Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22/12/2024, 03:06
General
-
Target
ed7c02b0daba63b50f72c38f6885c144d5bd93fdd3eb30d04a29d4197d77164f.exe
-
Size
83KB
-
MD5
cc843f29569041b4c5f5cfbda3acbbba
-
SHA1
00f60f53883096623fd59c71beebb5dd172f2e03
-
SHA256
ed7c02b0daba63b50f72c38f6885c144d5bd93fdd3eb30d04a29d4197d77164f
-
SHA512
95c7f249f15992a059ba2e5c43f201ffa5319267ab2563cef62ed43654f4899bc0ff2eff4040fb23d602a8b20524684c18cb8d49c2f8f2b8a915e47b6eb6ca18
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QR:ymb3NkkiQ3mdBjFIIp9L9QrrA8m
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 41 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ed7c02b0daba63b50f72c38f6885c144d5bd93fdd3eb30d04a29d4197d77164f.exe"C:\Users\Admin\AppData\Local\Temp\ed7c02b0daba63b50f72c38f6885c144d5bd93fdd3eb30d04a29d4197d77164f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttbb.exec:\ttttbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppp.exec:\ddppp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrlrl.exec:\rrrrlrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttnn.exec:\ttttnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjj.exec:\dvpjj.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrrrx.exec:\xrxrrrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxxfx.exec:\llfxxfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnbb.exec:\htnnbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpj.exec:\vvvpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnthh.exec:\tnnthh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbtt.exec:\nnhbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjvp.exec:\ddjvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdp.exec:\jdjdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxrxr.exec:\xrxxrxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffxxr.exec:\lfffxxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnhb.exec:\bttnhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbtt.exec:\nbbbtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjd.exec:\dvvjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxffxxr.exec:\lxffxxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrfrx.exec:\xrrrfrx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbbtb.exec:\9bbbtb.exe23⤵
- Executes dropped EXE
-
\??\c:\5jpjp.exec:\5jpjp.exe24⤵
- Executes dropped EXE
-
\??\c:\xrrfxxr.exec:\xrrfxxr.exe25⤵
- Executes dropped EXE
-
\??\c:\hbtnnn.exec:\hbtnnn.exe26⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe27⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe28⤵
- Executes dropped EXE
-
\??\c:\frxrrxx.exec:\frxrrxx.exe29⤵
- Executes dropped EXE
-
\??\c:\nttbtb.exec:\nttbtb.exe30⤵
- Executes dropped EXE
-
\??\c:\1pddp.exec:\1pddp.exe31⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe32⤵
- Executes dropped EXE
-
\??\c:\9lrrlll.exec:\9lrrlll.exe33⤵
- Executes dropped EXE
-
\??\c:\bbbbhh.exec:\bbbbhh.exe34⤵
- Executes dropped EXE
-
\??\c:\tnnnhb.exec:\tnnnhb.exe35⤵
- Executes dropped EXE
-
\??\c:\ppvvj.exec:\ppvvj.exe36⤵
- Executes dropped EXE
-
\??\c:\fflrffr.exec:\fflrffr.exe37⤵
- Executes dropped EXE
-
\??\c:\lfffffl.exec:\lfffffl.exe38⤵
- Executes dropped EXE
-
\??\c:\thtnnn.exec:\thtnnn.exe39⤵
- Executes dropped EXE
-
\??\c:\bthhtt.exec:\bthhtt.exe40⤵
- Executes dropped EXE
-
\??\c:\vdvpd.exec:\vdvpd.exe41⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe42⤵
- Executes dropped EXE
-
\??\c:\fxxrllf.exec:\fxxrllf.exe43⤵
- Executes dropped EXE
-
\??\c:\fxxxrrx.exec:\fxxxrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\9bhhbb.exec:\9bhhbb.exe45⤵
- Executes dropped EXE
-
