Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
18/09/2024, 23:14
General
-
Target
790e90432053e62f7e41f8f851f36216f2f3af81fd014a26cb22453d7fc76d83.exe
-
Size
58KB
-
MD5
4d01de6bdf1632cb941a3f7519def474
-
SHA1
e300f449a7e02f34b8309f3cf94e948d3d1d345e
-
SHA256
790e90432053e62f7e41f8f851f36216f2f3af81fd014a26cb22453d7fc76d83
-
SHA512
12076f90cde5214ea8948f2d8dd11ef51aa0a68e3dd46578ce74db18ee4ebe4ee68ea988a4ff5a2525785c3b5712539ac9586c16a42f479c81f3903ef41b41ae
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgTdCo:ymb3NkkiQ3mdBjFIg0o
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\790e90432053e62f7e41f8f851f36216f2f3af81fd014a26cb22453d7fc76d83.exe"C:\Users\Admin\AppData\Local\Temp\790e90432053e62f7e41f8f851f36216f2f3af81fd014a26cb22453d7fc76d83.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbhb.exec:\thhbhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbnh.exec:\nhtbnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvv.exec:\dvvvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxfxx.exec:\lxxxfxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxlff.exec:\fxxxlff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbtn.exec:\bthbtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvdp.exec:\dpvdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xlflxf.exec:\7xlflxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlllrx.exec:\frlllrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhnht.exec:\hbhnht.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjdd.exec:\7vjdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3djdd.exec:\3djdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrrlfl.exec:\rxrrlfl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrxfr.exec:\fxrrxfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtn.exec:\nbhbtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bttbt.exec:\3bttbt.exe17⤵
- Executes dropped EXE
-
\??\c:\5vjvv.exec:\5vjvv.exe18⤵
- Executes dropped EXE
-
\??\c:\rlrrrrx.exec:\rlrrrrx.exe19⤵
- Executes dropped EXE
-
\??\c:\1flflfr.exec:\1flflfr.exe20⤵
- Executes dropped EXE
-
\??\c:\3hbbhn.exec:\3hbbhn.exe21⤵
- Executes dropped EXE
-
\??\c:\ttnbnn.exec:\ttnbnn.exe22⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe23⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe24⤵
- Executes dropped EXE
-
\??\c:\5lrlllx.exec:\5lrlllx.exe25⤵
- Executes dropped EXE
-
\??\c:\bnbttt.exec:\bnbttt.exe26⤵
- Executes dropped EXE
-
\??\c:\tbnthb.exec:\tbnthb.exe27⤵
- Executes dropped EXE
-
\??\c:\xflxxfl.exec:\xflxxfl.exe28⤵
- Executes dropped EXE
-
\??\c:\ffrrrxf.exec:\ffrrrxf.exe29⤵
- Executes dropped EXE
-
\??\c:\hntnnh.exec:\hntnnh.exe30⤵
- Executes dropped EXE
-
\??\c:\bbhhnn.exec:\bbhhnn.exe31⤵
- Executes dropped EXE
-
\??\c:\dpjjj.exec:\dpjjj.exe32⤵
- Executes dropped EXE
-
\??\c:\vjddv.exec:\vjddv.exe33⤵
- Executes dropped EXE
-
\??\c:\5xfxfff.exec:\5xfxfff.exe34⤵
- Executes dropped EXE
-
\??\c:\9lxxfxl.exec:\9lxxfxl.exe35⤵
- Executes dropped EXE
-
\??\c:\nhtbbb.exec:\nhtbbb.exe36⤵
- Executes dropped EXE
-
\??\c:\7nbthb.exec:\7nbthb.exe37⤵
- Executes dropped EXE
-
\??\c:\vjjjj.exec:\vjjjj.exe38⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe39⤵
- Executes dropped EXE
-
\??\c:\9jvdd.exec:\9jvdd.exe40⤵
- Executes dropped EXE
-
\??\c:\rflfllf.exec:\rflfllf.exe41⤵
- Executes dropped EXE
-
\??\c:\5rfrrlr.exec:\5rfrrlr.exe42⤵
- Executes dropped EXE
-
\??\c:\nbhhnb.exec:\nbhhnb.exe43⤵
- Executes dropped EXE
-
\??\c:\btbtbt.exec:\btbtbt.exe44⤵
- Executes dropped EXE
