Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
18/12/2024, 00:41
General
-
Target
90cca53dda68a2defa24dedfb9e313c9b1e4a59bf1eb9cc29c051913bf2b4e9b.exe
-
Size
81KB
-
MD5
d2b4f6f679f26d1c45f59bc6ddfe0258
-
SHA1
310c393478aee3411b866c49861b17787e27e736
-
SHA256
90cca53dda68a2defa24dedfb9e313c9b1e4a59bf1eb9cc29c051913bf2b4e9b
-
SHA512
087e3ac22285a33527cf975a86442837e9e371826a2594e3d562dc1eebcc72b6113db98c338eb8aafd53bc3b5115224f8ee7c54432647a8943804511cef5cfcf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5rINFE4yeqT:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCu4rb
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\90cca53dda68a2defa24dedfb9e313c9b1e4a59bf1eb9cc29c051913bf2b4e9b.exe"C:\Users\Admin\AppData\Local\Temp\90cca53dda68a2defa24dedfb9e313c9b1e4a59bf1eb9cc29c051913bf2b4e9b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdp.exec:\pjjdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxxff.exec:\ffxxxff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnt.exec:\bntnnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddv.exec:\dvddv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvd.exec:\dvdvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnth.exec:\tntnth.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxxxl.exec:\rrfxxxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llfflf.exec:\3llfflf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pddj.exec:\3pddj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxxff.exec:\lfxxxff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthhhh.exec:\nthhhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpp.exec:\vdvpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlfxr.exec:\lfrlfxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbbtt.exec:\hnbbtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvp.exec:\ddpvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfffx.exec:\rrlfffx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthbb.exec:\btthbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddp.exec:\vvddp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrffrr.exec:\1xrffrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlfrr.exec:\fxrlfrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvppp.exec:\pvppp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppv.exec:\vdppv.exe23⤵
- Executes dropped EXE
-
\??\c:\frflfrf.exec:\frflfrf.exe24⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe25⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe26⤵
- Executes dropped EXE
-
\??\c:\rxrrxfl.exec:\rxrrxfl.exe27⤵
- Executes dropped EXE
-
\??\c:\ntnnnn.exec:\ntnnnn.exe28⤵
- Executes dropped EXE
-
\??\c:\5htttt.exec:\5htttt.exe29⤵
- Executes dropped EXE
-
\??\c:\vdvvp.exec:\vdvvp.exe30⤵
- Executes dropped EXE
-
\??\c:\rxxrrxx.exec:\rxxrrxx.exe31⤵
- Executes dropped EXE
-
\??\c:\htnhbh.exec:\htnhbh.exe32⤵
- Executes dropped EXE
-
\??\c:\tttbtb.exec:\tttbtb.exe33⤵
- Executes dropped EXE
-
\??\c:\dpjdd.exec:\dpjdd.exe34⤵
- Executes dropped EXE
-
\??\c:\vvvjd.exec:\vvvjd.exe35⤵
- Executes dropped EXE
-
\??\c:\lffffff.exec:\lffffff.exe36⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe37⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe38⤵
- Executes dropped EXE
-
\??\c:\1rlfffx.exec:\1rlfffx.exe39⤵
- Executes dropped EXE
-
\??\c:\vjjjj.exec:\vjjjj.exe40⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dpvdd.exec:\dpvdd.exe41⤵
- Executes dropped EXE
-
\??\c:\xxrrlll.exec:\xxrrlll.exe42⤵
- Executes dropped EXE
-
\??\c:\1rfxrxf.exec:\1rfxrxf.exe43⤵
- Executes dropped EXE
-
\??\c:\hnhhbh.exec:\hnhhbh.exe44⤵
- Executes dropped EXE
-
\??\c:\vvddd.exec:\vvddd.exe45⤵
