Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
13/09/2024, 22:17
General
-
Target
7a052c606ae90eea024aba8758fe4680N.exe
-
Size
249KB
-
MD5
7a052c606ae90eea024aba8758fe4680
-
SHA1
de926d61996ea48085a2db620d2c6cefb0ab429b
-
SHA256
cc7b0d979fb2e790a08744a9183d31406b616998fbc5a23ce298172e25b60e72
-
SHA512
78faf30e6b7206c3c1e0ac0a9c169f7982bf4303a1ab788f4072fd75fbe10c79190c3ee3003611fd26e0df95ef8834d31e3accd060182c9ea8337c0c071e18d3
-
SSDEEP
6144:n3C9BRo/AIX27NHWpU00VIxas1oa3YiFRlin:n3C9uD6AUDCa4NYmRMn
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7a052c606ae90eea024aba8758fe4680N.exe"C:\Users\Admin\AppData\Local\Temp\7a052c606ae90eea024aba8758fe4680N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrxxfl.exec:\7lrxxfl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5btthb.exec:\5btthb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxfllf.exec:\ffxfllf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfllr.exec:\fflfllr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbhbb.exec:\bnbhbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pjjv.exec:\7pjjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtntt.exec:\hbtntt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nnbhn.exec:\5nnbhn.exe9⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxlrx.exec:\fxrxlrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtthh.exec:\nbtthh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdjp.exec:\jpdjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1flfrlr.exec:\1flfrlr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbbb.exec:\bntbbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvv.exec:\jvvvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rlrfll.exec:\7rlrfll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnntt.exec:\hbnntt.exe17⤵
- Executes dropped EXE
-
\??\c:\vppdj.exec:\vppdj.exe18⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe19⤵
- Executes dropped EXE
-
\??\c:\lxrxfll.exec:\lxrxfll.exe20⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe21⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe22⤵
- Executes dropped EXE
-
\??\c:\1rfflll.exec:\1rfflll.exe23⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe24⤵
- Executes dropped EXE
-
\??\c:\pdvdp.exec:\pdvdp.exe25⤵
- Executes dropped EXE
-
\??\c:\1lxfffx.exec:\1lxfffx.exe26⤵
- Executes dropped EXE
-
\??\c:\3bhnnh.exec:\3bhnnh.exe27⤵
- Executes dropped EXE
-
\??\c:\pdjpp.exec:\pdjpp.exe28⤵
- Executes dropped EXE
-
\??\c:\3htntt.exec:\3htntt.exe29⤵
- Executes dropped EXE
-
\??\c:\nhbtbh.exec:\nhbtbh.exe30⤵
- Executes dropped EXE
-
\??\c:\7pjpp.exec:\7pjpp.exe31⤵
- Executes dropped EXE
-
\??\c:\1frlrlr.exec:\1frlrlr.exe32⤵
- Executes dropped EXE
-
\??\c:\7nbbbt.exec:\7nbbbt.exe33⤵
- Executes dropped EXE
-
\??\c:\hbhhtb.exec:\hbhhtb.exe34⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe35⤵
- Executes dropped EXE
-
\??\c:\rffrlll.exec:\rffrlll.exe36⤵
- Executes dropped EXE
-
\??\c:\rlfxllx.exec:\rlfxllx.exe37⤵
- Executes dropped EXE
-
\??\c:\nhtbnn.exec:\nhtbnn.exe38⤵
- Executes dropped EXE
-
\??\c:\nbnbhn.exec:\nbnbhn.exe39⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe40⤵
- Executes dropped EXE
-
\??\c:\vvvjj.exec:\vvvjj.exe41⤵
- Executes dropped EXE
-
\??\c:\xrrxfrl.exec:\xrrxfrl.exe42⤵
- Executes dropped EXE
-
\??\c:\3btbbb.exec:\3btbbb.exe43⤵
- Executes dropped EXE
-
\??\c:\nbtttt.exec:\nbtttt.exe44⤵
- Executes dropped EXE
-
\??\c:\5pddd.exec:\5pddd.exe45⤵
- Executes dropped EXE
-
\??\c:\7ffxxxx.exec:\7ffxxxx.exe46⤵
- Executes dropped EXE
-
