Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
21/09/2024, 15:34
General
-
Target
4dfbfe769a796c5f5959b06cb43ccc8d2dc721e8ea7afffc7b79c23b1188bb56N.exe
-
Size
230KB
-
MD5
e2840e57e191c900d87dbd0bf2c74fe0
-
SHA1
c2be22b68bb4191392583a4d5f6a7c2e00df96b4
-
SHA256
4dfbfe769a796c5f5959b06cb43ccc8d2dc721e8ea7afffc7b79c23b1188bb56
-
SHA512
b32e44ed44632ac96fc8fabccf9fd168c419ff2a51213450b9b2af4605aa95653b9f09ccf23f9c185cb7fbc4bfd40e557d4819697f79fc570491fdceb83be398
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLn/c1fp:n3C9BRo7MlrWKo+lxKk1fp
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4dfbfe769a796c5f5959b06cb43ccc8d2dc721e8ea7afffc7b79c23b1188bb56N.exe"C:\Users\Admin\AppData\Local\Temp\4dfbfe769a796c5f5959b06cb43ccc8d2dc721e8ea7afffc7b79c23b1188bb56N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhnt.exec:\tthhnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrlrf.exec:\frlrlrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\82028.exec:\82028.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\44422.exec:\44422.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\604046.exec:\604046.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdp.exec:\jvjdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\86622.exec:\86622.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpdj.exec:\7vpdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rflrrx.exec:\1rflrrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8606662.exec:\8606662.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\86006.exec:\86006.exe12⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\5thtnt.exec:\5thtnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbntb.exec:\htbntb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlrfl.exec:\rlxlrfl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\88420.exec:\88420.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlxfr.exec:\lfxlxfr.exe17⤵
- Executes dropped EXE
-
\??\c:\xxlrllx.exec:\xxlrllx.exe18⤵
- Executes dropped EXE
-
\??\c:\9djvp.exec:\9djvp.exe19⤵
- Executes dropped EXE
-
\??\c:\xlxfxff.exec:\xlxfxff.exe20⤵
- Executes dropped EXE
-
\??\c:\ffrrflr.exec:\ffrrflr.exe21⤵
- Executes dropped EXE
-
\??\c:\5rrxrrx.exec:\5rrxrrx.exe22⤵
- Executes dropped EXE
-
\??\c:\2600662.exec:\2600662.exe23⤵
- Executes dropped EXE
-
\??\c:\xrfrxxx.exec:\xrfrxxx.exe24⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe25⤵
- Executes dropped EXE
-
\??\c:\o826288.exec:\o826288.exe26⤵
- Executes dropped EXE
-
\??\c:\w82484.exec:\w82484.exe27⤵
- Executes dropped EXE
-
\??\c:\7lfrfrr.exec:\7lfrfrr.exe28⤵
- Executes dropped EXE
-
\??\c:\6028064.exec:\6028064.exe29⤵
- Executes dropped EXE
-
\??\c:\8040080.exec:\8040080.exe30⤵
- Executes dropped EXE
-
\??\c:\48606.exec:\48606.exe31⤵
- Executes dropped EXE
-
\??\c:\8640008.exec:\8640008.exe32⤵
- Executes dropped EXE
-
\??\c:\c226640.exec:\c226640.exe33⤵
- Executes dropped EXE
-
\??\c:\40286.exec:\40286.exe34⤵
- Executes dropped EXE
-
\??\c:\fxflxfr.exec:\fxflxfr.exe35⤵
- Executes dropped EXE
-
\??\c:\2644224.exec:\2644224.exe36⤵
- Executes dropped EXE
-
\??\c:\s8280.exec:\s8280.exe37⤵
- Executes dropped EXE
-
\??\c:\a6480.exec:\a6480.exe38⤵
- Executes dropped EXE
-
\??\c:\4600286.exec:\4600286.exe39⤵
- Executes dropped EXE
-
\??\c:\64886.exec:\64886.exe40⤵
- Executes dropped EXE
-
\??\c:\646244.exec:\646244.exe41⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe42⤵
- Executes dropped EXE
-
\??\c:\7jdvd.exec:\7jdvd.exe43⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe44⤵
