Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
08/09/2024, 19:20
General
-
Target
1a2321e84b672b1896ab762da561f6282448e152de5e73904ecf6b41905bcf6b.exe
-
Size
230KB
-
MD5
517281f7bd56a43094ec1300f76f4e2f
-
SHA1
26235c95e67a2e5cd3869d5e0c49658c9f6bbef6
-
SHA256
1a2321e84b672b1896ab762da561f6282448e152de5e73904ecf6b41905bcf6b
-
SHA512
d2b334d69248fe135cbbb75bd9145dc22b95ede8048302ac8bda138a16b2c3fdf60de55c531a6ced06bbfe1cd0ddc36169ebc12ac568fab67df5e043a7ac02ea
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLn/c1fE:n3C9BRo7MlrWKo+lxKk1c
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a2321e84b672b1896ab762da561f6282448e152de5e73904ecf6b41905bcf6b.exe"C:\Users\Admin\AppData\Local\Temp\1a2321e84b672b1896ab762da561f6282448e152de5e73904ecf6b41905bcf6b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddp.exec:\pjddp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrrxxl.exec:\lxrrxxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btbbn.exec:\9btbbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffffrxr.exec:\ffffrxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntnn.exec:\nhntnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdp.exec:\dvvdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrlrf.exec:\rrlrlrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxrrx.exec:\lxlxrrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbthh.exec:\bnbthh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjv.exec:\dvdjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rlrxfl.exec:\5rlrxfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhtht.exec:\5nhtht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppd.exec:\ddppd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rllrrx.exec:\5rllrrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hntbt.exec:\3hntbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpd.exec:\vpjpd.exe17⤵
- Executes dropped EXE
-
\??\c:\9vpvd.exec:\9vpvd.exe18⤵
- Executes dropped EXE
-
\??\c:\3fllrlr.exec:\3fllrlr.exe19⤵
- Executes dropped EXE
-
\??\c:\nnhnbh.exec:\nnhnbh.exe20⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe21⤵
- Executes dropped EXE
-
\??\c:\rxfxflx.exec:\rxfxflx.exe22⤵
- Executes dropped EXE
-
\??\c:\3fxfllr.exec:\3fxfllr.exe23⤵
- Executes dropped EXE
-
\??\c:\5thhtt.exec:\5thhtt.exe24⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe25⤵
- Executes dropped EXE
-
\??\c:\frrrxxf.exec:\frrrxxf.exe26⤵
- Executes dropped EXE
-
\??\c:\bththn.exec:\bththn.exe27⤵
- Executes dropped EXE
-
\??\c:\jjdjj.exec:\jjdjj.exe28⤵
- Executes dropped EXE
-
\??\c:\9rfrrrx.exec:\9rfrrrx.exe29⤵
- Executes dropped EXE
-
\??\c:\9frlrrx.exec:\9frlrrx.exe30⤵
- Executes dropped EXE
-
\??\c:\bbbnth.exec:\bbbnth.exe31⤵
- Executes dropped EXE
-
\??\c:\jpjvp.exec:\jpjvp.exe32⤵
- Executes dropped EXE
-
\??\c:\ffrlxfl.exec:\ffrlxfl.exe33⤵
- Executes dropped EXE
-
\??\c:\nhbhhn.exec:\nhbhhn.exe34⤵
- Executes dropped EXE
-
\??\c:\9vjpv.exec:\9vjpv.exe35⤵
- Executes dropped EXE
-
\??\c:\jdjjp.exec:\jdjjp.exe36⤵
- Executes dropped EXE
-
\??\c:\rlffrfr.exec:\rlffrfr.exe37⤵
- Executes dropped EXE
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe38⤵
- Executes dropped EXE
-
\??\c:\tnbnth.exec:\tnbnth.exe39⤵
- Executes dropped EXE
-
\??\c:\hbtbhn.exec:\hbtbhn.exe40⤵
- Executes dropped EXE
-
\??\c:\7vdjv.exec:\7vdjv.exe41⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe42⤵
- Executes dropped EXE
-
\??\c:\xxllxxr.exec:\xxllxxr.exe43⤵
- Executes dropped EXE
-
\??\c:\hbnntb.exec:\hbnntb.exe44⤵
- Executes dropped EXE
-
\??\c:\3httbh.exec:\3httbh.exe45⤵
