Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
13/09/2024, 21:44
General
-
Target
555ec86ee090a9ab3319ac75746be4e4e0f447e1f07ebf70486768b07a9e4181.exe
-
Size
64KB
-
MD5
6411652fed2bc73d96e797a3d7ab1953
-
SHA1
9dcdadd68388776606e272a952b389904b7abe2f
-
SHA256
555ec86ee090a9ab3319ac75746be4e4e0f447e1f07ebf70486768b07a9e4181
-
SHA512
6977a48ad4c75f2abb8b7ee560c1a3b90618a1ea1ca8d4d14d247f1cc762687ad7ffb9415bc1a0e1bf75be2b005dd678fdc6b098c75dc7cad0ff6e0a98d3b244
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxiT:ymb3NkkiQ3mdBjF0y7kbQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\555ec86ee090a9ab3319ac75746be4e4e0f447e1f07ebf70486768b07a9e4181.exe"C:\Users\Admin\AppData\Local\Temp\555ec86ee090a9ab3319ac75746be4e4e0f447e1f07ebf70486768b07a9e4181.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhtb.exec:\tnhhtb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddp.exec:\vpddp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppj.exec:\pjppj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrffx.exec:\ffrrffx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbnb.exec:\hbbbnb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thbth.exec:\5thbth.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvd.exec:\vvjvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rlrflr.exec:\9rlrflr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxrfr.exec:\fxlxrfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tbhtt.exec:\9tbhtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhtt.exec:\nhbhtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpvd.exec:\9vpvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxflxf.exec:\7rxflxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5btnnb.exec:\5btnnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbbh.exec:\tnbbbh.exe17⤵
- Executes dropped EXE
-
\??\c:\llrrfrf.exec:\llrrfrf.exe18⤵
- Executes dropped EXE
-
\??\c:\rrlflll.exec:\rrlflll.exe19⤵
- Executes dropped EXE
-
\??\c:\tnbntb.exec:\tnbntb.exe20⤵
- Executes dropped EXE
-
\??\c:\dvjvd.exec:\dvjvd.exe21⤵
- Executes dropped EXE
-
\??\c:\rlffrxx.exec:\rlffrxx.exe22⤵
- Executes dropped EXE
-
\??\c:\7lrfrxl.exec:\7lrfrxl.exe23⤵
- Executes dropped EXE
-
\??\c:\9hbnnn.exec:\9hbnnn.exe24⤵
- Executes dropped EXE
-
\??\c:\7hhbnt.exec:\7hhbnt.exe25⤵
- Executes dropped EXE
-
\??\c:\pjvdv.exec:\pjvdv.exe26⤵
- Executes dropped EXE
-
\??\c:\9pdvd.exec:\9pdvd.exe27⤵
- Executes dropped EXE
-
\??\c:\lfxfrxl.exec:\lfxfrxl.exe28⤵
- Executes dropped EXE
-
\??\c:\1hbhnt.exec:\1hbhnt.exe29⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe30⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe31⤵
- Executes dropped EXE
-
\??\c:\xlfllrf.exec:\xlfllrf.exe32⤵
- Executes dropped EXE
-
\??\c:\1xrxrlx.exec:\1xrxrlx.exe33⤵
- Executes dropped EXE
-
\??\c:\htnnnt.exec:\htnnnt.exe34⤵
- Executes dropped EXE
-
\??\c:\hhbhbb.exec:\hhbhbb.exe35⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe36⤵
- Executes dropped EXE
-
\??\c:\pjdpv.exec:\pjdpv.exe37⤵
- Executes dropped EXE
-
\??\c:\ffflrxf.exec:\ffflrxf.exe38⤵
- Executes dropped EXE
-
\??\c:\xrllrrf.exec:\xrllrrf.exe39⤵
- Executes dropped EXE
-
\??\c:\bthhtb.exec:\bthhtb.exe40⤵
- Executes dropped EXE
-
\??\c:\hhbhhn.exec:\hhbhhn.exe41⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe42⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe43⤵
- Executes dropped EXE
-
\??\c:\frrrxfr.exec:\frrrxfr.exe44⤵
- Executes dropped EXE
-
\??\c:\lxrflfx.exec:\lxrflfx.exe45⤵
- Executes dropped EXE
-
\??\c:\3tnthh.exec:\3tnthh.exe46⤵
