Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
08/09/2024, 19:06
General
-
Target
150d68770dd1daebd5489d5d068590640d2fd495898a863836e69db5a8378e54.exe
-
Size
383KB
-
MD5
e10912ffc2ce6d07940672e9f6dee201
-
SHA1
bd4aa760ce86808e11cbc8efc976640f9e2d5c8c
-
SHA256
150d68770dd1daebd5489d5d068590640d2fd495898a863836e69db5a8378e54
-
SHA512
0e6d55450664835cacafb40c662a94afb3dccacfb8f6799b5d0e54c5ac160fe4bff5282b630cebeed2ee3249bed909a2c39530787b9740be606f8b4826ac096a
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwv:n3C9uYA7okVqdKwaO5CVS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\150d68770dd1daebd5489d5d068590640d2fd495898a863836e69db5a8378e54.exe"C:\Users\Admin\AppData\Local\Temp\150d68770dd1daebd5489d5d068590640d2fd495898a863836e69db5a8378e54.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvdv.exec:\9dvdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthtb.exec:\bbthtb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxlrx.exec:\rrrxlrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhthh.exec:\bbhthh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrxlr.exec:\rffrxlr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnhn.exec:\tnnnhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jpjp.exec:\3jpjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxrlr.exec:\fxxxrlr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnhn.exec:\btnnhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjv.exec:\vvvjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttbh.exec:\hbttbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjj.exec:\pjdjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfrxfx.exec:\xxfrxfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnbbh.exec:\bnnbbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vpvv.exec:\5vpvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffflxxr.exec:\ffflxxr.exe17⤵
- Executes dropped EXE
-
\??\c:\jjjvp.exec:\jjjvp.exe18⤵
- Executes dropped EXE
-
\??\c:\rxrlrrl.exec:\rxrlrrl.exe19⤵
- Executes dropped EXE
-
\??\c:\3htbbh.exec:\3htbbh.exe20⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe21⤵
- Executes dropped EXE
-
\??\c:\fxlfllx.exec:\fxlfllx.exe22⤵
- Executes dropped EXE
-
\??\c:\hhtthh.exec:\hhtthh.exe23⤵
- Executes dropped EXE
-
\??\c:\lxrrffx.exec:\lxrrffx.exe24⤵
- Executes dropped EXE
-
\??\c:\rlrrxrx.exec:\rlrrxrx.exe25⤵
- Executes dropped EXE
-
\??\c:\vpppv.exec:\vpppv.exe26⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe27⤵
- Executes dropped EXE
-
\??\c:\tttthh.exec:\tttthh.exe28⤵
- Executes dropped EXE
-
\??\c:\vjdpv.exec:\vjdpv.exe29⤵
- Executes dropped EXE
-
\??\c:\5lrxxfl.exec:\5lrxxfl.exe30⤵
- Executes dropped EXE
-
\??\c:\7thhnh.exec:\7thhnh.exe31⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe32⤵
- Executes dropped EXE
-
\??\c:\lxlrrxl.exec:\lxlrrxl.exe33⤵
- Executes dropped EXE
-
\??\c:\dvjvv.exec:\dvjvv.exe34⤵
- Executes dropped EXE
-
\??\c:\9lrrxfr.exec:\9lrrxfr.exe35⤵
- Executes dropped EXE
-
\??\c:\5xrrrxf.exec:\5xrrrxf.exe36⤵
- Executes dropped EXE
-
\??\c:\ttnntt.exec:\ttnntt.exe37⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe38⤵
- Executes dropped EXE
-
\??\c:\7lxxffr.exec:\7lxxffr.exe39⤵
- Executes dropped EXE
-
\??\c:\xrxrrlr.exec:\xrxrrlr.exe40⤵
- Executes dropped EXE
-
\??\c:\bhttnn.exec:\bhttnn.exe41⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe42⤵
- Executes dropped EXE
-
\??\c:\1jdpv.exec:\1jdpv.exe43⤵
- Executes dropped EXE
-
\??\c:\rxxllfx.exec:\rxxllfx.exe44⤵
- Executes dropped EXE
-
