Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
03/09/2024, 23:10
General
-
Target
7007ac6de02096b69a75fa2255f0e0f00d3b70c9d0c4122da2a3f81737cc9bac.exe
-
Size
82KB
-
MD5
0321db85b2e98db7f8c799fc1da15fce
-
SHA1
4df5c51ead9f140bbf826a83a07d09686b136110
-
SHA256
7007ac6de02096b69a75fa2255f0e0f00d3b70c9d0c4122da2a3f81737cc9bac
-
SHA512
e3ff7a9356f87faf78aa6910d7230829036a212ab9189c6cfb6119443425fd41ba52a5d39326140f845716731b89be4f3d824fe808c9c22ed4b3c894abde49bc
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QP:ymb3NkkiQ3mdBjFIIp9L9QrrA8Y
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7007ac6de02096b69a75fa2255f0e0f00d3b70c9d0c4122da2a3f81737cc9bac.exe"C:\Users\Admin\AppData\Local\Temp\7007ac6de02096b69a75fa2255f0e0f00d3b70c9d0c4122da2a3f81737cc9bac.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnttb.exec:\1bnttb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhtnb.exec:\hbhtnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpj.exec:\jvjpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrfxlx.exec:\ffrfxlx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhbt.exec:\nnhhbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpv.exec:\ddvpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frxflf.exec:\3frxflf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pdvd.exec:\5pdvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdj.exec:\pjpdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frffflr.exec:\frffflr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xlxxlf.exec:\3xlxxlf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhnn.exec:\tnbhnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppd.exec:\ddppd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrlrl.exec:\ffxrlrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlrlxr.exec:\rxlrlxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvvj.exec:\1jvvj.exe17⤵
- Executes dropped EXE
-
\??\c:\djjdj.exec:\djjdj.exe18⤵
- Executes dropped EXE
-
\??\c:\xfxlfxx.exec:\xfxlfxx.exe19⤵
- Executes dropped EXE
-
\??\c:\7tthth.exec:\7tthth.exe20⤵
- Executes dropped EXE
-
\??\c:\hnhtnt.exec:\hnhtnt.exe21⤵
- Executes dropped EXE
-
\??\c:\djddv.exec:\djddv.exe22⤵
- Executes dropped EXE
-
\??\c:\1fxfrxf.exec:\1fxfrxf.exe23⤵
- Executes dropped EXE
-
\??\c:\rrxxlrr.exec:\rrxxlrr.exe24⤵
- Executes dropped EXE
-
\??\c:\tbhhbb.exec:\tbhhbb.exe25⤵
- Executes dropped EXE
-
\??\c:\1pppj.exec:\1pppj.exe26⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe27⤵
- Executes dropped EXE
-
\??\c:\lfrflxl.exec:\lfrflxl.exe28⤵
- Executes dropped EXE
-
\??\c:\nnhnnn.exec:\nnhnnn.exe29⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe30⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe31⤵
- Executes dropped EXE
-
\??\c:\fflxfll.exec:\fflxfll.exe32⤵
- Executes dropped EXE
-
\??\c:\tnhhnt.exec:\tnhhnt.exe33⤵
- Executes dropped EXE
-
\??\c:\9hnbnh.exec:\9hnbnh.exe34⤵
- Executes dropped EXE
-
\??\c:\7jdjj.exec:\7jdjj.exe35⤵
- Executes dropped EXE
-
\??\c:\xrlrlrf.exec:\xrlrlrf.exe36⤵
- Executes dropped EXE
-
\??\c:\rlxlfrf.exec:\rlxlfrf.exe37⤵
- Executes dropped EXE
-
\??\c:\nnbttt.exec:\nnbttt.exe38⤵
- Executes dropped EXE
-
\??\c:\7nhtbh.exec:\7nhtbh.exe39⤵
- Executes dropped EXE
-
\??\c:\tnnhth.exec:\tnnhth.exe40⤵
- Executes dropped EXE
-
\??\c:\jjvjj.exec:\jjvjj.exe41⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe42⤵
- Executes dropped EXE
-
\??\c:\xlxfrrf.exec:\xlxfrrf.exe43⤵
- Executes dropped EXE
-
\??\c:\rrrfrrl.exec:\rrrfrrl.exe44⤵
- Executes dropped EXE
-
\??\c:\tnhhtt.exec:\tnhhtt.exe45⤵
