Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
27/09/2024, 21:30
General
-
Target
6d20f1f8a985af185a9e837bae43c42ba865a1996094a8df6803728e16026fa6N.exe
-
Size
79KB
-
MD5
f80cfb91ff24007a8869eaeb5a423900
-
SHA1
0d301c578e0ec5e4dce34d3e3f3b81c0f4cb4dd2
-
SHA256
6d20f1f8a985af185a9e837bae43c42ba865a1996094a8df6803728e16026fa6
-
SHA512
b5549713a5e94d5a74034144acff3c214876d5de9276c6ac995e29172a6c19f613651bce60794d3f99715839bf11da139401341bc4ba4a66371037b163f5d63c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5rINFE4yeF:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCu4i
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6d20f1f8a985af185a9e837bae43c42ba865a1996094a8df6803728e16026fa6N.exe"C:\Users\Admin\AppData\Local\Temp\6d20f1f8a985af185a9e837bae43c42ba865a1996094a8df6803728e16026fa6N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhtt.exec:\bthhtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdv.exec:\dppdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflfrf.exec:\llflfrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbhn.exec:\bbtbhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdjd.exec:\jvdjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdp.exec:\jdpdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrlrrx.exec:\xfrlrrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnthn.exec:\hbnthn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvp.exec:\dpjvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfllx.exec:\xrlfllx.exe11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrxfl.exec:\ffrrxfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnntn.exec:\nnnntn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvdv.exec:\vvvdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvppd.exec:\pvppd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlflflx.exec:\xlflflx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfflrf.exec:\xrfflrf.exe17⤵
- Executes dropped EXE
-
\??\c:\tnbntt.exec:\tnbntt.exe18⤵
- Executes dropped EXE
-
\??\c:\5nhbtb.exec:\5nhbtb.exe19⤵
- Executes dropped EXE
-
\??\c:\1jdpp.exec:\1jdpp.exe20⤵
- Executes dropped EXE
-
\??\c:\rflllxf.exec:\rflllxf.exe21⤵
- Executes dropped EXE
-
\??\c:\lllrffl.exec:\lllrffl.exe22⤵
- Executes dropped EXE
-
\??\c:\7hhhtn.exec:\7hhhtn.exe23⤵
- Executes dropped EXE
-
\??\c:\bthnbt.exec:\bthnbt.exe24⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe25⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe26⤵
- Executes dropped EXE
-
\??\c:\ffffxfr.exec:\ffffxfr.exe27⤵
- Executes dropped EXE
-
\??\c:\nhhnnb.exec:\nhhnnb.exe28⤵
- Executes dropped EXE
-
\??\c:\bbbnbb.exec:\bbbnbb.exe29⤵
- Executes dropped EXE
-
\??\c:\5vdjd.exec:\5vdjd.exe30⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe31⤵
- Executes dropped EXE
-
\??\c:\3lfrflx.exec:\3lfrflx.exe32⤵
- Executes dropped EXE
-
\??\c:\rlfrflx.exec:\rlfrflx.exe33⤵
- Executes dropped EXE
-
\??\c:\hbtbnt.exec:\hbtbnt.exe34⤵
- Executes dropped EXE
-
\??\c:\hthtnh.exec:\hthtnh.exe35⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe36⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe37⤵
- Executes dropped EXE
-
\??\c:\rlxflxl.exec:\rlxflxl.exe38⤵
- Executes dropped EXE
-
\??\c:\xxrflrx.exec:\xxrflrx.exe39⤵
- Executes dropped EXE
-
\??\c:\7rfrrff.exec:\7rfrrff.exe40⤵
- Executes dropped EXE
-
\??\c:\bnhnhh.exec:\bnhnhh.exe41⤵
- Executes dropped EXE
-
\??\c:\bttbtt.exec:\bttbtt.exe42⤵
- Executes dropped EXE
-
\??\c:\jjvjj.exec:\jjvjj.exe43⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe44⤵
