Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
25/08/2024, 00:26
General
-
Target
c7f88c32a84d0749d4bd5a9a45e8d150N.exe
-
Size
93KB
-
MD5
c7f88c32a84d0749d4bd5a9a45e8d150
-
SHA1
77538844c4dd3b3c7d36b5981b3103b09bf331ff
-
SHA256
de82ce87a4bc0524ff90e1dc9ee8ff43d152208150d8d119dbc1621a268fc385
-
SHA512
343c3b1f687653f2b4bbf9d4dc4752bbe56b6ff983c075a875950a570a4839e8d361f580da0b070b8dd899a2faa4752cdc44a473efe84809566e8f8700bf72f2
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2lmf6g7xQ5z:ymb3NkkiQ3mdBjF+3TU20LQR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c7f88c32a84d0749d4bd5a9a45e8d150N.exe"C:\Users\Admin\AppData\Local\Temp\c7f88c32a84d0749d4bd5a9a45e8d150N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnbn.exec:\nnhnbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlfrf.exec:\xxxlfrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhnhn.exec:\bhhnhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjvj.exec:\djjvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vddv.exec:\9vddv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrxlrl.exec:\1rrxlrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btntnt.exec:\btntnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxlfr.exec:\llfxlfr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrfxfr.exec:\1lrfxfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbnb.exec:\hbnbnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdv.exec:\pjvdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrrff.exec:\fffrrff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxlrl.exec:\llxxlrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthth.exec:\bbthth.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jdjv.exec:\9jdjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflrfl.exec:\xrflrfl.exe17⤵
- Executes dropped EXE
-
\??\c:\rrrlxfl.exec:\rrrlxfl.exe18⤵
- Executes dropped EXE
-
\??\c:\bhntth.exec:\bhntth.exe19⤵
- Executes dropped EXE
-
\??\c:\jpjdp.exec:\jpjdp.exe20⤵
- Executes dropped EXE
-
\??\c:\9vpvd.exec:\9vpvd.exe21⤵
- Executes dropped EXE
-
\??\c:\rrfrfrf.exec:\rrfrfrf.exe22⤵
- Executes dropped EXE
-
\??\c:\tnhtnt.exec:\tnhtnt.exe23⤵
- Executes dropped EXE
-
\??\c:\hhhtht.exec:\hhhtht.exe24⤵
- Executes dropped EXE
-
\??\c:\7dvjp.exec:\7dvjp.exe25⤵
- Executes dropped EXE
-
\??\c:\djddd.exec:\djddd.exe26⤵
- Executes dropped EXE
-
\??\c:\xlxflrf.exec:\xlxflrf.exe27⤵
- Executes dropped EXE
-
\??\c:\bthnbn.exec:\bthnbn.exe28⤵
- Executes dropped EXE
-
\??\c:\3hhnhn.exec:\3hhnhn.exe29⤵
- Executes dropped EXE
-
\??\c:\7ppdd.exec:\7ppdd.exe30⤵
- Executes dropped EXE
-
\??\c:\rlflrlx.exec:\rlflrlx.exe31⤵
- Executes dropped EXE
-
\??\c:\fllxrrr.exec:\fllxrrr.exe32⤵
- Executes dropped EXE
-
\??\c:\tnhbnt.exec:\tnhbnt.exe33⤵
- Executes dropped EXE
-
\??\c:\ddpdp.exec:\ddpdp.exe34⤵
- Executes dropped EXE
-
\??\c:\djjpj.exec:\djjpj.exe35⤵
- Executes dropped EXE
-
\??\c:\fxrrxlx.exec:\fxrrxlx.exe36⤵
- Executes dropped EXE
-
\??\c:\1lfrfrf.exec:\1lfrfrf.exe37⤵
- Executes dropped EXE
-
\??\c:\nnnbnb.exec:\nnnbnb.exe38⤵
- Executes dropped EXE
-
\??\c:\nhbntb.exec:\nhbntb.exe39⤵
- Executes dropped EXE
-
\??\c:\1vjjd.exec:\1vjjd.exe40⤵
- Executes dropped EXE
-
\??\c:\lrfxxxf.exec:\lrfxxxf.exe41⤵
- Executes dropped EXE
-
\??\c:\xrflxrx.exec:\xrflxrx.exe42⤵
- Executes dropped EXE
-
\??\c:\nnhnbb.exec:\nnhnbb.exe43⤵
- Executes dropped EXE
-
\??\c:\5bhtbt.exec:\5bhtbt.exe44⤵
- Executes dropped EXE
-
\??\c:\jjvjd.exec:\jjvjd.exe45⤵