\??\c:\nbttbt.exec:\nbttbt.exe45⤵
- Executes dropped EXE
-
\??\c:\3tnntt.exec:\3tnntt.exe46⤵
- Executes dropped EXE
-
\??\c:\1djpp.exec:\1djpp.exe47⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe48⤵
- Executes dropped EXE
-
\??\c:\rrfxfff.exec:\rrfxfff.exe49⤵
- Executes dropped EXE
-
\??\c:\hnhtbt.exec:\hnhtbt.exe50⤵
- Executes dropped EXE
-
\??\c:\hbnntb.exec:\hbnntb.exe51⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe52⤵
- Executes dropped EXE
-
\??\c:\rflffxf.exec:\rflffxf.exe53⤵
- Executes dropped EXE
-
\??\c:\3lffffl.exec:\3lffffl.exe54⤵
- Executes dropped EXE
-
\??\c:\7nhnnt.exec:\7nhnnt.exe55⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe56⤵
- Executes dropped EXE
-
\??\c:\1lfxfll.exec:\1lfxfll.exe57⤵
- Executes dropped EXE
-
\??\c:\5ffrrll.exec:\5ffrrll.exe58⤵
- Executes dropped EXE
-
\??\c:\tnttnt.exec:\tnttnt.exe59⤵
- Executes dropped EXE
-
\??\c:\jjpvv.exec:\jjpvv.exe60⤵
- Executes dropped EXE
-
\??\c:\ffxlxfr.exec:\ffxlxfr.exe61⤵
- Executes dropped EXE
-
\??\c:\xlxxrrl.exec:\xlxxrrl.exe62⤵
- Executes dropped EXE
-
\??\c:\3bnhbb.exec:\3bnhbb.exe63⤵
- Executes dropped EXE
-
\??\c:\7vpdj.exec:\7vpdj.exe64⤵
- Executes dropped EXE
-
\??\c:\flxrflx.exec:\flxrflx.exe65⤵
- Executes dropped EXE
-
\??\c:\lfrxflf.exec:\lfrxflf.exe66⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe67⤵
-
\??\c:\vjddd.exec:\vjddd.exe68⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe69⤵
-
\??\c:\7xllxfl.exec:\7xllxfl.exe70⤵
-
\??\c:\nhbtth.exec:\nhbtth.exe71⤵
-
\??\c:\7thhnt.exec:\7thhnt.exe72⤵
-
\??\c:\ddpvv.exec:\ddpvv.exe73⤵
-
\??\c:\rlxlrrf.exec:\rlxlrrf.exe74⤵
-
\??\c:\9xxrlrf.exec:\9xxrlrf.exe75⤵
-
\??\c:\ttthbn.exec:\ttthbn.exe76⤵
-
\??\c:\3djpv.exec:\3djpv.exe77⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe78⤵
-
\??\c:\lxlfrxl.exec:\lxlfrxl.exe79⤵
-
\??\c:\nhhnbn.exec:\nhhnbn.exe80⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe81⤵
-
\??\c:\9jpvd.exec:\9jpvd.exe82⤵
-
\??\c:\flffrxl.exec:\flffrxl.exe83⤵
-
\??\c:\thtttt.exec:\thtttt.exe84⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe85⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe86⤵
-
\??\c:\xlrlrxf.exec:\xlrlrxf.exe87⤵
-
\??\c:\7lrllfl.exec:\7lrllfl.exe88⤵
-
\??\c:\5bbtbh.exec:\5bbtbh.exe89⤵
-
\??\c:\nntttt.exec:\nntttt.exe90⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe91⤵
-
\??\c:\rrlfffr.exec:\rrlfffr.exe92⤵
-
\??\c:\fxrxflr.exec:\fxrxflr.exe93⤵
-
\??\c:\thtbnh.exec:\thtbnh.exe94⤵
-
\??\c:\thbbtt.exec:\thbbtt.exe95⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe96⤵
-
\??\c:\llxrlff.exec:\llxrlff.exe97⤵
-
\??\c:\ffrxxxx.exec:\ffrxxxx.exe98⤵
-
\??\c:\7tbttt.exec:\7tbttt.exe99⤵
-
\??\c:\pdpdj.exec:\pdpdj.exe100⤵
-
\??\c:\7djvj.exec:\7djvj.exe101⤵
-
\??\c:\llxflfl.exec:\llxflfl.exe102⤵
-
\??\c:\bhhbnh.exec:\bhhbnh.exe103⤵
-
\??\c:\9djvd.exec:\9djvd.exe104⤵
-
\??\c:\7vpvd.exec:\7vpvd.exe105⤵
-
\??\c:\ffxrfxf.exec:\ffxrfxf.exe106⤵
-
\??\c:\ttbtht.exec:\ttbtht.exe107⤵
-
\??\c:\9dvdp.exec:\9dvdp.exe108⤵
-
\??\c:\vppvj.exec:\vppvj.exe109⤵
-
\??\c:\5rffrrf.exec:\5rffrrf.exe110⤵
-
\??\c:\tbnhtt.exec:\tbnhtt.exe111⤵
-
\??\c:\vdpdj.exec:\vdpdj.exe112⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe113⤵
-
\??\c:\xrllrxf.exec:\xrllrxf.exe114⤵
-
\??\c:\ttttbh.exec:\ttttbh.exe115⤵
-
\??\c:\9tntth.exec:\9tntth.exe116⤵
-
\??\c:\dpppd.exec:\dpppd.exe117⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe118⤵
-
\??\c:\xrffrrx.exec:\xrffrrx.exe119⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe120⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-