Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
20/08/2024, 19:07
General
-
Target
abefdeacfb2be9da20f2ce9361402060N.exe
-
Size
64KB
-
MD5
abefdeacfb2be9da20f2ce9361402060
-
SHA1
d9946c952de2e1183d367f728d35218a45da2537
-
SHA256
df12688ebb6ea87fff1694dfdee51aaf1bcdea3f8062cad3ca32074de65d3c67
-
SHA512
e5fcd61ef726dc1a526e58ff56e64f8b8a64a3c448582abcc807fbfae9afba0a85e8f334474e9167e8371e479392eff2d8cc48f33849a73a066351771c2f9937
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzkzNr:ymb3NkkiQ3mdBjFIvlpr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 19 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\abefdeacfb2be9da20f2ce9361402060N.exe"C:\Users\Admin\AppData\Local\Temp\abefdeacfb2be9da20f2ce9361402060N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdjv.exec:\7jdjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpvv.exec:\jvpvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1llxxfl.exec:\1llxxfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbnn.exec:\nbbbnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbntb.exec:\nhbntb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ddjp.exec:\9ddjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvv.exec:\dpdvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllfxx.exec:\ffllfxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ntbbh.exec:\7ntbbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppv.exec:\dpppv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xfxffl.exec:\3xfxffl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxrrf.exec:\fxlxrrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htntbn.exec:\htntbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdpv.exec:\vjdpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvd.exec:\dvdvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrxxxf.exec:\lxrxxxf.exe17⤵
- Executes dropped EXE
-
\??\c:\tnhthn.exec:\tnhthn.exe18⤵
- Executes dropped EXE
-
\??\c:\thtbtt.exec:\thtbtt.exe19⤵
- Executes dropped EXE
-
\??\c:\3dvvv.exec:\3dvvv.exe20⤵
- Executes dropped EXE
-
\??\c:\3jdvv.exec:\3jdvv.exe21⤵
- Executes dropped EXE
-
\??\c:\fxllrxf.exec:\fxllrxf.exe22⤵
- Executes dropped EXE
-
\??\c:\lfflfxr.exec:\lfflfxr.exe23⤵
- Executes dropped EXE
-
\??\c:\nthhhb.exec:\nthhhb.exe24⤵
- Executes dropped EXE
-
\??\c:\vdppv.exec:\vdppv.exe25⤵
- Executes dropped EXE
-
\??\c:\9jdvp.exec:\9jdvp.exe26⤵
- Executes dropped EXE
-
\??\c:\pdvpv.exec:\pdvpv.exe27⤵
- Executes dropped EXE
-
\??\c:\5rfxffl.exec:\5rfxffl.exe28⤵
- Executes dropped EXE
-
\??\c:\hbhhnt.exec:\hbhhnt.exe29⤵
- Executes dropped EXE
-
\??\c:\nbhbbt.exec:\nbhbbt.exe30⤵
- Executes dropped EXE
-
\??\c:\3ppvp.exec:\3ppvp.exe31⤵
- Executes dropped EXE
-
\??\c:\frxxxxf.exec:\frxxxxf.exe32⤵
- Executes dropped EXE
-
\??\c:\1rlxlrf.exec:\1rlxlrf.exe33⤵
- Executes dropped EXE
-
\??\c:\nhnntn.exec:\nhnntn.exe34⤵
- Executes dropped EXE
-
\??\c:\nbnhnn.exec:\nbnhnn.exe35⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe36⤵
- Executes dropped EXE
-
\??\c:\pvjvj.exec:\pvjvj.exe37⤵
- Executes dropped EXE
-
\??\c:\rlffffl.exec:\rlffffl.exe38⤵
- Executes dropped EXE
-
\??\c:\lfxxrrf.exec:\lfxxrrf.exe39⤵
- Executes dropped EXE
-
\??\c:\btnttn.exec:\btnttn.exe40⤵
- Executes dropped EXE
-
\??\c:\hbhhnn.exec:\hbhhnn.exe41⤵
- Executes dropped EXE
-
\??\c:\pdvdd.exec:\pdvdd.exe42⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe43⤵
- Executes dropped EXE
-
\??\c:\xfrrrrx.exec:\xfrrrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe45⤵
- Executes dropped EXE
-
