Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
19/12/2024, 22:36
General
-
Target
29c0b11ed68f902890fbefe01f24a992a3ea3635f2456b6fe6fc4917c7632cc2N.exe
-
Size
70KB
-
MD5
dbb9016dedae1473846f53fcba748ec0
-
SHA1
0ba692580139f8bbb8ffca21c0c65ffe2a0b6251
-
SHA256
29c0b11ed68f902890fbefe01f24a992a3ea3635f2456b6fe6fc4917c7632cc2
-
SHA512
c48d4eb6a5463f28d7532a2cf572bdcf22d232b40fa01b1c1c8e95b9dd6bbd179891c201924ed336ba9cecdf17e05794696a99b08ee00918bb4bd794ec3be4ae
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAcB:ymb3NkkiQ3mdBjFIsIVcB
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\29c0b11ed68f902890fbefe01f24a992a3ea3635f2456b6fe6fc4917c7632cc2N.exe"C:\Users\Admin\AppData\Local\Temp\29c0b11ed68f902890fbefe01f24a992a3ea3635f2456b6fe6fc4917c7632cc2N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5ntnnn.exec:\5ntnnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdj.exec:\ddjdj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppj.exec:\pjppj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllrrx.exec:\fxllrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3flllfx.exec:\3flllfx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbbb.exec:\ttbbbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjj.exec:\jvjjj.exe8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdd.exec:\dvpdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtnhb.exec:\thtnhb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdp.exec:\jvpdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllxxx.exec:\fxllxxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ttnhh.exec:\5ttnhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpj.exec:\pddpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvj.exec:\vvdvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nbbbb.exec:\9nbbbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnbnh.exec:\bnnbnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfllf.exec:\xllfllf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhbt.exec:\nbnhbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvp.exec:\dpjvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbtt.exec:\bthbtt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvj.exec:\dpjvj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxlxrl.exec:\5xxlxrl.exe23⤵
- Executes dropped EXE
-
\??\c:\fxfxlfr.exec:\fxfxlfr.exe24⤵
- Executes dropped EXE
-
\??\c:\hbtnhb.exec:\hbtnhb.exe25⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe26⤵
- Executes dropped EXE
-
\??\c:\pvpdj.exec:\pvpdj.exe27⤵
- Executes dropped EXE
-
\??\c:\fllxfxl.exec:\fllxfxl.exe28⤵
- Executes dropped EXE
-
\??\c:\btbhtb.exec:\btbhtb.exe29⤵
- Executes dropped EXE
-
\??\c:\djjvj.exec:\djjvj.exe30⤵
- Executes dropped EXE
-
\??\c:\5dpjj.exec:\5dpjj.exe31⤵
- Executes dropped EXE
-
\??\c:\1rlxllx.exec:\1rlxllx.exe32⤵
- Executes dropped EXE
-
\??\c:\1ntnbt.exec:\1ntnbt.exe33⤵
- Executes dropped EXE
-
\??\c:\5nthtn.exec:\5nthtn.exe34⤵
- Executes dropped EXE
-
\??\c:\dppdv.exec:\dppdv.exe35⤵
- Executes dropped EXE
-
\??\c:\jdjpv.exec:\jdjpv.exe36⤵
- Executes dropped EXE
-
\??\c:\lfxlxrf.exec:\lfxlxrf.exe37⤵
- Executes dropped EXE
-
\??\c:\xxxxrlx.exec:\xxxxrlx.exe38⤵
- Executes dropped EXE
-
\??\c:\1tnbtn.exec:\1tnbtn.exe39⤵
- Executes dropped EXE
-
\??\c:\3pjvj.exec:\3pjvj.exe40⤵
- Executes dropped EXE
-
\??\c:\jjjvp.exec:\jjjvp.exe41⤵
- Executes dropped EXE
-
\??\c:\lflfrlf.exec:\lflfrlf.exe42⤵
- Executes dropped EXE
-
\??\c:\rxlxlfr.exec:\rxlxlfr.exe43⤵
- Executes dropped EXE
-
\??\c:\nnhhtt.exec:\nnhhtt.exe44⤵
- Executes dropped EXE
-
