Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
25/09/2024, 07:18
General
-
Target
2cc867eeb019a50c7387105e0a8c2ccdab3fb4b2769971840f59b39e498140f6N.exe
-
Size
64KB
-
MD5
6f5a2351c19c138a2c343f9f8c9e6940
-
SHA1
78ab3fdc9e427069c9d6af93ad2183c21981da17
-
SHA256
2cc867eeb019a50c7387105e0a8c2ccdab3fb4b2769971840f59b39e498140f6
-
SHA512
d3fbfb84213b312c502a7d611d0dce182d52cd0ec77145287ef6ae6c91b25b37f96218162930b01590c56001f0cd19ac2b2858426882c64da7650f908dc0eedd
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbx7:ymb3NkkiQ3mdBjF0y7kbZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2cc867eeb019a50c7387105e0a8c2ccdab3fb4b2769971840f59b39e498140f6N.exe"C:\Users\Admin\AppData\Local\Temp\2cc867eeb019a50c7387105e0a8c2ccdab3fb4b2769971840f59b39e498140f6N.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdp.exec:\jpjdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxfllr.exec:\rxxfllr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhhn.exec:\nnbhhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdvv.exec:\7pdvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrlrr.exec:\rrfrlrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnbbt.exec:\bhnbbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjpp.exec:\jjjpp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vpjd.exec:\5vpjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnthn.exec:\bbnthn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5djdv.exec:\5djdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrrrlx.exec:\frrrrlx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lfxrxf.exec:\3lfxrxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnhn.exec:\bttnhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddj.exec:\pvddj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrxffx.exec:\5rrxffx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhtt.exec:\nnbhtt.exe17⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe18⤵
- Executes dropped EXE
-
\??\c:\rllrrfl.exec:\rllrrfl.exe19⤵
- Executes dropped EXE
-
\??\c:\nnhttn.exec:\nnhttn.exe20⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe21⤵
- Executes dropped EXE
-
\??\c:\rrxrrll.exec:\rrxrrll.exe22⤵
- Executes dropped EXE
-
\??\c:\7rflxlx.exec:\7rflxlx.exe23⤵
- Executes dropped EXE
-
\??\c:\vvvjd.exec:\vvvjd.exe24⤵
- Executes dropped EXE
-
\??\c:\9ddpd.exec:\9ddpd.exe25⤵
- Executes dropped EXE
-
\??\c:\lfxfxrf.exec:\lfxfxrf.exe26⤵
- Executes dropped EXE
-
\??\c:\lxllrrr.exec:\lxllrrr.exe27⤵
- Executes dropped EXE
-
\??\c:\bbbbbh.exec:\bbbbbh.exe28⤵
- Executes dropped EXE
-
\??\c:\dddpd.exec:\dddpd.exe29⤵
- Executes dropped EXE
-
\??\c:\7xfxfrx.exec:\7xfxfrx.exe30⤵
- Executes dropped EXE
-
\??\c:\nnnhtn.exec:\nnnhtn.exe31⤵
- Executes dropped EXE
-
\??\c:\btnthn.exec:\btnthn.exe32⤵
-
\??\c:\jppjp.exec:\jppjp.exe33⤵
- Executes dropped EXE
-
\??\c:\nnbhbn.exec:\nnbhbn.exe34⤵
- Executes dropped EXE
-
\??\c:\5vvpp.exec:\5vvpp.exe35⤵
- Executes dropped EXE
-
\??\c:\dvjpj.exec:\dvjpj.exe36⤵
- Executes dropped EXE
-
\??\c:\ffxxrfr.exec:\ffxxrfr.exe37⤵
- Executes dropped EXE
-
\??\c:\hnntbt.exec:\hnntbt.exe38⤵
- Executes dropped EXE
-
\??\c:\7bbhhn.exec:\7bbhhn.exe39⤵
- Executes dropped EXE
-
\??\c:\7pvvv.exec:\7pvvv.exe40⤵
- Executes dropped EXE
-
\??\c:\7dvdp.exec:\7dvdp.exe41⤵
- Executes dropped EXE
-
\??\c:\llrxffl.exec:\llrxffl.exe42⤵
- Executes dropped EXE
-
\??\c:\hhhnnn.exec:\hhhnnn.exe43⤵
- Executes dropped EXE
-
\??\c:\bbtntn.exec:\bbtntn.exe44⤵
- Executes dropped EXE
-
