Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
26/12/2024, 18:59
General
-
Target
8d790afbd7117dc2db7f59df25ede17212526262896ed873968f67f9ce596af9.exe
-
Size
67KB
-
MD5
df8b88fb741ef858f4868d7e64e878d5
-
SHA1
89abebe428318bdc93cafae3f4696da2ed37e873
-
SHA256
8d790afbd7117dc2db7f59df25ede17212526262896ed873968f67f9ce596af9
-
SHA512
f98dd9a45af3ce11ae87b70bba0aff668ce62beeca6168703c6847fd84f5bbb3ceac88b16389257efd315eeef66d332513e1778e37e587941df814ce30ef8e6e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxeu:ymb3NkkiQ3mdBjF0y7kbUu
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8d790afbd7117dc2db7f59df25ede17212526262896ed873968f67f9ce596af9.exe"C:\Users\Admin\AppData\Local\Temp\8d790afbd7117dc2db7f59df25ede17212526262896ed873968f67f9ce596af9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjd.exec:\jvjjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnht.exec:\httnht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvp.exec:\jddvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxllf.exec:\lxfxllf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlfxr.exec:\flrlfxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnhb.exec:\nhtnhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpd.exec:\pdvpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbnn.exec:\bnhbnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjp.exec:\pjpjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrlll.exec:\rlrrlll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbhh.exec:\btbbhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtt.exec:\nhhbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpj.exec:\pdvpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpdd.exec:\9jpdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnnn.exec:\bbtnnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhhh.exec:\ttnhhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlffr.exec:\xxxlffr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnnnn.exec:\5tnnnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tthbb.exec:\1tthbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvj.exec:\pvdvj.exe23⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe24⤵
- Executes dropped EXE
-
\??\c:\7lxrlff.exec:\7lxrlff.exe25⤵
- Executes dropped EXE
-
\??\c:\bhhbnn.exec:\bhhbnn.exe26⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe27⤵
- Executes dropped EXE
-
\??\c:\jpppp.exec:\jpppp.exe28⤵
- Executes dropped EXE
-
\??\c:\xlxxrrr.exec:\xlxxrrr.exe29⤵
- Executes dropped EXE
-
\??\c:\9bbbhh.exec:\9bbbhh.exe30⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe31⤵
- Executes dropped EXE
-
\??\c:\rxxrfrl.exec:\rxxrfrl.exe32⤵
- Executes dropped EXE
-
\??\c:\1xlrrff.exec:\1xlrrff.exe33⤵
- Executes dropped EXE
-
\??\c:\nhhnhn.exec:\nhhnhn.exe34⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe35⤵
- Executes dropped EXE
-
\??\c:\dvjvd.exec:\dvjvd.exe36⤵
- Executes dropped EXE
-
\??\c:\fxxrllf.exec:\fxxrllf.exe37⤵
- Executes dropped EXE
-
\??\c:\bhttbb.exec:\bhttbb.exe38⤵
- Executes dropped EXE
-
\??\c:\1jpjd.exec:\1jpjd.exe39⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe40⤵
- Executes dropped EXE
-
\??\c:\lffrllf.exec:\lffrllf.exe41⤵
- Executes dropped EXE
-
\??\c:\jpvvj.exec:\jpvvj.exe42⤵
- Executes dropped EXE
-
\??\c:\jjjpd.exec:\jjjpd.exe43⤵
- Executes dropped EXE
-
\??\c:\hbbttt.exec:\hbbttt.exe44⤵
- Executes dropped EXE
-
\??\c:\flxlffx.exec:\flxlffx.exe45⤵
- Executes dropped EXE
-
\??\c:\rlrxrfx.exec:\rlrxrfx.exe46⤵
- Executes dropped EXE
-
