Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
07/09/2024, 19:52
General
-
Target
611add48cf659fa4a6b087e5e24760c0N.exe
-
Size
74KB
-
MD5
611add48cf659fa4a6b087e5e24760c0
-
SHA1
08234f9d305a7e7901b5b91c0d72d816713d8476
-
SHA256
b99adcc758adb65c1a32f4b55473160a24699c7e631aea031f16faf428d5347d
-
SHA512
d048599818e5819e6b73561383cd7f27ea2aa477ce0474159a61c41a6628d054300d1bf11c996f722deec75b7388572bf19c1580dd6ce06a441d78ea193649a6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89OGvrFVHmPS:ymb3NkkiQ3mdBjFIvl358nLA89OMFVHv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\611add48cf659fa4a6b087e5e24760c0N.exe"C:\Users\Admin\AppData\Local\Temp\611add48cf659fa4a6b087e5e24760c0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\llxlxfl.exec:\llxlxfl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnthh.exec:\3nnthh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddd.exec:\pvddd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbntbb.exec:\hbntbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdp.exec:\vvpdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbbb.exec:\ttbbbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvj.exec:\dvjvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrffxf.exec:\rfrffxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntbb.exec:\bbntbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpd.exec:\jdvpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlrfl.exec:\llrlrfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bthbb.exec:\5bthbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntbn.exec:\bbntbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpvd.exec:\9jpvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllffr.exec:\lfllffr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhthn.exec:\3bhthn.exe17⤵
- Executes dropped EXE
-
\??\c:\5tthht.exec:\5tthht.exe18⤵
- Executes dropped EXE
-
\??\c:\pjdjd.exec:\pjdjd.exe19⤵
- Executes dropped EXE
-
\??\c:\7ffxrrl.exec:\7ffxrrl.exe20⤵
- Executes dropped EXE
-
\??\c:\thbttb.exec:\thbttb.exe21⤵
- Executes dropped EXE
-
\??\c:\hbntnb.exec:\hbntnb.exe22⤵
- Executes dropped EXE
-
\??\c:\3ddpj.exec:\3ddpj.exe23⤵
- Executes dropped EXE
-
\??\c:\rrrrflr.exec:\rrrrflr.exe24⤵
- Executes dropped EXE
-
\??\c:\fxxllrf.exec:\fxxllrf.exe25⤵
- Executes dropped EXE
-
\??\c:\tbbnhn.exec:\tbbnhn.exe26⤵
- Executes dropped EXE
-
\??\c:\dddjv.exec:\dddjv.exe27⤵
- Executes dropped EXE
-
\??\c:\5rlfrlx.exec:\5rlfrlx.exe28⤵
- Executes dropped EXE
-
\??\c:\bbhhtt.exec:\bbhhtt.exe29⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe30⤵
- Executes dropped EXE
-
\??\c:\vddpj.exec:\vddpj.exe31⤵
- Executes dropped EXE
-
\??\c:\rrlrrxx.exec:\rrlrrxx.exe32⤵
- Executes dropped EXE
-
\??\c:\tnhttb.exec:\tnhttb.exe33⤵
- Executes dropped EXE
-
\??\c:\9jvjv.exec:\9jvjv.exe34⤵
- Executes dropped EXE
-
\??\c:\flflxfx.exec:\flflxfx.exe35⤵
- Executes dropped EXE
-
\??\c:\rlxfrrl.exec:\rlxfrrl.exe36⤵
- Executes dropped EXE
-
\??\c:\tnnbnt.exec:\tnnbnt.exe37⤵
- Executes dropped EXE
-
\??\c:\1vvpd.exec:\1vvpd.exe38⤵
- Executes dropped EXE
-
\??\c:\vvpdj.exec:\vvpdj.exe39⤵
- Executes dropped EXE
-
\??\c:\fxfllrl.exec:\fxfllrl.exe40⤵
- Executes dropped EXE
-
\??\c:\xrfxfll.exec:\xrfxfll.exe41⤵
- Executes dropped EXE
-
\??\c:\btnbtb.exec:\btnbtb.exe42⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe43⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe44⤵
- Executes dropped EXE
-
\??\c:\9rlrlrf.exec:\9rlrlrf.exe45⤵
- Executes dropped EXE
-
