Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
19/08/2024, 07:11
General
-
Target
8909118b94826c1f1950bc522142bca0N.exe
-
Size
72KB
-
MD5
8909118b94826c1f1950bc522142bca0
-
SHA1
8debb3db493793d567055da751c77922c32cbc6b
-
SHA256
3337be7ed44a48a7c6391bfdb96e50258a5ef6d262cf179b7b63013b0b9cbc8b
-
SHA512
c943e0b1b1fe2d9b24dd3cd9e811d649d96203538c355db13bcc81018f816d49cfddddb358881b880d901848644ba23babb28ae31ea6c3accce9fa81979eb050
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIYgC/KSLJUn:ymb3NkkiQ3mdBjFI3eF4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8909118b94826c1f1950bc522142bca0N.exe"C:\Users\Admin\AppData\Local\Temp\8909118b94826c1f1950bc522142bca0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlxfr.exec:\rlxlxfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbhh.exec:\hbhbhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhnn.exec:\hbhhnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjpv.exec:\1vjpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrrlr.exec:\frlrrlr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnhbt.exec:\3nnhbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tbhht.exec:\1tbhht.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjj.exec:\dppjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxffxr.exec:\xrxffxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbhh.exec:\bhhbhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhnh.exec:\tbhhnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjjp.exec:\dpjjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdj.exec:\vpvdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xlllrx.exec:\5xlllrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffrrl.exec:\rfffrrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hthbh.exec:\7hthbh.exe17⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe18⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe19⤵
- Executes dropped EXE
-
\??\c:\frflrxx.exec:\frflrxx.exe20⤵
- Executes dropped EXE
-
\??\c:\nnbbbt.exec:\nnbbbt.exe21⤵
- Executes dropped EXE
-
\??\c:\3nhhnt.exec:\3nhhnt.exe22⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe23⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe24⤵
- Executes dropped EXE
-
\??\c:\5xrffff.exec:\5xrffff.exe25⤵
- Executes dropped EXE
-
\??\c:\fxlrxfl.exec:\fxlrxfl.exe26⤵
- Executes dropped EXE
-
\??\c:\bnbhnt.exec:\bnbhnt.exe27⤵
- Executes dropped EXE
-
\??\c:\thhhhh.exec:\thhhhh.exe28⤵
- Executes dropped EXE
-
\??\c:\pdjdj.exec:\pdjdj.exe29⤵
- Executes dropped EXE
-
\??\c:\5lrlxxx.exec:\5lrlxxx.exe30⤵
- Executes dropped EXE
-
\??\c:\5lxxxxx.exec:\5lxxxxx.exe31⤵
- Executes dropped EXE
-
\??\c:\nbnnth.exec:\nbnnth.exe32⤵
- Executes dropped EXE
-
\??\c:\hthttb.exec:\hthttb.exe33⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe34⤵
- Executes dropped EXE
-
\??\c:\frxrxrr.exec:\frxrxrr.exe35⤵
- Executes dropped EXE
-
\??\c:\frflrrx.exec:\frflrrx.exe36⤵
- Executes dropped EXE
-
\??\c:\1hthbb.exec:\1hthbb.exe37⤵
- Executes dropped EXE
-
\??\c:\7hbhtt.exec:\7hbhtt.exe38⤵
- Executes dropped EXE
-
\??\c:\5httnt.exec:\5httnt.exe39⤵
- Executes dropped EXE
-
\??\c:\7dvvv.exec:\7dvvv.exe40⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe41⤵
- Executes dropped EXE
-
\??\c:\ffxflff.exec:\ffxflff.exe42⤵
- Executes dropped EXE
-
\??\c:\lflrxxx.exec:\lflrxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\3frrrxf.exec:\3frrrxf.exe44⤵
- Executes dropped EXE
-
\??\c:\bthttn.exec:\bthttn.exe45⤵
- Executes dropped EXE