\??\c:\xlxrffr.exec:\xlxrffr.exe47⤵
- Executes dropped EXE
-
\??\c:\3httbb.exec:\3httbb.exe48⤵
- Executes dropped EXE
-
\??\c:\5bbbhn.exec:\5bbbhn.exe49⤵
- Executes dropped EXE
-
\??\c:\pjvjp.exec:\pjvjp.exe50⤵
- Executes dropped EXE
-
\??\c:\rlxflrf.exec:\rlxflrf.exe51⤵
- Executes dropped EXE
-
\??\c:\xlrrffl.exec:\xlrrffl.exe52⤵
- Executes dropped EXE
-
\??\c:\ntnntt.exec:\ntnntt.exe53⤵
- Executes dropped EXE
-
\??\c:\hbtbnn.exec:\hbtbnn.exe54⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe55⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe56⤵
- Executes dropped EXE
-
\??\c:\3rxflfl.exec:\3rxflfl.exe57⤵
- Executes dropped EXE
-
\??\c:\hbnhnn.exec:\hbnhnn.exe58⤵
- Executes dropped EXE
-
\??\c:\5hnthh.exec:\5hnthh.exe59⤵
- Executes dropped EXE
-
\??\c:\7vddd.exec:\7vddd.exe60⤵
- Executes dropped EXE
-
\??\c:\5rxrrrx.exec:\5rxrrrx.exe61⤵
- Executes dropped EXE
-
\??\c:\rxxrfxx.exec:\rxxrfxx.exe62⤵
- Executes dropped EXE
-
\??\c:\7xrflfl.exec:\7xrflfl.exe63⤵
- Executes dropped EXE
-
\??\c:\thnntt.exec:\thnntt.exe64⤵
- Executes dropped EXE
-
\??\c:\dvvvj.exec:\dvvvj.exe65⤵
- Executes dropped EXE
-
\??\c:\1jpvv.exec:\1jpvv.exe66⤵
-
\??\c:\ffrxrrl.exec:\ffrxrrl.exe67⤵
-
\??\c:\rlrxllr.exec:\rlrxllr.exe68⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe69⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3htbtt.exec:\3htbtt.exe70⤵
-
\??\c:\1dvjp.exec:\1dvjp.exe71⤵
-
\??\c:\1lflrrf.exec:\1lflrrf.exe72⤵
-
\??\c:\lfrxffl.exec:\lfrxffl.exe73⤵
-
\??\c:\bnhnbb.exec:\bnhnbb.exe74⤵
-
\??\c:\hhtbtt.exec:\hhtbtt.exe75⤵
-
\??\c:\dpppv.exec:\dpppv.exe76⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe77⤵
-
\??\c:\xrxfrlx.exec:\xrxfrlx.exe78⤵
-
\??\c:\rflxfrx.exec:\rflxfrx.exe79⤵
-
\??\c:\bthntb.exec:\bthntb.exe80⤵
-
\??\c:\5dvpp.exec:\5dvpp.exe81⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe82⤵
-
\??\c:\fxllxxl.exec:\fxllxxl.exe83⤵
-
\??\c:\xrfrlfl.exec:\xrfrlfl.exe84⤵
-
\??\c:\tntthh.exec:\tntthh.exe85⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe86⤵
-
\??\c:\jvppd.exec:\jvppd.exe87⤵
-
\??\c:\lxrlllx.exec:\lxrlllx.exe88⤵
-
\??\c:\rlrrffr.exec:\rlrrffr.exe89⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe90⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe91⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe92⤵
-
\??\c:\5fffrfl.exec:\5fffrfl.exe93⤵
-
\??\c:\xfrrrlr.exec:\xfrrrlr.exe94⤵
-
\??\c:\bttbnt.exec:\bttbnt.exe95⤵
-
\??\c:\3vpdj.exec:\3vpdj.exe96⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe97⤵
-
\??\c:\xrfflrf.exec:\xrfflrf.exe98⤵
-
\??\c:\rrxflxl.exec:\rrxflxl.exe99⤵
-
\??\c:\tnbttn.exec:\tnbttn.exe100⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe101⤵
-
\??\c:\dppjp.exec:\dppjp.exe102⤵
-
\??\c:\flxxflf.exec:\flxxflf.exe103⤵
-
\??\c:\rflrxrr.exec:\rflrxrr.exe104⤵
-
\??\c:\hhtthh.exec:\hhtthh.exe105⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe106⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe107⤵
-
\??\c:\1xffrxf.exec:\1xffrxf.exe108⤵
-
\??\c:\5bttbh.exec:\5bttbh.exe109⤵
-
\??\c:\nnhbnn.exec:\nnhbnn.exe110⤵
-
\??\c:\9dpdj.exec:\9dpdj.exe111⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe112⤵
-
\??\c:\xrflrfl.exec:\xrflrfl.exe113⤵
-
\??\c:\tnntnn.exec:\tnntnn.exe114⤵
-
\??\c:\hbthtt.exec:\hbthtt.exe115⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe116⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe117⤵
-
\??\c:\xrffllf.exec:\xrffllf.exe118⤵
-
\??\c:\9rrffxl.exec:\9rrffxl.exe119⤵
-
\??\c:\nnhbbh.exec:\nnhbbh.exe120⤵
-
\??\c:\1bnthn.exec:\1bnthn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-