Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
06/09/2024, 11:35
General
-
Target
fbf00f864740fdb9976f3908477d49a0N.exe
-
Size
82KB
-
MD5
fbf00f864740fdb9976f3908477d49a0
-
SHA1
408bae2e147edbfdaa456abc2b14fb6141f9a941
-
SHA256
b6d058d4e9d28e480b300d0ecdd55320cc6d57b251812569f36c77b649217c56
-
SHA512
7b3e8354ce7862134a48205a507bc43c5d5c1f23354f6f5122307e7ead1c16c5a33f144fb598dd077f82cf2328c77cb5d2e43d141dac911cb93b14710a096ddc
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89Q3:ymb3NkkiQ3mdBjFIIp9L9QrrA8O
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fbf00f864740fdb9976f3908477d49a0N.exe"C:\Users\Admin\AppData\Local\Temp\fbf00f864740fdb9976f3908477d49a0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\btntnt.exec:\btntnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvv.exec:\ppvvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvd.exec:\pppvd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lffrxx.exec:\3lffrxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhthn.exec:\nnhthn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpp.exec:\ppjpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdjv.exec:\vvdjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbnn.exec:\hhtbnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdd.exec:\vpvdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvjd.exec:\ppvjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfrrx.exec:\xxrfrrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tntnh.exec:\7tntnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdjj.exec:\7jdjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxxrx.exec:\rlxxxrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrfllf.exec:\1xrfllf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhth.exec:\nhbhth.exe17⤵
- Executes dropped EXE
-
\??\c:\bbbtbh.exec:\bbbtbh.exe18⤵
- Executes dropped EXE
-
\??\c:\ppjpp.exec:\ppjpp.exe19⤵
- Executes dropped EXE
-
\??\c:\xrflxfl.exec:\xrflxfl.exe20⤵
- Executes dropped EXE
-
\??\c:\1xlfllr.exec:\1xlfllr.exe21⤵
- Executes dropped EXE
-
\??\c:\nnhntb.exec:\nnhntb.exe22⤵
- Executes dropped EXE
-
\??\c:\bththt.exec:\bththt.exe23⤵
- Executes dropped EXE
-
\??\c:\pppjp.exec:\pppjp.exe24⤵
- Executes dropped EXE
-
\??\c:\lxrlxrx.exec:\lxrlxrx.exe25⤵
- Executes dropped EXE
-
\??\c:\xrfrxfl.exec:\xrfrxfl.exe26⤵
- Executes dropped EXE
-
\??\c:\nnnbnt.exec:\nnnbnt.exe27⤵
- Executes dropped EXE
-
\??\c:\hthntt.exec:\hthntt.exe28⤵
- Executes dropped EXE
-
\??\c:\7vjjj.exec:\7vjjj.exe29⤵
- Executes dropped EXE
-
\??\c:\xxxlfxr.exec:\xxxlfxr.exe30⤵
- Executes dropped EXE
-
\??\c:\hbtbnt.exec:\hbtbnt.exe31⤵
- Executes dropped EXE
-
\??\c:\bhnbbh.exec:\bhnbbh.exe32⤵
- Executes dropped EXE
-
\??\c:\9jvvd.exec:\9jvvd.exe33⤵
- Executes dropped EXE
-
\??\c:\lfxxflf.exec:\lfxxflf.exe34⤵
- Executes dropped EXE
-
\??\c:\rlflrlr.exec:\rlflrlr.exe35⤵
- Executes dropped EXE
-
\??\c:\3ffrxfl.exec:\3ffrxfl.exe36⤵
- Executes dropped EXE
-
\??\c:\btnbnb.exec:\btnbnb.exe37⤵
- Executes dropped EXE
-
\??\c:\1bbtnt.exec:\1bbtnt.exe38⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe39⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe40⤵
- Executes dropped EXE
-
\??\c:\xflfllr.exec:\xflfllr.exe41⤵
- Executes dropped EXE
-
\??\c:\9nhhnt.exec:\9nhhnt.exe42⤵
- Executes dropped EXE
-
\??\c:\tnnttt.exec:\tnnttt.exe43⤵
- Executes dropped EXE
-
\??\c:\5dpdp.exec:\5dpdp.exe44⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe45⤵
- Executes dropped EXE
-
\??\c:\1pppp.exec:\1pppp.exe46⤵
- Executes dropped EXE
-
