Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
12/09/2024, 00:15
General
-
Target
9e24ad5032d147257f8028ed085d3566259cabddbc49c5233023710be036cb88.exe
-
Size
64KB
-
MD5
9a668fa652ac1a713627c30cd3138ee8
-
SHA1
b523013488088104ad80804151f2257279ea20f3
-
SHA256
9e24ad5032d147257f8028ed085d3566259cabddbc49c5233023710be036cb88
-
SHA512
554bcab275a338d5d4d4d1c541a95ca2457c4ceaca4ee38e26d6d1966674d09c0b9e6d9ad1b8f2baec472faca69253be4ad94792dc3ccc2c48fa5c9f90d88230
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27B1N:ymb3NkkiQ3mdBjFI9cz
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9e24ad5032d147257f8028ed085d3566259cabddbc49c5233023710be036cb88.exe"C:\Users\Admin\AppData\Local\Temp\9e24ad5032d147257f8028ed085d3566259cabddbc49c5233023710be036cb88.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvv.exec:\dvpvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvd.exec:\dpdvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlflrf.exec:\lxlflrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnnt.exec:\hhnnnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvd.exec:\dvvvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dppv.exec:\3dppv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrxxf.exec:\xrfrxxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjv.exec:\jjdjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrrxx.exec:\ffrrrxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfllxf.exec:\llfllxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnbh.exec:\hthnbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppd.exec:\pjppd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppv.exec:\vvppv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfxxl.exec:\fxrfxxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ntntb.exec:\3ntntb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djppv.exec:\djppv.exe17⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe18⤵
- Executes dropped EXE
-
\??\c:\ffxlxxf.exec:\ffxlxxf.exe19⤵
- Executes dropped EXE
-
\??\c:\thnhbn.exec:\thnhbn.exe20⤵
- Executes dropped EXE
-
\??\c:\hhnbbh.exec:\hhnbbh.exe21⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe22⤵
- Executes dropped EXE
-
\??\c:\ffxlflx.exec:\ffxlflx.exe23⤵
- Executes dropped EXE
-
\??\c:\xllxfrr.exec:\xllxfrr.exe24⤵
- Executes dropped EXE
-
\??\c:\7nhnnb.exec:\7nhnnb.exe25⤵
- Executes dropped EXE
-
\??\c:\5dpjp.exec:\5dpjp.exe26⤵
- Executes dropped EXE
-
\??\c:\jdddp.exec:\jdddp.exe27⤵
- Executes dropped EXE
-
\??\c:\7xlrrxl.exec:\7xlrrxl.exe28⤵
- Executes dropped EXE
-
\??\c:\bnbnth.exec:\bnbnth.exe29⤵
- Executes dropped EXE
-
\??\c:\9nhhtb.exec:\9nhhtb.exe30⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe31⤵
- Executes dropped EXE
-
\??\c:\ffxflrf.exec:\ffxflrf.exe32⤵
- Executes dropped EXE
-
\??\c:\tbhtnb.exec:\tbhtnb.exe33⤵
- Executes dropped EXE
-
\??\c:\1ttnnn.exec:\1ttnnn.exe34⤵
- Executes dropped EXE
-
\??\c:\pppvd.exec:\pppvd.exe35⤵
- Executes dropped EXE
-
\??\c:\rflxxrl.exec:\rflxxrl.exe36⤵
- Executes dropped EXE
-
\??\c:\xxffrfr.exec:\xxffrfr.exe37⤵
- Executes dropped EXE
-
\??\c:\lfrxflr.exec:\lfrxflr.exe38⤵
- Executes dropped EXE
-
\??\c:\5bnbbn.exec:\5bnbbn.exe39⤵
- Executes dropped EXE
-
\??\c:\btnhth.exec:\btnhth.exe40⤵
- Executes dropped EXE
-
\??\c:\jvpdj.exec:\jvpdj.exe41⤵
- Executes dropped EXE
-
\??\c:\lrxllxr.exec:\lrxllxr.exe42⤵
- Executes dropped EXE
-
\??\c:\llffxrx.exec:\llffxrx.exe43⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe44⤵
- Executes dropped EXE
-
