Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
14/08/2024, 01:01
General
-
Target
e11395ff46b23e134321b01af40bc2ad678588ccdb94d6ccbaa472e65de3046f.exe
-
Size
93KB
-
MD5
954e07803cfaa102a921e55038b64877
-
SHA1
d8d7d8266afb45b4e3bab980c2e2faaeebe3215b
-
SHA256
e11395ff46b23e134321b01af40bc2ad678588ccdb94d6ccbaa472e65de3046f
-
SHA512
1a50e3a7e807252b074bf711ab6b731ce6584335953c96e89c85a4a651a001187b8509941f2f3f7f1188317d8937e75a2691b5c6b48ae05a7ee0605fabc1e0cf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7xCkTsIRwnohZkqwKYSpFxL:ymb3NkkiQ3mdBjFo7LAIRUohDwKY+xL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e11395ff46b23e134321b01af40bc2ad678588ccdb94d6ccbaa472e65de3046f.exe"C:\Users\Admin\AppData\Local\Temp\e11395ff46b23e134321b01af40bc2ad678588ccdb94d6ccbaa472e65de3046f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdv.exec:\jdvdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxfxl.exec:\xlrxfxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnbb.exec:\tnhnbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddj.exec:\dpddj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrflr.exec:\fxrrflr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbht.exec:\nhtbht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpv.exec:\pjdpv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xlxlrx.exec:\1xlxlrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bbhhn.exec:\3bbhhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbthn.exec:\9hbthn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvd.exec:\pjvvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppvv.exec:\dppvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxxflr.exec:\9rxxflr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ntbbh.exec:\3ntbbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nbhbn.exec:\3nbhbn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvv.exec:\jdpvv.exe17⤵
- Executes dropped EXE
-
\??\c:\lfrxflr.exec:\lfrxflr.exe18⤵
- Executes dropped EXE
-
\??\c:\3frxffl.exec:\3frxffl.exe19⤵
- Executes dropped EXE
-
\??\c:\1bttbh.exec:\1bttbh.exe20⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe21⤵
- Executes dropped EXE
-
\??\c:\5vpvd.exec:\5vpvd.exe22⤵
- Executes dropped EXE
-
\??\c:\5rflxxl.exec:\5rflxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\7nhtbb.exec:\7nhtbb.exe24⤵
- Executes dropped EXE
-
\??\c:\3ttbbh.exec:\3ttbbh.exe25⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe26⤵
- Executes dropped EXE
-
\??\c:\5rffrlf.exec:\5rffrlf.exe27⤵
- Executes dropped EXE
-
\??\c:\thtbbh.exec:\thtbbh.exe28⤵
- Executes dropped EXE
-
\??\c:\bnhbtt.exec:\bnhbtt.exe29⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\1vdjd.exec:\1vdjd.exe30⤵
- Executes dropped EXE
-
\??\c:\fxllxrf.exec:\fxllxrf.exe31⤵
- Executes dropped EXE
-
\??\c:\lxrfrlr.exec:\lxrfrlr.exe32⤵
- Executes dropped EXE
-
\??\c:\5bnnnt.exec:\5bnnnt.exe33⤵
- Executes dropped EXE
-
\??\c:\dpddp.exec:\dpddp.exe34⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe35⤵
- Executes dropped EXE
-
\??\c:\xlxxxrx.exec:\xlxxxrx.exe36⤵
- Executes dropped EXE
-
\??\c:\lfllxrf.exec:\lfllxrf.exe37⤵
- Executes dropped EXE
-
\??\c:\hnbhhb.exec:\hnbhhb.exe38⤵
- Executes dropped EXE
-
\??\c:\tnnntn.exec:\tnnntn.exe39⤵
- Executes dropped EXE
-
\??\c:\7dppp.exec:\7dppp.exe40⤵
- Executes dropped EXE
-
\??\c:\jvjpd.exec:\jvjpd.exe41⤵
- Executes dropped EXE
-
\??\c:\rlxllfr.exec:\rlxllfr.exe42⤵
- Executes dropped EXE
-
\??\c:\nhbnhh.exec:\nhbnhh.exe43⤵
