Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
08/08/2024, 04:23
General
-
Target
e40fc81863ad391aa95f92e5ce3690fa2a9c7aeeb6120bc47fa5865d78217542.exe
-
Size
91KB
-
MD5
b3ef64838721d804843ec6107dcee1b2
-
SHA1
7990eeb539a26ff4a4e5008e2836b0113198bc10
-
SHA256
e40fc81863ad391aa95f92e5ce3690fa2a9c7aeeb6120bc47fa5865d78217542
-
SHA512
6f28cd20fbdf2c0f42ef283f33e283124803c11a57d28cb6dd63090e0d64d47364f4328da03cf2c00a40b89aae1db371d0f71e1981a7c16f403b62d4291dbf85
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIQIDyviFxx2hCtgIMLP9rBZaRB2:ymb3NkkiQ3mdBjFIVLd2hWZGreRCYBVs
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e40fc81863ad391aa95f92e5ce3690fa2a9c7aeeb6120bc47fa5865d78217542.exe"C:\Users\Admin\AppData\Local\Temp\e40fc81863ad391aa95f92e5ce3690fa2a9c7aeeb6120bc47fa5865d78217542.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfffl.exec:\xrlfffl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntttn.exec:\hntttn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdjp.exec:\dpdjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxlfl.exec:\rxfxlfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrxffx.exec:\xfrxffx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbtnh.exec:\5tbtnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjd.exec:\jdvjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjpv.exec:\pdjpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rfxfxf.exec:\7rfxfxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhhbt.exec:\5bhhbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjj.exec:\jpjjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdj.exec:\pjvdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xlffff.exec:\5xlffff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhttnh.exec:\bhttnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppjp.exec:\1ppjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpvp.exec:\vjpvp.exe17⤵
- Executes dropped EXE
-
\??\c:\3lxlrrr.exec:\3lxlrrr.exe18⤵
- Executes dropped EXE
-
\??\c:\rlrlxxf.exec:\rlrlxxf.exe19⤵
- Executes dropped EXE
-
\??\c:\hbbnnn.exec:\hbbnnn.exe20⤵
- Executes dropped EXE
-
\??\c:\7pjdd.exec:\7pjdd.exe21⤵
- Executes dropped EXE
-
\??\c:\1djpj.exec:\1djpj.exe22⤵
- Executes dropped EXE
-
\??\c:\5rxrrll.exec:\5rxrrll.exe23⤵
- Executes dropped EXE
-
\??\c:\btnthh.exec:\btnthh.exe24⤵
- Executes dropped EXE
-
\??\c:\nttnhb.exec:\nttnhb.exe25⤵
- Executes dropped EXE
-
\??\c:\vvdvj.exec:\vvdvj.exe26⤵
- Executes dropped EXE
-
\??\c:\flllfxx.exec:\flllfxx.exe27⤵
- Executes dropped EXE
-
\??\c:\rflffxf.exec:\rflffxf.exe28⤵
- Executes dropped EXE
-
\??\c:\thhbbb.exec:\thhbbb.exe29⤵
- Executes dropped EXE
-
\??\c:\hbttbt.exec:\hbttbt.exe30⤵
- Executes dropped EXE
-
\??\c:\9pvpp.exec:\9pvpp.exe31⤵
- Executes dropped EXE
-
\??\c:\7flffff.exec:\7flffff.exe32⤵
- Executes dropped EXE
-
\??\c:\rxllxfx.exec:\rxllxfx.exe33⤵
- Executes dropped EXE
-
\??\c:\5bbbbb.exec:\5bbbbb.exe34⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe35⤵
- Executes dropped EXE
-
\??\c:\jdjpp.exec:\jdjpp.exe36⤵
- Executes dropped EXE
-
\??\c:\lxfxxrx.exec:\lxfxxrx.exe37⤵
- Executes dropped EXE
-
\??\c:\frrlrrl.exec:\frrlrrl.exe38⤵
- Executes dropped EXE
-
\??\c:\nbbthh.exec:\nbbthh.exe39⤵
- Executes dropped EXE
-
\??\c:\thhtbt.exec:\thhtbt.exe40⤵
- Executes dropped EXE
-
\??\c:\jppdd.exec:\jppdd.exe41⤵
- Executes dropped EXE
-
\??\c:\1pdvp.exec:\1pdvp.exe42⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\9xfxllr.exec:\9xfxllr.exe43⤵
- Executes dropped EXE
-
\??\c:\xlrrlff.exec:\xlrrlff.exe44⤵
- Executes dropped EXE
-
\??\c:\thhttn.exec:\thhttn.exe45⤵
