Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
08/09/2024, 09:56
General
-
Target
37e3a9a9a84561752662f01ed2495200N.exe
-
Size
65KB
-
MD5
37e3a9a9a84561752662f01ed2495200
-
SHA1
f8c3ca95bcca24d1d48e4ba98b65c6978de13a9a
-
SHA256
71a55f3d8cbe5f2ae85be40a1a93201c0f7d05bf130b1972cfab78b8997fa8bb
-
SHA512
58bf401f6f5d8b0c5314579f77b0338ff20382ad2a6e3a8a8a2673a614ed0709d03b130cab294f69d35c2a2cb3c401dbbbf2437af1670a7d63ffd7dd6dc57102
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxe6a:ymb3NkkiQ3mdBjF0y7kbUv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\37e3a9a9a84561752662f01ed2495200N.exe"C:\Users\Admin\AppData\Local\Temp\37e3a9a9a84561752662f01ed2495200N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lllllxx.exec:\lllllxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlllllr.exec:\xlllllr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tnnbh.exec:\3tnnbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vpvd.exec:\5vpvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rfflfl.exec:\5rfflfl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrffr.exec:\rfxrffr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttntbn.exec:\ttntbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjdp.exec:\9pjdp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrfrxf.exec:\ffrfrxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrffl.exec:\rlfrffl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhntb.exec:\bnhntb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjjj.exec:\1vjjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdpj.exec:\djdpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrlxxf.exec:\1rrlxxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbntbh.exec:\hbntbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnth.exec:\hhnnth.exe17⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe18⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe19⤵
- Executes dropped EXE
-
\??\c:\fxlrlxf.exec:\fxlrlxf.exe20⤵
- Executes dropped EXE
-
\??\c:\rlfrxxl.exec:\rlfrxxl.exe21⤵
- Executes dropped EXE
-
\??\c:\tnbhtn.exec:\tnbhtn.exe22⤵
- Executes dropped EXE
-
\??\c:\dvvvv.exec:\dvvvv.exe23⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe24⤵
- Executes dropped EXE
-
\??\c:\lfrfxxr.exec:\lfrfxxr.exe25⤵
- Executes dropped EXE
-
\??\c:\xflllxr.exec:\xflllxr.exe26⤵
- Executes dropped EXE
-
\??\c:\nnbbbn.exec:\nnbbbn.exe27⤵
- Executes dropped EXE
-
\??\c:\3pjdj.exec:\3pjdj.exe28⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe29⤵
- Executes dropped EXE
-
\??\c:\xrxxffl.exec:\xrxxffl.exe30⤵
- Executes dropped EXE
-
\??\c:\xrfrxxf.exec:\xrfrxxf.exe31⤵
- Executes dropped EXE
-
\??\c:\7htttt.exec:\7htttt.exe32⤵
- Executes dropped EXE
-
\??\c:\nhnthn.exec:\nhnthn.exe33⤵
- Executes dropped EXE
-
\??\c:\vjvjp.exec:\vjvjp.exe34⤵
- Executes dropped EXE
-
\??\c:\pjpdj.exec:\pjpdj.exe35⤵
- Executes dropped EXE
-
\??\c:\lfrflxf.exec:\lfrflxf.exe36⤵
- Executes dropped EXE
-
\??\c:\3rxxfxf.exec:\3rxxfxf.exe37⤵
- Executes dropped EXE
-
\??\c:\hbnnhh.exec:\hbnnhh.exe38⤵
- Executes dropped EXE
-
\??\c:\tnbtbb.exec:\tnbtbb.exe39⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe40⤵
- Executes dropped EXE
-
\??\c:\ddjjp.exec:\ddjjp.exe41⤵
- Executes dropped EXE
-
\??\c:\rlxlllr.exec:\rlxlllr.exe42⤵
- Executes dropped EXE
-
\??\c:\5xxlfrl.exec:\5xxlfrl.exe43⤵
- Executes dropped EXE
-
\??\c:\thbthn.exec:\thbthn.exe44⤵
- Executes dropped EXE
-
\??\c:\tnnhnt.exec:\tnnhnt.exe45⤵
- Executes dropped EXE
-
\??\c:\9vpvv.exec:\9vpvv.exe46⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe47⤵