\??\c:\9lffrlf.exec:\9lffrlf.exe46⤵
- Executes dropped EXE
-
\??\c:\hhtbnb.exec:\hhtbnb.exe47⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe48⤵
- Executes dropped EXE
-
\??\c:\dvdjj.exec:\dvdjj.exe49⤵
- Executes dropped EXE
-
\??\c:\rrxxfrf.exec:\rrxxfrf.exe50⤵
- Executes dropped EXE
-
\??\c:\btnnhh.exec:\btnnhh.exe51⤵
- Executes dropped EXE
-
\??\c:\nnhnnb.exec:\nnhnnb.exe52⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe53⤵
- Executes dropped EXE
-
\??\c:\flxfxxx.exec:\flxfxxx.exe54⤵
- Executes dropped EXE
-
\??\c:\xrllrxl.exec:\xrllrxl.exe55⤵
- Executes dropped EXE
-
\??\c:\nthhth.exec:\nthhth.exe56⤵
- Executes dropped EXE
-
\??\c:\jjppv.exec:\jjppv.exe57⤵
- Executes dropped EXE
-
\??\c:\pvjjj.exec:\pvjjj.exe58⤵
- Executes dropped EXE
-
\??\c:\7xxflll.exec:\7xxflll.exe59⤵
- Executes dropped EXE
-
\??\c:\xxrxrxl.exec:\xxrxrxl.exe60⤵
- Executes dropped EXE
-
\??\c:\hbntbh.exec:\hbntbh.exe61⤵
- Executes dropped EXE
-
\??\c:\hnhbnb.exec:\hnhbnb.exe62⤵
- Executes dropped EXE
-
\??\c:\vvpjj.exec:\vvpjj.exe63⤵
- Executes dropped EXE
-
\??\c:\lfrxffl.exec:\lfrxffl.exe64⤵
- Executes dropped EXE
-
\??\c:\llflxfr.exec:\llflxfr.exe65⤵
- Executes dropped EXE
-
\??\c:\nnbthb.exec:\nnbthb.exe66⤵
-
\??\c:\hhbntb.exec:\hhbntb.exe67⤵
-
\??\c:\9pdjp.exec:\9pdjp.exe68⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe69⤵
-
\??\c:\rrflrlf.exec:\rrflrlf.exe70⤵
-
\??\c:\1rrfrxr.exec:\1rrfrxr.exe71⤵
-
\??\c:\nnhttb.exec:\nnhttb.exe72⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe73⤵
-
\??\c:\vdppd.exec:\vdppd.exe74⤵
-
\??\c:\lllllrf.exec:\lllllrf.exe75⤵
-
\??\c:\bthnbt.exec:\bthnbt.exe76⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe77⤵
-
\??\c:\7jdvp.exec:\7jdvp.exe78⤵
-
\??\c:\pvvvd.exec:\pvvvd.exe79⤵
-
\??\c:\rrxrxxx.exec:\rrxrxxx.exe80⤵
-
\??\c:\hhbbbh.exec:\hhbbbh.exe81⤵
-
\??\c:\7bnnhn.exec:\7bnnhn.exe82⤵
-
\??\c:\vpddj.exec:\vpddj.exe83⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe84⤵
- System Location Discovery: System Language Discovery
-
\??\c:\fxlrflf.exec:\fxlrflf.exe85⤵
-
\??\c:\3nnbht.exec:\3nnbht.exe86⤵
-
\??\c:\ttbbht.exec:\ttbbht.exe87⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe88⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe89⤵
-
\??\c:\xxllflr.exec:\xxllflr.exe90⤵
-
\??\c:\7hthht.exec:\7hthht.exe91⤵
-
\??\c:\nnbhhb.exec:\nnbhhb.exe92⤵
-
\??\c:\7dvvj.exec:\7dvvj.exe93⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe94⤵
-
\??\c:\lrrfxrf.exec:\lrrfxrf.exe95⤵
-
\??\c:\hbtthn.exec:\hbtthn.exe96⤵
-
\??\c:\thtnnh.exec:\thtnnh.exe97⤵
-
\??\c:\djpdp.exec:\djpdp.exe98⤵
-
\??\c:\dddpp.exec:\dddpp.exe99⤵
-
\??\c:\3frlrxr.exec:\3frlrxr.exe100⤵
-
\??\c:\rrrfflr.exec:\rrrfflr.exe101⤵
-
\??\c:\9tnhhh.exec:\9tnhhh.exe102⤵
-
\??\c:\hbbbhb.exec:\hbbbhb.exe103⤵
-
\??\c:\7pjjd.exec:\7pjjd.exe104⤵
-
\??\c:\xxlxflx.exec:\xxlxflx.exe105⤵
-
\??\c:\1rlrlrx.exec:\1rlrlrx.exe106⤵
-
\??\c:\hbbbbh.exec:\hbbbbh.exe107⤵
-
\??\c:\9nntbb.exec:\9nntbb.exe108⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe109⤵
-
\??\c:\lxrlrrf.exec:\lxrlrrf.exe110⤵
-
\??\c:\lflxxxf.exec:\lflxxxf.exe111⤵
-
\??\c:\hbnhtt.exec:\hbnhtt.exe112⤵
-
\??\c:\1dvdv.exec:\1dvdv.exe113⤵
-
\??\c:\rlrxlxf.exec:\rlrxlxf.exe114⤵
-
\??\c:\1fxflrf.exec:\1fxflrf.exe115⤵
-
\??\c:\bbtttb.exec:\bbtttb.exe116⤵
-
\??\c:\nnbbbb.exec:\nnbbbb.exe117⤵
-
\??\c:\vppvv.exec:\vppvv.exe118⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe119⤵
-
\??\c:\xrrrrxl.exec:\xrrrrxl.exe120⤵
-
\??\c:\rrrffff.exec:\rrrffff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-