-
\??\c:\nnbbnn.exec:\nnbbnn.exe46⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe47⤵
- Executes dropped EXE
-
\??\c:\vvjdv.exec:\vvjdv.exe48⤵
- Executes dropped EXE
-
\??\c:\lxxxfll.exec:\lxxxfll.exe49⤵
- Executes dropped EXE
-
\??\c:\rlrxrrr.exec:\rlrxrrr.exe50⤵
- Executes dropped EXE
-
\??\c:\hbnthn.exec:\hbnthn.exe51⤵
- Executes dropped EXE
-
\??\c:\9nbtbb.exec:\9nbtbb.exe52⤵
- Executes dropped EXE
-
\??\c:\pjpdp.exec:\pjpdp.exe53⤵
- Executes dropped EXE
-
\??\c:\1jdjv.exec:\1jdjv.exe54⤵
- Executes dropped EXE
-
\??\c:\vvjpv.exec:\vvjpv.exe55⤵
- Executes dropped EXE
-
\??\c:\lrfxxll.exec:\lrfxxll.exe56⤵
- Executes dropped EXE
-
\??\c:\rffxlfl.exec:\rffxlfl.exe57⤵
- Executes dropped EXE
-
\??\c:\bntnnt.exec:\bntnnt.exe58⤵
- Executes dropped EXE
-
\??\c:\thtbbt.exec:\thtbbt.exe59⤵
- Executes dropped EXE
-
\??\c:\nhtthb.exec:\nhtthb.exe60⤵
- Executes dropped EXE
-
\??\c:\vvjjj.exec:\vvjjj.exe61⤵
- Executes dropped EXE
-
\??\c:\vjdjj.exec:\vjdjj.exe62⤵
- Executes dropped EXE
-
\??\c:\9rfrrrx.exec:\9rfrrrx.exe63⤵
- Executes dropped EXE
-
\??\c:\rfxlfll.exec:\rfxlfll.exe64⤵
- Executes dropped EXE
-
\??\c:\hthnth.exec:\hthnth.exe65⤵
- Executes dropped EXE
-
\??\c:\bnttnt.exec:\bnttnt.exe66⤵
-
\??\c:\hbnhhb.exec:\hbnhhb.exe67⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe68⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pdppp.exec:\pdppp.exe69⤵
-
\??\c:\rlffxxf.exec:\rlffxxf.exe70⤵
-
\??\c:\1ffrflx.exec:\1ffrflx.exe71⤵
-
\??\c:\3rxfllx.exec:\3rxfllx.exe72⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe73⤵
-
\??\c:\jjpdp.exec:\jjpdp.exe74⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe75⤵
-
\??\c:\1frrlfx.exec:\1frrlfx.exe76⤵
-
\??\c:\1rfxrrr.exec:\1rfxrrr.exe77⤵
-
\??\c:\nthhnn.exec:\nthhnn.exe78⤵
-
\??\c:\thhbnh.exec:\thhbnh.exe79⤵
-
\??\c:\xlrxflr.exec:\xlrxflr.exe80⤵
-
\??\c:\lxxxffl.exec:\lxxxffl.exe81⤵
-
\??\c:\nbhnnn.exec:\nbhnnn.exe82⤵
-
\??\c:\nttnnn.exec:\nttnnn.exe83⤵
-
\??\c:\jvppd.exec:\jvppd.exe84⤵
-
\??\c:\1jvvv.exec:\1jvvv.exe85⤵
-
\??\c:\1fxffxf.exec:\1fxffxf.exe86⤵
-
\??\c:\rlxrxrx.exec:\rlxrxrx.exe87⤵
-
\??\c:\3xrlrxx.exec:\3xrlrxx.exe88⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe89⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe90⤵
-
\??\c:\pdjvv.exec:\pdjvv.exe91⤵
-
\??\c:\rrfflrx.exec:\rrfflrx.exe92⤵
-
\??\c:\flfxrxf.exec:\flfxrxf.exe93⤵
-
\??\c:\1xfxlll.exec:\1xfxlll.exe94⤵
-
\??\c:\9tnhhh.exec:\9tnhhh.exe95⤵
-
\??\c:\htbbnn.exec:\htbbnn.exe96⤵
-
\??\c:\3dddd.exec:\3dddd.exe97⤵
-
\??\c:\jvdjd.exec:\jvdjd.exe98⤵
-
\??\c:\lxxrffl.exec:\lxxrffl.exe99⤵
-
\??\c:\1rlffxx.exec:\1rlffxx.exe100⤵
-
\??\c:\htnnnn.exec:\htnnnn.exe101⤵
-
\??\c:\bttntn.exec:\bttntn.exe102⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe103⤵
-
\??\c:\rffxrxr.exec:\rffxrxr.exe104⤵
-
\??\c:\xflrrxf.exec:\xflrrxf.exe105⤵
-
\??\c:\htbtbn.exec:\htbtbn.exe106⤵
-
\??\c:\hbntbt.exec:\hbntbt.exe107⤵
-
\??\c:\pddvv.exec:\pddvv.exe108⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe109⤵
-
\??\c:\djvvv.exec:\djvvv.exe110⤵
-
\??\c:\3flrrrx.exec:\3flrrrx.exe111⤵
-
\??\c:\lxfxxrr.exec:\lxfxxrr.exe112⤵
-
\??\c:\3nnntb.exec:\3nnntb.exe113⤵
-
\??\c:\bntntn.exec:\bntntn.exe114⤵
-
\??\c:\1pdvv.exec:\1pdvv.exe115⤵
-
\??\c:\7pdjd.exec:\7pdjd.exe116⤵
-
\??\c:\1frrxrx.exec:\1frrxrx.exe117⤵
-
\??\c:\frrrrrx.exec:\frrrrrx.exe118⤵
-
\??\c:\lxxxflr.exec:\lxxxflr.exe119⤵
-
\??\c:\httbhn.exec:\httbhn.exe120⤵
-
\??\c:\tnbbtn.exec:\tnbbtn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-