\??\c:\3bbbhn.exec:\3bbbhn.exe45⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe46⤵
- Executes dropped EXE
-
\??\c:\ffffffl.exec:\ffffffl.exe47⤵
- Executes dropped EXE
-
\??\c:\rlrfrxl.exec:\rlrfrxl.exe48⤵
- Executes dropped EXE
-
\??\c:\hbnnbb.exec:\hbnnbb.exe49⤵
- Executes dropped EXE
-
\??\c:\ttbbbn.exec:\ttbbbn.exe50⤵
- Executes dropped EXE
-
\??\c:\7jppv.exec:\7jppv.exe51⤵
- Executes dropped EXE
-
\??\c:\1vvjv.exec:\1vvjv.exe52⤵
- Executes dropped EXE
-
\??\c:\nhbhnt.exec:\nhbhnt.exe53⤵
- Executes dropped EXE
-
\??\c:\vvvdv.exec:\vvvdv.exe54⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe55⤵
- Executes dropped EXE
-
\??\c:\lfxrfxl.exec:\lfxrfxl.exe56⤵
- Executes dropped EXE
-
\??\c:\hbnbnn.exec:\hbnbnn.exe57⤵
- Executes dropped EXE
-
\??\c:\hhbntb.exec:\hhbntb.exe58⤵
- Executes dropped EXE
-
\??\c:\ppdpd.exec:\ppdpd.exe59⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe60⤵
- Executes dropped EXE
-
\??\c:\rlrxffx.exec:\rlrxffx.exe61⤵
- Executes dropped EXE
-
\??\c:\flrffxx.exec:\flrffxx.exe62⤵
- Executes dropped EXE
-
\??\c:\1tbbnt.exec:\1tbbnt.exe63⤵
- Executes dropped EXE
-
\??\c:\9tntbh.exec:\9tntbh.exe64⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe65⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe66⤵
-
\??\c:\3rfxlrf.exec:\3rfxlrf.exe67⤵
-
\??\c:\xffxfrr.exec:\xffxfrr.exe68⤵
-
\??\c:\nnbhhh.exec:\nnbhhh.exe69⤵
-
\??\c:\1nhtnh.exec:\1nhtnh.exe70⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe71⤵
-
\??\c:\fflfrrx.exec:\fflfrrx.exe72⤵
-
\??\c:\xflfrxr.exec:\xflfrxr.exe73⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe74⤵
-
\??\c:\bhthbb.exec:\bhthbb.exe75⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe76⤵
-
\??\c:\vdjpj.exec:\vdjpj.exe77⤵
-
\??\c:\lflllrr.exec:\lflllrr.exe78⤵
-
\??\c:\rfxfllr.exec:\rfxfllr.exe79⤵
-
\??\c:\5nnbnn.exec:\5nnbnn.exe80⤵
-
\??\c:\1hnntn.exec:\1hnntn.exe81⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe82⤵
-
\??\c:\pjddj.exec:\pjddj.exe83⤵
-
\??\c:\3rlflxf.exec:\3rlflxf.exe84⤵
-
\??\c:\tnbhtt.exec:\tnbhtt.exe85⤵
-
\??\c:\3bhntt.exec:\3bhntt.exe86⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe87⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe88⤵
-
\??\c:\frllxfx.exec:\frllxfx.exe89⤵
-
\??\c:\5hthnb.exec:\5hthnb.exe90⤵
-
\??\c:\nbnnbb.exec:\nbnnbb.exe91⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe92⤵
-
\??\c:\7dppp.exec:\7dppp.exe93⤵
-
\??\c:\fxrflrf.exec:\fxrflrf.exe94⤵
-
\??\c:\fxxrxxf.exec:\fxxrxxf.exe95⤵
-
\??\c:\hbttbh.exec:\hbttbh.exe96⤵
-
\??\c:\btnhnt.exec:\btnhnt.exe97⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe98⤵
-
\??\c:\dpddv.exec:\dpddv.exe99⤵
-
\??\c:\fxlflrx.exec:\fxlflrx.exe100⤵
-
\??\c:\xrfxxfl.exec:\xrfxxfl.exe101⤵
-
\??\c:\hthntn.exec:\hthntn.exe102⤵
-
\??\c:\bthhbh.exec:\bthhbh.exe103⤵
-
\??\c:\1vjpd.exec:\1vjpd.exe104⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe105⤵
-
\??\c:\flfflrf.exec:\flfflrf.exe106⤵
-
\??\c:\1rxrffr.exec:\1rxrffr.exe107⤵
-
\??\c:\5hbnbb.exec:\5hbnbb.exe108⤵
-
\??\c:\tnhttb.exec:\tnhttb.exe109⤵
-
\??\c:\dddvd.exec:\dddvd.exe110⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe111⤵
-
\??\c:\lffflrx.exec:\lffflrx.exe112⤵
-
\??\c:\7tthtb.exec:\7tthtb.exe113⤵
-
\??\c:\3hnhtb.exec:\3hnhtb.exe114⤵
-
\??\c:\3bthht.exec:\3bthht.exe115⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe116⤵
-
\??\c:\vvppd.exec:\vvppd.exe117⤵
-
\??\c:\rrlrrrf.exec:\rrlrrrf.exe118⤵
-
\??\c:\1xrlrfl.exec:\1xrlrfl.exe119⤵
-
\??\c:\3nhthh.exec:\3nhthh.exe120⤵
-
\??\c:\hhbnnn.exec:\hhbnnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-