Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
12/09/2024, 04:31
General
-
Target
16661edacddb4bfb6aa5bd10301c5580N.exe
-
Size
64KB
-
MD5
16661edacddb4bfb6aa5bd10301c5580
-
SHA1
6f72cf2f5c1d9ad7ddbce3cdd55392c9e0429d30
-
SHA256
3f04d082c1b822186b37e1340d22184c6099c8e3976ae482b17b1a162403b347
-
SHA512
5272114d42411e8cdb3558d2ec0d1bb7675d8ccc6632d5962d4f0a9707e4a4d152f997a85608606251a20d40c7a306598256987f47ea9bbd216e8f3e4bbe3090
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxiX:ymb3NkkiQ3mdBjF0y7kbA
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\16661edacddb4bfb6aa5bd10301c5580N.exe"C:\Users\Admin\AppData\Local\Temp\16661edacddb4bfb6aa5bd10301c5580N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\46262.exec:\46262.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\422862.exec:\422862.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjp.exec:\pjdjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ththn.exec:\3ththn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjp.exec:\jvpjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\08226.exec:\08226.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\24666.exec:\24666.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q42888.exec:\q42888.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\82466.exec:\82466.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvv.exec:\jvvvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbnbt.exec:\5bbnbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\262868.exec:\262868.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\420060.exec:\420060.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrxxl.exec:\xrlrxxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\82406.exec:\82406.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\202840.exec:\202840.exe17⤵
- Executes dropped EXE
-
\??\c:\20264.exec:\20264.exe18⤵
- Executes dropped EXE
-
\??\c:\84606.exec:\84606.exe19⤵
- Executes dropped EXE
-
\??\c:\824084.exec:\824084.exe20⤵
- Executes dropped EXE
-
\??\c:\06644.exec:\06644.exe21⤵
- Executes dropped EXE
-
\??\c:\20666.exec:\20666.exe22⤵
- Executes dropped EXE
-
\??\c:\9dpvd.exec:\9dpvd.exe23⤵
- Executes dropped EXE
-
\??\c:\3httbh.exec:\3httbh.exe24⤵
- Executes dropped EXE
-
\??\c:\9pvdd.exec:\9pvdd.exe25⤵
- Executes dropped EXE
-
\??\c:\bttbtb.exec:\bttbtb.exe26⤵
- Executes dropped EXE
-
\??\c:\tntbnh.exec:\tntbnh.exe27⤵
- Executes dropped EXE
-
\??\c:\fxlxxrf.exec:\fxlxxrf.exe28⤵
- Executes dropped EXE
-
\??\c:\jjdvd.exec:\jjdvd.exe29⤵
- Executes dropped EXE
-
\??\c:\u266462.exec:\u266462.exe30⤵
- Executes dropped EXE
-
\??\c:\9fffrlx.exec:\9fffrlx.exe31⤵
- Executes dropped EXE
-
\??\c:\nhbnbn.exec:\nhbnbn.exe32⤵
- Executes dropped EXE
-
\??\c:\fxlfrrr.exec:\fxlfrrr.exe33⤵
- Executes dropped EXE
-
\??\c:\26480.exec:\26480.exe34⤵
- Executes dropped EXE
-
\??\c:\1rfllll.exec:\1rfllll.exe35⤵
- Executes dropped EXE
-
\??\c:\c460662.exec:\c460662.exe36⤵
- Executes dropped EXE
-
\??\c:\5pjjd.exec:\5pjjd.exe37⤵
- Executes dropped EXE
-
\??\c:\lfxllxr.exec:\lfxllxr.exe38⤵
- Executes dropped EXE
-
\??\c:\3vjpd.exec:\3vjpd.exe39⤵
- Executes dropped EXE
-
\??\c:\824662.exec:\824662.exe40⤵
- Executes dropped EXE
-
\??\c:\e06284.exec:\e06284.exe41⤵
- Executes dropped EXE
-
\??\c:\htnnbb.exec:\htnnbb.exe42⤵
- Executes dropped EXE
-
\??\c:\bttbtn.exec:\bttbtn.exe43⤵
- Executes dropped EXE
-
\??\c:\rfxxlrx.exec:\rfxxlrx.exe44⤵
- Executes dropped EXE
