Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
18/08/2024, 11:59
General
-
Target
7f5c5af83ae83c05576b2d9e6aab42b0N.exe
-
Size
57KB
-
MD5
7f5c5af83ae83c05576b2d9e6aab42b0
-
SHA1
94b366e10c4013a74db81b8569c0c1c2f976f745
-
SHA256
dc671d6ee3918912ef68e6167a4e4f1b72c17b20c4ad62a4e913cbd6c643595e
-
SHA512
2a8d33fd346c6eb952c43bc06eae00f268524031fe726dd16f1734c36817899b6437905c957b976d90eb42d1312477b687fdd39f17fb593e2ac02389ff1b6fd1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgTz:ymb3NkkiQ3mdBjFIg/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f5c5af83ae83c05576b2d9e6aab42b0N.exe"C:\Users\Admin\AppData\Local\Temp\7f5c5af83ae83c05576b2d9e6aab42b0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\thhntb.exec:\thhntb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjj.exec:\jvjjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxxfr.exec:\lxxxxfr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxflr.exec:\xrrxflr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbtnt.exec:\hhbtnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbttb.exec:\bnbttb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddv.exec:\vvddv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllflr.exec:\lxllflr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnnt.exec:\tnbnnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbnhb.exec:\bbbnhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvdj.exec:\jvvdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdjv.exec:\dpdjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxlrx.exec:\xrlxlrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhnt.exec:\hhbhnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnntbh.exec:\bnntbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddd.exec:\vvddd.exe17⤵
- Executes dropped EXE
-
\??\c:\xrxfxxf.exec:\xrxfxxf.exe18⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\thbhtt.exec:\thbhtt.exe19⤵
- Executes dropped EXE
-
\??\c:\htbbhb.exec:\htbbhb.exe20⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe21⤵
- Executes dropped EXE
-
\??\c:\9fxxxxl.exec:\9fxxxxl.exe22⤵
- Executes dropped EXE
-
\??\c:\rrfrlrl.exec:\rrfrlrl.exe23⤵
- Executes dropped EXE
-
\??\c:\hbtbbb.exec:\hbtbbb.exe24⤵
- Executes dropped EXE
-
\??\c:\htbntn.exec:\htbntn.exe25⤵
- Executes dropped EXE
-
\??\c:\vpvjv.exec:\vpvjv.exe26⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe27⤵
- Executes dropped EXE
-
\??\c:\3xrrffx.exec:\3xrrffx.exe28⤵
- Executes dropped EXE
-
\??\c:\bthtnn.exec:\bthtnn.exe29⤵
- Executes dropped EXE
-
\??\c:\bbthtb.exec:\bbthtb.exe30⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe31⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe32⤵
- Executes dropped EXE
-
\??\c:\rflfxxf.exec:\rflfxxf.exe33⤵
- Executes dropped EXE
-
\??\c:\lfxfrrx.exec:\lfxfrrx.exe34⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe35⤵
- Executes dropped EXE
-
\??\c:\nhnnbt.exec:\nhnnbt.exe36⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe37⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe38⤵
- Executes dropped EXE
-
\??\c:\1lxlxxf.exec:\1lxlxxf.exe39⤵
- Executes dropped EXE
-
\??\c:\xlrlfxf.exec:\xlrlfxf.exe40⤵
- Executes dropped EXE
-
\??\c:\9bntbh.exec:\9bntbh.exe41⤵
- Executes dropped EXE
-
\??\c:\btbhnn.exec:\btbhnn.exe42⤵
- Executes dropped EXE
-
\??\c:\1pdjv.exec:\1pdjv.exe43⤵
- Executes dropped EXE
-
\??\c:\jdjpp.exec:\jdjpp.exe44⤵
- Executes dropped EXE
-
\??\c:\rfxfffr.exec:\rfxfffr.exe45⤵
- Executes dropped EXE
-
\??\c:\9xlrxfl.exec:\9xlrxfl.exe46⤵