-
\??\c:\7vppv.exec:\7vppv.exe45⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe46⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe47⤵
- Executes dropped EXE
-
\??\c:\lffffff.exec:\lffffff.exe48⤵
- Executes dropped EXE
-
\??\c:\frxxfff.exec:\frxxfff.exe49⤵
- Executes dropped EXE
-
\??\c:\nbnnht.exec:\nbnnht.exe50⤵
- Executes dropped EXE
-
\??\c:\bnbttt.exec:\bnbttt.exe51⤵
- Executes dropped EXE
-
\??\c:\vjjdj.exec:\vjjdj.exe52⤵
- Executes dropped EXE
-
\??\c:\ppppp.exec:\ppppp.exe53⤵
- Executes dropped EXE
-
\??\c:\lxllrrx.exec:\lxllrrx.exe54⤵
- Executes dropped EXE
-
\??\c:\xlxxxrx.exec:\xlxxxrx.exe55⤵
- Executes dropped EXE
-
\??\c:\tnbbnt.exec:\tnbbnt.exe56⤵
- Executes dropped EXE
-
\??\c:\tnhntt.exec:\tnhntt.exe57⤵
- Executes dropped EXE
-
\??\c:\vvpvp.exec:\vvpvp.exe58⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe59⤵
- Executes dropped EXE
-
\??\c:\pjdpd.exec:\pjdpd.exe60⤵
- Executes dropped EXE
-
\??\c:\fxxrrrx.exec:\fxxrrrx.exe61⤵
- Executes dropped EXE
-
\??\c:\lxxxlll.exec:\lxxxlll.exe62⤵
- Executes dropped EXE
-
\??\c:\llrlxfr.exec:\llrlxfr.exe63⤵
- Executes dropped EXE
-
\??\c:\bnbbnn.exec:\bnbbnn.exe64⤵
- Executes dropped EXE
-
\??\c:\hthnbb.exec:\hthnbb.exe65⤵
- Executes dropped EXE
-
\??\c:\7jdvp.exec:\7jdvp.exe66⤵
-
\??\c:\vjdjj.exec:\vjdjj.exe67⤵
-
\??\c:\xllllrf.exec:\xllllrf.exe68⤵
-
\??\c:\xxllxxf.exec:\xxllxxf.exe69⤵
-
\??\c:\1bbhhn.exec:\1bbhhn.exe70⤵
-
\??\c:\1nnbbh.exec:\1nnbbh.exe71⤵
-
\??\c:\tnbhbb.exec:\tnbhbb.exe72⤵
-
\??\c:\1jvpp.exec:\1jvpp.exe73⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe74⤵
-
\??\c:\xxlxxfl.exec:\xxlxxfl.exe75⤵
-
\??\c:\xxlrllr.exec:\xxlrllr.exe76⤵
-
\??\c:\xlrlxrx.exec:\xlrlxrx.exe77⤵
-
\??\c:\bnttbb.exec:\bnttbb.exe78⤵
-
\??\c:\nhbhhh.exec:\nhbhhh.exe79⤵
-
\??\c:\3dpvd.exec:\3dpvd.exe80⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe81⤵
-
\??\c:\lxfxfxl.exec:\lxfxfxl.exe82⤵
-
\??\c:\nhbbnn.exec:\nhbbnn.exe83⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe84⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe85⤵
-
\??\c:\7lxxfxf.exec:\7lxxfxf.exe86⤵
-
\??\c:\3xrxrrl.exec:\3xrxrrl.exe87⤵
-
\??\c:\fxxxffl.exec:\fxxxffl.exe88⤵
-
\??\c:\bhnbbn.exec:\bhnbbn.exe89⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe90⤵
-
\??\c:\djvpp.exec:\djvpp.exe91⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe92⤵
-
\??\c:\rlrrlrx.exec:\rlrrlrx.exe93⤵
-
\??\c:\lxllxxf.exec:\lxllxxf.exe94⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe95⤵
-
\??\c:\thtntt.exec:\thtntt.exe96⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe97⤵
-
\??\c:\dppdv.exec:\dppdv.exe98⤵
-
\??\c:\lxrxffl.exec:\lxrxffl.exe99⤵
-
\??\c:\lrflxlr.exec:\lrflxlr.exe100⤵
-
\??\c:\thnnnb.exec:\thnnnb.exe101⤵
-
\??\c:\3ttthb.exec:\3ttthb.exe102⤵
-
\??\c:\btnthn.exec:\btnthn.exe103⤵
-
\??\c:\pjppv.exec:\pjppv.exe104⤵
-
\??\c:\jvjvd.exec:\jvjvd.exe105⤵
-
\??\c:\lxlxffr.exec:\lxlxffr.exe106⤵
-
\??\c:\rxxflrr.exec:\rxxflrr.exe107⤵
-
\??\c:\hbbtbb.exec:\hbbtbb.exe108⤵
-
\??\c:\nbnhhb.exec:\nbnhhb.exe109⤵
-
\??\c:\ntbbnt.exec:\ntbbnt.exe110⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe111⤵
-
\??\c:\5pddj.exec:\5pddj.exe112⤵
-
\??\c:\lfrxfff.exec:\lfrxfff.exe113⤵
-
\??\c:\fxxxlfl.exec:\fxxxlfl.exe114⤵
-
\??\c:\9nhtnh.exec:\9nhtnh.exe115⤵
-
\??\c:\7bbbbt.exec:\7bbbbt.exe116⤵
-
\??\c:\pdddv.exec:\pdddv.exe117⤵
-
\??\c:\dpjjp.exec:\dpjjp.exe118⤵
-
\??\c:\3jjdj.exec:\3jjdj.exe119⤵
-
\??\c:\llfrrff.exec:\llfrrff.exe120⤵
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-