Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
17/08/2024, 11:56
General
-
Target
4df3ccb5f92fb2d201ab637d0d4e7140N.exe
-
Size
92KB
-
MD5
4df3ccb5f92fb2d201ab637d0d4e7140
-
SHA1
44d94e796268137d88dd8289d5aa6cd5e423993d
-
SHA256
bfc4d47e057420e17486b5ccc269ad4eace48ff0738d2d1978146c51fb05c350
-
SHA512
b28fe28ac4cdb7b81e2063f5733bab128c5411cdb6a513a9426974e8c68ce306dd01aa1f3395b6da459b29057245b494d8b53d493ff133ef615b9d6b613d5374
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIS7/b9EUeWpEC3alBl7F/8e+e:ymb3NkkiQ3mdBjFIi/REUZnKlD+e
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4df3ccb5f92fb2d201ab637d0d4e7140N.exe"C:\Users\Admin\AppData\Local\Temp\4df3ccb5f92fb2d201ab637d0d4e7140N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frfflrl.exec:\frfflrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjp.exec:\ppdjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrfrxf.exec:\frrfrxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbbb.exec:\nbhbbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3djjd.exec:\3djjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxlrx.exec:\lfxxlrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9thnnt.exec:\9thnnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppp.exec:\vjppp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfxxl.exec:\xrlfxxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbntt.exec:\hhbntt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhthnt.exec:\nhthnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjvj.exec:\3pjvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdjj.exec:\1jdjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxffr.exec:\ffrxffr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ttntt.exec:\1ttntt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jpdj.exec:\3jpdj.exe17⤵
- Executes dropped EXE
-
\??\c:\1vpjp.exec:\1vpjp.exe18⤵
- Executes dropped EXE
-
\??\c:\xrfrxfr.exec:\xrfrxfr.exe19⤵
- Executes dropped EXE
-
\??\c:\bnhhtt.exec:\bnhhtt.exe20⤵
- Executes dropped EXE
-
\??\c:\nnhhtb.exec:\nnhhtb.exe21⤵
- Executes dropped EXE
-
\??\c:\1jvdj.exec:\1jvdj.exe22⤵
- Executes dropped EXE
-
\??\c:\lfrxflr.exec:\lfrxflr.exe23⤵
- Executes dropped EXE
-
\??\c:\rxflffl.exec:\rxflffl.exe24⤵
- Executes dropped EXE
-
\??\c:\hbnbhn.exec:\hbnbhn.exe25⤵
- Executes dropped EXE
-
\??\c:\pddjp.exec:\pddjp.exe26⤵
- Executes dropped EXE
-
\??\c:\jdpvv.exec:\jdpvv.exe27⤵
- Executes dropped EXE
-
\??\c:\5flffxf.exec:\5flffxf.exe28⤵
- Executes dropped EXE
-
\??\c:\7bnhtt.exec:\7bnhtt.exe29⤵
- Executes dropped EXE
-
\??\c:\htbttt.exec:\htbttt.exe30⤵
- Executes dropped EXE
-
\??\c:\pjvjd.exec:\pjvjd.exe31⤵
- Executes dropped EXE
-
\??\c:\flrrlfl.exec:\flrrlfl.exe32⤵
- Executes dropped EXE
-
\??\c:\lfxfxlr.exec:\lfxfxlr.exe33⤵
- Executes dropped EXE
-
\??\c:\3ttnbh.exec:\3ttnbh.exe34⤵
- Executes dropped EXE
-
\??\c:\hbtbbh.exec:\hbtbbh.exe35⤵
- Executes dropped EXE
-
\??\c:\vjddv.exec:\vjddv.exe36⤵
- Executes dropped EXE
-
\??\c:\fflxxxf.exec:\fflxxxf.exe37⤵
- Executes dropped EXE
-
\??\c:\lfllfrx.exec:\lfllfrx.exe38⤵
- Executes dropped EXE
-
\??\c:\btnbbh.exec:\btnbbh.exe39⤵
- Executes dropped EXE
-
\??\c:\bnnhht.exec:\bnnhht.exe40⤵
- Executes dropped EXE
-
\??\c:\9jvdj.exec:\9jvdj.exe41⤵
- Executes dropped EXE
-
\??\c:\3ddjv.exec:\3ddjv.exe42⤵
- Executes dropped EXE
-
\??\c:\lxllrrf.exec:\lxllrrf.exe43⤵
- Executes dropped EXE
-
\??\c:\ffllxfl.exec:\ffllxfl.exe44⤵
- Executes dropped EXE
-
\??\c:\hbnbhn.exec:\hbnbhn.exe45⤵
- Executes dropped EXE