- Executes dropped EXE
-
\??\c:\1ntthh.exec:\1ntthh.exe47⤵
- Executes dropped EXE
-
\??\c:\hbhbhn.exec:\hbhbhn.exe48⤵
- Executes dropped EXE
-
\??\c:\dpdpd.exec:\dpdpd.exe49⤵
- Executes dropped EXE
-
\??\c:\djvvp.exec:\djvvp.exe50⤵
- Executes dropped EXE
-
\??\c:\5fxxlrx.exec:\5fxxlrx.exe51⤵
- Executes dropped EXE
-
\??\c:\bttbnn.exec:\bttbnn.exe52⤵
- Executes dropped EXE
-
\??\c:\3hhhhn.exec:\3hhhhn.exe53⤵
- Executes dropped EXE
-
\??\c:\vpdjd.exec:\vpdjd.exe54⤵
- Executes dropped EXE
-
\??\c:\dvpdd.exec:\dvpdd.exe55⤵
- Executes dropped EXE
-
\??\c:\lflrrlr.exec:\lflrrlr.exe56⤵
- Executes dropped EXE
-
\??\c:\9xrrlrl.exec:\9xrrlrl.exe57⤵
- Executes dropped EXE
-
\??\c:\tnhnbb.exec:\tnhnbb.exe58⤵
- Executes dropped EXE
-
\??\c:\5nhbnt.exec:\5nhbnt.exe59⤵
- Executes dropped EXE
-
\??\c:\bntbhn.exec:\bntbhn.exe60⤵
- Executes dropped EXE
-
\??\c:\pdjjd.exec:\pdjjd.exe61⤵
- Executes dropped EXE
-
\??\c:\vvjpj.exec:\vvjpj.exe62⤵
- Executes dropped EXE
-
\??\c:\fflrrrr.exec:\fflrrrr.exe63⤵
- Executes dropped EXE
-
\??\c:\xxxlfrl.exec:\xxxlfrl.exe64⤵
- Executes dropped EXE
-
\??\c:\7bhntn.exec:\7bhntn.exe65⤵
- Executes dropped EXE
-
\??\c:\7jdvv.exec:\7jdvv.exe66⤵
-
\??\c:\5ddjv.exec:\5ddjv.exe67⤵
-
\??\c:\lxllrrf.exec:\lxllrrf.exe68⤵
-
\??\c:\1xxxfxx.exec:\1xxxfxx.exe69⤵
-
\??\c:\1nhhtt.exec:\1nhhtt.exe70⤵
-
\??\c:\ttbnbb.exec:\ttbnbb.exe71⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe72⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe73⤵
-
\??\c:\xlfffxl.exec:\xlfffxl.exe74⤵
-
\??\c:\5lrlrlr.exec:\5lrlrlr.exe75⤵
-
\??\c:\lflrrrx.exec:\lflrrrx.exe76⤵
-
\??\c:\9nhttb.exec:\9nhttb.exe77⤵
-
\??\c:\htbtbb.exec:\htbtbb.exe78⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe79⤵
-
\??\c:\3dppp.exec:\3dppp.exe80⤵
-
\??\c:\xlxfflr.exec:\xlxfflr.exe81⤵
-
\??\c:\lfffrlr.exec:\lfffrlr.exe82⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe83⤵
-
\??\c:\nhtbhb.exec:\nhtbhb.exe84⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe85⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe86⤵
-
\??\c:\rlxlxfl.exec:\rlxlxfl.exe87⤵
-
\??\c:\3ntbtb.exec:\3ntbtb.exe88⤵
-
\??\c:\7tbbhb.exec:\7tbbhb.exe89⤵
-
\??\c:\bnhnnt.exec:\bnhnnt.exe90⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe91⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe92⤵
-
\??\c:\xlxxrxf.exec:\xlxxrxf.exe93⤵
-
\??\c:\3lrrxxf.exec:\3lrrxxf.exe94⤵
-
\??\c:\nhnbnb.exec:\nhnbnb.exe95⤵
-
\??\c:\htttbt.exec:\htttbt.exe96⤵
-
\??\c:\vvddv.exec:\vvddv.exe97⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe98⤵
-
\??\c:\lfrxxrx.exec:\lfrxxrx.exe99⤵
-
\??\c:\lfrrfxf.exec:\lfrrfxf.exe100⤵
-
\??\c:\xlxlxxf.exec:\xlxlxxf.exe101⤵
-
\??\c:\nbttbb.exec:\nbttbb.exe102⤵
-
\??\c:\bhbthh.exec:\bhbthh.exe103⤵
-
\??\c:\1pddv.exec:\1pddv.exe104⤵
-
\??\c:\jjppp.exec:\jjppp.exe105⤵
-
\??\c:\fxlrxxx.exec:\fxlrxxx.exe106⤵
-
\??\c:\xlxfrlr.exec:\xlxfrlr.exe107⤵
-
\??\c:\tbnthh.exec:\tbnthh.exe108⤵
-
\??\c:\hbntnt.exec:\hbntnt.exe109⤵
-
\??\c:\9vppd.exec:\9vppd.exe110⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe111⤵
-
\??\c:\frfxxfl.exec:\frfxxfl.exe112⤵
-
\??\c:\9fxfrlr.exec:\9fxfrlr.exe113⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe114⤵
-
\??\c:\hthntt.exec:\hthntt.exe115⤵
-
\??\c:\vvvdj.exec:\vvvdj.exe116⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe117⤵
-
\??\c:\lxlxfff.exec:\lxlxfff.exe118⤵
-
\??\c:\fxllrxf.exec:\fxllrxf.exe119⤵
-
\??\c:\nnhnbh.exec:\nnhnbh.exe120⤵
-
\??\c:\9tttbb.exec:\9tttbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-