Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
14/08/2024, 07:23
General
-
Target
7d6a1781b35442a4b3a20eb81386f820N.exe
-
Size
296KB
-
MD5
7d6a1781b35442a4b3a20eb81386f820
-
SHA1
5de5ea6381b363b4482749d350f75dc8ec95cce9
-
SHA256
946cdbd1ab14c31846031c5158d852825ac07decf251edd9dfedee894dc34a21
-
SHA512
3c237936b7fd7bb6f8b1f073c7c564076ecaf830be30440132e405953f0bdd43e5b0aa063e2b24927f5fe79bdcf5dd19aa5d36c244b84b19540b8872825762a4
-
SSDEEP
6144:n3C9BRo/AIuuOthLmH403Pyr6UWO6jUl7sPgvh:n3C9uDVOXLmHBKWyn+Pgvh
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7d6a1781b35442a4b3a20eb81386f820N.exe"C:\Users\Admin\AppData\Local\Temp\7d6a1781b35442a4b3a20eb81386f820N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrflr.exec:\fffrflr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdjp.exec:\1pdjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jvpp.exec:\7jvpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxrrrx.exec:\1lxrrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthbhh.exec:\nthbhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpd.exec:\vvvpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlrfxf.exec:\rxlrfxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ttbnn.exec:\7ttbnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdp.exec:\vvpdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxffr.exec:\fxfxffr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdp.exec:\jdvdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnthhn.exec:\bnthhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpv.exec:\dvjpv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrflr.exec:\rlrrflr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7btbtt.exec:\7btbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvp.exec:\vvpvp.exe17⤵
- Executes dropped EXE
-
\??\c:\fxlxrrf.exec:\fxlxrrf.exe18⤵
- Executes dropped EXE
-
\??\c:\nhtthh.exec:\nhtthh.exe19⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe20⤵
- Executes dropped EXE
-
\??\c:\9rlrflr.exec:\9rlrflr.exe21⤵
- Executes dropped EXE
-
\??\c:\tntbbh.exec:\tntbbh.exe22⤵
- Executes dropped EXE
-
\??\c:\9vddj.exec:\9vddj.exe23⤵
- Executes dropped EXE
-
\??\c:\9lxxrxx.exec:\9lxxrxx.exe24⤵
- Executes dropped EXE
-
\??\c:\hbhnth.exec:\hbhnth.exe25⤵
- Executes dropped EXE
-
\??\c:\rlxflrf.exec:\rlxflrf.exe26⤵
- Executes dropped EXE
-
\??\c:\ttnbhn.exec:\ttnbhn.exe27⤵
- Executes dropped EXE
-
\??\c:\5htbnt.exec:\5htbnt.exe28⤵
- Executes dropped EXE
-
\??\c:\rlxxflr.exec:\rlxxflr.exe29⤵
- Executes dropped EXE
-
\??\c:\rrfrrxl.exec:\rrfrrxl.exe30⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe31⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe32⤵
- Executes dropped EXE
-
\??\c:\bththn.exec:\bththn.exe33⤵
- Executes dropped EXE
-
\??\c:\7dppd.exec:\7dppd.exe34⤵
- Executes dropped EXE
-
\??\c:\5ddpd.exec:\5ddpd.exe35⤵
- Executes dropped EXE
-
\??\c:\xrflrrf.exec:\xrflrrf.exe36⤵
- Executes dropped EXE
-
\??\c:\bnhnhh.exec:\bnhnhh.exe37⤵
- Executes dropped EXE
-
\??\c:\tnbbhn.exec:\tnbbhn.exe38⤵
- Executes dropped EXE
-
\??\c:\5jdjp.exec:\5jdjp.exe39⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe40⤵
- Executes dropped EXE
-
\??\c:\3frllrr.exec:\3frllrr.exe41⤵
- Executes dropped EXE
-
\??\c:\btnntn.exec:\btnntn.exe42⤵
- Executes dropped EXE
-
\??\c:\hbhhtt.exec:\hbhhtt.exe43⤵
- Executes dropped EXE
-
\??\c:\9djpp.exec:\9djpp.exe44⤵
- Executes dropped EXE
-
\??\c:\3jvvj.exec:\3jvvj.exe45⤵
- Executes dropped EXE
-
\??\c:\lfrflll.exec:\lfrflll.exe46⤵
- Executes dropped EXE
-