- Executes dropped EXE
-
\??\c:\ddpdp.exec:\ddpdp.exe46⤵
- Executes dropped EXE
-
\??\c:\ddvdd.exec:\ddvdd.exe47⤵
- Executes dropped EXE
-
\??\c:\rrxrfrl.exec:\rrxrfrl.exe48⤵
- Executes dropped EXE
-
\??\c:\fffllrl.exec:\fffllrl.exe49⤵
- Executes dropped EXE
-
\??\c:\bthbth.exec:\bthbth.exe50⤵
- Executes dropped EXE
-
\??\c:\5nnbnt.exec:\5nnbnt.exe51⤵
- Executes dropped EXE
-
\??\c:\jjjdp.exec:\jjjdp.exe52⤵
- Executes dropped EXE
-
\??\c:\ppddp.exec:\ppddp.exe53⤵
- Executes dropped EXE
-
\??\c:\xxlrflf.exec:\xxlrflf.exe54⤵
- Executes dropped EXE
-
\??\c:\9rlfrrl.exec:\9rlfrrl.exe55⤵
- Executes dropped EXE
-
\??\c:\btbtnb.exec:\btbtnb.exe56⤵
- Executes dropped EXE
-
\??\c:\bbhhnh.exec:\bbhhnh.exe57⤵
- Executes dropped EXE
-
\??\c:\jjpdj.exec:\jjpdj.exe58⤵
- Executes dropped EXE
-
\??\c:\ppjpd.exec:\ppjpd.exe59⤵
- Executes dropped EXE
-
\??\c:\ffxllxr.exec:\ffxllxr.exe60⤵
- Executes dropped EXE
-
\??\c:\bbnnnh.exec:\bbnnnh.exe61⤵
- Executes dropped EXE
-
\??\c:\1ttnnb.exec:\1ttnnb.exe62⤵
- Executes dropped EXE
-
\??\c:\dddpj.exec:\dddpj.exe63⤵
- Executes dropped EXE
-
\??\c:\3jpdp.exec:\3jpdp.exe64⤵
- Executes dropped EXE
-
\??\c:\7lxrxlf.exec:\7lxrxlf.exe65⤵
- Executes dropped EXE
-
\??\c:\xxrxflx.exec:\xxrxflx.exe66⤵
-
\??\c:\tttnbn.exec:\tttnbn.exe67⤵
-
\??\c:\bbtnbn.exec:\bbtnbn.exe68⤵
-
\??\c:\5jvdp.exec:\5jvdp.exe69⤵
-
\??\c:\djdvp.exec:\djdvp.exe70⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe71⤵
-
\??\c:\xxxrrrr.exec:\xxxrrrr.exe72⤵
-
\??\c:\rrfxrfr.exec:\rrfxrfr.exe73⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe74⤵
-
\??\c:\1hhtnt.exec:\1hhtnt.exe75⤵
-
\??\c:\djjvp.exec:\djjvp.exe76⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe77⤵
-
\??\c:\rxrrlrr.exec:\rxrrlrr.exe78⤵
-
\??\c:\xrlxflr.exec:\xrlxflr.exe79⤵
-
\??\c:\1bhbbb.exec:\1bhbbb.exe80⤵
-
\??\c:\9nhbht.exec:\9nhbht.exe81⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe82⤵
-
\??\c:\vdpvp.exec:\vdpvp.exe83⤵
-
\??\c:\lllxrxf.exec:\lllxrxf.exe84⤵
-
\??\c:\xrrlflf.exec:\xrrlflf.exe85⤵
-
\??\c:\3hhnnt.exec:\3hhnnt.exe86⤵
-
\??\c:\tttbnt.exec:\tttbnt.exe87⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe88⤵
-
\??\c:\3pjvj.exec:\3pjvj.exe89⤵
-
\??\c:\rllrfrf.exec:\rllrfrf.exe90⤵
-
\??\c:\rxxfxxl.exec:\rxxfxxl.exe91⤵
-
\??\c:\tnbhbb.exec:\tnbhbb.exe92⤵
-
\??\c:\5bbnbh.exec:\5bbnbh.exe93⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe94⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe95⤵
-
\??\c:\9rflrxf.exec:\9rflrxf.exe96⤵
-
\??\c:\5lxfllx.exec:\5lxfllx.exe97⤵
-
\??\c:\frrxlxr.exec:\frrxlxr.exe98⤵
-
\??\c:\bthnth.exec:\bthnth.exe99⤵
-
\??\c:\1nbbhh.exec:\1nbbhh.exe100⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe101⤵
-
\??\c:\7dvvj.exec:\7dvvj.exe102⤵
-
\??\c:\rlxfffx.exec:\rlxfffx.exe103⤵
-
\??\c:\lllxlrf.exec:\lllxlrf.exe104⤵
-
\??\c:\9htbnn.exec:\9htbnn.exe105⤵
-
\??\c:\7tbnnb.exec:\7tbnnb.exe106⤵
-
\??\c:\7dddd.exec:\7dddd.exe107⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ppjvp.exec:\ppjvp.exe108⤵
-
\??\c:\ffxxflf.exec:\ffxxflf.exe109⤵
-
\??\c:\3lfrrff.exec:\3lfrrff.exe110⤵
-
\??\c:\1btbnn.exec:\1btbnn.exe111⤵
-
\??\c:\5nhtnt.exec:\5nhtnt.exe112⤵
-
\??\c:\bbbnht.exec:\bbbnht.exe113⤵
-
\??\c:\9vjvj.exec:\9vjvj.exe114⤵
-
\??\c:\djvdd.exec:\djvdd.exe115⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rxrxlrl.exec:\rxrxlrl.exe116⤵
-
\??\c:\9xxlxfr.exec:\9xxlxfr.exe117⤵
-
\??\c:\hnthbh.exec:\hnthbh.exe118⤵
-
\??\c:\ttnttb.exec:\ttnttb.exe119⤵
-
\??\c:\jvppd.exec:\jvppd.exe120⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-