Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
12/09/2024, 14:50
General
-
Target
fef84f1303aebad11cfcadb00d040540N.exe
-
Size
316KB
-
MD5
fef84f1303aebad11cfcadb00d040540
-
SHA1
3e5da9fe11dc42bb8e23a8af090f75550dffcb45
-
SHA256
3ffbaef5883013b0235655a7bbb5f430bb72c7485da620e7768b67f238f17c5a
-
SHA512
cfb334a1e6ce1a77d2743b12e587a6e7fbe867f53f863e621bd6c21a664b6e079e1c611a70720324ea6d1dcfad118a857208133ed77119e450628fbe49ef9e55
-
SSDEEP
6144:n3C9BRo/AIX2h97aUzpbBj3+b2ziJC39QS8hDJd+Q7ZLbjwm8:n3C9uDC97aUFbZ42ziM39QS8hDJd+Q74
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fef84f1303aebad11cfcadb00d040540N.exe"C:\Users\Admin\AppData\Local\Temp\fef84f1303aebad11cfcadb00d040540N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9pvvj.exec:\9pvvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbbhn.exec:\3hbbhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdj.exec:\dvpdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrlrxf.exec:\7xrlrxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nnttb.exec:\7nnttb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxflr.exec:\ffrxflr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lfflxf.exec:\9lfflxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjpv.exec:\vvjpv.exe9⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvd.exec:\jdpvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbhh.exec:\tnnbhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbtb.exec:\bbtbtb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxlxl.exec:\ffxxlxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfllr.exec:\xxrfllr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnbb.exec:\tnhnbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxlxl.exec:\xrlxlxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhntt.exec:\bbhntt.exe17⤵
- Executes dropped EXE
-
\??\c:\bttbnn.exec:\bttbnn.exe18⤵
- Executes dropped EXE
-
\??\c:\dddjv.exec:\dddjv.exe19⤵
- Executes dropped EXE
-
\??\c:\5ffflrx.exec:\5ffflrx.exe20⤵
- Executes dropped EXE
-
\??\c:\nhbbhb.exec:\nhbbhb.exe21⤵
- Executes dropped EXE
-
\??\c:\pdvdd.exec:\pdvdd.exe22⤵
- Executes dropped EXE
-
\??\c:\lxflxlf.exec:\lxflxlf.exe23⤵
- Executes dropped EXE
-
\??\c:\tbthbb.exec:\tbthbb.exe24⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe25⤵
- Executes dropped EXE
-
\??\c:\llrxlll.exec:\llrxlll.exe26⤵
- Executes dropped EXE
-
\??\c:\hhhtnh.exec:\hhhtnh.exe27⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe28⤵
- Executes dropped EXE
-
\??\c:\rlxxllr.exec:\rlxxllr.exe29⤵
- Executes dropped EXE
-
\??\c:\nnnthn.exec:\nnnthn.exe30⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe31⤵
- Executes dropped EXE
-
\??\c:\pjvdv.exec:\pjvdv.exe32⤵
- Executes dropped EXE
-
\??\c:\nhthtt.exec:\nhthtt.exe33⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe34⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe35⤵
- Executes dropped EXE
-
\??\c:\xrllxxf.exec:\xrllxxf.exe36⤵
- Executes dropped EXE
-
\??\c:\nbbbbb.exec:\nbbbbb.exe37⤵
- Executes dropped EXE
-
\??\c:\3btthn.exec:\3btthn.exe38⤵
- Executes dropped EXE
-
\??\c:\vjjjj.exec:\vjjjj.exe39⤵
- Executes dropped EXE
-
\??\c:\1xrflrf.exec:\1xrflrf.exe40⤵
- Executes dropped EXE
-
\??\c:\rlfflfr.exec:\rlfflfr.exe41⤵
- Executes dropped EXE
-
\??\c:\nnnbtb.exec:\nnnbtb.exe42⤵
- Executes dropped EXE
-
\??\c:\vjdjp.exec:\vjdjp.exe43⤵
- Executes dropped EXE
-
\??\c:\5vpjp.exec:\5vpjp.exe44⤵
- Executes dropped EXE
-
\??\c:\fxllxxx.exec:\fxllxxx.exe45⤵
- Executes dropped EXE
-
