Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
26/07/2024, 01:50
General
-
Target
a96070bb942b77a847c3857a91a77d934f311b8e924423a3d0cedda3fae34a91.exe
-
Size
371KB
-
MD5
a4c4de95a1866f36fc52d17e342a3348
-
SHA1
fc4764d039be85124990823c6bbe7a4a7453a867
-
SHA256
a96070bb942b77a847c3857a91a77d934f311b8e924423a3d0cedda3fae34a91
-
SHA512
11f658d90a44e1dbdb3389efbd0f06401a3f53f968680b2eab0671ad95a92f6d5670629987c56b57b145d83f420028adae44404eb75a35200d09dc6a4cd45e35
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVw8:n3C9uYA7okVqdKwaO5CV5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a96070bb942b77a847c3857a91a77d934f311b8e924423a3d0cedda3fae34a91.exe"C:\Users\Admin\AppData\Local\Temp\a96070bb942b77a847c3857a91a77d934f311b8e924423a3d0cedda3fae34a91.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxrffl.exec:\9rxrffl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrfxlx.exec:\7lrfxlx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdj.exec:\vvpdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frffllx.exec:\frffllx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbbt.exec:\bnbbbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddv.exec:\jvddv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlrlfr.exec:\3rlrlfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppd.exec:\ddppd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfrlxr.exec:\xxfrlxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnbn.exec:\hbnnbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpd.exec:\dvjpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrxxl.exec:\xrrrxxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnt.exec:\tnttnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjddd.exec:\vjddd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbhtt.exec:\1hbhtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbnn.exec:\nnnbnn.exe17⤵
- Executes dropped EXE
-
\??\c:\xrflxfl.exec:\xrflxfl.exe18⤵
- Executes dropped EXE
-
\??\c:\5httth.exec:\5httth.exe19⤵
- Executes dropped EXE
-
\??\c:\5pjvj.exec:\5pjvj.exe20⤵
- Executes dropped EXE
-
\??\c:\rrxllxx.exec:\rrxllxx.exe21⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe22⤵
- Executes dropped EXE
-
\??\c:\9lxflrx.exec:\9lxflrx.exe23⤵
- Executes dropped EXE
-
\??\c:\tnbbnn.exec:\tnbbnn.exe24⤵
- Executes dropped EXE
-
\??\c:\rrxlxrx.exec:\rrxlxrx.exe25⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\btthnb.exec:\btthnb.exe27⤵
- Executes dropped EXE
-
\??\c:\1frrffr.exec:\1frrffr.exe28⤵
- Executes dropped EXE
-
\??\c:\nnhnbh.exec:\nnhnbh.exe29⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe30⤵
- Executes dropped EXE
-
\??\c:\7lxlllr.exec:\7lxlllr.exe31⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe32⤵
- Executes dropped EXE
-
\??\c:\lfxlxrx.exec:\lfxlxrx.exe33⤵
- Executes dropped EXE
-
\??\c:\hhbbnn.exec:\hhbbnn.exe34⤵
- Executes dropped EXE
-
\??\c:\jddpv.exec:\jddpv.exe35⤵
- Executes dropped EXE
-
\??\c:\rrrrxrf.exec:\rrrrxrf.exe36⤵
- Executes dropped EXE
-
\??\c:\5nbnhh.exec:\5nbnhh.exe37⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bnbbtt.exec:\bnbbtt.exe38⤵
- Executes dropped EXE
-
\??\c:\dpddv.exec:\dpddv.exe39⤵
- Executes dropped EXE
-
\??\c:\3lxxllx.exec:\3lxxllx.exe40⤵
- Executes dropped EXE
-
\??\c:\1nnntn.exec:\1nnntn.exe41⤵
- Executes dropped EXE
-
\??\c:\djpjv.exec:\djpjv.exe42⤵
- Executes dropped EXE
-
\??\c:\vvdpv.exec:\vvdpv.exe43⤵
- Executes dropped EXE
-
\??\c:\xrfrxxl.exec:\xrfrxxl.exe44⤵
- Executes dropped EXE
-
\??\c:\ttntbn.exec:\ttntbn.exe45⤵