\??\c:\pjjpd.exec:\pjjpd.exe45⤵
- Executes dropped EXE
-
\??\c:\fxlxfrf.exec:\fxlxfrf.exe46⤵
- Executes dropped EXE
-
\??\c:\lrrfllx.exec:\lrrfllx.exe47⤵
- Executes dropped EXE
-
\??\c:\ttnhbb.exec:\ttnhbb.exe48⤵
- Executes dropped EXE
-
\??\c:\btbbnn.exec:\btbbnn.exe49⤵
- Executes dropped EXE
-
\??\c:\3pjvv.exec:\3pjvv.exe50⤵
- Executes dropped EXE
-
\??\c:\llrfflf.exec:\llrfflf.exe51⤵
- Executes dropped EXE
-
\??\c:\rlrrffl.exec:\rlrrffl.exe52⤵
- Executes dropped EXE
-
\??\c:\bbbhtn.exec:\bbbhtn.exe53⤵
- Executes dropped EXE
-
\??\c:\nhnthn.exec:\nhnthn.exe54⤵
- Executes dropped EXE
-
\??\c:\jjdvd.exec:\jjdvd.exe55⤵
- Executes dropped EXE
-
\??\c:\lfrfxfr.exec:\lfrfxfr.exe56⤵
- Executes dropped EXE
-
\??\c:\lrlrlxf.exec:\lrlrlxf.exe57⤵
- Executes dropped EXE
-
\??\c:\1nnhtb.exec:\1nnhtb.exe58⤵
- Executes dropped EXE
-
\??\c:\ddpdp.exec:\ddpdp.exe59⤵
- Executes dropped EXE
-
\??\c:\vjdvv.exec:\vjdvv.exe60⤵
- Executes dropped EXE
-
\??\c:\lllrxrf.exec:\lllrxrf.exe61⤵
- Executes dropped EXE
-
\??\c:\ttthth.exec:\ttthth.exe62⤵
- Executes dropped EXE
-
\??\c:\bbnthh.exec:\bbnthh.exe63⤵
- Executes dropped EXE
-
\??\c:\vppdp.exec:\vppdp.exe64⤵
- Executes dropped EXE
-
\??\c:\fxxlrrr.exec:\fxxlrrr.exe65⤵
- Executes dropped EXE
-
\??\c:\ffxrlrf.exec:\ffxrlrf.exe66⤵
- Executes dropped EXE
-
\??\c:\ttnhnh.exec:\ttnhnh.exe67⤵
-
\??\c:\tthbnn.exec:\tthbnn.exe68⤵
-
\??\c:\7vdvj.exec:\7vdvj.exe69⤵
-
\??\c:\rlxxffr.exec:\rlxxffr.exe70⤵
-
\??\c:\xxxlxfl.exec:\xxxlxfl.exe71⤵
-
\??\c:\nhtbnt.exec:\nhtbnt.exe72⤵
-
\??\c:\1jppd.exec:\1jppd.exe73⤵
-
\??\c:\1xfrrrr.exec:\1xfrrrr.exe74⤵
-
\??\c:\fxxlxfl.exec:\fxxlxfl.exe75⤵
-
\??\c:\7hhbtb.exec:\7hhbtb.exe76⤵
-
\??\c:\bnhntb.exec:\bnhntb.exe77⤵
-
\??\c:\jjppd.exec:\jjppd.exe78⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe79⤵
-
\??\c:\3rflffx.exec:\3rflffx.exe80⤵
-
\??\c:\5nbttt.exec:\5nbttt.exe81⤵
-
\??\c:\tnhtbb.exec:\tnhtbb.exe82⤵
-
\??\c:\9vpjp.exec:\9vpjp.exe83⤵
-
\??\c:\7rrfrff.exec:\7rrfrff.exe84⤵
-
\??\c:\xfxrrrr.exec:\xfxrrrr.exe85⤵
-
\??\c:\hbthtn.exec:\hbthtn.exe86⤵
-
\??\c:\ntnbbt.exec:\ntnbbt.exe87⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe88⤵
-
\??\c:\flxrfrl.exec:\flxrfrl.exe89⤵
-
\??\c:\rrlflfl.exec:\rrlflfl.exe90⤵
-
\??\c:\bbtbth.exec:\bbtbth.exe91⤵
-
\??\c:\9jddv.exec:\9jddv.exe92⤵
-
\??\c:\pjppv.exec:\pjppv.exe93⤵
-
\??\c:\5rxlxxl.exec:\5rxlxxl.exe94⤵
-
\??\c:\bthtbh.exec:\bthtbh.exe95⤵
-
\??\c:\hththn.exec:\hththn.exe96⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe97⤵
-
\??\c:\xrlxxlr.exec:\xrlxxlr.exe98⤵
-
\??\c:\1rrrlrf.exec:\1rrrlrf.exe99⤵
-
\??\c:\ttnttb.exec:\ttnttb.exe100⤵
-
\??\c:\ttnbnt.exec:\ttnbnt.exe101⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe102⤵
-
\??\c:\7rlxrfr.exec:\7rlxrfr.exe103⤵
-
\??\c:\fffrlxl.exec:\fffrlxl.exe104⤵
-
\??\c:\9hhtht.exec:\9hhtht.exe105⤵
-
\??\c:\btntnt.exec:\btntnt.exe106⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe107⤵
-
\??\c:\xxrrrxl.exec:\xxrrrxl.exe108⤵
-
\??\c:\5lrfrxl.exec:\5lrfrxl.exe109⤵
-
\??\c:\tnbthn.exec:\tnbthn.exe110⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe111⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe112⤵
-
\??\c:\lfxxrfr.exec:\lfxxrfr.exe113⤵
-
\??\c:\ntbttn.exec:\ntbttn.exe114⤵
-
\??\c:\htnttn.exec:\htnttn.exe115⤵
-
\??\c:\7djvp.exec:\7djvp.exe116⤵
-
\??\c:\lxrrrxr.exec:\lxrrrxr.exe117⤵
-
\??\c:\5flrfrx.exec:\5flrfrx.exe118⤵
-
\??\c:\7bhnbn.exec:\7bhnbn.exe119⤵
-
\??\c:\7htbhn.exec:\7htbhn.exe120⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-