- Executes dropped EXE
-
\??\c:\1ppdd.exec:\1ppdd.exe46⤵
- Executes dropped EXE
-
\??\c:\xxxrrll.exec:\xxxrrll.exe47⤵
- Executes dropped EXE
-
\??\c:\lllrrxr.exec:\lllrrxr.exe48⤵
- Executes dropped EXE
-
\??\c:\bhntnn.exec:\bhntnn.exe49⤵
- Executes dropped EXE
-
\??\c:\pdddd.exec:\pdddd.exe50⤵
- Executes dropped EXE
-
\??\c:\lrfxrrr.exec:\lrfxrrr.exe51⤵
- Executes dropped EXE
-
\??\c:\ntttbt.exec:\ntttbt.exe52⤵
- Executes dropped EXE
-
\??\c:\1pdvj.exec:\1pdvj.exe53⤵
- Executes dropped EXE
-
\??\c:\flrxffr.exec:\flrxffr.exe54⤵
- Executes dropped EXE
-
\??\c:\xfrrxfx.exec:\xfrrxfx.exe55⤵
- Executes dropped EXE
-
\??\c:\htbbht.exec:\htbbht.exe56⤵
- Executes dropped EXE
-
\??\c:\1jjdv.exec:\1jjdv.exe57⤵
- Executes dropped EXE
-
\??\c:\rxlllrx.exec:\rxlllrx.exe58⤵
- Executes dropped EXE
-
\??\c:\hbhhhh.exec:\hbhhhh.exe59⤵
- Executes dropped EXE
-
\??\c:\bbhntt.exec:\bbhntt.exe60⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe61⤵
- Executes dropped EXE
-
\??\c:\nhhnht.exec:\nhhnht.exe62⤵
- Executes dropped EXE
-
\??\c:\vjdvv.exec:\vjdvv.exe63⤵
- Executes dropped EXE
-
\??\c:\5rlllrl.exec:\5rlllrl.exe64⤵
- Executes dropped EXE
-
\??\c:\rrfxrrl.exec:\rrfxrrl.exe65⤵
- Executes dropped EXE
-
\??\c:\3nbnnh.exec:\3nbnnh.exe66⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe67⤵
-
\??\c:\xxfxxxx.exec:\xxfxxxx.exe68⤵
-
\??\c:\ttnhtb.exec:\ttnhtb.exe69⤵
-
\??\c:\bnhbnh.exec:\bnhbnh.exe70⤵
-
\??\c:\vppjj.exec:\vppjj.exe71⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe72⤵
-
\??\c:\1fxlllf.exec:\1fxlllf.exe73⤵
-
\??\c:\7lrlflf.exec:\7lrlflf.exe74⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe75⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe76⤵
-
\??\c:\frxxxxr.exec:\frxxxxr.exe77⤵
-
\??\c:\fxfffff.exec:\fxfffff.exe78⤵
-
\??\c:\7hhhbb.exec:\7hhhbb.exe79⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe80⤵
-
\??\c:\1fffxxr.exec:\1fffxxr.exe81⤵
-
\??\c:\9rrrrrl.exec:\9rrrrrl.exe82⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe83⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe84⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe85⤵
-
\??\c:\1xfxrrl.exec:\1xfxrrl.exe86⤵
-
\??\c:\lfrlflf.exec:\lfrlflf.exe87⤵
-
\??\c:\5ttnnn.exec:\5ttnnn.exe88⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe89⤵
-
\??\c:\5vvvv.exec:\5vvvv.exe90⤵
-
\??\c:\lfrxxrr.exec:\lfrxxrr.exe91⤵
-
\??\c:\xlfffll.exec:\xlfffll.exe92⤵
-
\??\c:\nbbbtb.exec:\nbbbtb.exe93⤵
-
\??\c:\ddddv.exec:\ddddv.exe94⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe95⤵
-
\??\c:\rrlfxxr.exec:\rrlfxxr.exe96⤵
-
\??\c:\bhhhhn.exec:\bhhhhn.exe97⤵
-
\??\c:\5jppv.exec:\5jppv.exe98⤵
-
\??\c:\jvddd.exec:\jvddd.exe99⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe100⤵
-
\??\c:\bbhhhn.exec:\bbhhhn.exe101⤵
-
\??\c:\7hhbtb.exec:\7hhbtb.exe102⤵
-
\??\c:\3jpjv.exec:\3jpjv.exe103⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe104⤵
-
\??\c:\rlllfrl.exec:\rlllfrl.exe105⤵
-
\??\c:\bbbttb.exec:\bbbttb.exe106⤵
-
\??\c:\dpppj.exec:\dpppj.exe107⤵
-
\??\c:\xrlxflr.exec:\xrlxflr.exe108⤵
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe109⤵
-
\??\c:\5bnhhn.exec:\5bnhhn.exe110⤵
-
\??\c:\5vpjd.exec:\5vpjd.exe111⤵
-
\??\c:\xfrrxxf.exec:\xfrrxxf.exe112⤵
-
\??\c:\lfxrrrl.exec:\lfxrrrl.exe113⤵
-
\??\c:\3bhbbb.exec:\3bhbbb.exe114⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe115⤵
-
\??\c:\5vddj.exec:\5vddj.exe116⤵
-
\??\c:\rxxlxrr.exec:\rxxlxrr.exe117⤵
-
\??\c:\bnnttn.exec:\bnnttn.exe118⤵
-
\??\c:\9nthnh.exec:\9nthnh.exe119⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe120⤵
-
\??\c:\lfffffx.exec:\lfffffx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-