- Executes dropped EXE
-
\??\c:\pddvv.exec:\pddvv.exe46⤵
- Executes dropped EXE
-
\??\c:\xxrfxfl.exec:\xxrfxfl.exe47⤵
- Executes dropped EXE
-
\??\c:\nnhthn.exec:\nnhthn.exe48⤵
- Executes dropped EXE
-
\??\c:\1hhhhb.exec:\1hhhhb.exe49⤵
- Executes dropped EXE
-
\??\c:\1jvdv.exec:\1jvdv.exe50⤵
- Executes dropped EXE
-
\??\c:\ddvjp.exec:\ddvjp.exe51⤵
- Executes dropped EXE
-
\??\c:\9rxlfrl.exec:\9rxlfrl.exe52⤵
- Executes dropped EXE
-
\??\c:\fxrrlrx.exec:\fxrrlrx.exe53⤵
- Executes dropped EXE
-
\??\c:\tnthnb.exec:\tnthnb.exe54⤵
- Executes dropped EXE
-
\??\c:\tthbhb.exec:\tthbhb.exe55⤵
- Executes dropped EXE
-
\??\c:\7vpdp.exec:\7vpdp.exe56⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe57⤵
- Executes dropped EXE
-
\??\c:\3llrlrf.exec:\3llrlrf.exe58⤵
- Executes dropped EXE
-
\??\c:\lrxlxrf.exec:\lrxlxrf.exe59⤵
- Executes dropped EXE
-
\??\c:\tnhtht.exec:\tnhtht.exe60⤵
- Executes dropped EXE
-
\??\c:\7bthnt.exec:\7bthnt.exe61⤵
- Executes dropped EXE
-
\??\c:\ddjvj.exec:\ddjvj.exe62⤵
- Executes dropped EXE
-
\??\c:\5pdpd.exec:\5pdpd.exe63⤵
- Executes dropped EXE
-
\??\c:\fxrfrfr.exec:\fxrfrfr.exe64⤵
- Executes dropped EXE
-
\??\c:\tbhnbt.exec:\tbhnbt.exe65⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe66⤵
-
\??\c:\9dvpv.exec:\9dvpv.exe67⤵
-
\??\c:\lfxlrxl.exec:\lfxlrxl.exe68⤵
-
\??\c:\rrfxrxr.exec:\rrfxrxr.exe69⤵
-
\??\c:\3thnbh.exec:\3thnbh.exe70⤵
-
\??\c:\1nhnbn.exec:\1nhnbn.exe71⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe72⤵
-
\??\c:\rrrxxxx.exec:\rrrxxxx.exe73⤵
-
\??\c:\5rrxfrx.exec:\5rrxfrx.exe74⤵
-
\??\c:\nnbnbh.exec:\nnbnbh.exe75⤵
-
\??\c:\tbtnth.exec:\tbtnth.exe76⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe77⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe78⤵
-
\??\c:\xfllxfr.exec:\xfllxfr.exe79⤵
-
\??\c:\fxlrllf.exec:\fxlrllf.exe80⤵
-
\??\c:\7tnthh.exec:\7tnthh.exe81⤵
-
\??\c:\thtntb.exec:\thtntb.exe82⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe83⤵
-
\??\c:\7pdpj.exec:\7pdpj.exe84⤵
-
\??\c:\ffrrxfr.exec:\ffrrxfr.exe85⤵
-
\??\c:\5fxfllx.exec:\5fxfllx.exe86⤵
-
\??\c:\hntntn.exec:\hntntn.exe87⤵
-
\??\c:\1htnbb.exec:\1htnbb.exe88⤵
-
\??\c:\5jvvv.exec:\5jvvv.exe89⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe90⤵
-
\??\c:\lfxxxxf.exec:\lfxxxxf.exe91⤵
-
\??\c:\lxfxfrr.exec:\lxfxfrr.exe92⤵
-
\??\c:\1bttnt.exec:\1bttnt.exe93⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe94⤵
-
\??\c:\dpjpp.exec:\dpjpp.exe95⤵
-
\??\c:\7jjpp.exec:\7jjpp.exe96⤵
-
\??\c:\fxlrfll.exec:\fxlrfll.exe97⤵
-
\??\c:\fxrrxxx.exec:\fxrrxxx.exe98⤵
-
\??\c:\9llxflx.exec:\9llxflx.exe99⤵
-
\??\c:\ththnn.exec:\ththnn.exe100⤵
-
\??\c:\5hnnhb.exec:\5hnnhb.exe101⤵
-
\??\c:\9dpvd.exec:\9dpvd.exe102⤵
-
\??\c:\7lflrlf.exec:\7lflrlf.exe103⤵
-
\??\c:\rfrxxxf.exec:\rfrxxxf.exe104⤵
-
\??\c:\bthhtn.exec:\bthhtn.exe105⤵
-
\??\c:\hbttbn.exec:\hbttbn.exe106⤵
-
\??\c:\pdppj.exec:\pdppj.exe107⤵
-
\??\c:\5vvdp.exec:\5vvdp.exe108⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe109⤵
-
\??\c:\5rfffff.exec:\5rfffff.exe110⤵
-
\??\c:\7lffxfx.exec:\7lffxfx.exe111⤵
-
\??\c:\3bbbhn.exec:\3bbbhn.exe112⤵
-
\??\c:\1tnbbh.exec:\1tnbbh.exe113⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe114⤵
-
\??\c:\9lrrfxr.exec:\9lrrfxr.exe115⤵
-
\??\c:\lfxlrxx.exec:\lfxlrxx.exe116⤵
-
\??\c:\bbbntb.exec:\bbbntb.exe117⤵
-
\??\c:\nnbhth.exec:\nnbhth.exe118⤵
-
\??\c:\3jdjd.exec:\3jdjd.exe119⤵
-
\??\c:\jvppp.exec:\jvppp.exe120⤵
-
\??\c:\rlrxxrl.exec:\rlrxxrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-