- Executes dropped EXE
-
\??\c:\bnbbtt.exec:\bnbbtt.exe46⤵
- Executes dropped EXE
-
\??\c:\vjdpp.exec:\vjdpp.exe47⤵
- Executes dropped EXE
-
\??\c:\jvpjp.exec:\jvpjp.exe48⤵
- Executes dropped EXE
-
\??\c:\frrlfxl.exec:\frrlfxl.exe49⤵
- Executes dropped EXE
-
\??\c:\lxfxrrr.exec:\lxfxrrr.exe50⤵
- Executes dropped EXE
-
\??\c:\9flllff.exec:\9flllff.exe51⤵
- Executes dropped EXE
-
\??\c:\ttnhht.exec:\ttnhht.exe52⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe53⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe54⤵
- Executes dropped EXE
-
\??\c:\fxlrxrx.exec:\fxlrxrx.exe55⤵
- Executes dropped EXE
-
\??\c:\7rxxrlr.exec:\7rxxrlr.exe56⤵
- Executes dropped EXE
-
\??\c:\hbhntt.exec:\hbhntt.exe57⤵
- Executes dropped EXE
-
\??\c:\thnnbb.exec:\thnnbb.exe58⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe59⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe60⤵
- Executes dropped EXE
-
\??\c:\jvpjv.exec:\jvpjv.exe61⤵
- Executes dropped EXE
-
\??\c:\fxlrxfr.exec:\fxlrxfr.exe62⤵
- Executes dropped EXE
-
\??\c:\9lflxxl.exec:\9lflxxl.exe63⤵
- Executes dropped EXE
-
\??\c:\nbtbhh.exec:\nbtbhh.exe64⤵
- Executes dropped EXE
-
\??\c:\jpjdj.exec:\jpjdj.exe65⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe66⤵
-
\??\c:\5rlffll.exec:\5rlffll.exe67⤵
-
\??\c:\9rlllff.exec:\9rlllff.exe68⤵
-
\??\c:\3lfrffx.exec:\3lfrffx.exe69⤵
-
\??\c:\9hbhnh.exec:\9hbhnh.exe70⤵
-
\??\c:\hbthnn.exec:\hbthnn.exe71⤵
-
\??\c:\pdppj.exec:\pdppj.exe72⤵
-
\??\c:\pdpdd.exec:\pdpdd.exe73⤵
-
\??\c:\7rxxfff.exec:\7rxxfff.exe74⤵
-
\??\c:\lxffffl.exec:\lxffffl.exe75⤵
-
\??\c:\hbhhtb.exec:\hbhhtb.exe76⤵
-
\??\c:\3ntbtt.exec:\3ntbtt.exe77⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe78⤵
-
\??\c:\3vpvd.exec:\3vpvd.exe79⤵
-
\??\c:\frlfrrx.exec:\frlfrrx.exe80⤵
-
\??\c:\fxlrxxl.exec:\fxlrxxl.exe81⤵
-
\??\c:\bhtnbb.exec:\bhtnbb.exe82⤵
-
\??\c:\1bnnhn.exec:\1bnnhn.exe83⤵
-
\??\c:\hhtbhh.exec:\hhtbhh.exe84⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe85⤵
-
\??\c:\7xrrxxf.exec:\7xrrxxf.exe86⤵
-
\??\c:\7fxlxlr.exec:\7fxlxlr.exe87⤵
-
\??\c:\frlrflr.exec:\frlrflr.exe88⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe89⤵
-
\??\c:\hnhhnb.exec:\hnhhnb.exe90⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe91⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe92⤵
-
\??\c:\lfrxxll.exec:\lfrxxll.exe93⤵
-
\??\c:\9rxflfr.exec:\9rxflfr.exe94⤵
-
\??\c:\lxfrlrx.exec:\lxfrlrx.exe95⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe96⤵
-
\??\c:\bhbntb.exec:\bhbntb.exe97⤵
-
\??\c:\jdddp.exec:\jdddp.exe98⤵
-
\??\c:\7djdj.exec:\7djdj.exe99⤵
-
\??\c:\lxllxxf.exec:\lxllxxf.exe100⤵
-
\??\c:\7lxxllr.exec:\7lxxllr.exe101⤵
-
\??\c:\1btbnn.exec:\1btbnn.exe102⤵
-
\??\c:\nnnhnh.exec:\nnnhnh.exe103⤵
-
\??\c:\jvdjd.exec:\jvdjd.exe104⤵
-
\??\c:\9jvpv.exec:\9jvpv.exe105⤵
-
\??\c:\pjddv.exec:\pjddv.exe106⤵
-
\??\c:\lflflll.exec:\lflflll.exe107⤵
-
\??\c:\xxllrrr.exec:\xxllrrr.exe108⤵
-
\??\c:\bntbnn.exec:\bntbnn.exe109⤵
-
\??\c:\ttnbnt.exec:\ttnbnt.exe110⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe111⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe112⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe113⤵
-
\??\c:\ffrxxfr.exec:\ffrxxfr.exe114⤵
-
\??\c:\frfrflr.exec:\frfrflr.exe115⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe116⤵
-
\??\c:\nbhbnh.exec:\nbhbnh.exe117⤵
- System Location Discovery: System Language Discovery
-
\??\c:\thntbb.exec:\thntbb.exe118⤵
-
\??\c:\3jjjp.exec:\3jjjp.exe119⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe120⤵
-
\??\c:\rfffllr.exec:\rfffllr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-