Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
26/12/2024, 12:09
General
-
Target
850fe874201a706d6196307256f768e37c4026fe43cb4875a95824c9debab0cb.exe
-
Size
298KB
-
MD5
c48150ae1df943cec9e198000905216a
-
SHA1
5291d5b56a928717af19a756cdacde64cd9c0fdd
-
SHA256
850fe874201a706d6196307256f768e37c4026fe43cb4875a95824c9debab0cb
-
SHA512
565c590c3a124b9016ee1fb2d0f3686146c0d1511f90c8825f1f3d83d5291b42b11a4f40e1d70444f5bd179688cf6b31b96557a5a4146ac48ff73cd5db1be379
-
SSDEEP
6144:n3C9BRo/AIuuOthLmH403Pyr6UWO6jUl7sPgvU:n3C9uDVOXLmHBKWyn+PgvU
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\850fe874201a706d6196307256f768e37c4026fe43cb4875a95824c9debab0cb.exe"C:\Users\Admin\AppData\Local\Temp\850fe874201a706d6196307256f768e37c4026fe43cb4875a95824c9debab0cb.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbthb.exec:\tbbthb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrrlr.exec:\rlfrrlr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhbt.exec:\btnhbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nnbhn.exec:\1nnbhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdd.exec:\pdjdd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlxxl.exec:\rxrlxxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhtn.exec:\bbnhtn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvjd.exec:\ppvjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pvjd.exec:\7pvjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnbb.exec:\hhtnbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnbtn.exec:\htnbtn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvj.exec:\jddvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbtht.exec:\7bbtht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdpv.exec:\jjdpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxllf.exec:\xrfxllf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbhh.exec:\hthbhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jpjp.exec:\1jpjp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxllx.exec:\xxxxllx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhnnn.exec:\hbhnnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbntn.exec:\btbntn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3djdp.exec:\3djdp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfrrr.exec:\frlfrrr.exe23⤵
- Executes dropped EXE
-
\??\c:\hhttnt.exec:\hhttnt.exe24⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe25⤵
- Executes dropped EXE
-
\??\c:\5xxlffx.exec:\5xxlffx.exe26⤵
- Executes dropped EXE
-
\??\c:\pdjjd.exec:\pdjjd.exe27⤵
- Executes dropped EXE
-
\??\c:\xlxxffr.exec:\xlxxffr.exe28⤵
- Executes dropped EXE
-
\??\c:\jjddd.exec:\jjddd.exe29⤵
- Executes dropped EXE
-
\??\c:\rfxrlll.exec:\rfxrlll.exe30⤵
- Executes dropped EXE
-
\??\c:\nntntt.exec:\nntntt.exe31⤵
- Executes dropped EXE
-
\??\c:\9ffrflf.exec:\9ffrflf.exe32⤵
- Executes dropped EXE
-
\??\c:\hbbnhh.exec:\hbbnhh.exe33⤵
- Executes dropped EXE
-
\??\c:\vdjdd.exec:\vdjdd.exe34⤵
- Executes dropped EXE
-
\??\c:\xxlfrrr.exec:\xxlfrrr.exe35⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe36⤵
- Executes dropped EXE
-
\??\c:\vdvpd.exec:\vdvpd.exe37⤵
- Executes dropped EXE
-
\??\c:\nntnnn.exec:\nntnnn.exe38⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe39⤵
- Executes dropped EXE
-
\??\c:\xrrlflx.exec:\xrrlflx.exe40⤵
- Executes dropped EXE
-
\??\c:\nbhbhb.exec:\nbhbhb.exe41⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe42⤵
- Executes dropped EXE
-
\??\c:\5xxxrxx.exec:\5xxxrxx.exe43⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe44⤵
- Executes dropped EXE
-
\??\c:\3vddv.exec:\3vddv.exe45⤵
- Executes dropped EXE
-
\??\c:\5frlfxr.exec:\5frlfxr.exe46⤵
