Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
02/08/2024, 17:02
General
-
Target
bcd59a5d5abce27dc93da68869cab0a0N.exe
-
Size
67KB
-
MD5
bcd59a5d5abce27dc93da68869cab0a0
-
SHA1
9784ea18923646c33e031e75859a1556ac61d2f4
-
SHA256
7cfe0092b2321f7b90b56e25b6134b0d7022cb38f9453dfdb2a7ff87358f6d57
-
SHA512
cd455fedbbebc88b86c8a1e612e5bdb3ccc0778072e8bcb23a9b4d75b5b6172a14ccda78adb920afe583f8f58e5353c9b869b2ce17c6d939b8ed1ea53801e8af
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb7tAHEqSCO:ymb3NkkiQ3mdBjFIyna
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bcd59a5d5abce27dc93da68869cab0a0N.exe"C:\Users\Admin\AppData\Local\Temp\bcd59a5d5abce27dc93da68869cab0a0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\djjvv.exec:\djjvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrrll.exec:\xlrrrll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ntnnn.exec:\3ntnnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5btnhb.exec:\5btnhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdj.exec:\dvjdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpv.exec:\dvdpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfffxxx.exec:\xfffxxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrllll.exec:\xlrllll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1btnhb.exec:\1btnhb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vdvv.exec:\3vdvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpdv.exec:\vdpdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xfffxx.exec:\7xfffxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thbbb.exec:\3thbbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhnn.exec:\thhhnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjvv.exec:\1vjvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrxlr.exec:\lflrxlr.exe17⤵
- Executes dropped EXE
-
\??\c:\xrffflx.exec:\xrffflx.exe18⤵
- Executes dropped EXE
-
\??\c:\tbhnhh.exec:\tbhnhh.exe19⤵
- Executes dropped EXE
-
\??\c:\thbnhb.exec:\thbnhb.exe20⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe21⤵
- Executes dropped EXE
-
\??\c:\5lxlllr.exec:\5lxlllr.exe22⤵
- Executes dropped EXE
-
\??\c:\xllrllr.exec:\xllrllr.exe23⤵
- Executes dropped EXE
-
\??\c:\7tnnnh.exec:\7tnnnh.exe24⤵
- Executes dropped EXE
-
\??\c:\5thhhh.exec:\5thhhh.exe25⤵
- Executes dropped EXE
-
\??\c:\5vjjd.exec:\5vjjd.exe26⤵
- Executes dropped EXE
-
\??\c:\fxlrxrr.exec:\fxlrxrr.exe27⤵
- Executes dropped EXE
-
\??\c:\bntntt.exec:\bntntt.exe28⤵
- Executes dropped EXE
-
\??\c:\pjpvv.exec:\pjpvv.exe29⤵
- Executes dropped EXE
-
\??\c:\dvdpd.exec:\dvdpd.exe30⤵
- Executes dropped EXE
-
\??\c:\lflxxxx.exec:\lflxxxx.exe31⤵
- Executes dropped EXE
-
\??\c:\9rrlffl.exec:\9rrlffl.exe32⤵
- Executes dropped EXE
-
\??\c:\nbhhtn.exec:\nbhhtn.exe33⤵
- Executes dropped EXE
-
\??\c:\1hnnhh.exec:\1hnnhh.exe34⤵
- Executes dropped EXE
-
\??\c:\pdvvv.exec:\pdvvv.exe35⤵
- Executes dropped EXE
-
\??\c:\5jvpj.exec:\5jvpj.exe36⤵
- Executes dropped EXE
-
\??\c:\xrfffll.exec:\xrfffll.exe37⤵
- Executes dropped EXE
-
\??\c:\5xlflfl.exec:\5xlflfl.exe38⤵
- Executes dropped EXE
-
\??\c:\htnntt.exec:\htnntt.exe39⤵
- Executes dropped EXE
-
\??\c:\nbtnnb.exec:\nbtnnb.exe40⤵
- Executes dropped EXE
-
\??\c:\dpjjj.exec:\dpjjj.exe41⤵
- Executes dropped EXE
-
\??\c:\7vdvp.exec:\7vdvp.exe42⤵
- Executes dropped EXE
-
\??\c:\lffrfxr.exec:\lffrfxr.exe43⤵
- Executes dropped EXE
-
\??\c:\xllllll.exec:\xllllll.exe44⤵
- Executes dropped EXE
-
\??\c:\tbnntn.exec:\tbnntn.exe45⤵
