Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
01/09/2024, 15:22
General
-
Target
cdb0d51c81abc4fddb3bec96dd7e3d081ead54f5f72e47cf4b538098cac8ede9.exe
-
Size
62KB
-
MD5
fe788810050ecfc9a0276eedd413e320
-
SHA1
f2de6793dbe79b21c1c30ecdf7e1caa5a2bb5d6a
-
SHA256
cdb0d51c81abc4fddb3bec96dd7e3d081ead54f5f72e47cf4b538098cac8ede9
-
SHA512
65a2f7204861aa3c4a4ad09d48afa2e8e49f9d834872cac3dd3d7f80c8f6fd3d7e41b8ac91b38ae9e8463190b018e8596ba3e7f309d2117a33520c69ad566f01
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDII9ZvHKES+:ymb3NkkiQ3mdBjFII9ZvHKET
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cdb0d51c81abc4fddb3bec96dd7e3d081ead54f5f72e47cf4b538098cac8ede9.exe"C:\Users\Admin\AppData\Local\Temp\cdb0d51c81abc4fddb3bec96dd7e3d081ead54f5f72e47cf4b538098cac8ede9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3lfrlxr.exec:\3lfrlxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrllr.exec:\lfxrllr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhtb.exec:\tthhtb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbnh.exec:\hbtbnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pppv.exec:\9pppv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpj.exec:\pjdpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxlfxl.exec:\rxxlfxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrflxf.exec:\lfrflxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttnt.exec:\nhttnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvdv.exec:\5pvdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddp.exec:\dvddp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrfrf.exec:\rlfrfrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthtt.exec:\nnthtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbht.exec:\nhtbht.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjpd.exec:\jjjpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppvj.exec:\jppvj.exe17⤵
- Executes dropped EXE
-
\??\c:\rlrfrxf.exec:\rlrfrxf.exe18⤵
- Executes dropped EXE
-
\??\c:\9llxrfl.exec:\9llxrfl.exe19⤵
- Executes dropped EXE
-
\??\c:\xxxlxrl.exec:\xxxlxrl.exe20⤵
- Executes dropped EXE
-
\??\c:\7btbth.exec:\7btbth.exe21⤵
- Executes dropped EXE
-
\??\c:\tntnbb.exec:\tntnbb.exe22⤵
- Executes dropped EXE
-
\??\c:\ddvvv.exec:\ddvvv.exe23⤵
- Executes dropped EXE
-
\??\c:\dvjvd.exec:\dvjvd.exe24⤵
- Executes dropped EXE
-
\??\c:\3flxfrx.exec:\3flxfrx.exe25⤵
- Executes dropped EXE
-
\??\c:\frlfxlx.exec:\frlfxlx.exe26⤵
- Executes dropped EXE
-
\??\c:\rrlrxff.exec:\rrlrxff.exe27⤵
- Executes dropped EXE
-
\??\c:\5tnbnh.exec:\5tnbnh.exe28⤵
- Executes dropped EXE
-
\??\c:\tthbtn.exec:\tthbtn.exe29⤵
- Executes dropped EXE
-
\??\c:\dvjvv.exec:\dvjvv.exe30⤵
- Executes dropped EXE
-
\??\c:\9vvdp.exec:\9vvdp.exe31⤵
- Executes dropped EXE
-
\??\c:\fxlfxxx.exec:\fxlfxxx.exe32⤵
- Executes dropped EXE
-
\??\c:\3fxxllr.exec:\3fxxllr.exe33⤵
- Executes dropped EXE
-
\??\c:\5tbhbh.exec:\5tbhbh.exe34⤵
- Executes dropped EXE
-
\??\c:\1ntnhn.exec:\1ntnhn.exe35⤵
- Executes dropped EXE
-
\??\c:\ppjpd.exec:\ppjpd.exe36⤵
- Executes dropped EXE
-
\??\c:\vvjpv.exec:\vvjpv.exe37⤵
- Executes dropped EXE
-
\??\c:\pjvvp.exec:\pjvvp.exe38⤵
- Executes dropped EXE
-
\??\c:\ffllfrr.exec:\ffllfrr.exe39⤵
- Executes dropped EXE
-
\??\c:\5lflxlx.exec:\5lflxlx.exe40⤵
- Executes dropped EXE
-
\??\c:\rrrflrx.exec:\rrrflrx.exe41⤵
- Executes dropped EXE
-
\??\c:\ntthnb.exec:\ntthnb.exe42⤵
- Executes dropped EXE
-
\??\c:\1nhtnn.exec:\1nhtnn.exe43⤵
- Executes dropped EXE
-
\??\c:\hbnntt.exec:\hbnntt.exe44⤵
- Executes dropped EXE
-
\??\c:\dvvdp.exec:\dvvdp.exe45⤵
