Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
11/08/2024, 22:09
General
-
Target
69ce4bf2edda73e81efe50cb14d6e559fd234588157bcc3937f9072298a7a41e.exe
-
Size
95KB
-
MD5
3380cb5005b0b076fc984b1729655cca
-
SHA1
40ff49d92054eb71167d4c90d38a525b82a51fd4
-
SHA256
69ce4bf2edda73e81efe50cb14d6e559fd234588157bcc3937f9072298a7a41e
-
SHA512
5db406f61e1cce6f2ed4609dc88fbe5059f4bb15dd9b1ff5b048cb6b15257c523c2790845e1bf51ce3e0a775e68a3c24699fe5c5c42f0a8cef266cd0a097e909
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLuePjDYlR3hnjKXIQSe9oEY+n:ymb3NkkiQ3mdBjFoLucjDilOZhoy
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\69ce4bf2edda73e81efe50cb14d6e559fd234588157bcc3937f9072298a7a41e.exe"C:\Users\Admin\AppData\Local\Temp\69ce4bf2edda73e81efe50cb14d6e559fd234588157bcc3937f9072298a7a41e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\4262880.exec:\4262880.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2464600.exec:\2464600.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\482800.exec:\482800.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s2620.exec:\s2620.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0840662.exec:\0840662.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k04422.exec:\k04422.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22806.exec:\22806.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\64228.exec:\64228.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c268624.exec:\c268624.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\868840.exec:\868840.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\886846.exec:\886846.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\86884.exec:\86884.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\08680.exec:\08680.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2680608.exec:\2680608.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\260882.exec:\260882.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\820066.exec:\820066.exe17⤵
- Executes dropped EXE
-
\??\c:\26402.exec:\26402.exe18⤵
- Executes dropped EXE
-
\??\c:\66406.exec:\66406.exe19⤵
- Executes dropped EXE
-
\??\c:\c240268.exec:\c240268.exe20⤵
- Executes dropped EXE
-
\??\c:\680444.exec:\680444.exe21⤵
- Executes dropped EXE
-
\??\c:\260280.exec:\260280.exe22⤵
- Executes dropped EXE
-
\??\c:\80666.exec:\80666.exe23⤵
- Executes dropped EXE
-
\??\c:\u080006.exec:\u080006.exe24⤵
- Executes dropped EXE
-
\??\c:\6680246.exec:\6680246.exe25⤵
- Executes dropped EXE
-
\??\c:\q60062.exec:\q60062.exe26⤵
- Executes dropped EXE
-
\??\c:\08048.exec:\08048.exe27⤵
- Executes dropped EXE
-
\??\c:\u082400.exec:\u082400.exe28⤵
- Executes dropped EXE
-
\??\c:\4004242.exec:\4004242.exe29⤵
- Executes dropped EXE
-
\??\c:\420844.exec:\420844.exe30⤵
- Executes dropped EXE
-
\??\c:\44066.exec:\44066.exe31⤵
- Executes dropped EXE
-
\??\c:\s8488.exec:\s8488.exe32⤵
- Executes dropped EXE
-
\??\c:\2606828.exec:\2606828.exe33⤵
- Executes dropped EXE
-
\??\c:\264062.exec:\264062.exe34⤵
- Executes dropped EXE
-
\??\c:\000262.exec:\000262.exe35⤵
- Executes dropped EXE
-
\??\c:\48066.exec:\48066.exe36⤵
- Executes dropped EXE
-
\??\c:\60202.exec:\60202.exe37⤵
- Executes dropped EXE
-
\??\c:\2682228.exec:\2682228.exe38⤵
- Executes dropped EXE
-
\??\c:\8684666.exec:\8684666.exe39⤵
- Executes dropped EXE
-
\??\c:\084406.exec:\084406.exe40⤵
- Executes dropped EXE
-
\??\c:\q08440.exec:\q08440.exe41⤵
- Executes dropped EXE
-
\??\c:\c066844.exec:\c066844.exe42⤵