- Executes dropped EXE
-
\??\c:\3lrxxfl.exec:\3lrxxfl.exe48⤵
- Executes dropped EXE
-
\??\c:\9lxxlfl.exec:\9lxxlfl.exe49⤵
- Executes dropped EXE
-
\??\c:\bbntbh.exec:\bbntbh.exe50⤵
- Executes dropped EXE
-
\??\c:\jvpvp.exec:\jvpvp.exe51⤵
- Executes dropped EXE
-
\??\c:\9pjdj.exec:\9pjdj.exe52⤵
- Executes dropped EXE
-
\??\c:\1lffrfl.exec:\1lffrfl.exe53⤵
- Executes dropped EXE
-
\??\c:\fxrrffr.exec:\fxrrffr.exe54⤵
- Executes dropped EXE
-
\??\c:\btnhnh.exec:\btnhnh.exe55⤵
- Executes dropped EXE
-
\??\c:\jpjdj.exec:\jpjdj.exe56⤵
- Executes dropped EXE
-
\??\c:\xlrllrl.exec:\xlrllrl.exe57⤵
- Executes dropped EXE
-
\??\c:\xllxxxx.exec:\xllxxxx.exe58⤵
- Executes dropped EXE
-
\??\c:\hbhbtn.exec:\hbhbtn.exe59⤵
- Executes dropped EXE
-
\??\c:\tbbbbb.exec:\tbbbbb.exe60⤵
- Executes dropped EXE
-
\??\c:\vppdp.exec:\vppdp.exe61⤵
- Executes dropped EXE
-
\??\c:\vjpdj.exec:\vjpdj.exe62⤵
- Executes dropped EXE
-
\??\c:\5flllff.exec:\5flllff.exe63⤵
- Executes dropped EXE
-
\??\c:\3rxxrxf.exec:\3rxxrxf.exe64⤵
- Executes dropped EXE
-
\??\c:\hthttb.exec:\hthttb.exe65⤵
- Executes dropped EXE
-
\??\c:\nhbnbb.exec:\nhbnbb.exe66⤵
-
\??\c:\9pdpj.exec:\9pdpj.exe67⤵
-
\??\c:\3vppd.exec:\3vppd.exe68⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe69⤵
-
\??\c:\lxxxfff.exec:\lxxxfff.exe70⤵
-
\??\c:\xllrrlr.exec:\xllrrlr.exe71⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe72⤵
-
\??\c:\hbbnhb.exec:\hbbnhb.exe73⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe74⤵
-
\??\c:\jvvdd.exec:\jvvdd.exe75⤵
-
\??\c:\9rllfxl.exec:\9rllfxl.exe76⤵
-
\??\c:\ffxlffr.exec:\ffxlffr.exe77⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe78⤵
-
\??\c:\5hthth.exec:\5hthth.exe79⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe80⤵
-
\??\c:\1dvjj.exec:\1dvjj.exe81⤵
-
\??\c:\frffffl.exec:\frffffl.exe82⤵
-
\??\c:\xrlrxfx.exec:\xrlrxfx.exe83⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tnbbbb.exec:\tnbbbb.exe84⤵
-
\??\c:\nhtnnh.exec:\nhtnnh.exe85⤵
-
\??\c:\jjvjj.exec:\jjvjj.exe86⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe87⤵
-
\??\c:\xlxfrxf.exec:\xlxfrxf.exe88⤵
-
\??\c:\fxxxlrr.exec:\fxxxlrr.exe89⤵
-
\??\c:\thbnht.exec:\thbnht.exe90⤵
-
\??\c:\nbnbtn.exec:\nbnbtn.exe91⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe92⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe93⤵
-
\??\c:\rlxfllx.exec:\rlxfllx.exe94⤵
-
\??\c:\xrllxxf.exec:\xrllxxf.exe95⤵
-
\??\c:\nbntbh.exec:\nbntbh.exe96⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe97⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe98⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe99⤵
-
\??\c:\lfxxxfl.exec:\lfxxxfl.exe100⤵
-
\??\c:\fxxxffl.exec:\fxxxffl.exe101⤵
-
\??\c:\btbnhh.exec:\btbnhh.exe102⤵
-
\??\c:\7dddd.exec:\7dddd.exe103⤵
-
\??\c:\1dpvv.exec:\1dpvv.exe104⤵
-
\??\c:\3fxrxfl.exec:\3fxrxfl.exe105⤵
-
\??\c:\rxlxflf.exec:\rxlxflf.exe106⤵
-
\??\c:\9ttbbn.exec:\9ttbbn.exe107⤵
-
\??\c:\nhthnt.exec:\nhthnt.exe108⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe109⤵
-
\??\c:\dpjpv.exec:\dpjpv.exe110⤵
-
\??\c:\rfxrxxl.exec:\rfxrxxl.exe111⤵
-
\??\c:\fffrrlx.exec:\fffrrlx.exe112⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe113⤵
-
\??\c:\bnhhbt.exec:\bnhhbt.exe114⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe115⤵
-
\??\c:\vvpvv.exec:\vvpvv.exe116⤵
-
\??\c:\xlfflrx.exec:\xlfflrx.exe117⤵
-
\??\c:\llflrxr.exec:\llflrxr.exe118⤵
-
\??\c:\bbhhnt.exec:\bbhhnt.exe119⤵
-
\??\c:\5thbhn.exec:\5thbhn.exe120⤵
-
\??\c:\7dpvd.exec:\7dpvd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-