Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
18/08/2024, 04:44
General
-
Target
b251ce76f743ddb46f67a3170e1d97d0N.exe
-
Size
61KB
-
MD5
b251ce76f743ddb46f67a3170e1d97d0
-
SHA1
264a037acd641fd612c7e7e09c0c50e50a05ccb4
-
SHA256
6419c4a3e02b93443720fc09ec19483a534c64832a3cff5434a46b77496837dd
-
SHA512
264b6dca71043d05bff8ac41704b5d071e81883f73082901913bc237e137a4f752dc0de04ad8a5fa94821c690d12965ac0dc529c1f014e1d76982c9f5b514808
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDII9ZvHKE0:ymb3NkkiQ3mdBjFII9ZvHKE0
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b251ce76f743ddb46f67a3170e1d97d0N.exe"C:\Users\Admin\AppData\Local\Temp\b251ce76f743ddb46f67a3170e1d97d0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbh.exec:\nhttbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjd.exec:\vpdjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxfrrl.exec:\5rxfrrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhhhh.exec:\5nhhhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvj.exec:\dvpvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrflrl.exec:\7xrflrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnthhh.exec:\bnthhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nbnbt.exec:\3nbnbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvd.exec:\vvdvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpvj.exec:\vjpvj.exe11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllrrx.exec:\lxllrrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtntb.exec:\hbtntb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnbhn.exec:\3bnbhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjj.exec:\jdpjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdpd.exec:\ppdpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlxfl.exec:\lfxlxfl.exe17⤵
- Executes dropped EXE
-
\??\c:\thbhbh.exec:\thbhbh.exe18⤵
- Executes dropped EXE
-
\??\c:\ttbhnt.exec:\ttbhnt.exe19⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe20⤵
- Executes dropped EXE
-
\??\c:\rlrlrxl.exec:\rlrlrxl.exe21⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe22⤵
- Executes dropped EXE
-
\??\c:\tthtbb.exec:\tthtbb.exe23⤵
- Executes dropped EXE
-
\??\c:\5dvvd.exec:\5dvvd.exe24⤵
- Executes dropped EXE
-
\??\c:\9djpp.exec:\9djpp.exe25⤵
- Executes dropped EXE
-
\??\c:\lfrxfll.exec:\lfrxfll.exe26⤵
- Executes dropped EXE
-
\??\c:\nhtttt.exec:\nhtttt.exe27⤵
- Executes dropped EXE
-
\??\c:\9btbnh.exec:\9btbnh.exe28⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe29⤵
- Executes dropped EXE
-
\??\c:\xxlrffr.exec:\xxlrffr.exe30⤵
- Executes dropped EXE
-
\??\c:\1llrrxr.exec:\1llrrxr.exe31⤵
- Executes dropped EXE
-
\??\c:\1nnnbh.exec:\1nnnbh.exe32⤵
- Executes dropped EXE
-
\??\c:\9bnhnb.exec:\9bnhnb.exe33⤵
- Executes dropped EXE
-
\??\c:\ddvjp.exec:\ddvjp.exe34⤵
- Executes dropped EXE
-
\??\c:\7dvjj.exec:\7dvjj.exe35⤵
- Executes dropped EXE
-
\??\c:\rrxlfll.exec:\rrxlfll.exe36⤵
- Executes dropped EXE
-
\??\c:\lxflrrr.exec:\lxflrrr.exe37⤵
- Executes dropped EXE
-
\??\c:\tnnthb.exec:\tnnthb.exe38⤵
- Executes dropped EXE
-
\??\c:\htbbhn.exec:\htbbhn.exe39⤵
- Executes dropped EXE
-
\??\c:\3pdjp.exec:\3pdjp.exe40⤵
- Executes dropped EXE
-
\??\c:\vpvdp.exec:\vpvdp.exe41⤵
- Executes dropped EXE
-
\??\c:\7lxxrxf.exec:\7lxxrxf.exe42⤵
- Executes dropped EXE
-
\??\c:\lxlxxlr.exec:\lxlxxlr.exe43⤵
- Executes dropped EXE
-
\??\c:\tnhnbh.exec:\tnhnbh.exe44⤵
- Executes dropped EXE
-
\??\c:\ttbttt.exec:\ttbttt.exe45⤵
- Executes dropped EXE
-
\??\c:\5vpdp.exec:\5vpdp.exe46⤵
