Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22/12/2024, 03:04
General
-
Target
ed7c02b0daba63b50f72c38f6885c144d5bd93fdd3eb30d04a29d4197d77164f.exe
-
Size
83KB
-
MD5
cc843f29569041b4c5f5cfbda3acbbba
-
SHA1
00f60f53883096623fd59c71beebb5dd172f2e03
-
SHA256
ed7c02b0daba63b50f72c38f6885c144d5bd93fdd3eb30d04a29d4197d77164f
-
SHA512
95c7f249f15992a059ba2e5c43f201ffa5319267ab2563cef62ed43654f4899bc0ff2eff4040fb23d602a8b20524684c18cb8d49c2f8f2b8a915e47b6eb6ca18
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QR:ymb3NkkiQ3mdBjFIIp9L9QrrA8m
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ed7c02b0daba63b50f72c38f6885c144d5bd93fdd3eb30d04a29d4197d77164f.exe"C:\Users\Admin\AppData\Local\Temp\ed7c02b0daba63b50f72c38f6885c144d5bd93fdd3eb30d04a29d4197d77164f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjd.exec:\dvjjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxfrl.exec:\rrlxfrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxrlf.exec:\xxfxrlf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbbb.exec:\ntbbbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvd.exec:\jpdvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjdv.exec:\5pjdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxrr.exec:\rfffxrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbtt.exec:\tnbbtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpd.exec:\ppvpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxlxrl.exec:\ffxlxrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntttnn.exec:\ntttnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbbh.exec:\tbhbbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjpv.exec:\jpjpv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrfxxr.exec:\9xrfxxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttnt.exec:\btttnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhnn.exec:\nnhhnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjj.exec:\vjjjj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvdj.exec:\djvdj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxxxf.exec:\xxxxxxf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbhh.exec:\ntbbhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddv.exec:\ddddv.exe23⤵
- Executes dropped EXE
-
\??\c:\xxxxxff.exec:\xxxxxff.exe24⤵
- Executes dropped EXE
-
\??\c:\tthhtt.exec:\tthhtt.exe25⤵
- Executes dropped EXE
-
\??\c:\hhtthb.exec:\hhtthb.exe26⤵
- Executes dropped EXE
-
\??\c:\jpvvd.exec:\jpvvd.exe27⤵
- Executes dropped EXE
-
\??\c:\3lrlffx.exec:\3lrlffx.exe28⤵
- Executes dropped EXE
-
\??\c:\5ttttt.exec:\5ttttt.exe29⤵
- Executes dropped EXE
-
\??\c:\jvvdv.exec:\jvvdv.exe30⤵
- Executes dropped EXE
-
\??\c:\fxfrxrx.exec:\fxfrxrx.exe31⤵
- Executes dropped EXE
-
\??\c:\tbtnnt.exec:\tbtnnt.exe32⤵
- Executes dropped EXE
-
\??\c:\bthbhh.exec:\bthbhh.exe33⤵
- Executes dropped EXE
-
\??\c:\ppdpj.exec:\ppdpj.exe34⤵
- Executes dropped EXE
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe35⤵
- Executes dropped EXE
-
\??\c:\lxxrllf.exec:\lxxrllf.exe36⤵
- Executes dropped EXE
-
\??\c:\bttnhb.exec:\bttnhb.exe37⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe38⤵
- Executes dropped EXE
-
\??\c:\vvpdv.exec:\vvpdv.exe39⤵
- Executes dropped EXE
-
\??\c:\fxxrlll.exec:\fxxrlll.exe40⤵
- Executes dropped EXE
-
\??\c:\frxxffr.exec:\frxxffr.exe41⤵
- Executes dropped EXE
-
\??\c:\1bbbtb.exec:\1bbbtb.exe42⤵
- Executes dropped EXE
-
\??\c:\hbnnhh.exec:\hbnnhh.exe43⤵
- Executes dropped EXE
-
\??\c:\7vvjp.exec:\7vvjp.exe44⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe45⤵
- Executes dropped EXE
-