-
\??\c:\m6806.exec:\m6806.exe45⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rfxffxf.exec:\rfxffxf.exe46⤵
- Executes dropped EXE
-
\??\c:\w08406.exec:\w08406.exe47⤵
- Executes dropped EXE
-
\??\c:\7flfffl.exec:\7flfffl.exe48⤵
- Executes dropped EXE
-
\??\c:\g0468.exec:\g0468.exe49⤵
- Executes dropped EXE
-
\??\c:\i866880.exec:\i866880.exe50⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe51⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe52⤵
- Executes dropped EXE
-
\??\c:\hbthtb.exec:\hbthtb.exe53⤵
- Executes dropped EXE
-
\??\c:\9vvvv.exec:\9vvvv.exe54⤵
- Executes dropped EXE
-
\??\c:\dvpdd.exec:\dvpdd.exe55⤵
- Executes dropped EXE
-
\??\c:\dpddv.exec:\dpddv.exe56⤵
- Executes dropped EXE
-
\??\c:\s8488.exec:\s8488.exe57⤵
- Executes dropped EXE
-
\??\c:\0422884.exec:\0422884.exe58⤵
- Executes dropped EXE
-
\??\c:\264440.exec:\264440.exe59⤵
- Executes dropped EXE
-
\??\c:\86224.exec:\86224.exe60⤵
- Executes dropped EXE
-
\??\c:\fxlfxfr.exec:\fxlfxfr.exe61⤵
- Executes dropped EXE
-
\??\c:\nnhnbn.exec:\nnhnbn.exe62⤵
- Executes dropped EXE
-
\??\c:\9hhbbn.exec:\9hhbbn.exe63⤵
- Executes dropped EXE
-
\??\c:\0422888.exec:\0422888.exe64⤵
- Executes dropped EXE
-
\??\c:\s4466.exec:\s4466.exe65⤵
- Executes dropped EXE
-
\??\c:\frxrrll.exec:\frxrrll.exe66⤵
-
\??\c:\6640286.exec:\6640286.exe67⤵
-
\??\c:\i204806.exec:\i204806.exe68⤵
-
\??\c:\008606.exec:\008606.exe69⤵
-
\??\c:\8622880.exec:\8622880.exe70⤵
-
\??\c:\lfflxxl.exec:\lfflxxl.exe71⤵
-
\??\c:\6860624.exec:\6860624.exe72⤵
-
\??\c:\224246.exec:\224246.exe73⤵
-
\??\c:\7thhtb.exec:\7thhtb.exe74⤵
-
\??\c:\pjddj.exec:\pjddj.exe75⤵
-
\??\c:\lrfffll.exec:\lrfffll.exe76⤵
-
\??\c:\868228.exec:\868228.exe77⤵
-
\??\c:\48660.exec:\48660.exe78⤵
-
\??\c:\42006.exec:\42006.exe79⤵
-
\??\c:\5llflfl.exec:\5llflfl.exe80⤵
-
\??\c:\3hbthn.exec:\3hbthn.exe81⤵
-
\??\c:\840062.exec:\840062.exe82⤵
-
\??\c:\5pjpp.exec:\5pjpp.exe83⤵
-
\??\c:\bhhnnn.exec:\bhhnnn.exe84⤵
-
\??\c:\264484.exec:\264484.exe85⤵
-
\??\c:\6042840.exec:\6042840.exe86⤵
-
\??\c:\e44460.exec:\e44460.exe87⤵
-
\??\c:\88240.exec:\88240.exe88⤵
-
\??\c:\jddjv.exec:\jddjv.exe89⤵
-
\??\c:\nthnhh.exec:\nthnhh.exe90⤵
-
\??\c:\nbbtbb.exec:\nbbtbb.exe91⤵
-
\??\c:\6464624.exec:\6464624.exe92⤵
-
\??\c:\08046.exec:\08046.exe93⤵
-
\??\c:\484680.exec:\484680.exe94⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe95⤵
-
\??\c:\k28462.exec:\k28462.exe96⤵
-
\??\c:\5lxflfr.exec:\5lxflfr.exe97⤵
-
\??\c:\664022.exec:\664022.exe98⤵
-
\??\c:\60064.exec:\60064.exe99⤵
-
\??\c:\86068.exec:\86068.exe100⤵
-
\??\c:\hbhhnt.exec:\hbhhnt.exe101⤵
-
\??\c:\c688040.exec:\c688040.exe102⤵
-
\??\c:\48844.exec:\48844.exe103⤵
-
\??\c:\hhbhtn.exec:\hhbhtn.exe104⤵
-
\??\c:\jddpd.exec:\jddpd.exe105⤵
-
\??\c:\7dvdd.exec:\7dvdd.exe106⤵
-
\??\c:\82468.exec:\82468.exe107⤵
-
\??\c:\3htttb.exec:\3htttb.exe108⤵
-
\??\c:\rlrlxrf.exec:\rlrlxrf.exe109⤵
-
\??\c:\206284.exec:\206284.exe110⤵
-
\??\c:\fxlrffr.exec:\fxlrffr.exe111⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe112⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe113⤵
-
\??\c:\1hhhhb.exec:\1hhhhb.exe114⤵
-
\??\c:\3vddp.exec:\3vddp.exe115⤵
-
\??\c:\fllflll.exec:\fllflll.exe116⤵
-
\??\c:\a2442.exec:\a2442.exe117⤵
-
\??\c:\m2420.exec:\m2420.exe118⤵
-
\??\c:\7hbhnb.exec:\7hbhnb.exe119⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe120⤵
-
\??\c:\lflxxfr.exec:\lflxxfr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-