Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
25/09/2024, 09:45
General
-
Target
34dbebbd60567a61015dd638ef44f58fcf42594a4efc2559de3887c8a8dc2f55N.exe
-
Size
65KB
-
MD5
d3b85f7c04f24ed881373477bcf50af0
-
SHA1
746bb10f0750140e4deafcf50bb4eca14499b76d
-
SHA256
34dbebbd60567a61015dd638ef44f58fcf42594a4efc2559de3887c8a8dc2f55
-
SHA512
fb2605e99df6c79bb697ae1e4ec83c8de1973f8f3dae286cabe65d15e033705f85e5db70484913bf46c035aeaa8d797a8c7478bb882812de18947d5f2d4523fc
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27Bqfm:ymb3NkkiQ3mdBjFI9cqfm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\34dbebbd60567a61015dd638ef44f58fcf42594a4efc2559de3887c8a8dc2f55N.exe"C:\Users\Admin\AppData\Local\Temp\34dbebbd60567a61015dd638ef44f58fcf42594a4efc2559de3887c8a8dc2f55N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjj.exec:\jjjjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxfff.exec:\rffxfff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhbnt.exec:\hnhbnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhtt.exec:\btbhtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvjp.exec:\vdvjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jddj.exec:\5jddj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lxlxrx.exec:\3lxlxrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhbhh.exec:\1bhbhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdp.exec:\vjpdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppv.exec:\vpppv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfffl.exec:\rflfffl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxflfl.exec:\flxflfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttbb.exec:\bnttbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thttbb.exec:\thttbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvd.exec:\pdpvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppp.exec:\jjppp.exe17⤵
- Executes dropped EXE
-
\??\c:\7lrrrlr.exec:\7lrrrlr.exe18⤵
- Executes dropped EXE
-
\??\c:\xlxflrr.exec:\xlxflrr.exe19⤵
- Executes dropped EXE
-
\??\c:\hthbhb.exec:\hthbhb.exe20⤵
- Executes dropped EXE
-
\??\c:\nbhnbh.exec:\nbhnbh.exe21⤵
- Executes dropped EXE
-
\??\c:\3jjpd.exec:\3jjpd.exe22⤵
- Executes dropped EXE
-
\??\c:\1dvjj.exec:\1dvjj.exe23⤵
- Executes dropped EXE
-
\??\c:\9fflxxl.exec:\9fflxxl.exe24⤵
- Executes dropped EXE
-
\??\c:\xrflllr.exec:\xrflllr.exe25⤵
- Executes dropped EXE
-
\??\c:\ththbt.exec:\ththbt.exe26⤵
- Executes dropped EXE
-
\??\c:\7hntbt.exec:\7hntbt.exe27⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bntnnh.exec:\bntnnh.exe28⤵
- Executes dropped EXE
-
\??\c:\3dvjj.exec:\3dvjj.exe29⤵
- Executes dropped EXE
-
\??\c:\xlxxrrx.exec:\xlxxrrx.exe30⤵
- Executes dropped EXE
-
\??\c:\9lxflrf.exec:\9lxflrf.exe31⤵
- Executes dropped EXE
-
\??\c:\hbhhnn.exec:\hbhhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\hthbtn.exec:\hthbtn.exe33⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe34⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe35⤵
- Executes dropped EXE
-
\??\c:\lfllxxx.exec:\lfllxxx.exe36⤵
- Executes dropped EXE
-
\??\c:\lflxfll.exec:\lflxfll.exe37⤵
- Executes dropped EXE
-
\??\c:\hhnttn.exec:\hhnttn.exe38⤵
- Executes dropped EXE
-
\??\c:\hnbbtt.exec:\hnbbtt.exe39⤵
- Executes dropped EXE
-
\??\c:\bntnbt.exec:\bntnbt.exe40⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe41⤵
- Executes dropped EXE
-
\??\c:\3dpvj.exec:\3dpvj.exe42⤵
- Executes dropped EXE
-
\??\c:\rlfxrxr.exec:\rlfxrxr.exe43⤵
- Executes dropped EXE
-
\??\c:\lflrlrf.exec:\lflrlrf.exe44⤵
