\??\c:\rrffffr.exec:\rrffffr.exe43⤵
- Executes dropped EXE
-
\??\c:\tnbhbt.exec:\tnbhbt.exe44⤵
- Executes dropped EXE
-
\??\c:\nnbtbb.exec:\nnbtbb.exe45⤵
- Executes dropped EXE
-
\??\c:\vjjjj.exec:\vjjjj.exe46⤵
- Executes dropped EXE
-
\??\c:\jdvpv.exec:\jdvpv.exe47⤵
- Executes dropped EXE
-
\??\c:\xlfxlll.exec:\xlfxlll.exe48⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe49⤵
- Executes dropped EXE
-
\??\c:\xxflxff.exec:\xxflxff.exe50⤵
- Executes dropped EXE
-
\??\c:\lrrllrr.exec:\lrrllrr.exe51⤵
- Executes dropped EXE
-
\??\c:\nbnhnt.exec:\nbnhnt.exe52⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe53⤵
- Executes dropped EXE
-
\??\c:\7xfxrll.exec:\7xfxrll.exe54⤵
- Executes dropped EXE
-
\??\c:\rlflfxx.exec:\rlflfxx.exe55⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe56⤵
- Executes dropped EXE
-
\??\c:\vdjpd.exec:\vdjpd.exe57⤵
- Executes dropped EXE
-
\??\c:\fxxrlrl.exec:\fxxrlrl.exe58⤵
- Executes dropped EXE
-
\??\c:\1tttnn.exec:\1tttnn.exe59⤵
- Executes dropped EXE
-
\??\c:\7nnhnn.exec:\7nnhnn.exe60⤵
- Executes dropped EXE
-
\??\c:\5jjdj.exec:\5jjdj.exe61⤵
- Executes dropped EXE
-
\??\c:\thbhth.exec:\thbhth.exe62⤵
- Executes dropped EXE
-
\??\c:\1tnbtt.exec:\1tnbtt.exe63⤵
- Executes dropped EXE
-
\??\c:\fffxxfx.exec:\fffxxfx.exe64⤵
- Executes dropped EXE
-
\??\c:\tbttnb.exec:\tbttnb.exe65⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe66⤵
-
\??\c:\thnhht.exec:\thnhht.exe67⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe68⤵
-
\??\c:\7dpdp.exec:\7dpdp.exe69⤵
-
\??\c:\lrxrxxl.exec:\lrxrxxl.exe70⤵
-
\??\c:\rllrfrf.exec:\rllrfrf.exe71⤵
-
\??\c:\nbbnhh.exec:\nbbnhh.exe72⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe73⤵
-
\??\c:\ppddd.exec:\ppddd.exe74⤵
-
\??\c:\rlfxrrr.exec:\rlfxrrr.exe75⤵
-
\??\c:\fxfrlfx.exec:\fxfrlfx.exe76⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe77⤵
-
\??\c:\bhhthh.exec:\bhhthh.exe78⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe79⤵
-
\??\c:\fflxxrr.exec:\fflxxrr.exe80⤵
-
\??\c:\5xrlxxf.exec:\5xrlxxf.exe81⤵
-
\??\c:\bhthbt.exec:\bhthbt.exe82⤵
-
\??\c:\bnttnb.exec:\bnttnb.exe83⤵
-
\??\c:\vpddv.exec:\vpddv.exe84⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe85⤵
-
\??\c:\xffxlll.exec:\xffxlll.exe86⤵
-
\??\c:\bttttt.exec:\bttttt.exe87⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe88⤵
-
\??\c:\pjddj.exec:\pjddj.exe89⤵
-
\??\c:\lfxrlfr.exec:\lfxrlfr.exe90⤵
-
\??\c:\7fxxrrx.exec:\7fxxrrx.exe91⤵
-
\??\c:\hhthtn.exec:\hhthtn.exe92⤵
-
\??\c:\pdppp.exec:\pdppp.exe93⤵
-
\??\c:\1flfxxx.exec:\1flfxxx.exe94⤵
-
\??\c:\nhhttt.exec:\nhhttt.exe95⤵
-
\??\c:\tnnnnt.exec:\tnnnnt.exe96⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe97⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe98⤵
-
\??\c:\xrfxxxr.exec:\xrfxxxr.exe99⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe100⤵
-
\??\c:\nhhtnn.exec:\nhhtnn.exe101⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe102⤵
-
\??\c:\9jpjd.exec:\9jpjd.exe103⤵
-
\??\c:\lxxrfff.exec:\lxxrfff.exe104⤵
-
\??\c:\xrrfxfx.exec:\xrrfxfx.exe105⤵
-
\??\c:\7btntt.exec:\7btntt.exe106⤵
-
\??\c:\1jppj.exec:\1jppj.exe107⤵
-
\??\c:\dpppp.exec:\dpppp.exe108⤵
-
\??\c:\frfrrrr.exec:\frfrrrr.exe109⤵
-
\??\c:\bttbht.exec:\bttbht.exe110⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe111⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe112⤵
-
\??\c:\dppvj.exec:\dppvj.exe113⤵
-
\??\c:\rlllfxr.exec:\rlllfxr.exe114⤵
-
\??\c:\nbhhhn.exec:\nbhhhn.exe115⤵
-
\??\c:\hhhhbt.exec:\hhhhbt.exe116⤵
-
\??\c:\vddvp.exec:\vddvp.exe117⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe118⤵
-
\??\c:\9lrlfxx.exec:\9lrlfxx.exe119⤵
-
\??\c:\frfxrrl.exec:\frfxrrl.exe120⤵
-
\??\c:\thhhth.exec:\thhhth.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-