Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
06/08/2024, 06:39
General
-
Target
70f755519abfcc428a7f683731952ce0N.exe
-
Size
59KB
-
MD5
70f755519abfcc428a7f683731952ce0
-
SHA1
6ae39ee07e1b2e0c3334f71adeb86d8d510c5424
-
SHA256
ccc4a2857e6e4aa78beef83bd2271ad0d473cd92d703868f3b852495e35892ca
-
SHA512
7bb57e8ff496c448f0b0c7ed13da349b6e3fb8627aecac380da47b6e24c25f8a920d43fac9e54671d6fe17edf6055477087a334139f8b43d4c35c9b5fe71242a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chVn9PG:ymb3NkkiQ3mdBjF0crg
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\70f755519abfcc428a7f683731952ce0N.exe"C:\Users\Admin\AppData\Local\Temp\70f755519abfcc428a7f683731952ce0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbhb.exec:\tthbhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbnt.exec:\bnbbnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ffxlfr.exec:\7ffxlfr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfllx.exec:\xrxfllx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnbt.exec:\htnnbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhhh.exec:\bnhhhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjjj.exec:\1jjjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlfllx.exec:\xxlfllx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hnthn.exec:\3hnthn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhthn.exec:\5nhthn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpdj.exec:\jjpdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvd.exec:\pjvvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rfxrxf.exec:\3rfxrxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbnn.exec:\nhtbnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhhnn.exec:\9hhhnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvvp.exec:\1pvvp.exe17⤵
- Executes dropped EXE
-
\??\c:\jvpvj.exec:\jvpvj.exe18⤵
- Executes dropped EXE
-
\??\c:\rrxflrf.exec:\rrxflrf.exe19⤵
- Executes dropped EXE
-
\??\c:\1tnhtt.exec:\1tnhtt.exe20⤵
- Executes dropped EXE
-
\??\c:\9ddjj.exec:\9ddjj.exe21⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe22⤵
- Executes dropped EXE
-
\??\c:\fxrlrfx.exec:\fxrlrfx.exe23⤵
- Executes dropped EXE
-
\??\c:\3xlllxf.exec:\3xlllxf.exe24⤵
- Executes dropped EXE
-
\??\c:\btnnnn.exec:\btnnnn.exe25⤵
- Executes dropped EXE
-
\??\c:\7dvvv.exec:\7dvvv.exe26⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe27⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\3frxxfl.exec:\3frxxfl.exe28⤵
- Executes dropped EXE
-
\??\c:\nnnhnt.exec:\nnnhnt.exe29⤵
- Executes dropped EXE
-
\??\c:\tbhhhb.exec:\tbhhhb.exe30⤵
- Executes dropped EXE
-
\??\c:\1dppj.exec:\1dppj.exe31⤵
- Executes dropped EXE
-
\??\c:\1lrlrrx.exec:\1lrlrrx.exe32⤵
- Executes dropped EXE
-
\??\c:\9rrffxf.exec:\9rrffxf.exe33⤵
- Executes dropped EXE
-
\??\c:\hnhntt.exec:\hnhntt.exe34⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe35⤵
- Executes dropped EXE
-
\??\c:\pvjpd.exec:\pvjpd.exe36⤵
- Executes dropped EXE
-
\??\c:\9vjdv.exec:\9vjdv.exe37⤵
- Executes dropped EXE
-
\??\c:\lxrxxxl.exec:\lxrxxxl.exe38⤵
- Executes dropped EXE
-
\??\c:\nbnnth.exec:\nbnnth.exe39⤵
- Executes dropped EXE
-
\??\c:\9hbttt.exec:\9hbttt.exe40⤵
- Executes dropped EXE
-
\??\c:\3dpjp.exec:\3dpjp.exe41⤵
- Executes dropped EXE
-
\??\c:\dpppj.exec:\dpppj.exe42⤵
- Executes dropped EXE
-
\??\c:\lrlrffr.exec:\lrlrffr.exe43⤵
- Executes dropped EXE
-
\??\c:\xflffxx.exec:\xflffxx.exe44⤵
- Executes dropped EXE
-
\??\c:\htntnt.exec:\htntnt.exe45⤵