- Executes dropped EXE
-
\??\c:\hbhbhb.exec:\hbhbhb.exe45⤵
- Executes dropped EXE
-
\??\c:\btnbhb.exec:\btnbhb.exe46⤵
- Executes dropped EXE
-
\??\c:\thtttn.exec:\thtttn.exe47⤵
- Executes dropped EXE
-
\??\c:\vdjjp.exec:\vdjjp.exe48⤵
- Executes dropped EXE
-
\??\c:\vpppv.exec:\vpppv.exe49⤵
- Executes dropped EXE
-
\??\c:\rlxllrl.exec:\rlxllrl.exe50⤵
- Executes dropped EXE
-
\??\c:\rffllrx.exec:\rffllrx.exe51⤵
- Executes dropped EXE
-
\??\c:\frxxxrr.exec:\frxxxrr.exe52⤵
- Executes dropped EXE
-
\??\c:\tbttbb.exec:\tbttbb.exe53⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe54⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe55⤵
- Executes dropped EXE
-
\??\c:\jvdpp.exec:\jvdpp.exe56⤵
- Executes dropped EXE
-
\??\c:\fxlrrll.exec:\fxlrrll.exe57⤵
- Executes dropped EXE
-
\??\c:\frxffff.exec:\frxffff.exe58⤵
- Executes dropped EXE
-
\??\c:\5xlllll.exec:\5xlllll.exe59⤵
- Executes dropped EXE
-
\??\c:\9tbhnn.exec:\9tbhnn.exe60⤵
- Executes dropped EXE
-
\??\c:\vjvdv.exec:\vjvdv.exe61⤵
- Executes dropped EXE
-
\??\c:\pjpdj.exec:\pjpdj.exe62⤵
- Executes dropped EXE
-
\??\c:\rlxxfrl.exec:\rlxxfrl.exe63⤵
- Executes dropped EXE
-
\??\c:\5xlrlxf.exec:\5xlrlxf.exe64⤵
- Executes dropped EXE
-
\??\c:\btbhtt.exec:\btbhtt.exe65⤵
- Executes dropped EXE
-
\??\c:\tntbnn.exec:\tntbnn.exe66⤵
-
\??\c:\9dddj.exec:\9dddj.exe67⤵
-
\??\c:\5dvvd.exec:\5dvvd.exe68⤵
-
\??\c:\5xrlrrr.exec:\5xrlrrr.exe69⤵
-
\??\c:\xrfrrrr.exec:\xrfrrrr.exe70⤵
-
\??\c:\thhhtb.exec:\thhhtb.exe71⤵
-
\??\c:\thbhnn.exec:\thbhnn.exe72⤵
-
\??\c:\jdpdd.exec:\jdpdd.exe73⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe74⤵
-
\??\c:\frxfxrx.exec:\frxfxrx.exe75⤵
-
\??\c:\frfrffl.exec:\frfrffl.exe76⤵
-
\??\c:\9ntbbt.exec:\9ntbbt.exe77⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe78⤵
-
\??\c:\jjjvv.exec:\jjjvv.exe79⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe80⤵
-
\??\c:\lxxrlrx.exec:\lxxrlrx.exe81⤵
-
\??\c:\1bnntt.exec:\1bnntt.exe82⤵
-
\??\c:\thhhbh.exec:\thhhbh.exe83⤵
-
\??\c:\nntttt.exec:\nntttt.exe84⤵
-
\??\c:\1pppv.exec:\1pppv.exe85⤵
-
\??\c:\9vjdp.exec:\9vjdp.exe86⤵
-
\??\c:\lxfffxx.exec:\lxfffxx.exe87⤵
-
\??\c:\7fxlxfr.exec:\7fxlxfr.exe88⤵
-
\??\c:\tbnnnh.exec:\tbnnnh.exe89⤵
-
\??\c:\1nbhnn.exec:\1nbhnn.exe90⤵
-
\??\c:\jpvdv.exec:\jpvdv.exe91⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe92⤵
-
\??\c:\xxfffll.exec:\xxfffll.exe93⤵
-
\??\c:\xxrrfrx.exec:\xxrrfrx.exe94⤵
-
\??\c:\lxfllrr.exec:\lxfllrr.exe95⤵
-
\??\c:\nnnbnt.exec:\nnnbnt.exe96⤵
-
\??\c:\dvppp.exec:\dvppp.exe97⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe98⤵
-
\??\c:\ddddj.exec:\ddddj.exe99⤵
-
\??\c:\frfxllx.exec:\frfxllx.exe100⤵
-
\??\c:\xllfllr.exec:\xllfllr.exe101⤵
-
\??\c:\tbbhtn.exec:\tbbhtn.exe102⤵
-
\??\c:\9htttb.exec:\9htttb.exe103⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe104⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe105⤵
-
\??\c:\3rflrxl.exec:\3rflrxl.exe106⤵
-
\??\c:\lfllllr.exec:\lfllllr.exe107⤵
-
\??\c:\hhbtnn.exec:\hhbtnn.exe108⤵
-
\??\c:\bbtbnt.exec:\bbtbnt.exe109⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe110⤵
-
\??\c:\dpvdp.exec:\dpvdp.exe111⤵
-
\??\c:\hbhnhn.exec:\hbhnhn.exe112⤵
-
\??\c:\hbtbbh.exec:\hbtbbh.exe113⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe114⤵
-
\??\c:\jvddd.exec:\jvddd.exe115⤵
-
\??\c:\vppvv.exec:\vppvv.exe116⤵
-
\??\c:\xrlrflx.exec:\xrlrflx.exe117⤵
-
\??\c:\lxlrrrx.exec:\lxlrrrx.exe118⤵
-
\??\c:\9nbbhb.exec:\9nbbhb.exe119⤵
-
\??\c:\1hhthn.exec:\1hhthn.exe120⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-