\??\c:\rlflllr.exec:\rlflllr.exe47⤵
- Executes dropped EXE
-
\??\c:\bthbht.exec:\bthbht.exe48⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe49⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe50⤵
- Executes dropped EXE
-
\??\c:\lrrxlxr.exec:\lrrxlxr.exe51⤵
- Executes dropped EXE
-
\??\c:\rlxlrrf.exec:\rlxlrrf.exe52⤵
- Executes dropped EXE
-
\??\c:\7tntbb.exec:\7tntbb.exe53⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jvjjv.exec:\jvjjv.exe54⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe55⤵
- Executes dropped EXE
-
\??\c:\7xlxlff.exec:\7xlxlff.exe56⤵
- Executes dropped EXE
-
\??\c:\lxrrfxf.exec:\lxrrfxf.exe57⤵
- Executes dropped EXE
-
\??\c:\nbnhnh.exec:\nbnhnh.exe58⤵
- Executes dropped EXE
-
\??\c:\hbtbhh.exec:\hbtbhh.exe59⤵
- Executes dropped EXE
-
\??\c:\3vpjp.exec:\3vpjp.exe60⤵
- Executes dropped EXE
-
\??\c:\vjjdj.exec:\vjjdj.exe61⤵
- Executes dropped EXE
-
\??\c:\rfxlrrr.exec:\rfxlrrr.exe62⤵
- Executes dropped EXE
-
\??\c:\hbtttb.exec:\hbtttb.exe63⤵
- Executes dropped EXE
-
\??\c:\thttbh.exec:\thttbh.exe64⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe65⤵
- Executes dropped EXE
-
\??\c:\5jddd.exec:\5jddd.exe66⤵
-
\??\c:\7lxfffl.exec:\7lxfffl.exe67⤵
-
\??\c:\xrxflll.exec:\xrxflll.exe68⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe69⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe70⤵
-
\??\c:\5vpvd.exec:\5vpvd.exe71⤵
-
\??\c:\xlrlxxx.exec:\xlrlxxx.exe72⤵
-
\??\c:\1xrxxfl.exec:\1xrxxfl.exe73⤵
-
\??\c:\bnnnbb.exec:\bnnnbb.exe74⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nbntbh.exec:\nbntbh.exe75⤵
-
\??\c:\7jdjj.exec:\7jdjj.exe76⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe77⤵
-
\??\c:\rlxlxxf.exec:\rlxlxxf.exe78⤵
-
\??\c:\xrxrxrx.exec:\xrxrxrx.exe79⤵
-
\??\c:\9tttnh.exec:\9tttnh.exe80⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe81⤵
-
\??\c:\7vvvd.exec:\7vvvd.exe82⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe83⤵
-
\??\c:\1xrxxxx.exec:\1xrxxxx.exe84⤵
-
\??\c:\1bhbbt.exec:\1bhbbt.exe85⤵
-
\??\c:\bntntt.exec:\bntntt.exe86⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe87⤵
-
\??\c:\dvddj.exec:\dvddj.exe88⤵
-
\??\c:\5lxfflr.exec:\5lxfflr.exe89⤵
-
\??\c:\lfxxxxx.exec:\lfxxxxx.exe90⤵
-
\??\c:\hhbbnt.exec:\hhbbnt.exe91⤵
-
\??\c:\pdppv.exec:\pdppv.exe92⤵
-
\??\c:\1jpjj.exec:\1jpjj.exe93⤵
-
\??\c:\1ffrlff.exec:\1ffrlff.exe94⤵
-
\??\c:\rlxxxll.exec:\rlxxxll.exe95⤵
-
\??\c:\bthtbb.exec:\bthtbb.exe96⤵
-
\??\c:\ppvdp.exec:\ppvdp.exe97⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ppjpd.exec:\ppjpd.exe98⤵
-
\??\c:\llrflxl.exec:\llrflxl.exe99⤵
-
\??\c:\xrllflx.exec:\xrllflx.exe100⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe101⤵
-
\??\c:\tnnbbt.exec:\tnnbbt.exe102⤵
-
\??\c:\1jdjp.exec:\1jdjp.exe103⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe104⤵
-
\??\c:\rlxlrlr.exec:\rlxlrlr.exe105⤵
-
\??\c:\1flrrfx.exec:\1flrrfx.exe106⤵
-
\??\c:\3hbbnh.exec:\3hbbnh.exe107⤵
-
\??\c:\3jddj.exec:\3jddj.exe108⤵
-
\??\c:\7vppp.exec:\7vppp.exe109⤵
-
\??\c:\frxfflr.exec:\frxfflr.exe110⤵
-
\??\c:\frffllr.exec:\frffllr.exe111⤵
-
\??\c:\5fxlxlr.exec:\5fxlxlr.exe112⤵
-
\??\c:\hhtbnn.exec:\hhtbnn.exe113⤵
-
\??\c:\7dpvj.exec:\7dpvj.exe114⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe115⤵
-
\??\c:\lfrrxxx.exec:\lfrrxxx.exe116⤵
-
\??\c:\rlflllr.exec:\rlflllr.exe117⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe118⤵
-
\??\c:\nbnhnt.exec:\nbnhnt.exe119⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe120⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-