Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
12/09/2024, 01:58
General
-
Target
d134fa96e96898f8f9ae773760844e9304d97d3224a33a4425e088c1c8e90251.exe
-
Size
124KB
-
MD5
d76ffc4a45ebdc52e58b8a72354c76d6
-
SHA1
392a3eac1f5d8cc812d4d222df51c2e1916cf79e
-
SHA256
d134fa96e96898f8f9ae773760844e9304d97d3224a33a4425e088c1c8e90251
-
SHA512
e616f2b27b5153b065f0167df2c8835c7c87949b52c22ffafe07230ec8f5f2dcea35301075aa677fa2d7ee6c888c2f0e6a4373207c1cf1a0c60c76279bba5bcb
-
SSDEEP
3072:ymb3NkkiQ3mdBjFomR7UsyJC+n0GsgcD2:n3C9BRomRph+0GsgcK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d134fa96e96898f8f9ae773760844e9304d97d3224a33a4425e088c1c8e90251.exe"C:\Users\Admin\AppData\Local\Temp\d134fa96e96898f8f9ae773760844e9304d97d3224a33a4425e088c1c8e90251.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9btbnt.exec:\9btbnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjd.exec:\djjjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflxrxx.exec:\xflxrxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrffxr.exec:\ffrffxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbthn.exec:\nnbthn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdj.exec:\pjjdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vpdp.exec:\3vpdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bnntt.exec:\9bnntt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjj.exec:\vppjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrfllx.exec:\ffrfllx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthth.exec:\bbthth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdv.exec:\dvjdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdjv.exec:\7pdjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflrrx.exec:\lfflrrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thtnh.exec:\3thtnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvd.exec:\dpdvd.exe17⤵
- Executes dropped EXE
-
\??\c:\1jjvj.exec:\1jjvj.exe18⤵
- Executes dropped EXE
-
\??\c:\fxlrflx.exec:\fxlrflx.exe19⤵
- Executes dropped EXE
-
\??\c:\thnntt.exec:\thnntt.exe20⤵
- Executes dropped EXE
-
\??\c:\hbtbnn.exec:\hbtbnn.exe21⤵
- Executes dropped EXE
-
\??\c:\dpppv.exec:\dpppv.exe22⤵
- Executes dropped EXE
-
\??\c:\lfxfrrf.exec:\lfxfrrf.exe23⤵
- Executes dropped EXE
-
\??\c:\fllxfxx.exec:\fllxfxx.exe24⤵
- Executes dropped EXE
-
\??\c:\httbhn.exec:\httbhn.exe25⤵
- Executes dropped EXE
-
\??\c:\dvpjj.exec:\dvpjj.exe26⤵
- Executes dropped EXE
-
\??\c:\5frrxxx.exec:\5frrxxx.exe27⤵
- Executes dropped EXE
-
\??\c:\rxxfxxl.exec:\rxxfxxl.exe28⤵
- Executes dropped EXE
-
\??\c:\tnbthb.exec:\tnbthb.exe29⤵
- Executes dropped EXE
-
\??\c:\jppdj.exec:\jppdj.exe30⤵
- Executes dropped EXE
-
\??\c:\dvjvv.exec:\dvjvv.exe31⤵
- Executes dropped EXE
-
\??\c:\lffflll.exec:\lffflll.exe32⤵
- Executes dropped EXE
-
\??\c:\nhtbnb.exec:\nhtbnb.exe33⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe34⤵
- Executes dropped EXE
-
\??\c:\9pppd.exec:\9pppd.exe35⤵
- Executes dropped EXE
-
\??\c:\1rrxffr.exec:\1rrxffr.exe36⤵
- Executes dropped EXE
-
\??\c:\lfllxrf.exec:\lfllxrf.exe37⤵
- Executes dropped EXE
-
\??\c:\hbtbtb.exec:\hbtbtb.exe38⤵
- Executes dropped EXE
-
\??\c:\5pddv.exec:\5pddv.exe39⤵
- Executes dropped EXE
-
\??\c:\lfllxxf.exec:\lfllxxf.exe40⤵
- Executes dropped EXE
-
\??\c:\1lffllr.exec:\1lffllr.exe41⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe42⤵
- Executes dropped EXE
-
\??\c:\9nbhtt.exec:\9nbhtt.exe43⤵
- Executes dropped EXE
-
\??\c:\9vjvv.exec:\9vjvv.exe44⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe45⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fflllrr.exec:\fflllrr.exe46⤵