- Executes dropped EXE
-
\??\c:\nhtttt.exec:\nhtttt.exe44⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe45⤵
- Executes dropped EXE
-
\??\c:\dpdjp.exec:\dpdjp.exe46⤵
- Executes dropped EXE
-
\??\c:\3rffffr.exec:\3rffffr.exe47⤵
- Executes dropped EXE
-
\??\c:\frxfxff.exec:\frxfxff.exe48⤵
- Executes dropped EXE
-
\??\c:\nhtttt.exec:\nhtttt.exe49⤵
- Executes dropped EXE
-
\??\c:\ttttnh.exec:\ttttnh.exe50⤵
- Executes dropped EXE
-
\??\c:\3vjpp.exec:\3vjpp.exe51⤵
- Executes dropped EXE
-
\??\c:\djpdj.exec:\djpdj.exe52⤵
- Executes dropped EXE
-
\??\c:\fxlfffr.exec:\fxlfffr.exe53⤵
- Executes dropped EXE
-
\??\c:\frlrlrr.exec:\frlrlrr.exe54⤵
- Executes dropped EXE
-
\??\c:\tnnnbb.exec:\tnnnbb.exe55⤵
- Executes dropped EXE
-
\??\c:\vdpjp.exec:\vdpjp.exe56⤵
- Executes dropped EXE
-
\??\c:\1jddd.exec:\1jddd.exe57⤵
- Executes dropped EXE
-
\??\c:\pdvvd.exec:\pdvvd.exe58⤵
- Executes dropped EXE
-
\??\c:\lxlrxxl.exec:\lxlrxxl.exe59⤵
- Executes dropped EXE
-
\??\c:\tthbnh.exec:\tthbnh.exe60⤵
- Executes dropped EXE
-
\??\c:\9thntt.exec:\9thntt.exe61⤵
- Executes dropped EXE
-
\??\c:\9vddv.exec:\9vddv.exe62⤵
- Executes dropped EXE
-
\??\c:\9dvjp.exec:\9dvjp.exe63⤵
- Executes dropped EXE
-
\??\c:\lfrrrxx.exec:\lfrrrxx.exe64⤵
- Executes dropped EXE
-
\??\c:\rlxfrrl.exec:\rlxfrrl.exe65⤵
- Executes dropped EXE
-
\??\c:\thtthb.exec:\thtthb.exe66⤵
-
\??\c:\jvddp.exec:\jvddp.exe67⤵
-
\??\c:\3rrrrll.exec:\3rrrrll.exe68⤵
-
\??\c:\3lfrffr.exec:\3lfrffr.exe69⤵
-
\??\c:\btbthb.exec:\btbthb.exe70⤵
-
\??\c:\hthntb.exec:\hthntb.exe71⤵
-
\??\c:\5dpdj.exec:\5dpdj.exe72⤵
-
\??\c:\dvddp.exec:\dvddp.exe73⤵
-
\??\c:\5lfffll.exec:\5lfffll.exe74⤵
-
\??\c:\xrlxllr.exec:\xrlxllr.exe75⤵
-
\??\c:\tnbttn.exec:\tnbttn.exe76⤵
-
\??\c:\nhtbbb.exec:\nhtbbb.exe77⤵
-
\??\c:\djppj.exec:\djppj.exe78⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe79⤵
-
\??\c:\frrrxrl.exec:\frrrxrl.exe80⤵
-
\??\c:\frxfffl.exec:\frxfffl.exe81⤵
-
\??\c:\bnbhbt.exec:\bnbhbt.exe82⤵
-
\??\c:\hbtnhn.exec:\hbtnhn.exe83⤵
-
\??\c:\9jdpv.exec:\9jdpv.exe84⤵
-
\??\c:\1djdd.exec:\1djdd.exe85⤵
-
\??\c:\fxrxllf.exec:\fxrxllf.exe86⤵
-
\??\c:\lrxflll.exec:\lrxflll.exe87⤵
-
\??\c:\hthhtb.exec:\hthhtb.exe88⤵
-
\??\c:\5tnnbb.exec:\5tnnbb.exe89⤵
-
\??\c:\pvdjj.exec:\pvdjj.exe90⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe91⤵
-
\??\c:\3vjpp.exec:\3vjpp.exe92⤵
-
\??\c:\rlrxflx.exec:\rlrxflx.exe93⤵
-
\??\c:\rfxrlrf.exec:\rfxrlrf.exe94⤵
-
\??\c:\tbhntb.exec:\tbhntb.exe95⤵
-
\??\c:\nbnhhb.exec:\nbnhhb.exe96⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe97⤵
-
\??\c:\9vvvd.exec:\9vvvd.exe98⤵
-
\??\c:\7rfxrrl.exec:\7rfxrrl.exe99⤵
-
\??\c:\frxffff.exec:\frxffff.exe100⤵
-
\??\c:\htttbb.exec:\htttbb.exe101⤵
-
\??\c:\httntn.exec:\httntn.exe102⤵
-
\??\c:\3pddd.exec:\3pddd.exe103⤵
-
\??\c:\9vjjd.exec:\9vjjd.exe104⤵
-
\??\c:\1jvpd.exec:\1jvpd.exe105⤵
-
\??\c:\rlxfrrl.exec:\rlxfrrl.exe106⤵
-
\??\c:\xllrrrx.exec:\xllrrrx.exe107⤵
-
\??\c:\1hnhtn.exec:\1hnhtn.exe108⤵
-
\??\c:\nbhnnn.exec:\nbhnnn.exe109⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe110⤵
-
\??\c:\1pddd.exec:\1pddd.exe111⤵
-
\??\c:\xlrxfxf.exec:\xlrxfxf.exe112⤵
-
\??\c:\rlffrlx.exec:\rlffrlx.exe113⤵
-
\??\c:\hbhhbn.exec:\hbhhbn.exe114⤵
-
\??\c:\hbhnnt.exec:\hbhnnt.exe115⤵
-
\??\c:\5dvdd.exec:\5dvdd.exe116⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe117⤵
-
\??\c:\xlxxfxf.exec:\xlxxfxf.exe118⤵
-
\??\c:\9lrrrrx.exec:\9lrrrrx.exe119⤵
-
\??\c:\nbnttt.exec:\nbnttt.exe120⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-