\??\c:\dvppp.exec:\dvppp.exe46⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe47⤵
- Executes dropped EXE
-
\??\c:\fxllfxx.exec:\fxllfxx.exe48⤵
- Executes dropped EXE
-
\??\c:\rxlfxfx.exec:\rxlfxfx.exe49⤵
- Executes dropped EXE
-
\??\c:\9nhnhh.exec:\9nhnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\httbbn.exec:\httbbn.exe51⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe52⤵
- Executes dropped EXE
-
\??\c:\dppjv.exec:\dppjv.exe53⤵
- Executes dropped EXE
-
\??\c:\fxxrxrx.exec:\fxxrxrx.exe54⤵
- Executes dropped EXE
-
\??\c:\rrffllf.exec:\rrffllf.exe55⤵
- Executes dropped EXE
-
\??\c:\7ntnbb.exec:\7ntnbb.exe56⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe58⤵
- Executes dropped EXE
-
\??\c:\pvpdv.exec:\pvpdv.exe59⤵
- Executes dropped EXE
-
\??\c:\xrfrllx.exec:\xrfrllx.exe60⤵
- Executes dropped EXE
-
\??\c:\thnnhn.exec:\thnnhn.exe61⤵
- Executes dropped EXE
-
\??\c:\thnhnn.exec:\thnhnn.exe62⤵
- Executes dropped EXE
-
\??\c:\bhhnbb.exec:\bhhnbb.exe63⤵
- Executes dropped EXE
-
\??\c:\jppdp.exec:\jppdp.exe64⤵
- Executes dropped EXE
-
\??\c:\rlxxrrx.exec:\rlxxrrx.exe65⤵
- Executes dropped EXE
-
\??\c:\1rlffxx.exec:\1rlffxx.exe66⤵
-
\??\c:\7nbbtt.exec:\7nbbtt.exe67⤵
-
\??\c:\nbhbhh.exec:\nbhbhh.exe68⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe69⤵
-
\??\c:\xrlxrrr.exec:\xrlxrrr.exe70⤵
-
\??\c:\rfffxxr.exec:\rfffxxr.exe71⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe72⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe73⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe74⤵
- System Location Discovery: System Language Discovery
-
\??\c:\llxrlll.exec:\llxrlll.exe75⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe76⤵
-
\??\c:\btthtn.exec:\btthtn.exe77⤵
-
\??\c:\jddvp.exec:\jddvp.exe78⤵
-
\??\c:\xxlrflf.exec:\xxlrflf.exe79⤵
-
\??\c:\xrffllr.exec:\xrffllr.exe80⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe81⤵
-
\??\c:\5xrfrxf.exec:\5xrfrxf.exe82⤵
-
\??\c:\hbhbnh.exec:\hbhbnh.exe83⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe84⤵
-
\??\c:\7jvjp.exec:\7jvjp.exe85⤵
-
\??\c:\dppjv.exec:\dppjv.exe86⤵
-
\??\c:\lxrfrlf.exec:\lxrfrlf.exe87⤵
-
\??\c:\fxlfxxr.exec:\fxlfxxr.exe88⤵
-
\??\c:\btntbb.exec:\btntbb.exe89⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe90⤵
-
\??\c:\pppdv.exec:\pppdv.exe91⤵
-
\??\c:\rrlfffl.exec:\rrlfffl.exe92⤵
-
\??\c:\flrxxfx.exec:\flrxxfx.exe93⤵
-
\??\c:\nnnttt.exec:\nnnttt.exe94⤵
-
\??\c:\pjddp.exec:\pjddp.exe95⤵
-
\??\c:\1vdvp.exec:\1vdvp.exe96⤵
-
\??\c:\9jpjv.exec:\9jpjv.exe97⤵
-
\??\c:\fxrlfxx.exec:\fxrlfxx.exe98⤵
-
\??\c:\lrxrfrl.exec:\lrxrfrl.exe99⤵
-
\??\c:\3jjdj.exec:\3jjdj.exe100⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe101⤵
-
\??\c:\lrffffl.exec:\lrffffl.exe102⤵
-
\??\c:\3xfflrr.exec:\3xfflrr.exe103⤵
-
\??\c:\tbnhbb.exec:\tbnhbb.exe104⤵
-
\??\c:\ntnhnt.exec:\ntnhnt.exe105⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe106⤵
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe107⤵
-
\??\c:\fxxlfxl.exec:\fxxlfxl.exe108⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe109⤵
-
\??\c:\djvdv.exec:\djvdv.exe110⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe111⤵
-
\??\c:\flxlrlf.exec:\flxlrlf.exe112⤵
-
\??\c:\ntbnht.exec:\ntbnht.exe113⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe114⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe115⤵
-
\??\c:\llxlllr.exec:\llxlllr.exe116⤵
-
\??\c:\xlxrlll.exec:\xlxrlll.exe117⤵
-
\??\c:\9bnhth.exec:\9bnhth.exe118⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe119⤵
-
\??\c:\vddvj.exec:\vddvj.exe120⤵
-
\??\c:\rxllxxr.exec:\rxllxxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-