- Executes dropped EXE
-
\??\c:\lflrflr.exec:\lflrflr.exe47⤵
- Executes dropped EXE
-
\??\c:\rrffrrx.exec:\rrffrrx.exe48⤵
- Executes dropped EXE
-
\??\c:\tnthtb.exec:\tnthtb.exe49⤵
- Executes dropped EXE
-
\??\c:\9pjdv.exec:\9pjdv.exe50⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe51⤵
- Executes dropped EXE
-
\??\c:\7xlffff.exec:\7xlffff.exe52⤵
- Executes dropped EXE
-
\??\c:\rlrfrrl.exec:\rlrfrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\xrxflrr.exec:\xrxflrr.exe54⤵
- Executes dropped EXE
-
\??\c:\htnbbb.exec:\htnbbb.exe55⤵
- Executes dropped EXE
-
\??\c:\ntttbn.exec:\ntttbn.exe56⤵
- Executes dropped EXE
-
\??\c:\dvvvd.exec:\dvvvd.exe57⤵
- Executes dropped EXE
-
\??\c:\pdvdp.exec:\pdvdp.exe58⤵
- Executes dropped EXE
-
\??\c:\5xfxlff.exec:\5xfxlff.exe59⤵
- Executes dropped EXE
-
\??\c:\ffffxfl.exec:\ffffxfl.exe60⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fxrlfrf.exec:\fxrlfrf.exe61⤵
- Executes dropped EXE
-
\??\c:\hbnntt.exec:\hbnntt.exe62⤵
- Executes dropped EXE
-
\??\c:\jvvdp.exec:\jvvdp.exe63⤵
- Executes dropped EXE
-
\??\c:\ddpdv.exec:\ddpdv.exe64⤵
- Executes dropped EXE
-
\??\c:\llxrxxx.exec:\llxrxxx.exe65⤵
- Executes dropped EXE
-
\??\c:\hbthtn.exec:\hbthtn.exe66⤵
-
\??\c:\9nhtbh.exec:\9nhtbh.exe67⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe68⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe69⤵
-
\??\c:\xrlrfrr.exec:\xrlrfrr.exe70⤵
-
\??\c:\fxlfrfx.exec:\fxlfrfx.exe71⤵
-
\??\c:\7tbthn.exec:\7tbthn.exe72⤵
-
\??\c:\nhhhtb.exec:\nhhhtb.exe73⤵
-
\??\c:\dddvj.exec:\dddvj.exe74⤵
-
\??\c:\1fxrflr.exec:\1fxrflr.exe75⤵
-
\??\c:\lflxflx.exec:\lflxflx.exe76⤵
-
\??\c:\bhhhnh.exec:\bhhhnh.exe77⤵
-
\??\c:\nbhbbt.exec:\nbhbbt.exe78⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe79⤵
-
\??\c:\1vvpv.exec:\1vvpv.exe80⤵
-
\??\c:\flrlxrx.exec:\flrlxrx.exe81⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe82⤵
-
\??\c:\hntbhh.exec:\hntbhh.exe83⤵
-
\??\c:\pjddp.exec:\pjddp.exe84⤵
-
\??\c:\7ppdj.exec:\7ppdj.exe85⤵
-
\??\c:\5rlrfll.exec:\5rlrfll.exe86⤵
-
\??\c:\3ffrflx.exec:\3ffrflx.exe87⤵
-
\??\c:\htbhbb.exec:\htbhbb.exe88⤵
-
\??\c:\bbntht.exec:\bbntht.exe89⤵
-
\??\c:\pjddp.exec:\pjddp.exe90⤵
-
\??\c:\djdjj.exec:\djdjj.exe91⤵
-
\??\c:\3lrlrff.exec:\3lrlrff.exe92⤵
-
\??\c:\bhhbbb.exec:\bhhbbb.exe93⤵
-
\??\c:\nnbthh.exec:\nnbthh.exe94⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe95⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe96⤵
-
\??\c:\frfxfxx.exec:\frfxfxx.exe97⤵
-
\??\c:\xrfrlrx.exec:\xrfrlrx.exe98⤵
-
\??\c:\9tbbhh.exec:\9tbbhh.exe99⤵
-
\??\c:\btbtbh.exec:\btbtbh.exe100⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe101⤵
-
\??\c:\jdddj.exec:\jdddj.exe102⤵
-
\??\c:\rfrrfrx.exec:\rfrrfrx.exe103⤵
-
\??\c:\fxlrlrl.exec:\fxlrlrl.exe104⤵
-
\??\c:\btbhhn.exec:\btbhhn.exe105⤵
-
\??\c:\1btbhn.exec:\1btbhn.exe106⤵
-
\??\c:\9djjj.exec:\9djjj.exe107⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe108⤵
-
\??\c:\9llfrxf.exec:\9llfrxf.exe109⤵
-
\??\c:\rfrrfll.exec:\rfrrfll.exe110⤵
-
\??\c:\hnbnth.exec:\hnbnth.exe111⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe112⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe113⤵
-
\??\c:\xrlrflr.exec:\xrlrflr.exe114⤵
-
\??\c:\lffrfrx.exec:\lffrfrx.exe115⤵
-
\??\c:\tthhnb.exec:\tthhnb.exe116⤵
-
\??\c:\hhhtnn.exec:\hhhtnn.exe117⤵
-
\??\c:\vpppd.exec:\vpppd.exe118⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe119⤵
-
\??\c:\xrxfrfl.exec:\xrxfrfl.exe120⤵
-
\??\c:\rrfrfrf.exec:\rrfrfrf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-