\??\c:\bnnnnh.exec:\bnnnnh.exe46⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe47⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe48⤵
- Executes dropped EXE
-
\??\c:\3ffxxxf.exec:\3ffxxxf.exe49⤵
- Executes dropped EXE
-
\??\c:\frfllfx.exec:\frfllfx.exe50⤵
- Executes dropped EXE
-
\??\c:\xlfxfxf.exec:\xlfxfxf.exe51⤵
- Executes dropped EXE
-
\??\c:\7bnbhh.exec:\7bnbhh.exe52⤵
- Executes dropped EXE
-
\??\c:\nbnhnn.exec:\nbnhnn.exe53⤵
- Executes dropped EXE
-
\??\c:\rlxlllx.exec:\rlxlllx.exe54⤵
- Executes dropped EXE
-
\??\c:\9bnnbn.exec:\9bnnbn.exe55⤵
- Executes dropped EXE
-
\??\c:\5tbhtt.exec:\5tbhtt.exe56⤵
- Executes dropped EXE
-
\??\c:\vvddp.exec:\vvddp.exe57⤵
- Executes dropped EXE
-
\??\c:\jvvvj.exec:\jvvvj.exe58⤵
- Executes dropped EXE
-
\??\c:\fxllrfl.exec:\fxllrfl.exe59⤵
- Executes dropped EXE
-
\??\c:\1frfrlr.exec:\1frfrlr.exe60⤵
- Executes dropped EXE
-
\??\c:\hbhbhh.exec:\hbhbhh.exe61⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe62⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe63⤵
- Executes dropped EXE
-
\??\c:\lxxflll.exec:\lxxflll.exe64⤵
- Executes dropped EXE
-
\??\c:\5lllflx.exec:\5lllflx.exe65⤵
- Executes dropped EXE
-
\??\c:\hbttbt.exec:\hbttbt.exe66⤵
-
\??\c:\9hhtbb.exec:\9hhtbb.exe67⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe68⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe69⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe70⤵
-
\??\c:\rrlrxfl.exec:\rrlrxfl.exe71⤵
-
\??\c:\frfflll.exec:\frfflll.exe72⤵
-
\??\c:\7hhnbh.exec:\7hhnbh.exe73⤵
-
\??\c:\1hhbtb.exec:\1hhbtb.exe74⤵
-
\??\c:\dvddj.exec:\dvddj.exe75⤵
-
\??\c:\pvpvd.exec:\pvpvd.exe76⤵
-
\??\c:\xxllxxf.exec:\xxllxxf.exe77⤵
-
\??\c:\7fflxxx.exec:\7fflxxx.exe78⤵
-
\??\c:\nbhhhb.exec:\nbhhhb.exe79⤵
-
\??\c:\5htbbt.exec:\5htbbt.exe80⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe81⤵
-
\??\c:\dvppj.exec:\dvppj.exe82⤵
-
\??\c:\frxllrx.exec:\frxllrx.exe83⤵
-
\??\c:\1rlrxfl.exec:\1rlrxfl.exe84⤵
-
\??\c:\xlxrflr.exec:\xlxrflr.exe85⤵
-
\??\c:\3hthhb.exec:\3hthhb.exe86⤵
-
\??\c:\thbbhb.exec:\thbbhb.exe87⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe88⤵
-
\??\c:\pdjpj.exec:\pdjpj.exe89⤵
-
\??\c:\fxfrrrx.exec:\fxfrrrx.exe90⤵
-
\??\c:\frffrxf.exec:\frffrxf.exe91⤵
-
\??\c:\nbnntn.exec:\nbnntn.exe92⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe93⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe94⤵
-
\??\c:\9djvj.exec:\9djvj.exe95⤵
-
\??\c:\5rlfffl.exec:\5rlfffl.exe96⤵
-
\??\c:\3rxffxl.exec:\3rxffxl.exe97⤵
-
\??\c:\nhbnbt.exec:\nhbnbt.exe98⤵
-
\??\c:\1bbbhh.exec:\1bbbhh.exe99⤵
-
\??\c:\tntnhn.exec:\tntnhn.exe100⤵
-
\??\c:\9pjjj.exec:\9pjjj.exe101⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe102⤵
-
\??\c:\9ffrrrl.exec:\9ffrrrl.exe103⤵
-
\??\c:\5frxfff.exec:\5frxfff.exe104⤵
-
\??\c:\nnbhbb.exec:\nnbhbb.exe105⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe106⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe107⤵
-
\??\c:\3jddj.exec:\3jddj.exe108⤵
-
\??\c:\3fxllff.exec:\3fxllff.exe109⤵
-
\??\c:\1tnttt.exec:\1tnttt.exe110⤵
-
\??\c:\bhttbt.exec:\bhttbt.exe111⤵
-
\??\c:\thbttt.exec:\thbttt.exe112⤵
-
\??\c:\9jpdv.exec:\9jpdv.exe113⤵
-
\??\c:\dpvjp.exec:\dpvjp.exe114⤵
-
\??\c:\lfrrfxl.exec:\lfrrfxl.exe115⤵
-
\??\c:\lfflfll.exec:\lfflfll.exe116⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe117⤵
-
\??\c:\7tbnnt.exec:\7tbnnt.exe118⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe119⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe120⤵
-
\??\c:\lxrxfff.exec:\lxrxfff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-