Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
02/09/2024, 01:04
General
-
Target
5f21ac1f06ad83af166db002e2c7a8cd0bd3473f996599ee20c081f8a781a1ed.exe
-
Size
230KB
-
MD5
d36ab0bd58ada2d5fb9f6560c8d8bf30
-
SHA1
4a5bba862c57082a57dbc212d5ea77bc8052e2c3
-
SHA256
5f21ac1f06ad83af166db002e2c7a8cd0bd3473f996599ee20c081f8a781a1ed
-
SHA512
7bfa5722700e4d1b02c93d19efdf9b5e7aaa8ca26c89e177fa2bf6dcfe66c5446e584087bd83ae7b5349c7af8d047b702a34dd4a8a5c7fff734529825cbb6d9b
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLn/c1f7:n3C9BRo7MlrWKo+lxKk1f7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5f21ac1f06ad83af166db002e2c7a8cd0bd3473f996599ee20c081f8a781a1ed.exe"C:\Users\Admin\AppData\Local\Temp\5f21ac1f06ad83af166db002e2c7a8cd0bd3473f996599ee20c081f8a781a1ed.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbnb.exec:\hhhbnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvd.exec:\ddvvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjv.exec:\pppjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffxfr.exec:\lfffxfr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnht.exec:\nttnht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7frxlrr.exec:\7frxlrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbtb.exec:\bbbbtb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrfxr.exec:\llfrfxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bntht.exec:\3bntht.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddv.exec:\jjddv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxllf.exec:\xrlxllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhth.exec:\nnnhth.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vppj.exec:\1vppj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnbt.exec:\tttnbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhnt.exec:\bbhhnt.exe17⤵
- Executes dropped EXE
-
\??\c:\llxlxfr.exec:\llxlxfr.exe18⤵
- Executes dropped EXE
-
\??\c:\7bnthn.exec:\7bnthn.exe19⤵
- Executes dropped EXE
-
\??\c:\djjvv.exec:\djjvv.exe20⤵
- Executes dropped EXE
-
\??\c:\frfrlxf.exec:\frfrlxf.exe21⤵
- Executes dropped EXE
-
\??\c:\tthnht.exec:\tthnht.exe22⤵
- Executes dropped EXE
-
\??\c:\ppdpj.exec:\ppdpj.exe23⤵
- Executes dropped EXE
-
\??\c:\3xllrfl.exec:\3xllrfl.exe24⤵
- Executes dropped EXE
-
\??\c:\bbntht.exec:\bbntht.exe25⤵
- Executes dropped EXE
-
\??\c:\xrlxrxr.exec:\xrlxrxr.exe26⤵
- Executes dropped EXE
-
\??\c:\llxlflx.exec:\llxlflx.exe27⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe28⤵
- Executes dropped EXE
-
\??\c:\9rxrrfx.exec:\9rxrrfx.exe29⤵
- Executes dropped EXE
-
\??\c:\tnbntt.exec:\tnbntt.exe30⤵
- Executes dropped EXE
-
\??\c:\vdvjj.exec:\vdvjj.exe31⤵
- Executes dropped EXE
-
\??\c:\rrrffxl.exec:\rrrffxl.exe32⤵
- Executes dropped EXE
-
\??\c:\bbbnbh.exec:\bbbnbh.exe33⤵
- Executes dropped EXE
-
\??\c:\3xxlxfr.exec:\3xxlxfr.exe34⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rrfrfxx.exec:\rrfrfxx.exe35⤵
- Executes dropped EXE
-
\??\c:\9hthth.exec:\9hthth.exe36⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe37⤵
- Executes dropped EXE
-
\??\c:\3jjpv.exec:\3jjpv.exe38⤵
- Executes dropped EXE
-
\??\c:\3frrffr.exec:\3frrffr.exe39⤵
- Executes dropped EXE
-
\??\c:\5lllrxl.exec:\5lllrxl.exe40⤵
- Executes dropped EXE
-
\??\c:\7hnntb.exec:\7hnntb.exe41⤵
- Executes dropped EXE
-
\??\c:\vppdv.exec:\vppdv.exe42⤵
- Executes dropped EXE
-
\??\c:\xrxxrff.exec:\xrxxrff.exe43⤵
- Executes dropped EXE
-
\??\c:\1rllxxl.exec:\1rllxxl.exe44⤵
- Executes dropped EXE
-
\??\c:\7btbbn.exec:\7btbbn.exe45⤵
- Executes dropped EXE
-
\??\c:\7tnntb.exec:\7tnntb.exe46⤵
- Executes dropped EXE