\??\c:\llflflx.exec:\llflflx.exe46⤵
- Executes dropped EXE
-
\??\c:\hbnnbb.exec:\hbnnbb.exe47⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe48⤵
- Executes dropped EXE
-
\??\c:\5jddj.exec:\5jddj.exe49⤵
- Executes dropped EXE
-
\??\c:\ffxxffx.exec:\ffxxffx.exe50⤵
- Executes dropped EXE
-
\??\c:\rlfffrx.exec:\rlfffrx.exe51⤵
- Executes dropped EXE
-
\??\c:\5hnthb.exec:\5hnthb.exe52⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe53⤵
- Executes dropped EXE
-
\??\c:\9vjjp.exec:\9vjjp.exe54⤵
- Executes dropped EXE
-
\??\c:\rlrrfff.exec:\rlrrfff.exe55⤵
- Executes dropped EXE
-
\??\c:\lfxfrxl.exec:\lfxfrxl.exe56⤵
- Executes dropped EXE
-
\??\c:\bthnbb.exec:\bthnbb.exe57⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe58⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe59⤵
- Executes dropped EXE
-
\??\c:\llflxlr.exec:\llflxlr.exe60⤵
- Executes dropped EXE
-
\??\c:\xfllrrf.exec:\xfllrrf.exe61⤵
- Executes dropped EXE
-
\??\c:\ntnhtt.exec:\ntnhtt.exe62⤵
- Executes dropped EXE
-
\??\c:\7nhntb.exec:\7nhntb.exe63⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe64⤵
- Executes dropped EXE
-
\??\c:\dpjdp.exec:\dpjdp.exe65⤵
- Executes dropped EXE
-
\??\c:\rlrxffl.exec:\rlrxffl.exe66⤵
-
\??\c:\hnnhbt.exec:\hnnhbt.exe67⤵
-
\??\c:\5bntbn.exec:\5bntbn.exe68⤵
-
\??\c:\1ddjv.exec:\1ddjv.exe69⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe70⤵
-
\??\c:\1rfxffr.exec:\1rfxffr.exe71⤵
-
\??\c:\frffrrx.exec:\frffrrx.exe72⤵
-
\??\c:\btnthh.exec:\btnthh.exe73⤵
-
\??\c:\bbnthn.exec:\bbnthn.exe74⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe75⤵
-
\??\c:\fxffxlx.exec:\fxffxlx.exe76⤵
-
\??\c:\llfllfl.exec:\llfllfl.exe77⤵
-
\??\c:\3btbnt.exec:\3btbnt.exe78⤵
-
\??\c:\9pppd.exec:\9pppd.exe79⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe80⤵
-
\??\c:\7rfxxfr.exec:\7rfxxfr.exe81⤵
-
\??\c:\7flfllr.exec:\7flfllr.exe82⤵
-
\??\c:\1thtnt.exec:\1thtnt.exe83⤵
-
\??\c:\nhnntb.exec:\nhnntb.exe84⤵
-
\??\c:\1pjjv.exec:\1pjjv.exe85⤵
-
\??\c:\xfflxff.exec:\xfflxff.exe86⤵
-
\??\c:\lfffxxl.exec:\lfffxxl.exe87⤵
-
\??\c:\9btbnb.exec:\9btbnb.exe88⤵
-
\??\c:\bbtthh.exec:\bbtthh.exe89⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe90⤵
-
\??\c:\5xlfllf.exec:\5xlfllf.exe91⤵
-
\??\c:\bbhhth.exec:\bbhhth.exe92⤵
-
\??\c:\nnntbb.exec:\nnntbb.exe93⤵
-
\??\c:\7jvjd.exec:\7jvjd.exe94⤵
-
\??\c:\1dppp.exec:\1dppp.exe95⤵
-
\??\c:\lfxlfrx.exec:\lfxlfrx.exe96⤵
-
\??\c:\hbthhb.exec:\hbthhb.exe97⤵
-
\??\c:\5btthh.exec:\5btthh.exe98⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe99⤵
-
\??\c:\3pjjp.exec:\3pjjp.exe100⤵
-
\??\c:\rllfffl.exec:\rllfffl.exe101⤵
-
\??\c:\5flrxxx.exec:\5flrxxx.exe102⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe103⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe104⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe105⤵
-
\??\c:\1lrlrrf.exec:\1lrlrrf.exe106⤵
-
\??\c:\xrllxxl.exec:\xrllxxl.exe107⤵
-
\??\c:\hbtbnn.exec:\hbtbnn.exe108⤵
-
\??\c:\bthntb.exec:\bthntb.exe109⤵
-
\??\c:\dddjj.exec:\dddjj.exe110⤵
-
\??\c:\3llrflx.exec:\3llrflx.exe111⤵
-
\??\c:\rrllfrx.exec:\rrllfrx.exe112⤵
-
\??\c:\9httnb.exec:\9httnb.exe113⤵
-
\??\c:\bthhbh.exec:\bthhbh.exe114⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe115⤵
-
\??\c:\fxrlxfr.exec:\fxrlxfr.exe116⤵
-
\??\c:\fxffxfl.exec:\fxffxfl.exe117⤵
-
\??\c:\tnbnnt.exec:\tnbnnt.exe118⤵
-
\??\c:\1bhtbb.exec:\1bhtbb.exe119⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe120⤵
-
\??\c:\frffrxf.exec:\frffrxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-