- Executes dropped EXE
-
\??\c:\5vdjj.exec:\5vdjj.exe46⤵
- Executes dropped EXE
-
\??\c:\xrfrxfr.exec:\xrfrxfr.exe47⤵
- Executes dropped EXE
-
\??\c:\tntbht.exec:\tntbht.exe48⤵
- Executes dropped EXE
-
\??\c:\9jddp.exec:\9jddp.exe49⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe50⤵
- Executes dropped EXE
-
\??\c:\1flxflr.exec:\1flxflr.exe51⤵
- Executes dropped EXE
-
\??\c:\nhnttt.exec:\nhnttt.exe52⤵
- Executes dropped EXE
-
\??\c:\3hthtb.exec:\3hthtb.exe53⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe54⤵
- Executes dropped EXE
-
\??\c:\rflxfrx.exec:\rflxfrx.exe55⤵
- Executes dropped EXE
-
\??\c:\bthntb.exec:\bthntb.exe56⤵
- Executes dropped EXE
-
\??\c:\7bhhhh.exec:\7bhhhh.exe57⤵
- Executes dropped EXE
-
\??\c:\pdvdj.exec:\pdvdj.exe58⤵
- Executes dropped EXE
-
\??\c:\rffxfxf.exec:\rffxfxf.exe59⤵
- Executes dropped EXE
-
\??\c:\lrrfxlf.exec:\lrrfxlf.exe60⤵
- Executes dropped EXE
-
\??\c:\btbnnt.exec:\btbnnt.exe61⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe62⤵
- Executes dropped EXE
-
\??\c:\9lfrflx.exec:\9lfrflx.exe63⤵
- Executes dropped EXE
-
\??\c:\rlrllff.exec:\rlrllff.exe64⤵
- Executes dropped EXE
-
\??\c:\nhbhtb.exec:\nhbhtb.exe65⤵
- Executes dropped EXE
-
\??\c:\pjpvv.exec:\pjpvv.exe66⤵
-
\??\c:\xflffff.exec:\xflffff.exe67⤵
-
\??\c:\fxxfrrf.exec:\fxxfrrf.exe68⤵
-
\??\c:\nhbhth.exec:\nhbhth.exe69⤵
-
\??\c:\pjddd.exec:\pjddd.exe70⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe71⤵
-
\??\c:\3rxfflr.exec:\3rxfflr.exe72⤵
-
\??\c:\5tbbhh.exec:\5tbbhh.exe73⤵
-
\??\c:\htthtn.exec:\htthtn.exe74⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe75⤵
-
\??\c:\fffrrrr.exec:\fffrrrr.exe76⤵
-
\??\c:\bhbhbb.exec:\bhbhbb.exe77⤵
-
\??\c:\hbbhtt.exec:\hbbhtt.exe78⤵
-
\??\c:\5dvvv.exec:\5dvvv.exe79⤵
-
\??\c:\xxrxrxf.exec:\xxrxrxf.exe80⤵
-
\??\c:\1lxffll.exec:\1lxffll.exe81⤵
-
\??\c:\ttnthn.exec:\ttnthn.exe82⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe83⤵
-
\??\c:\7jdpv.exec:\7jdpv.exe84⤵
-
\??\c:\fflrrlr.exec:\fflrrlr.exe85⤵
-
\??\c:\5hnbbn.exec:\5hnbbn.exe86⤵
-
\??\c:\1dddj.exec:\1dddj.exe87⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe88⤵
-
\??\c:\xrxfllr.exec:\xrxfllr.exe89⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe90⤵
-
\??\c:\hhbhnb.exec:\hhbhnb.exe91⤵
-
\??\c:\3djpd.exec:\3djpd.exe92⤵
-
\??\c:\frxffxx.exec:\frxffxx.exe93⤵
- System Location Discovery: System Language Discovery
-
\??\c:\btbtbb.exec:\btbtbb.exe94⤵
-
\??\c:\nbnhtt.exec:\nbnhtt.exe95⤵
-
\??\c:\1pjpd.exec:\1pjpd.exe96⤵
-
\??\c:\xrffflr.exec:\xrffflr.exe97⤵
-
\??\c:\lrrrlfx.exec:\lrrrlfx.exe98⤵
-
\??\c:\hbbntb.exec:\hbbntb.exe99⤵
-
\??\c:\hhbbnt.exec:\hhbbnt.exe100⤵
-
\??\c:\jdjvj.exec:\jdjvj.exe101⤵
-
\??\c:\3xrflxf.exec:\3xrflxf.exe102⤵
-
\??\c:\bttbnn.exec:\bttbnn.exe103⤵
-
\??\c:\hhhnnb.exec:\hhhnnb.exe104⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe105⤵
-
\??\c:\xrflrfr.exec:\xrflrfr.exe106⤵
-
\??\c:\tnhthh.exec:\tnhthh.exe107⤵
-
\??\c:\tnhtbn.exec:\tnhtbn.exe108⤵
-
\??\c:\pdppv.exec:\pdppv.exe109⤵
-
\??\c:\ffxfrxf.exec:\ffxfrxf.exe110⤵
-
\??\c:\frfffxl.exec:\frfffxl.exe111⤵
-
\??\c:\lrlxxlr.exec:\lrlxxlr.exe112⤵
-
\??\c:\3httnh.exec:\3httnh.exe113⤵
-
\??\c:\3dpvp.exec:\3dpvp.exe114⤵
-
\??\c:\rfrrflr.exec:\rfrrflr.exe115⤵
-
\??\c:\bhnntb.exec:\bhnntb.exe116⤵
-
\??\c:\3djjd.exec:\3djjd.exe117⤵
-
\??\c:\5frfrlx.exec:\5frfrlx.exe118⤵
-
\??\c:\ttnbtn.exec:\ttnbtn.exe119⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe120⤵
-
\??\c:\fxllxrf.exec:\fxllxrf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-