\??\c:\nhnhtb.exec:\nhnhtb.exe46⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe47⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe48⤵
- Executes dropped EXE
-
\??\c:\rfxxxxx.exec:\rfxxxxx.exe49⤵
- Executes dropped EXE
-
\??\c:\rfrlllr.exec:\rfrlllr.exe50⤵
- Executes dropped EXE
-
\??\c:\tthntb.exec:\tthntb.exe51⤵
- Executes dropped EXE
-
\??\c:\thhbht.exec:\thhbht.exe52⤵
- Executes dropped EXE
-
\??\c:\jjppd.exec:\jjppd.exe53⤵
- Executes dropped EXE
-
\??\c:\vjddp.exec:\vjddp.exe54⤵
- Executes dropped EXE
-
\??\c:\xxxxrrx.exec:\xxxxrrx.exe55⤵
- Executes dropped EXE
-
\??\c:\tttnht.exec:\tttnht.exe56⤵
- Executes dropped EXE
-
\??\c:\hhhtbb.exec:\hhhtbb.exe57⤵
- Executes dropped EXE
-
\??\c:\jvvvj.exec:\jvvvj.exe58⤵
- Executes dropped EXE
-
\??\c:\9pvpj.exec:\9pvpj.exe59⤵
- Executes dropped EXE
-
\??\c:\fflfxxx.exec:\fflfxxx.exe60⤵
- Executes dropped EXE
-
\??\c:\5rlllll.exec:\5rlllll.exe61⤵
- Executes dropped EXE
-
\??\c:\htbbhh.exec:\htbbhh.exe62⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe63⤵
- Executes dropped EXE
-
\??\c:\pjvvp.exec:\pjvvp.exe64⤵
- Executes dropped EXE
-
\??\c:\rxlfllf.exec:\rxlfllf.exe65⤵
- Executes dropped EXE
-
\??\c:\rlrrlff.exec:\rlrrlff.exe66⤵
-
\??\c:\5ntttt.exec:\5ntttt.exe67⤵
-
\??\c:\7nbhhh.exec:\7nbhhh.exe68⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe69⤵
-
\??\c:\flrllfx.exec:\flrllfx.exe70⤵
-
\??\c:\frlffxl.exec:\frlffxl.exe71⤵
-
\??\c:\hhnttt.exec:\hhnttt.exe72⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe73⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe74⤵
-
\??\c:\nhbbhn.exec:\nhbbhn.exe75⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe76⤵
-
\??\c:\xlxlxrl.exec:\xlxlxrl.exe77⤵
-
\??\c:\frfrfxl.exec:\frfrfxl.exe78⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe79⤵
-
\??\c:\vddvv.exec:\vddvv.exe80⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe81⤵
-
\??\c:\fllxllf.exec:\fllxllf.exe82⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe83⤵
-
\??\c:\7nnhbt.exec:\7nnhbt.exe84⤵
-
\??\c:\nnhnhn.exec:\nnhnhn.exe85⤵
-
\??\c:\bnntnn.exec:\bnntnn.exe86⤵
-
\??\c:\jvjvp.exec:\jvjvp.exe87⤵
-
\??\c:\rflffxf.exec:\rflffxf.exe88⤵
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe89⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe90⤵
-
\??\c:\5pppd.exec:\5pppd.exe91⤵
-
\??\c:\fxxrxrr.exec:\fxxrxrr.exe92⤵
-
\??\c:\xrrrffx.exec:\xrrrffx.exe93⤵
-
\??\c:\bbhntt.exec:\bbhntt.exe94⤵
-
\??\c:\3thbbb.exec:\3thbbb.exe95⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe96⤵
-
\??\c:\1ppjp.exec:\1ppjp.exe97⤵
-
\??\c:\rlfxxrl.exec:\rlfxxrl.exe98⤵
-
\??\c:\3bhbhb.exec:\3bhbhb.exe99⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe100⤵
-
\??\c:\7vdvp.exec:\7vdvp.exe101⤵
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe102⤵
-
\??\c:\rxffxlx.exec:\rxffxlx.exe103⤵
-
\??\c:\nhtnnt.exec:\nhtnnt.exe104⤵
-
\??\c:\djdpj.exec:\djdpj.exe105⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe106⤵
-
\??\c:\flllrll.exec:\flllrll.exe107⤵
-
\??\c:\7nnhbt.exec:\7nnhbt.exe108⤵
-
\??\c:\hhtthh.exec:\hhtthh.exe109⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe110⤵
-
\??\c:\rxllxxr.exec:\rxllxxr.exe111⤵
-
\??\c:\xflffrr.exec:\xflffrr.exe112⤵
-
\??\c:\5tttnn.exec:\5tttnn.exe113⤵
-
\??\c:\httbbb.exec:\httbbb.exe114⤵
-
\??\c:\1vvpd.exec:\1vvpd.exe115⤵
-
\??\c:\rlxrllf.exec:\rlxrllf.exe116⤵
-
\??\c:\nbtbtb.exec:\nbtbtb.exe117⤵
-
\??\c:\nnhtnh.exec:\nnhtnh.exe118⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe119⤵
-
\??\c:\dppdp.exec:\dppdp.exe120⤵
-
\??\c:\9ppjd.exec:\9ppjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-