- Executes dropped EXE
-
\??\c:\dpdjd.exec:\dpdjd.exe45⤵
- Executes dropped EXE
-
\??\c:\486244.exec:\486244.exe46⤵
- Executes dropped EXE
-
\??\c:\pdppd.exec:\pdppd.exe47⤵
- Executes dropped EXE
-
\??\c:\080662.exec:\080662.exe48⤵
- Executes dropped EXE
-
\??\c:\w04682.exec:\w04682.exe49⤵
- Executes dropped EXE
-
\??\c:\6402828.exec:\6402828.exe50⤵
- Executes dropped EXE
-
\??\c:\600682.exec:\600682.exe51⤵
- Executes dropped EXE
-
\??\c:\jvjpd.exec:\jvjpd.exe52⤵
- Executes dropped EXE
-
\??\c:\e08804.exec:\e08804.exe53⤵
- Executes dropped EXE
-
\??\c:\c206888.exec:\c206888.exe54⤵
- Executes dropped EXE
-
\??\c:\4862064.exec:\4862064.exe55⤵
- Executes dropped EXE
-
\??\c:\rlrflfl.exec:\rlrflfl.exe56⤵
- Executes dropped EXE
-
\??\c:\nhtbnh.exec:\nhtbnh.exe57⤵
- Executes dropped EXE
-
\??\c:\o080628.exec:\o080628.exe58⤵
- Executes dropped EXE
-
\??\c:\42846.exec:\42846.exe59⤵
- Executes dropped EXE
-
\??\c:\202462.exec:\202462.exe60⤵
- Executes dropped EXE
-
\??\c:\nbbbhb.exec:\nbbbhb.exe61⤵
- Executes dropped EXE
-
\??\c:\lfrxxxx.exec:\lfrxxxx.exe62⤵
- Executes dropped EXE
-
\??\c:\7jpjv.exec:\7jpjv.exe63⤵
- Executes dropped EXE
-
\??\c:\4262240.exec:\4262240.exe64⤵
- Executes dropped EXE
-
\??\c:\hbhhtt.exec:\hbhhtt.exe65⤵
- Executes dropped EXE
-
\??\c:\42484.exec:\42484.exe66⤵
-
\??\c:\6400048.exec:\6400048.exe67⤵
-
\??\c:\888622.exec:\888622.exe68⤵
-
\??\c:\5jvvv.exec:\5jvvv.exe69⤵
-
\??\c:\llrfxrl.exec:\llrfxrl.exe70⤵
-
\??\c:\nnbhbh.exec:\nnbhbh.exe71⤵
-
\??\c:\5rxxffl.exec:\5rxxffl.exe72⤵
-
\??\c:\ttbhnn.exec:\ttbhnn.exe73⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe74⤵
-
\??\c:\xxlrfrl.exec:\xxlrfrl.exe75⤵
-
\??\c:\rrfxxff.exec:\rrfxxff.exe76⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe77⤵
-
\??\c:\a2242.exec:\a2242.exe78⤵
-
\??\c:\26488.exec:\26488.exe79⤵
-
\??\c:\048468.exec:\048468.exe80⤵
-
\??\c:\fflffrl.exec:\fflffrl.exe81⤵
-
\??\c:\hbntnn.exec:\hbntnn.exe82⤵
-
\??\c:\48886.exec:\48886.exe83⤵
-
\??\c:\hbtbbb.exec:\hbtbbb.exe84⤵
-
\??\c:\lffflfr.exec:\lffflfr.exe85⤵
-
\??\c:\7jvpp.exec:\7jvpp.exe86⤵
-
\??\c:\w48468.exec:\w48468.exe87⤵
-
\??\c:\m8066.exec:\m8066.exe88⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe89⤵
-
\??\c:\3lxxxxx.exec:\3lxxxxx.exe90⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe91⤵
-
\??\c:\7lfllxf.exec:\7lfllxf.exe92⤵
-
\??\c:\6084662.exec:\6084662.exe93⤵
-
\??\c:\c026824.exec:\c026824.exe94⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe95⤵
-
\??\c:\pjppd.exec:\pjppd.exe96⤵
-
\??\c:\60240.exec:\60240.exe97⤵
-
\??\c:\e06664.exec:\e06664.exe98⤵
-
\??\c:\lxfflll.exec:\lxfflll.exe99⤵
-
\??\c:\btbhhb.exec:\btbhhb.exe100⤵
-
\??\c:\7fffxfl.exec:\7fffxfl.exe101⤵
-
\??\c:\ffrfxff.exec:\ffrfxff.exe102⤵
-
\??\c:\5xlxflr.exec:\5xlxflr.exe103⤵
-
\??\c:\60802.exec:\60802.exe104⤵
-
\??\c:\202066.exec:\202066.exe105⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe106⤵
-
\??\c:\4628440.exec:\4628440.exe107⤵
-
\??\c:\60804.exec:\60804.exe108⤵
-
\??\c:\88846.exec:\88846.exe109⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe110⤵
-
\??\c:\e86222.exec:\e86222.exe111⤵
-
\??\c:\04226.exec:\04226.exe112⤵
-
\??\c:\ntttbn.exec:\ntttbn.exe113⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe114⤵
-
\??\c:\64008.exec:\64008.exe115⤵
-
\??\c:\9jdvv.exec:\9jdvv.exe116⤵
-
\??\c:\ppvdp.exec:\ppvdp.exe117⤵
-
\??\c:\tbhtht.exec:\tbhtht.exe118⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe119⤵
-
\??\c:\0428440.exec:\0428440.exe120⤵
-
\??\c:\bhhtbb.exec:\bhhtbb.exe121⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-