- Executes dropped EXE
-
\??\c:\xfrrllf.exec:\xfrrllf.exe47⤵
- Executes dropped EXE
-
\??\c:\bhhtnn.exec:\bhhtnn.exe48⤵
- Executes dropped EXE
-
\??\c:\thbthh.exec:\thbthh.exe49⤵
- Executes dropped EXE
-
\??\c:\jvdpp.exec:\jvdpp.exe50⤵
- Executes dropped EXE
-
\??\c:\7xxrrrx.exec:\7xxrrrx.exe51⤵
- Executes dropped EXE
-
\??\c:\ffxrllx.exec:\ffxrllx.exe52⤵
- Executes dropped EXE
-
\??\c:\tnnnnn.exec:\tnnnnn.exe53⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe54⤵
- Executes dropped EXE
-
\??\c:\lxlfrrr.exec:\lxlfrrr.exe55⤵
- Executes dropped EXE
-
\??\c:\lflfxfx.exec:\lflfxfx.exe56⤵
- Executes dropped EXE
-
\??\c:\7thbhh.exec:\7thbhh.exe57⤵
- Executes dropped EXE
-
\??\c:\nbtthn.exec:\nbtthn.exe58⤵
- Executes dropped EXE
-
\??\c:\vdjdd.exec:\vdjdd.exe59⤵
- Executes dropped EXE
-
\??\c:\rfxxrrf.exec:\rfxxrrf.exe60⤵
- Executes dropped EXE
-
\??\c:\1xrrlrl.exec:\1xrrlrl.exe61⤵
- Executes dropped EXE
-
\??\c:\tnhhbn.exec:\tnhhbn.exe62⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe63⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe64⤵
- Executes dropped EXE
-
\??\c:\fflfxxr.exec:\fflfxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\9ttttb.exec:\9ttttb.exe66⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe67⤵
-
\??\c:\vppjv.exec:\vppjv.exe68⤵
-
\??\c:\xxxxxfx.exec:\xxxxxfx.exe69⤵
-
\??\c:\5flflll.exec:\5flflll.exe70⤵
-
\??\c:\nbhbhh.exec:\nbhbhh.exe71⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe72⤵
-
\??\c:\1pvpd.exec:\1pvpd.exe73⤵
-
\??\c:\fxxrlll.exec:\fxxrlll.exe74⤵
-
\??\c:\lfffrrl.exec:\lfffrrl.exe75⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe76⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe77⤵
-
\??\c:\lffxllf.exec:\lffxllf.exe78⤵
-
\??\c:\xfrrlll.exec:\xfrrlll.exe79⤵
-
\??\c:\1bhhhh.exec:\1bhhhh.exe80⤵
-
\??\c:\5ntnbh.exec:\5ntnbh.exe81⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe82⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe83⤵
-
\??\c:\lxfxlrl.exec:\lxfxlrl.exe84⤵
-
\??\c:\lfrxxff.exec:\lfrxxff.exe85⤵
-
\??\c:\tnbbtt.exec:\tnbbtt.exe86⤵
-
\??\c:\jvppd.exec:\jvppd.exe87⤵
-
\??\c:\5rrlfxx.exec:\5rrlfxx.exe88⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe89⤵
-
\??\c:\3bhbbt.exec:\3bhbbt.exe90⤵
-
\??\c:\vjppj.exec:\vjppj.exe91⤵
-
\??\c:\frrrllr.exec:\frrrllr.exe92⤵
-
\??\c:\9hhhtt.exec:\9hhhtt.exe93⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe94⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe95⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe96⤵
-
\??\c:\5llfrrl.exec:\5llfrrl.exe97⤵
-
\??\c:\thtnnn.exec:\thtnnn.exe98⤵
-
\??\c:\hhnttt.exec:\hhnttt.exe99⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe100⤵
-
\??\c:\rlrfrxr.exec:\rlrfrxr.exe101⤵
-
\??\c:\lflfxxr.exec:\lflfxxr.exe102⤵
-
\??\c:\httntn.exec:\httntn.exe103⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe104⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe105⤵
-
\??\c:\flxrffx.exec:\flxrffx.exe106⤵
-
\??\c:\hthhbb.exec:\hthhbb.exe107⤵
-
\??\c:\3bhbbt.exec:\3bhbbt.exe108⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe109⤵
-
\??\c:\1rfxfll.exec:\1rfxfll.exe110⤵
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe111⤵
-
\??\c:\nhnbtt.exec:\nhnbtt.exe112⤵
-
\??\c:\dppvp.exec:\dppvp.exe113⤵
-
\??\c:\ppddp.exec:\ppddp.exe114⤵
-
\??\c:\rlrlrrf.exec:\rlrlrrf.exe115⤵
-
\??\c:\9flfffl.exec:\9flfffl.exe116⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe117⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe118⤵
-
\??\c:\vppjd.exec:\vppjd.exe119⤵
-
\??\c:\rxxrffx.exec:\rxxrffx.exe120⤵
-
\??\c:\9bbbtb.exec:\9bbbtb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-