\??\c:\hbbtnh.exec:\hbbtnh.exe47⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe48⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe49⤵
- Executes dropped EXE
-
\??\c:\9pjdp.exec:\9pjdp.exe50⤵
- Executes dropped EXE
-
\??\c:\frxrfxx.exec:\frxrfxx.exe51⤵
- Executes dropped EXE
-
\??\c:\nnnhnh.exec:\nnnhnh.exe52⤵
- Executes dropped EXE
-
\??\c:\hntthh.exec:\hntthh.exe53⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe54⤵
- Executes dropped EXE
-
\??\c:\flrlffr.exec:\flrlffr.exe55⤵
- Executes dropped EXE
-
\??\c:\xlrrrrl.exec:\xlrrrrl.exe56⤵
- Executes dropped EXE
-
\??\c:\3nnnht.exec:\3nnnht.exe57⤵
- Executes dropped EXE
-
\??\c:\tntttb.exec:\tntttb.exe58⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe59⤵
- Executes dropped EXE
-
\??\c:\rlrflfl.exec:\rlrflfl.exe60⤵
- Executes dropped EXE
-
\??\c:\7rrfxxx.exec:\7rrfxxx.exe61⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe62⤵
- Executes dropped EXE
-
\??\c:\ntbbnn.exec:\ntbbnn.exe63⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe64⤵
- Executes dropped EXE
-
\??\c:\3pdvv.exec:\3pdvv.exe65⤵
- Executes dropped EXE
-
\??\c:\lffrllf.exec:\lffrllf.exe66⤵
-
\??\c:\7xxrxrr.exec:\7xxrxrr.exe67⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe68⤵
-
\??\c:\ppjdj.exec:\ppjdj.exe69⤵
-
\??\c:\hthbhh.exec:\hthbhh.exe70⤵
-
\??\c:\thnhtt.exec:\thnhtt.exe71⤵
-
\??\c:\9jjjv.exec:\9jjjv.exe72⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe73⤵
-
\??\c:\flllxfl.exec:\flllxfl.exe74⤵
-
\??\c:\5rxxrrr.exec:\5rxxrrr.exe75⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe76⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe77⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe78⤵
-
\??\c:\frxrfxr.exec:\frxrfxr.exe79⤵
-
\??\c:\xxlllll.exec:\xxlllll.exe80⤵
-
\??\c:\ttbnhh.exec:\ttbnhh.exe81⤵
-
\??\c:\9htnnn.exec:\9htnnn.exe82⤵
-
\??\c:\pppjd.exec:\pppjd.exe83⤵
-
\??\c:\jddvp.exec:\jddvp.exe84⤵
-
\??\c:\7xfxrrr.exec:\7xfxrrr.exe85⤵
-
\??\c:\9tnnhb.exec:\9tnnhb.exe86⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe87⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe88⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe89⤵
-
\??\c:\9rxrffl.exec:\9rxrffl.exe90⤵
-
\??\c:\lffxxxr.exec:\lffxxxr.exe91⤵
-
\??\c:\thbbtn.exec:\thbbtn.exe92⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe93⤵
-
\??\c:\vddpv.exec:\vddpv.exe94⤵
-
\??\c:\fxxfrrx.exec:\fxxfrrx.exe95⤵
-
\??\c:\bhhbhn.exec:\bhhbhn.exe96⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe97⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe98⤵
-
\??\c:\rrlfrrr.exec:\rrlfrrr.exe99⤵
-
\??\c:\thhbnt.exec:\thhbnt.exe100⤵
-
\??\c:\bthbnh.exec:\bthbnh.exe101⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe102⤵
-
\??\c:\rllrlfr.exec:\rllrlfr.exe103⤵
-
\??\c:\lxrlfxx.exec:\lxrlfxx.exe104⤵
-
\??\c:\7nnhbb.exec:\7nnhbb.exe105⤵
-
\??\c:\bttntn.exec:\bttntn.exe106⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe107⤵
-
\??\c:\7xfxxxf.exec:\7xfxxxf.exe108⤵
-
\??\c:\lffxlff.exec:\lffxlff.exe109⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe110⤵
-
\??\c:\ntbthh.exec:\ntbthh.exe111⤵
-
\??\c:\vpddj.exec:\vpddj.exe112⤵
-
\??\c:\9ppjd.exec:\9ppjd.exe113⤵
-
\??\c:\lxrxrrr.exec:\lxrxrrr.exe114⤵
-
\??\c:\bhhbtn.exec:\bhhbtn.exe115⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hhnnbh.exec:\hhnnbh.exe116⤵
-
\??\c:\vppjd.exec:\vppjd.exe117⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe118⤵
-
\??\c:\flfxrll.exec:\flfxrll.exe119⤵
-
\??\c:\nhnhnh.exec:\nhnhnh.exe120⤵
-
\??\c:\bbhbhh.exec:\bbhbhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-