-
\??\c:\7tbbtb.exec:\7tbbtb.exe46⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe47⤵
- Executes dropped EXE
-
\??\c:\pppvv.exec:\pppvv.exe48⤵
- Executes dropped EXE
-
\??\c:\1xrlrxf.exec:\1xrlrxf.exe49⤵
- Executes dropped EXE
-
\??\c:\tnttnt.exec:\tnttnt.exe50⤵
- Executes dropped EXE
-
\??\c:\1pddj.exec:\1pddj.exe51⤵
- Executes dropped EXE
-
\??\c:\3frfllx.exec:\3frfllx.exe52⤵
- Executes dropped EXE
-
\??\c:\1frfflf.exec:\1frfflf.exe53⤵
- Executes dropped EXE
-
\??\c:\tnhhtb.exec:\tnhhtb.exe54⤵
- Executes dropped EXE
-
\??\c:\3vjpj.exec:\3vjpj.exe55⤵
- Executes dropped EXE
-
\??\c:\vjvjp.exec:\vjvjp.exe56⤵
- Executes dropped EXE
-
\??\c:\lrxlfxf.exec:\lrxlfxf.exe57⤵
- Executes dropped EXE
-
\??\c:\9lfrxfr.exec:\9lfrxfr.exe58⤵
- Executes dropped EXE
-
\??\c:\nhbhnb.exec:\nhbhnb.exe59⤵
- Executes dropped EXE
-
\??\c:\tntbnn.exec:\tntbnn.exe60⤵
- Executes dropped EXE
-
\??\c:\1djpd.exec:\1djpd.exe61⤵
- Executes dropped EXE
-
\??\c:\jdvpv.exec:\jdvpv.exe62⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe63⤵
- Executes dropped EXE
-
\??\c:\fxxxllx.exec:\fxxxllx.exe64⤵
- Executes dropped EXE
-
\??\c:\lfrfrfr.exec:\lfrfrfr.exe65⤵
- Executes dropped EXE
-
\??\c:\tnttbn.exec:\tnttbn.exe66⤵
-
\??\c:\9htnbb.exec:\9htnbb.exe67⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe68⤵
-
\??\c:\pdvdv.exec:\pdvdv.exe69⤵
-
\??\c:\7lrlflx.exec:\7lrlflx.exe70⤵
-
\??\c:\1fxlxxf.exec:\1fxlxxf.exe71⤵
-
\??\c:\frxlxxl.exec:\frxlxxl.exe72⤵
-
\??\c:\ttnttt.exec:\ttnttt.exe73⤵
-
\??\c:\hbhnhh.exec:\hbhnhh.exe74⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe75⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe76⤵
-
\??\c:\xrfrlxl.exec:\xrfrlxl.exe77⤵
-
\??\c:\ffllrrx.exec:\ffllrrx.exe78⤵
-
\??\c:\bnntbb.exec:\bnntbb.exe79⤵
-
\??\c:\thtbnt.exec:\thtbnt.exe80⤵
-
\??\c:\btnhhn.exec:\btnhhn.exe81⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe82⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe83⤵
-
\??\c:\9rrxxlx.exec:\9rrxxlx.exe84⤵
-
\??\c:\frffrxx.exec:\frffrxx.exe85⤵
-
\??\c:\hhnnbh.exec:\hhnnbh.exe86⤵
-
\??\c:\hhthtb.exec:\hhthtb.exe87⤵
-
\??\c:\3tbhnt.exec:\3tbhnt.exe88⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe89⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe90⤵
-
\??\c:\9rlrllf.exec:\9rlrllf.exe91⤵
-
\??\c:\xrlxrrx.exec:\xrlxrrx.exe92⤵
-
\??\c:\ttthth.exec:\ttthth.exe93⤵
-
\??\c:\hhtbnt.exec:\hhtbnt.exe94⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe95⤵
-
\??\c:\dvddp.exec:\dvddp.exe96⤵
-
\??\c:\7vddd.exec:\7vddd.exe97⤵
-
\??\c:\llfrllx.exec:\llfrllx.exe98⤵
-
\??\c:\3xxfrrx.exec:\3xxfrrx.exe99⤵
-
\??\c:\1hbnhh.exec:\1hbnhh.exe100⤵
-
\??\c:\nbbhnn.exec:\nbbhnn.exe101⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe102⤵
-
\??\c:\7jppv.exec:\7jppv.exe103⤵
-
\??\c:\pjpdp.exec:\pjpdp.exe104⤵
-
\??\c:\1xrrrrl.exec:\1xrrrrl.exe105⤵
-
\??\c:\5fxrllr.exec:\5fxrllr.exe106⤵
-
\??\c:\1nnhbh.exec:\1nnhbh.exe107⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe108⤵
-
\??\c:\9vjdd.exec:\9vjdd.exe109⤵
-
\??\c:\fxrfrxr.exec:\fxrfrxr.exe110⤵
-
\??\c:\lfrfrxf.exec:\lfrfrxf.exe111⤵
-
\??\c:\rlfxlxf.exec:\rlfxlxf.exe112⤵
-
\??\c:\tntthh.exec:\tntthh.exe113⤵
-
\??\c:\tthnbt.exec:\tthnbt.exe114⤵
-
\??\c:\3vpvd.exec:\3vpvd.exe115⤵
-
\??\c:\lfrrlrf.exec:\lfrrlrf.exe116⤵
-
\??\c:\9fxlrfr.exec:\9fxlrfr.exe117⤵
-
\??\c:\1lflfll.exec:\1lflfll.exe118⤵
-
\??\c:\bbtbnt.exec:\bbtbnt.exe119⤵
-
\??\c:\5bnnht.exec:\5bnnht.exe120⤵
-
\??\c:\5jdjv.exec:\5jdjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-