- Executes dropped EXE
-
\??\c:\nhtntt.exec:\nhtntt.exe47⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe48⤵
- Executes dropped EXE
-
\??\c:\7vjjp.exec:\7vjjp.exe49⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe50⤵
- Executes dropped EXE
-
\??\c:\rlflxxl.exec:\rlflxxl.exe51⤵
- Executes dropped EXE
-
\??\c:\rrffrrf.exec:\rrffrrf.exe52⤵
- Executes dropped EXE
-
\??\c:\7hbhtb.exec:\7hbhtb.exe53⤵
- Executes dropped EXE
-
\??\c:\hhhnhh.exec:\hhhnhh.exe54⤵
- Executes dropped EXE
-
\??\c:\bbtbtt.exec:\bbtbtt.exe55⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe56⤵
- Executes dropped EXE
-
\??\c:\3dppd.exec:\3dppd.exe57⤵
- Executes dropped EXE
-
\??\c:\fxllrrx.exec:\fxllrrx.exe58⤵
- Executes dropped EXE
-
\??\c:\btnbnn.exec:\btnbnn.exe59⤵
- Executes dropped EXE
-
\??\c:\bnhbnn.exec:\bnhbnn.exe60⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe61⤵
- Executes dropped EXE
-
\??\c:\7pjpv.exec:\7pjpv.exe62⤵
- Executes dropped EXE
-
\??\c:\rllxlrf.exec:\rllxlrf.exe63⤵
- Executes dropped EXE
-
\??\c:\3hhthn.exec:\3hhthn.exe64⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe65⤵
- Executes dropped EXE
-
\??\c:\5vpvv.exec:\5vpvv.exe66⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe67⤵
-
\??\c:\xrxrflf.exec:\xrxrflf.exe68⤵
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe69⤵
-
\??\c:\1btbhh.exec:\1btbhh.exe70⤵
-
\??\c:\tbhhbn.exec:\tbhhbn.exe71⤵
-
\??\c:\nhbhtn.exec:\nhbhtn.exe72⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe73⤵
-
\??\c:\rfrlflx.exec:\rfrlflx.exe74⤵
-
\??\c:\fxlrxlx.exec:\fxlrxlx.exe75⤵
-
\??\c:\xrlxrxr.exec:\xrlxrxr.exe76⤵
-
\??\c:\nnhntt.exec:\nnhntt.exe77⤵
-
\??\c:\bnnhht.exec:\bnnhht.exe78⤵
-
\??\c:\jdppp.exec:\jdppp.exe79⤵
-
\??\c:\jpppp.exec:\jpppp.exe80⤵
-
\??\c:\xrfrfrl.exec:\xrfrfrl.exe81⤵
-
\??\c:\9rflrfx.exec:\9rflrfx.exe82⤵
-
\??\c:\ttbnth.exec:\ttbnth.exe83⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe84⤵
-
\??\c:\1jjvj.exec:\1jjvj.exe85⤵
-
\??\c:\jvpvj.exec:\jvpvj.exe86⤵
-
\??\c:\rrrrffr.exec:\rrrrffr.exe87⤵
-
\??\c:\3xrxxxl.exec:\3xrxxxl.exe88⤵
-
\??\c:\lfrlrfr.exec:\lfrlrfr.exe89⤵
-
\??\c:\thtthn.exec:\thtthn.exe90⤵
-
\??\c:\tnnntt.exec:\tnnntt.exe91⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe92⤵
-
\??\c:\dpddj.exec:\dpddj.exe93⤵
-
\??\c:\lfrrfll.exec:\lfrrfll.exe94⤵
-
\??\c:\7llrxxr.exec:\7llrxxr.exe95⤵
-
\??\c:\3tttbh.exec:\3tttbh.exe96⤵
-
\??\c:\nhtthb.exec:\nhtthb.exe97⤵
-
\??\c:\jdpdd.exec:\jdpdd.exe98⤵
-
\??\c:\7pdvd.exec:\7pdvd.exe99⤵
-
\??\c:\xrlfxfl.exec:\xrlfxfl.exe100⤵
-
\??\c:\lrxlrff.exec:\lrxlrff.exe101⤵
-
\??\c:\tnhhtn.exec:\tnhhtn.exe102⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe103⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe104⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe105⤵
-
\??\c:\rlrrffr.exec:\rlrrffr.exe106⤵
-
\??\c:\rrrlxxl.exec:\rrrlxxl.exe107⤵
-
\??\c:\7bntbn.exec:\7bntbn.exe108⤵
-
\??\c:\3bhtbb.exec:\3bhtbb.exe109⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe110⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe111⤵
-
\??\c:\7dvvd.exec:\7dvvd.exe112⤵
-
\??\c:\xrrrxrf.exec:\xrrrxrf.exe113⤵
-
\??\c:\llflxxx.exec:\llflxxx.exe114⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe115⤵
-
\??\c:\hbhbnn.exec:\hbhbnn.exe116⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe117⤵
-
\??\c:\jdddj.exec:\jdddj.exe118⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe119⤵
-
\??\c:\rlxfxfr.exec:\rlxfxfr.exe120⤵
-
\??\c:\1lffllx.exec:\1lffllx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-