- Executes dropped EXE
-
\??\c:\thtttn.exec:\thtttn.exe46⤵
- Executes dropped EXE
-
\??\c:\3vdvp.exec:\3vdvp.exe47⤵
- Executes dropped EXE
-
\??\c:\7djvp.exec:\7djvp.exe48⤵
- Executes dropped EXE
-
\??\c:\5rffxxx.exec:\5rffxxx.exe49⤵
- Executes dropped EXE
-
\??\c:\xlxxxrx.exec:\xlxxxrx.exe50⤵
- Executes dropped EXE
-
\??\c:\9jpvd.exec:\9jpvd.exe51⤵
- Executes dropped EXE
-
\??\c:\jvpjd.exec:\jvpjd.exe52⤵
- Executes dropped EXE
-
\??\c:\fxfflfl.exec:\fxfflfl.exe53⤵
- Executes dropped EXE
-
\??\c:\5frxflx.exec:\5frxflx.exe54⤵
- Executes dropped EXE
-
\??\c:\ttthht.exec:\ttthht.exe55⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe56⤵
- Executes dropped EXE
-
\??\c:\nhnttn.exec:\nhnttn.exe57⤵
- Executes dropped EXE
-
\??\c:\pvpdd.exec:\pvpdd.exe58⤵
- Executes dropped EXE
-
\??\c:\5vvpv.exec:\5vvpv.exe59⤵
- Executes dropped EXE
-
\??\c:\lfxxrlf.exec:\lfxxrlf.exe60⤵
- Executes dropped EXE
-
\??\c:\bnttbb.exec:\bnttbb.exe61⤵
- Executes dropped EXE
-
\??\c:\tbhbnt.exec:\tbhbnt.exe62⤵
- Executes dropped EXE
-
\??\c:\dpddv.exec:\dpddv.exe63⤵
- Executes dropped EXE
-
\??\c:\vvjdd.exec:\vvjdd.exe64⤵
- Executes dropped EXE
-
\??\c:\xrfrffl.exec:\xrfrffl.exe65⤵
- Executes dropped EXE
-
\??\c:\lxfxxxr.exec:\lxfxxxr.exe66⤵
-
\??\c:\thbbbh.exec:\thbbbh.exe67⤵
-
\??\c:\9ththn.exec:\9ththn.exe68⤵
-
\??\c:\pjppd.exec:\pjppd.exe69⤵
-
\??\c:\vpvjp.exec:\vpvjp.exe70⤵
-
\??\c:\rfrrxxx.exec:\rfrrxxx.exe71⤵
-
\??\c:\9rlflfx.exec:\9rlflfx.exe72⤵
-
\??\c:\llfxfrf.exec:\llfxfrf.exe73⤵
-
\??\c:\tnthnt.exec:\tnthnt.exe74⤵
-
\??\c:\bnbtbb.exec:\bnbtbb.exe75⤵
-
\??\c:\pdjvd.exec:\pdjvd.exe76⤵
-
\??\c:\vjppp.exec:\vjppp.exe77⤵
-
\??\c:\1fxrffl.exec:\1fxrffl.exe78⤵
-
\??\c:\rlrrrrf.exec:\rlrrrrf.exe79⤵
-
\??\c:\9nhtbb.exec:\9nhtbb.exe80⤵
-
\??\c:\bhhttt.exec:\bhhttt.exe81⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe82⤵
-
\??\c:\1jvvd.exec:\1jvvd.exe83⤵
-
\??\c:\7llllfl.exec:\7llllfl.exe84⤵
-
\??\c:\rlrxffl.exec:\rlrxffl.exe85⤵
-
\??\c:\fxlrxfl.exec:\fxlrxfl.exe86⤵
-
\??\c:\bnnttt.exec:\bnnttt.exe87⤵
-
\??\c:\thtbhh.exec:\thtbhh.exe88⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe89⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe90⤵
-
\??\c:\frfxfxx.exec:\frfxfxx.exe91⤵
-
\??\c:\fxrxllr.exec:\fxrxllr.exe92⤵
-
\??\c:\xlrrrrx.exec:\xlrrrrx.exe93⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe94⤵
-
\??\c:\thhbnh.exec:\thhbnh.exe95⤵
-
\??\c:\7dddd.exec:\7dddd.exe96⤵
-
\??\c:\dvddp.exec:\dvddp.exe97⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe98⤵
-
\??\c:\1xllrlr.exec:\1xllrlr.exe99⤵
-
\??\c:\rxrrrfr.exec:\rxrrrfr.exe100⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe101⤵
-
\??\c:\nbhhtt.exec:\nbhhtt.exe102⤵
-
\??\c:\9pdjd.exec:\9pdjd.exe103⤵
-
\??\c:\lxffrlr.exec:\lxffrlr.exe104⤵
-
\??\c:\fxlrxff.exec:\fxlrxff.exe105⤵
-
\??\c:\thhhtn.exec:\thhhtn.exe106⤵
-
\??\c:\nbnhnn.exec:\nbnhnn.exe107⤵
-
\??\c:\9jdjj.exec:\9jdjj.exe108⤵
-
\??\c:\9dvdj.exec:\9dvdj.exe109⤵
-
\??\c:\dppjp.exec:\dppjp.exe110⤵
-
\??\c:\lflfffr.exec:\lflfffr.exe111⤵
-
\??\c:\1rxrfxf.exec:\1rxrfxf.exe112⤵
-
\??\c:\tnnhnh.exec:\tnnhnh.exe113⤵
-
\??\c:\bbnntb.exec:\bbnntb.exe114⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe115⤵
-
\??\c:\5djjj.exec:\5djjj.exe116⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe117⤵
-
\??\c:\lflfffl.exec:\lflfffl.exe118⤵
-
\??\c:\7rfllff.exec:\7rfllff.exe119⤵
-
\??\c:\nbbbbn.exec:\nbbbbn.exe120⤵
-
\??\c:\nnbnnn.exec:\nnbnnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-