\??\c:\btnbnh.exec:\btnbnh.exe45⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe46⤵
- Executes dropped EXE
-
\??\c:\pdvjv.exec:\pdvjv.exe47⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe48⤵
- Executes dropped EXE
-
\??\c:\rxflxlx.exec:\rxflxlx.exe49⤵
- Executes dropped EXE
-
\??\c:\btnhtb.exec:\btnhtb.exe50⤵
- Executes dropped EXE
-
\??\c:\hbhbnh.exec:\hbhbnh.exe51⤵
- Executes dropped EXE
-
\??\c:\jjdpp.exec:\jjdpp.exe52⤵
- Executes dropped EXE
-
\??\c:\9jjdp.exec:\9jjdp.exe53⤵
- Executes dropped EXE
-
\??\c:\7llfrlf.exec:\7llfrlf.exe54⤵
- Executes dropped EXE
-
\??\c:\lfxlxrf.exec:\lfxlxrf.exe55⤵
- Executes dropped EXE
-
\??\c:\nnnnhb.exec:\nnnnhb.exe56⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe57⤵
- Executes dropped EXE
-
\??\c:\rxlffrr.exec:\rxlffrr.exe58⤵
- Executes dropped EXE
-
\??\c:\thbthh.exec:\thbthh.exe59⤵
- Executes dropped EXE
-
\??\c:\bhbnbb.exec:\bhbnbb.exe60⤵
- Executes dropped EXE
-
\??\c:\3ddpv.exec:\3ddpv.exe61⤵
- Executes dropped EXE
-
\??\c:\pdvvv.exec:\pdvvv.exe62⤵
- Executes dropped EXE
-
\??\c:\xlfrfxr.exec:\xlfrfxr.exe63⤵
- Executes dropped EXE
-
\??\c:\btnhbt.exec:\btnhbt.exe64⤵
- Executes dropped EXE
-
\??\c:\thbthh.exec:\thbthh.exe65⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe66⤵
-
\??\c:\9pvjv.exec:\9pvjv.exe67⤵
-
\??\c:\llrfrfx.exec:\llrfrfx.exe68⤵
-
\??\c:\bthhtb.exec:\bthhtb.exe69⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe70⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe71⤵
-
\??\c:\lfxrfll.exec:\lfxrfll.exe72⤵
-
\??\c:\9xfxfxf.exec:\9xfxfxf.exe73⤵
-
\??\c:\thnhhb.exec:\thnhhb.exe74⤵
-
\??\c:\hntnhb.exec:\hntnhb.exe75⤵
-
\??\c:\9ddpd.exec:\9ddpd.exe76⤵
-
\??\c:\pddpd.exec:\pddpd.exe77⤵
-
\??\c:\hthhth.exec:\hthhth.exe78⤵
-
\??\c:\5dvjv.exec:\5dvjv.exe79⤵
-
\??\c:\lxrfrlf.exec:\lxrfrlf.exe80⤵
-
\??\c:\xflrfxl.exec:\xflrfxl.exe81⤵
-
\??\c:\1bhbhb.exec:\1bhbhb.exe82⤵
-
\??\c:\nbnhbt.exec:\nbnhbt.exe83⤵
-
\??\c:\pvddv.exec:\pvddv.exe84⤵
-
\??\c:\9xfrfxl.exec:\9xfrfxl.exe85⤵
-
\??\c:\xflxlfl.exec:\xflxlfl.exe86⤵
-
\??\c:\hthtbn.exec:\hthtbn.exe87⤵
-
\??\c:\tbtntt.exec:\tbtntt.exe88⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe89⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe90⤵
-
\??\c:\9fllxxr.exec:\9fllxxr.exe91⤵
-
\??\c:\nhhnhh.exec:\nhhnhh.exe92⤵
-
\??\c:\hnnbhb.exec:\hnnbhb.exe93⤵
-
\??\c:\nhbnhn.exec:\nhbnhn.exe94⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe95⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe96⤵
-
\??\c:\1ffxrll.exec:\1ffxrll.exe97⤵
-
\??\c:\7bbthh.exec:\7bbthh.exe98⤵
-
\??\c:\btbnhb.exec:\btbnhb.exe99⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe100⤵
-
\??\c:\rffxffx.exec:\rffxffx.exe101⤵
-
\??\c:\xlfrfrl.exec:\xlfrfrl.exe102⤵
-
\??\c:\nhhbnh.exec:\nhhbnh.exe103⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe104⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe105⤵
-
\??\c:\frlxlfx.exec:\frlxlfx.exe106⤵
-
\??\c:\1flxxrx.exec:\1flxxrx.exe107⤵
-
\??\c:\ntnbht.exec:\ntnbht.exe108⤵
-
\??\c:\5jppd.exec:\5jppd.exe109⤵
-
\??\c:\pddvj.exec:\pddvj.exe110⤵
-
\??\c:\7lflxrl.exec:\7lflxrl.exe111⤵
-
\??\c:\5nntnh.exec:\5nntnh.exe112⤵
-
\??\c:\thbthb.exec:\thbthb.exe113⤵
-
\??\c:\jppdp.exec:\jppdp.exe114⤵
-
\??\c:\9vvjv.exec:\9vvjv.exe115⤵
-
\??\c:\xfrfrfx.exec:\xfrfrfx.exe116⤵
-
\??\c:\frfxrfr.exec:\frfxrfr.exe117⤵
-
\??\c:\httbnn.exec:\httbnn.exe118⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe119⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe120⤵
-
\??\c:\lflffxl.exec:\lflffxl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-