-
\??\c:\1jjpp.exec:\1jjpp.exe47⤵
- Executes dropped EXE
-
\??\c:\fxrxflx.exec:\fxrxflx.exe48⤵
- Executes dropped EXE
-
\??\c:\7bhtbn.exec:\7bhtbn.exe49⤵
- Executes dropped EXE
-
\??\c:\hhnbht.exec:\hhnbht.exe50⤵
- Executes dropped EXE
-
\??\c:\7pvpv.exec:\7pvpv.exe51⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe52⤵
- Executes dropped EXE
-
\??\c:\xrrxlfl.exec:\xrrxlfl.exe53⤵
- Executes dropped EXE
-
\??\c:\7ttbhn.exec:\7ttbhn.exe54⤵
- Executes dropped EXE
-
\??\c:\jpjvd.exec:\jpjvd.exe55⤵
- Executes dropped EXE
-
\??\c:\pjjpj.exec:\pjjpj.exe56⤵
- Executes dropped EXE
-
\??\c:\rxffrrx.exec:\rxffrrx.exe57⤵
- Executes dropped EXE
-
\??\c:\rlxxlll.exec:\rlxxlll.exe58⤵
- Executes dropped EXE
-
\??\c:\9thntb.exec:\9thntb.exe59⤵
- Executes dropped EXE
-
\??\c:\5vjpj.exec:\5vjpj.exe60⤵
- Executes dropped EXE
-
\??\c:\ddjjp.exec:\ddjjp.exe61⤵
- Executes dropped EXE
-
\??\c:\xxrrffr.exec:\xxrrffr.exe62⤵
- Executes dropped EXE
-
\??\c:\9fxfffr.exec:\9fxfffr.exe63⤵
- Executes dropped EXE
-
\??\c:\hbbtht.exec:\hbbtht.exe64⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe65⤵
- Executes dropped EXE
-
\??\c:\jjddv.exec:\jjddv.exe66⤵
-
\??\c:\lfflxxl.exec:\lfflxxl.exe67⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe68⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe69⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe70⤵
-
\??\c:\lllxfrx.exec:\lllxfrx.exe71⤵
-
\??\c:\xlxlrxf.exec:\xlxlrxf.exe72⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe73⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe74⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe75⤵
-
\??\c:\lllxlrf.exec:\lllxlrf.exe76⤵
-
\??\c:\btnthh.exec:\btnthh.exe77⤵
-
\??\c:\3btbtn.exec:\3btbtn.exe78⤵
-
\??\c:\5vpdj.exec:\5vpdj.exe79⤵
-
\??\c:\xffrlrl.exec:\xffrlrl.exe80⤵
-
\??\c:\xxlxxfr.exec:\xxlxxfr.exe81⤵
-
\??\c:\bhhnbh.exec:\bhhnbh.exe82⤵
-
\??\c:\1vjpj.exec:\1vjpj.exe83⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe84⤵
-
\??\c:\xrflrxr.exec:\xrflrxr.exe85⤵
-
\??\c:\9hntbh.exec:\9hntbh.exe86⤵
-
\??\c:\9nnthn.exec:\9nnthn.exe87⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe88⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe89⤵
-
\??\c:\9fxflrl.exec:\9fxflrl.exe90⤵
-
\??\c:\htthbt.exec:\htthbt.exe91⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe92⤵
-
\??\c:\ppvjj.exec:\ppvjj.exe93⤵
-
\??\c:\fxflflr.exec:\fxflflr.exe94⤵
-
\??\c:\xrffrrf.exec:\xrffrrf.exe95⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe96⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe97⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe98⤵
-
\??\c:\xxfrlrf.exec:\xxfrlrf.exe99⤵
-
\??\c:\hbtbhb.exec:\hbtbhb.exe100⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nhbntb.exec:\nhbntb.exe101⤵
-
\??\c:\dvppv.exec:\dvppv.exe102⤵
-
\??\c:\llrxrxx.exec:\llrxrxx.exe103⤵
-
\??\c:\rlfflll.exec:\rlfflll.exe104⤵
-
\??\c:\bttbtt.exec:\bttbtt.exe105⤵
-
\??\c:\hnbbbt.exec:\hnbbbt.exe106⤵
-
\??\c:\jppjj.exec:\jppjj.exe107⤵
-
\??\c:\lflllxl.exec:\lflllxl.exe108⤵
-
\??\c:\rlxfllx.exec:\rlxfllx.exe109⤵
-
\??\c:\3nhnhn.exec:\3nhnhn.exe110⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe111⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe112⤵
-
\??\c:\1xrfrlf.exec:\1xrfrlf.exe113⤵
-
\??\c:\bbhbbn.exec:\bbhbbn.exe114⤵
-
\??\c:\btntth.exec:\btntth.exe115⤵
-
\??\c:\1vvdp.exec:\1vvdp.exe116⤵
-
\??\c:\pdddj.exec:\pdddj.exe117⤵
-
\??\c:\lxrrxxl.exec:\lxrrxxl.exe118⤵
-
\??\c:\hnbhnt.exec:\hnbhnt.exe119⤵
-
\??\c:\nhbhbb.exec:\nhbhbb.exe120⤵
-
\??\c:\vvdjv.exec:\vvdjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-