\??\c:\xrrrlrx.exec:\xrrrlrx.exe47⤵
- Executes dropped EXE
-
\??\c:\rrlrffl.exec:\rrlrffl.exe48⤵
- Executes dropped EXE
-
\??\c:\7nbhbh.exec:\7nbhbh.exe49⤵
- Executes dropped EXE
-
\??\c:\httbbh.exec:\httbbh.exe50⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe51⤵
- Executes dropped EXE
-
\??\c:\3jddp.exec:\3jddp.exe52⤵
- Executes dropped EXE
-
\??\c:\1xrxxff.exec:\1xrxxff.exe53⤵
- Executes dropped EXE
-
\??\c:\xrlfflr.exec:\xrlfflr.exe54⤵
- Executes dropped EXE
-
\??\c:\hntttn.exec:\hntttn.exe55⤵
- Executes dropped EXE
-
\??\c:\3hhbtn.exec:\3hhbtn.exe56⤵
- Executes dropped EXE
-
\??\c:\3vjpv.exec:\3vjpv.exe57⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe58⤵
- Executes dropped EXE
-
\??\c:\5xrrxfl.exec:\5xrrxfl.exe59⤵
- Executes dropped EXE
-
\??\c:\xrfflfl.exec:\xrfflfl.exe60⤵
- Executes dropped EXE
-
\??\c:\thnttt.exec:\thnttt.exe61⤵
- Executes dropped EXE
-
\??\c:\ntbbhh.exec:\ntbbhh.exe62⤵
- Executes dropped EXE
-
\??\c:\thhhth.exec:\thhhth.exe63⤵
- Executes dropped EXE
-
\??\c:\9vjjd.exec:\9vjjd.exe64⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe65⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xrfxrrf.exec:\xrfxrrf.exe66⤵
-
\??\c:\rrffllr.exec:\rrffllr.exe67⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe68⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe69⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe70⤵
-
\??\c:\7vpdd.exec:\7vpdd.exe71⤵
-
\??\c:\3ffflll.exec:\3ffflll.exe72⤵
-
\??\c:\3xllrxx.exec:\3xllrxx.exe73⤵
-
\??\c:\rlrflrx.exec:\rlrflrx.exe74⤵
-
\??\c:\hbttbn.exec:\hbttbn.exe75⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe76⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe77⤵
-
\??\c:\xlrrxlr.exec:\xlrrxlr.exe78⤵
-
\??\c:\xlrxllr.exec:\xlrxllr.exe79⤵
-
\??\c:\btnbbn.exec:\btnbbn.exe80⤵
-
\??\c:\bntbnb.exec:\bntbnb.exe81⤵
-
\??\c:\bnhbhb.exec:\bnhbhb.exe82⤵
-
\??\c:\vjppj.exec:\vjppj.exe83⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe84⤵
-
\??\c:\xrrlxfl.exec:\xrrlxfl.exe85⤵
-
\??\c:\5frrfxx.exec:\5frrfxx.exe86⤵
-
\??\c:\3nbttb.exec:\3nbttb.exe87⤵
-
\??\c:\3thhbt.exec:\3thhbt.exe88⤵
-
\??\c:\7bthbb.exec:\7bthbb.exe89⤵
-
\??\c:\9vddj.exec:\9vddj.exe90⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe91⤵
-
\??\c:\3lxxrlr.exec:\3lxxrlr.exe92⤵
-
\??\c:\frllrlr.exec:\frllrlr.exe93⤵
-
\??\c:\nbtbbb.exec:\nbtbbb.exe94⤵
-
\??\c:\hbtbbh.exec:\hbtbbh.exe95⤵
-
\??\c:\dpddp.exec:\dpddp.exe96⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe97⤵
-
\??\c:\xrxffrx.exec:\xrxffrx.exe98⤵
-
\??\c:\rrfrrfr.exec:\rrfrrfr.exe99⤵
-
\??\c:\lxllffr.exec:\lxllffr.exe100⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nbhhnt.exec:\nbhhnt.exe101⤵
-
\??\c:\thnhtt.exec:\thnhtt.exe102⤵
-
\??\c:\5pppj.exec:\5pppj.exe103⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe104⤵
-
\??\c:\dvppj.exec:\dvppj.exe105⤵
-
\??\c:\rlxfxxl.exec:\rlxfxxl.exe106⤵
-
\??\c:\3rlrllx.exec:\3rlrllx.exe107⤵
-
\??\c:\hhthbn.exec:\hhthbn.exe108⤵
-
\??\c:\hthhhn.exec:\hthhhn.exe109⤵
-
\??\c:\5jppd.exec:\5jppd.exe110⤵
-
\??\c:\7ddvp.exec:\7ddvp.exe111⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe112⤵
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe113⤵
-
\??\c:\xrflxrf.exec:\xrflxrf.exe114⤵
-
\??\c:\thttbb.exec:\thttbb.exe115⤵
-
\??\c:\nhbbnt.exec:\nhbbnt.exe116⤵
-
\??\c:\7ppjj.exec:\7ppjj.exe117⤵
-
\??\c:\3dppj.exec:\3dppj.exe118⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe119⤵
-
\??\c:\lxllxrr.exec:\lxllxrr.exe120⤵
-
\??\c:\fxfrrxx.exec:\fxfrrxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-