- Executes dropped EXE
-
\??\c:\dpvjd.exec:\dpvjd.exe47⤵
- Executes dropped EXE
-
\??\c:\lfxxfxx.exec:\lfxxfxx.exe48⤵
- Executes dropped EXE
-
\??\c:\lflfrfl.exec:\lflfrfl.exe49⤵
- Executes dropped EXE
-
\??\c:\1bthhh.exec:\1bthhh.exe50⤵
- Executes dropped EXE
-
\??\c:\tntbhn.exec:\tntbhn.exe51⤵
- Executes dropped EXE
-
\??\c:\jvjvv.exec:\jvjvv.exe52⤵
- Executes dropped EXE
-
\??\c:\jvpvd.exec:\jvpvd.exe53⤵
- Executes dropped EXE
-
\??\c:\3rlrrxx.exec:\3rlrrxx.exe54⤵
- Executes dropped EXE
-
\??\c:\xrxrfll.exec:\xrxrfll.exe55⤵
- Executes dropped EXE
-
\??\c:\bthnnn.exec:\bthnnn.exe56⤵
- Executes dropped EXE
-
\??\c:\bnnhtt.exec:\bnnhtt.exe57⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe58⤵
- Executes dropped EXE
-
\??\c:\vppdj.exec:\vppdj.exe59⤵
- Executes dropped EXE
-
\??\c:\xlxxxrf.exec:\xlxxxrf.exe60⤵
- Executes dropped EXE
-
\??\c:\lfxxffr.exec:\lfxxffr.exe61⤵
- Executes dropped EXE
-
\??\c:\tnhttb.exec:\tnhttb.exe62⤵
- Executes dropped EXE
-
\??\c:\5hthhn.exec:\5hthhn.exe63⤵
- Executes dropped EXE
-
\??\c:\7dppv.exec:\7dppv.exe64⤵
- Executes dropped EXE
-
\??\c:\5jdjp.exec:\5jdjp.exe65⤵
- Executes dropped EXE
-
\??\c:\xrrxxfr.exec:\xrrxxfr.exe66⤵
-
\??\c:\3xrlxfl.exec:\3xrlxfl.exe67⤵
-
\??\c:\thnnbh.exec:\thnnbh.exe68⤵
-
\??\c:\hbtbnb.exec:\hbtbnb.exe69⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dvvjd.exec:\dvvjd.exe70⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe71⤵
-
\??\c:\rfrrrrx.exec:\rfrrrrx.exe72⤵
-
\??\c:\rrfrrxf.exec:\rrfrrxf.exe73⤵
-
\??\c:\bhhhnn.exec:\bhhhnn.exe74⤵
-
\??\c:\9ttbhb.exec:\9ttbhb.exe75⤵
-
\??\c:\vdjpv.exec:\vdjpv.exe76⤵
-
\??\c:\9vjjj.exec:\9vjjj.exe77⤵
-
\??\c:\xxllflr.exec:\xxllflr.exe78⤵
-
\??\c:\rffxlll.exec:\rffxlll.exe79⤵
-
\??\c:\htthhn.exec:\htthhn.exe80⤵
-
\??\c:\tnnntb.exec:\tnnntb.exe81⤵
-
\??\c:\9jjjd.exec:\9jjjd.exe82⤵
-
\??\c:\9jjjv.exec:\9jjjv.exe83⤵
-
\??\c:\3frrflr.exec:\3frrflr.exe84⤵
-
\??\c:\fxxlxll.exec:\fxxlxll.exe85⤵
-
\??\c:\thbbbb.exec:\thbbbb.exe86⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe87⤵
-
\??\c:\5jpvp.exec:\5jpvp.exe88⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe89⤵
-
\??\c:\xlffllx.exec:\xlffllx.exe90⤵
-
\??\c:\rffxlrx.exec:\rffxlrx.exe91⤵
-
\??\c:\3tnnnn.exec:\3tnnnn.exe92⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe93⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe94⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe95⤵
-
\??\c:\lfrrrrf.exec:\lfrrrrf.exe96⤵
-
\??\c:\rlfflrx.exec:\rlfflrx.exe97⤵
-
\??\c:\9bhnht.exec:\9bhnht.exe98⤵
-
\??\c:\9ddvd.exec:\9ddvd.exe99⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe100⤵
-
\??\c:\vjppv.exec:\vjppv.exe101⤵
-
\??\c:\7rrflxx.exec:\7rrflxx.exe102⤵
-
\??\c:\rlrfxfr.exec:\rlrfxfr.exe103⤵
-
\??\c:\3httbh.exec:\3httbh.exe104⤵
-
\??\c:\nnbnbt.exec:\nnbnbt.exe105⤵
-
\??\c:\7ppdp.exec:\7ppdp.exe106⤵
-
\??\c:\3jddj.exec:\3jddj.exe107⤵
-
\??\c:\llrxfff.exec:\llrxfff.exe108⤵
-
\??\c:\lfflxfl.exec:\lfflxfl.exe109⤵
-
\??\c:\5lxlrxr.exec:\5lxlrxr.exe110⤵
-
\??\c:\nhthnt.exec:\nhthnt.exe111⤵
-
\??\c:\hbtntb.exec:\hbtntb.exe112⤵
-
\??\c:\1vjjj.exec:\1vjjj.exe113⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe114⤵
-
\??\c:\9xrxfrr.exec:\9xrxfrr.exe115⤵
-
\??\c:\fxrxxlf.exec:\fxrxxlf.exe116⤵
-
\??\c:\tnbttn.exec:\tnbttn.exe117⤵
-
\??\c:\ttnbbh.exec:\ttnbbh.exe118⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe119⤵
-
\??\c:\7jdjp.exec:\7jdjp.exe120⤵
-
\??\c:\lxrrrrr.exec:\lxrrrrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-