- Executes dropped EXE
-
\??\c:\dvppp.exec:\dvppp.exe46⤵
- Executes dropped EXE
-
\??\c:\vvdvd.exec:\vvdvd.exe47⤵
- Executes dropped EXE
-
\??\c:\3llrlfr.exec:\3llrlfr.exe48⤵
- Executes dropped EXE
-
\??\c:\rlxflrf.exec:\rlxflrf.exe49⤵
- Executes dropped EXE
-
\??\c:\nhntbn.exec:\nhntbn.exe50⤵
- Executes dropped EXE
-
\??\c:\1tbnbb.exec:\1tbnbb.exe51⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe52⤵
- Executes dropped EXE
-
\??\c:\rlrrrxl.exec:\rlrrrxl.exe53⤵
- Executes dropped EXE
-
\??\c:\lxlxllx.exec:\lxlxllx.exe54⤵
- Executes dropped EXE
-
\??\c:\rfrfrrx.exec:\rfrfrrx.exe55⤵
- Executes dropped EXE
-
\??\c:\bthnbb.exec:\bthnbb.exe56⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe57⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe58⤵
- Executes dropped EXE
-
\??\c:\llxlxxf.exec:\llxlxxf.exe59⤵
- Executes dropped EXE
-
\??\c:\9rrlxxl.exec:\9rrlxxl.exe60⤵
- Executes dropped EXE
-
\??\c:\tnbhnb.exec:\tnbhnb.exe61⤵
- Executes dropped EXE
-
\??\c:\dvjvd.exec:\dvjvd.exe62⤵
- Executes dropped EXE
-
\??\c:\dpvvd.exec:\dpvvd.exe63⤵
- Executes dropped EXE
-
\??\c:\frflfxf.exec:\frflfxf.exe64⤵
- Executes dropped EXE
-
\??\c:\rlxflrx.exec:\rlxflrx.exe65⤵
- Executes dropped EXE
-
\??\c:\hhnnbh.exec:\hhnnbh.exe66⤵
-
\??\c:\btntbb.exec:\btntbb.exe67⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe68⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe69⤵
-
\??\c:\lfrrllr.exec:\lfrrllr.exe70⤵
-
\??\c:\xrrxxxl.exec:\xrrxxxl.exe71⤵
-
\??\c:\3nhhbb.exec:\3nhhbb.exe72⤵
-
\??\c:\httnbb.exec:\httnbb.exe73⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe74⤵
-
\??\c:\7jvjp.exec:\7jvjp.exe75⤵
-
\??\c:\frfxffl.exec:\frfxffl.exe76⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe77⤵
-
\??\c:\nhhntb.exec:\nhhntb.exe78⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe79⤵
-
\??\c:\7dppv.exec:\7dppv.exe80⤵
-
\??\c:\lxfxfxf.exec:\lxfxfxf.exe81⤵
-
\??\c:\lxxxxxf.exec:\lxxxxxf.exe82⤵
-
\??\c:\nbhbhb.exec:\nbhbhb.exe83⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe84⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe85⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe86⤵
-
\??\c:\rffxfxf.exec:\rffxfxf.exe87⤵
-
\??\c:\frllxxf.exec:\frllxxf.exe88⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tbhhbb.exec:\tbhhbb.exe89⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe90⤵
-
\??\c:\1pdjj.exec:\1pdjj.exe91⤵
-
\??\c:\llflrrx.exec:\llflrrx.exe92⤵
-
\??\c:\xlxfffl.exec:\xlxfffl.exe93⤵
-
\??\c:\hbthht.exec:\hbthht.exe94⤵
-
\??\c:\9hnhtn.exec:\9hnhtn.exe95⤵
-
\??\c:\9jjpd.exec:\9jjpd.exe96⤵
-
\??\c:\dpddj.exec:\dpddj.exe97⤵
-
\??\c:\lfxxllf.exec:\lfxxllf.exe98⤵
-
\??\c:\lrflffx.exec:\lrflffx.exe99⤵
-
\??\c:\hbtthn.exec:\hbtthn.exe100⤵
-
\??\c:\tbnnhh.exec:\tbnnhh.exe101⤵
-
\??\c:\vdjvd.exec:\vdjvd.exe102⤵
-
\??\c:\9jvdj.exec:\9jvdj.exe103⤵
-
\??\c:\ffrrfxf.exec:\ffrrfxf.exe104⤵
-
\??\c:\hthnnn.exec:\hthnnn.exe105⤵
-
\??\c:\ttbbtt.exec:\ttbbtt.exe106⤵
-
\??\c:\1dddp.exec:\1dddp.exe107⤵
-
\??\c:\1dpdd.exec:\1dpdd.exe108⤵
-
\??\c:\lxrllrx.exec:\lxrllrx.exe109⤵
-
\??\c:\fflxflf.exec:\fflxflf.exe110⤵
-
\??\c:\tbtbth.exec:\tbtbth.exe111⤵
-
\??\c:\tnhtbt.exec:\tnhtbt.exe112⤵
-
\??\c:\pdppd.exec:\pdppd.exe113⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe114⤵
-
\??\c:\7frxfff.exec:\7frxfff.exe115⤵
-
\??\c:\7fxxflx.exec:\7fxxflx.exe116⤵
-
\??\c:\hthbnn.exec:\hthbnn.exe117⤵
-
\??\c:\nnthhb.exec:\nnthhb.exe118⤵
-
\??\c:\7jvdp.exec:\7jvdp.exe119⤵
-
\??\c:\7ffrrxf.exec:\7ffrrxf.exe120⤵
-
\??\c:\7lxxrrf.exec:\7lxxrrf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-