- Executes dropped EXE
-
\??\c:\c484440.exec:\c484440.exe43⤵
- Executes dropped EXE
-
\??\c:\820228.exec:\820228.exe44⤵
- Executes dropped EXE
-
\??\c:\q42240.exec:\q42240.exe45⤵
- Executes dropped EXE
-
\??\c:\g0888.exec:\g0888.exe46⤵
- Executes dropped EXE
-
\??\c:\g8020.exec:\g8020.exe47⤵
- Executes dropped EXE
-
\??\c:\2466666.exec:\2466666.exe48⤵
- Executes dropped EXE
-
\??\c:\o648444.exec:\o648444.exe49⤵
- Executes dropped EXE
-
\??\c:\202400.exec:\202400.exe50⤵
- Executes dropped EXE
-
\??\c:\w80466.exec:\w80466.exe51⤵
- Executes dropped EXE
-
\??\c:\04004.exec:\04004.exe52⤵
- Executes dropped EXE
-
\??\c:\m8068.exec:\m8068.exe53⤵
- Executes dropped EXE
-
\??\c:\0426884.exec:\0426884.exe54⤵
- Executes dropped EXE
-
\??\c:\u824660.exec:\u824660.exe55⤵
- Executes dropped EXE
-
\??\c:\608084.exec:\608084.exe56⤵
- Executes dropped EXE
-
\??\c:\s8622.exec:\s8622.exe57⤵
- Executes dropped EXE
-
\??\c:\s0888.exec:\s0888.exe58⤵
- Executes dropped EXE
-
\??\c:\6002646.exec:\6002646.exe59⤵
- Executes dropped EXE
-
\??\c:\8262446.exec:\8262446.exe60⤵
- Executes dropped EXE
-
\??\c:\042288.exec:\042288.exe61⤵
- Executes dropped EXE
-
\??\c:\484066.exec:\484066.exe62⤵
- Executes dropped EXE
-
\??\c:\42844.exec:\42844.exe63⤵
- Executes dropped EXE
-
\??\c:\s2006.exec:\s2006.exe64⤵
- Executes dropped EXE
-
\??\c:\0468006.exec:\0468006.exe65⤵
- Executes dropped EXE
-
\??\c:\u646284.exec:\u646284.exe66⤵
-
\??\c:\042466.exec:\042466.exe67⤵
-
\??\c:\q82806.exec:\q82806.exe68⤵
-
\??\c:\a8628.exec:\a8628.exe69⤵
-
\??\c:\64084.exec:\64084.exe70⤵
-
\??\c:\8684228.exec:\8684228.exe71⤵
-
\??\c:\8284446.exec:\8284446.exe72⤵
-
\??\c:\684840.exec:\684840.exe73⤵
-
\??\c:\e26688.exec:\e26688.exe74⤵
-
\??\c:\64206.exec:\64206.exe75⤵
-
\??\c:\26402.exec:\26402.exe76⤵
-
\??\c:\02840.exec:\02840.exe77⤵
-
\??\c:\i082262.exec:\i082262.exe78⤵
-
\??\c:\6800484.exec:\6800484.exe79⤵
-
\??\c:\046800.exec:\046800.exe80⤵
-
\??\c:\046640.exec:\046640.exe81⤵
-
\??\c:\82462.exec:\82462.exe82⤵
-
\??\c:\08662.exec:\08662.exe83⤵
-
\??\c:\4288446.exec:\4288446.exe84⤵
-
\??\c:\6466228.exec:\6466228.exe85⤵
-
\??\c:\806688.exec:\806688.exe86⤵
-
\??\c:\824840.exec:\824840.exe87⤵
-
\??\c:\w48846.exec:\w48846.exe88⤵
-
\??\c:\86402.exec:\86402.exe89⤵
-
\??\c:\20284.exec:\20284.exe90⤵
-
\??\c:\2220060.exec:\2220060.exe91⤵
-
\??\c:\4866284.exec:\4866284.exe92⤵
-
\??\c:\0868248.exec:\0868248.exe93⤵
-
\??\c:\808886.exec:\808886.exe94⤵
-
\??\c:\402404.exec:\402404.exe95⤵
-
\??\c:\64224.exec:\64224.exe96⤵
-
\??\c:\26840.exec:\26840.exe97⤵
-
\??\c:\m8662.exec:\m8662.exe98⤵
-
\??\c:\2004484.exec:\2004484.exe99⤵
-
\??\c:\4828480.exec:\4828480.exe100⤵
-
\??\c:\868028.exec:\868028.exe101⤵
-
\??\c:\226886.exec:\226886.exe102⤵
-
\??\c:\08400.exec:\08400.exe103⤵
-
\??\c:\4004204.exec:\4004204.exe104⤵
-
\??\c:\8622046.exec:\8622046.exe105⤵
-
\??\c:\8028228.exec:\8028228.exe106⤵
-
\??\c:\488426.exec:\488426.exe107⤵
-
\??\c:\k84460.exec:\k84460.exe108⤵
-
\??\c:\a8284.exec:\a8284.exe109⤵
-
\??\c:\4200040.exec:\4200040.exe110⤵
-
\??\c:\4282846.exec:\4282846.exe111⤵
-
\??\c:\0428406.exec:\0428406.exe112⤵
-
\??\c:\206844.exec:\206844.exe113⤵
-
\??\c:\080062.exec:\080062.exe114⤵
-
\??\c:\64246.exec:\64246.exe115⤵
-
\??\c:\s2062.exec:\s2062.exe116⤵
-
\??\c:\0860284.exec:\0860284.exe117⤵
-
\??\c:\864026.exec:\864026.exe118⤵
-
\??\c:\k42428.exec:\k42428.exe119⤵
-
\??\c:\m4880.exec:\m4880.exe120⤵
-
\??\c:\a6884.exec:\a6884.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-