- Executes dropped EXE
-
\??\c:\djpjj.exec:\djpjj.exe46⤵
- Executes dropped EXE
-
\??\c:\9hhntb.exec:\9hhntb.exe47⤵
- Executes dropped EXE
-
\??\c:\tnhnth.exec:\tnhnth.exe48⤵
- Executes dropped EXE
-
\??\c:\thbhnn.exec:\thbhnn.exe49⤵
- Executes dropped EXE
-
\??\c:\3nhhnb.exec:\3nhhnb.exe50⤵
- Executes dropped EXE
-
\??\c:\pjvjj.exec:\pjvjj.exe51⤵
- Executes dropped EXE
-
\??\c:\jvpdj.exec:\jvpdj.exe52⤵
- Executes dropped EXE
-
\??\c:\frrxxfr.exec:\frrxxfr.exe53⤵
- Executes dropped EXE
-
\??\c:\rfxlfrl.exec:\rfxlfrl.exe54⤵
- Executes dropped EXE
-
\??\c:\xrflfll.exec:\xrflfll.exe55⤵
- Executes dropped EXE
-
\??\c:\5tnhnt.exec:\5tnhnt.exe56⤵
- Executes dropped EXE
-
\??\c:\tnhhnh.exec:\tnhhnh.exe57⤵
- Executes dropped EXE
-
\??\c:\3hhntb.exec:\3hhntb.exe58⤵
- Executes dropped EXE
-
\??\c:\5dpdp.exec:\5dpdp.exe59⤵
- Executes dropped EXE
-
\??\c:\ppddv.exec:\ppddv.exe60⤵
- Executes dropped EXE
-
\??\c:\jpjjp.exec:\jpjjp.exe61⤵
- Executes dropped EXE
-
\??\c:\rrxlrff.exec:\rrxlrff.exe62⤵
- Executes dropped EXE
-
\??\c:\fffrrfx.exec:\fffrrfx.exe63⤵
- Executes dropped EXE
-
\??\c:\bthbtt.exec:\bthbtt.exe64⤵
- Executes dropped EXE
-
\??\c:\btbhnb.exec:\btbhnb.exe65⤵
- Executes dropped EXE
-
\??\c:\hnbthh.exec:\hnbthh.exe66⤵
-
\??\c:\pppjp.exec:\pppjp.exe67⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe68⤵
-
\??\c:\fxlrlxf.exec:\fxlrlxf.exe69⤵
-
\??\c:\rlxlfrx.exec:\rlxlfrx.exe70⤵
-
\??\c:\7fllrlr.exec:\7fllrlr.exe71⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe72⤵
-
\??\c:\thbnbh.exec:\thbnbh.exe73⤵
-
\??\c:\7nbttt.exec:\7nbttt.exe74⤵
-
\??\c:\jddvp.exec:\jddvp.exe75⤵
-
\??\c:\pdpdp.exec:\pdpdp.exe76⤵
-
\??\c:\xxfrrfl.exec:\xxfrrfl.exe77⤵
-
\??\c:\fxffxxl.exec:\fxffxxl.exe78⤵
-
\??\c:\xrxrfxl.exec:\xrxrfxl.exe79⤵
-
\??\c:\hbtbtt.exec:\hbtbtt.exe80⤵
-
\??\c:\nnbbbh.exec:\nnbbbh.exe81⤵
-
\??\c:\thtntn.exec:\thtntn.exe82⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe83⤵
-
\??\c:\vvdjv.exec:\vvdjv.exe84⤵
-
\??\c:\5lffrxf.exec:\5lffrxf.exe85⤵
-
\??\c:\rfllrrf.exec:\rfllrrf.exe86⤵
-
\??\c:\lfxxrrx.exec:\lfxxrrx.exe87⤵
- System Location Discovery: System Language Discovery
-
\??\c:\btthnn.exec:\btthnn.exe88⤵
-
\??\c:\nhbbnn.exec:\nhbbnn.exe89⤵
-
\??\c:\ntnhth.exec:\ntnhth.exe90⤵
-
\??\c:\1vvvp.exec:\1vvvp.exe91⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe92⤵
-
\??\c:\djvdj.exec:\djvdj.exe93⤵
-
\??\c:\7xlrxff.exec:\7xlrxff.exe94⤵
-
\??\c:\lflrxfr.exec:\lflrxfr.exe95⤵
-
\??\c:\xrfllrf.exec:\xrfllrf.exe96⤵
-
\??\c:\tntbnn.exec:\tntbnn.exe97⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe98⤵
-
\??\c:\1vjvj.exec:\1vjvj.exe99⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe100⤵
-
\??\c:\dpppv.exec:\dpppv.exe101⤵
-
\??\c:\xlflllr.exec:\xlflllr.exe102⤵
-
\??\c:\fxflrxr.exec:\fxflrxr.exe103⤵
-
\??\c:\lxxlllf.exec:\lxxlllf.exe104⤵
-
\??\c:\3rxxxxf.exec:\3rxxxxf.exe105⤵
-
\??\c:\hbhhnb.exec:\hbhhnb.exe106⤵
-
\??\c:\1hbbhn.exec:\1hbbhn.exe107⤵
-
\??\c:\1vjdd.exec:\1vjdd.exe108⤵
-
\??\c:\7pjjp.exec:\7pjjp.exe109⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe110⤵
-
\??\c:\7xxxlxr.exec:\7xxxlxr.exe111⤵
-
\??\c:\rrfrfxf.exec:\rrfrfxf.exe112⤵
-
\??\c:\rlxxxfl.exec:\rlxxxfl.exe113⤵
-
\??\c:\nhbntb.exec:\nhbntb.exe114⤵
-
\??\c:\hhhbnh.exec:\hhhbnh.exe115⤵
-
\??\c:\btbhtt.exec:\btbhtt.exe116⤵
-
\??\c:\5vppj.exec:\5vppj.exe117⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9vppd.exec:\9vppd.exe118⤵
-
\??\c:\5jpvv.exec:\5jpvv.exe119⤵
-
\??\c:\1lxflfr.exec:\1lxflfr.exe120⤵
-
\??\c:\lfxrllr.exec:\lfxrllr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-