- Executes dropped EXE
-
\??\c:\nhthhn.exec:\nhthhn.exe46⤵
- Executes dropped EXE
-
\??\c:\djvvj.exec:\djvvj.exe47⤵
- Executes dropped EXE
-
\??\c:\pddjd.exec:\pddjd.exe48⤵
- Executes dropped EXE
-
\??\c:\lxfxxxf.exec:\lxfxxxf.exe49⤵
- Executes dropped EXE
-
\??\c:\hbhntt.exec:\hbhntt.exe50⤵
- Executes dropped EXE
-
\??\c:\nbhhhb.exec:\nbhhhb.exe51⤵
- Executes dropped EXE
-
\??\c:\7pvvd.exec:\7pvvd.exe52⤵
- Executes dropped EXE
-
\??\c:\3jpjj.exec:\3jpjj.exe53⤵
- Executes dropped EXE
-
\??\c:\lrlxflr.exec:\lrlxflr.exe54⤵
- Executes dropped EXE
-
\??\c:\5flllrr.exec:\5flllrr.exe55⤵
- Executes dropped EXE
-
\??\c:\hbthbb.exec:\hbthbb.exe56⤵
- Executes dropped EXE
-
\??\c:\jvvvd.exec:\jvvvd.exe57⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe58⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe59⤵
- Executes dropped EXE
-
\??\c:\xlrrfxr.exec:\xlrrfxr.exe60⤵
- Executes dropped EXE
-
\??\c:\3hbbhb.exec:\3hbbhb.exe61⤵
- Executes dropped EXE
-
\??\c:\nbhhnn.exec:\nbhhnn.exe62⤵
- Executes dropped EXE
-
\??\c:\jpddj.exec:\jpddj.exe63⤵
- Executes dropped EXE
-
\??\c:\dvvjp.exec:\dvvjp.exe64⤵
- Executes dropped EXE
-
\??\c:\rxlllrr.exec:\rxlllrr.exe65⤵
- Executes dropped EXE
-
\??\c:\rffrrll.exec:\rffrrll.exe66⤵
-
\??\c:\ffllrxl.exec:\ffllrxl.exe67⤵
-
\??\c:\9hbhhb.exec:\9hbhhb.exe68⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe69⤵
-
\??\c:\5vjdj.exec:\5vjdj.exe70⤵
-
\??\c:\lfrxxff.exec:\lfrxxff.exe71⤵
-
\??\c:\rrxlrrf.exec:\rrxlrrf.exe72⤵
-
\??\c:\nttntt.exec:\nttntt.exe73⤵
-
\??\c:\3bnntn.exec:\3bnntn.exe74⤵
-
\??\c:\3pdjv.exec:\3pdjv.exe75⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe76⤵
-
\??\c:\9xrxxxf.exec:\9xrxxxf.exe77⤵
-
\??\c:\xxrxrxr.exec:\xxrxrxr.exe78⤵
-
\??\c:\5bnbhh.exec:\5bnbhh.exe79⤵
-
\??\c:\ntbbhn.exec:\ntbbhn.exe80⤵
-
\??\c:\9vpdd.exec:\9vpdd.exe81⤵
-
\??\c:\7dpdv.exec:\7dpdv.exe82⤵
-
\??\c:\frxrlff.exec:\frxrlff.exe83⤵
-
\??\c:\rfrfrxr.exec:\rfrfrxr.exe84⤵
-
\??\c:\httbhn.exec:\httbhn.exe85⤵
-
\??\c:\1hbhnt.exec:\1hbhnt.exe86⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe87⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe88⤵
-
\??\c:\xllfxxf.exec:\xllfxxf.exe89⤵
-
\??\c:\1xlrffr.exec:\1xlrffr.exe90⤵
-
\??\c:\bnbbnt.exec:\bnbbnt.exe91⤵
-
\??\c:\jpppp.exec:\jpppp.exe92⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe93⤵
-
\??\c:\fxrxxfl.exec:\fxrxxfl.exe94⤵
-
\??\c:\rlrrxfl.exec:\rlrrxfl.exe95⤵
-
\??\c:\nbbnbh.exec:\nbbnbh.exe96⤵
-
\??\c:\tnbttt.exec:\tnbttt.exe97⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe98⤵
-
\??\c:\dpppp.exec:\dpppp.exe99⤵
-
\??\c:\lflfrrx.exec:\lflfrrx.exe100⤵
-
\??\c:\lxxrxxx.exec:\lxxrxxx.exe101⤵
-
\??\c:\htnnbb.exec:\htnnbb.exe102⤵
-
\??\c:\nbhbbh.exec:\nbhbbh.exe103⤵
-
\??\c:\jjppv.exec:\jjppv.exe104⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe105⤵
-
\??\c:\rflxxlf.exec:\rflxxlf.exe106⤵
-
\??\c:\5jdjp.exec:\5jdjp.exe107⤵
-
\??\c:\lxlrflx.exec:\lxlrflx.exe108⤵
-
\??\c:\rlrlflr.exec:\rlrlflr.exe109⤵
-
\??\c:\btnbtt.exec:\btnbtt.exe110⤵
-
\??\c:\tbnnbt.exec:\tbnnbt.exe111⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe112⤵
-
\??\c:\7pdpj.exec:\7pdpj.exe113⤵
-
\??\c:\1dvdj.exec:\1dvdj.exe114⤵
-
\??\c:\xxrlffx.exec:\xxrlffx.exe115⤵
-
\??\c:\1lxxffr.exec:\1lxxffr.exe116⤵
-
\??\c:\5bnnhh.exec:\5bnnhh.exe117⤵
-
\??\c:\9htbhn.exec:\9htbhn.exe118⤵
-
\??\c:\tnbbbh.exec:\tnbbbh.exe119⤵
-
\??\c:\7djvd.exec:\7djvd.exe120⤵
-
\??\c:\vvdjv.exec:\vvdjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-