- Executes dropped EXE
-
\??\c:\7xrxflr.exec:\7xrxflr.exe45⤵
- Executes dropped EXE
-
\??\c:\xrlrxff.exec:\xrlrxff.exe46⤵
- Executes dropped EXE
-
\??\c:\fxlrllx.exec:\fxlrllx.exe47⤵
- Executes dropped EXE
-
\??\c:\btnnhn.exec:\btnnhn.exe48⤵
- Executes dropped EXE
-
\??\c:\nhbnbn.exec:\nhbnbn.exe49⤵
- Executes dropped EXE
-
\??\c:\pvvvd.exec:\pvvvd.exe50⤵
- Executes dropped EXE
-
\??\c:\vjvvp.exec:\vjvvp.exe51⤵
- Executes dropped EXE
-
\??\c:\rlxflrx.exec:\rlxflrx.exe52⤵
- Executes dropped EXE
-
\??\c:\hnttbb.exec:\hnttbb.exe53⤵
- Executes dropped EXE
-
\??\c:\hbbhtb.exec:\hbbhtb.exe54⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe55⤵
- Executes dropped EXE
-
\??\c:\3dvvd.exec:\3dvvd.exe56⤵
- Executes dropped EXE
-
\??\c:\rffxllx.exec:\rffxllx.exe57⤵
- Executes dropped EXE
-
\??\c:\lfrxfrx.exec:\lfrxfrx.exe58⤵
- Executes dropped EXE
-
\??\c:\hnbntn.exec:\hnbntn.exe59⤵
- Executes dropped EXE
-
\??\c:\thnbnt.exec:\thnbnt.exe60⤵
- Executes dropped EXE
-
\??\c:\ppjvv.exec:\ppjvv.exe61⤵
- Executes dropped EXE
-
\??\c:\5ppdj.exec:\5ppdj.exe62⤵
- Executes dropped EXE
-
\??\c:\lfflrxl.exec:\lfflrxl.exe63⤵
- Executes dropped EXE
-
\??\c:\xxfrxfl.exec:\xxfrxfl.exe64⤵
- Executes dropped EXE
-
\??\c:\3xffxfr.exec:\3xffxfr.exe65⤵
- Executes dropped EXE
-
\??\c:\7hbttb.exec:\7hbttb.exe66⤵
-
\??\c:\5hbbtt.exec:\5hbbtt.exe67⤵
-
\??\c:\vppvd.exec:\vppvd.exe68⤵
-
\??\c:\lfrxflx.exec:\lfrxflx.exe69⤵
-
\??\c:\5rxfrlr.exec:\5rxfrlr.exe70⤵
-
\??\c:\btbntb.exec:\btbntb.exe71⤵
-
\??\c:\bbhhth.exec:\bbhhth.exe72⤵
-
\??\c:\vdjdj.exec:\vdjdj.exe73⤵
-
\??\c:\pjddp.exec:\pjddp.exe74⤵
-
\??\c:\lllllxl.exec:\lllllxl.exe75⤵
-
\??\c:\hbtnnb.exec:\hbtnnb.exe76⤵
-
\??\c:\pddjd.exec:\pddjd.exe77⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe78⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe79⤵
-
\??\c:\frlxflx.exec:\frlxflx.exe80⤵
-
\??\c:\btbhbb.exec:\btbhbb.exe81⤵
-
\??\c:\bhhnnh.exec:\bhhnnh.exe82⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe83⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vjdjv.exec:\vjdjv.exe84⤵
-
\??\c:\frfxxxf.exec:\frfxxxf.exe85⤵
-
\??\c:\bnbnbb.exec:\bnbnbb.exe86⤵
-
\??\c:\btbnnh.exec:\btbnnh.exe87⤵
-
\??\c:\3dpvv.exec:\3dpvv.exe88⤵
-
\??\c:\jvddd.exec:\jvddd.exe89⤵
-
\??\c:\1lxxxxx.exec:\1lxxxxx.exe90⤵
-
\??\c:\fxrxrlr.exec:\fxrxrlr.exe91⤵
-
\??\c:\bnhhhn.exec:\bnhhhn.exe92⤵
-
\??\c:\hntbbb.exec:\hntbbb.exe93⤵
-
\??\c:\9pjjd.exec:\9pjjd.exe94⤵
-
\??\c:\9jppp.exec:\9jppp.exe95⤵
-
\??\c:\1xlffll.exec:\1xlffll.exe96⤵
-
\??\c:\1rflrrx.exec:\1rflrrx.exe97⤵
-
\??\c:\bhhbhb.exec:\bhhbhb.exe98⤵
-
\??\c:\thnhht.exec:\thnhht.exe99⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe100⤵
-
\??\c:\pdppd.exec:\pdppd.exe101⤵
-
\??\c:\7xrxxll.exec:\7xrxxll.exe102⤵
-
\??\c:\flfrffx.exec:\flfrffx.exe103⤵
-
\??\c:\bnbttn.exec:\bnbttn.exe104⤵
-
\??\c:\hbhtbt.exec:\hbhtbt.exe105⤵
-
\??\c:\7jpjp.exec:\7jpjp.exe106⤵
-
\??\c:\jddjj.exec:\jddjj.exe107⤵
-
\??\c:\xlffxff.exec:\xlffxff.exe108⤵
-
\??\c:\5xffflr.exec:\5xffflr.exe109⤵
-
\??\c:\1bnhtn.exec:\1bnhtn.exe110⤵
-
\??\c:\5nhhhn.exec:\5nhhhn.exe111⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe112⤵
-
\??\c:\dpppp.exec:\dpppp.exe113⤵
-
\??\c:\rlfffff.exec:\rlfffff.exe114⤵
-
\??\c:\1lrffxf.exec:\1lrffxf.exe115⤵
-
\??\c:\nbhnnn.exec:\nbhnnn.exe116⤵
-
\??\c:\bhhhhb.exec:\bhhhhb.exe117⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe118⤵
-
\??\c:\fxrlrxr.exec:\fxrlrxr.exe119⤵
-
\??\c:\frlxfxx.exec:\frlxfxx.exe120⤵
-
\??\c:\bnthnh.exec:\bnthnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-