Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
27/09/2024, 01:49
General
-
Target
6558b1f2294480b5cd30587ba2ba3718657082a9fbf29734e7d3173ba94d0d75N.exe
-
Size
107KB
-
MD5
7461f95eb1b187083c509b60cfdec670
-
SHA1
1baa81647383f00fe47a80dd1d722c15a112ae01
-
SHA256
6558b1f2294480b5cd30587ba2ba3718657082a9fbf29734e7d3173ba94d0d75
-
SHA512
4b235c62e255f3d2f64268dcb4c94988c66b538bce2b951d7fb8b4ffce6b38e23d3f4767ae0d7fb9f578c7370e76790d8154d7096083101f5277cb93708ea368
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KVT+buwUGu3P3Cme:n3C9BRo7MlrWKVT+buBGu3PHe
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6558b1f2294480b5cd30587ba2ba3718657082a9fbf29734e7d3173ba94d0d75N.exe"C:\Users\Admin\AppData\Local\Temp\6558b1f2294480b5cd30587ba2ba3718657082a9fbf29734e7d3173ba94d0d75N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbtn.exec:\hbhbtn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dpvv.exec:\9dpvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlrxrf.exec:\lxlrxrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnthn.exec:\hhnthn.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvpv.exec:\1jvpv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlrxl.exec:\rlrlrxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtthh.exec:\nhtthh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvj.exec:\dvpvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxflfr.exec:\xlxflfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrxlrf.exec:\lxrxlrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhnt.exec:\btbhnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvdv.exec:\7vvdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvdp.exec:\jjvdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrfrrf.exec:\rfrfrrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthnt.exec:\hbthnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhnn.exec:\nnbhnn.exe17⤵
- Executes dropped EXE
-
\??\c:\pdpvj.exec:\pdpvj.exe18⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe19⤵
- Executes dropped EXE
-
\??\c:\llxlflf.exec:\llxlflf.exe20⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe21⤵
- Executes dropped EXE
-
\??\c:\9thbbt.exec:\9thbbt.exe22⤵
- Executes dropped EXE
-
\??\c:\ppppp.exec:\ppppp.exe23⤵
- Executes dropped EXE
-
\??\c:\lxfflrx.exec:\lxfflrx.exe24⤵
- Executes dropped EXE
-
\??\c:\frfffll.exec:\frfffll.exe25⤵
- Executes dropped EXE
-
\??\c:\htnntb.exec:\htnntb.exe26⤵
- Executes dropped EXE
-
\??\c:\pdjjp.exec:\pdjjp.exe27⤵
- Executes dropped EXE
-
\??\c:\jjvvj.exec:\jjvvj.exe28⤵
- Executes dropped EXE
-
\??\c:\1fxrxxf.exec:\1fxrxxf.exe29⤵
- Executes dropped EXE
-
\??\c:\btnhtt.exec:\btnhtt.exe30⤵
- Executes dropped EXE
-
\??\c:\nhtntn.exec:\nhtntn.exe31⤵
- Executes dropped EXE
-
\??\c:\dvjpj.exec:\dvjpj.exe32⤵
- Executes dropped EXE
-
\??\c:\tthbtb.exec:\tthbtb.exe33⤵
- Executes dropped EXE
-
\??\c:\9thbbh.exec:\9thbbh.exe34⤵
- Executes dropped EXE
-
\??\c:\jdjpj.exec:\jdjpj.exe35⤵
- Executes dropped EXE
-
\??\c:\lrlffxf.exec:\lrlffxf.exe36⤵
- Executes dropped EXE
-
\??\c:\xrrxxxf.exec:\xrrxxxf.exe37⤵
- Executes dropped EXE
-
\??\c:\lfllrrx.exec:\lfllrrx.exe38⤵
- Executes dropped EXE
-
\??\c:\tnbbbb.exec:\tnbbbb.exe39⤵
- Executes dropped EXE
-
\??\c:\pdpjj.exec:\pdpjj.exe40⤵
- Executes dropped EXE
-
\??\c:\vjppd.exec:\vjppd.exe41⤵
- Executes dropped EXE
-
\??\c:\xrxfxff.exec:\xrxfxff.exe42⤵
- Executes dropped EXE
-
\??\c:\xlxrxrx.exec:\xlxrxrx.exe43⤵
- Executes dropped EXE
-
\??\c:\hhnntt.exec:\hhnntt.exe44⤵
- Executes dropped EXE
-
\??\c:\nbttbt.exec:\nbttbt.exe45⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe46⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe47⤵
- Executes dropped EXE
-
\??\c:\9rrrxll.exec:\9rrrxll.exe48⤵
- Executes dropped EXE
-
\??\c:\rxxlxlf.exec:\rxxlxlf.exe49⤵
- Executes dropped EXE
-
\??\c:\7httbb.exec:\7httbb.exe50⤵
- Executes dropped EXE
-
\??\c:\thttbb.exec:\thttbb.exe51⤵
- Executes dropped EXE
-
\??\c:\thttbb.exec:\thttbb.exe52⤵
- Executes dropped EXE
-
\??\c:\jvvvv.exec:\jvvvv.exe53⤵
- Executes dropped EXE
-
\??\c:\vddvp.exec:\vddvp.exe54⤵
- Executes dropped EXE
-
\??\c:\xlrrrrx.exec:\xlrrrrx.exe55⤵
- Executes dropped EXE
-
\??\c:\xrlrflx.exec:\xrlrflx.exe56⤵
- Executes dropped EXE
-
\??\c:\7nhnbh.exec:\7nhnbh.exe57⤵
- Executes dropped EXE
-
\??\c:\btbbbt.exec:\btbbbt.exe58⤵
- Executes dropped EXE
-
\??\c:\pjjpd.exec:\pjjpd.exe59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vpjvj.exec:\vpjvj.exe60⤵
- Executes dropped EXE
-
\??\c:\ffllffl.exec:\ffllffl.exe61⤵
- Executes dropped EXE
-
\??\c:\lxrrxll.exec:\lxrrxll.exe62⤵
- Executes dropped EXE
-
\??\c:\tnnnnh.exec:\tnnnnh.exe63⤵
- Executes dropped EXE
-
\??\c:\7tbhhh.exec:\7tbhhh.exe64⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe65⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe66⤵
-
\??\c:\fxrxrxf.exec:\fxrxrxf.exe67⤵
-
\??\c:\fxfllrx.exec:\fxfllrx.exe68⤵
-
\??\c:\hthntb.exec:\hthntb.exe69⤵
-
\??\c:\5nhhtt.exec:\5nhhtt.exe70⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe71⤵
-
\??\c:\jdppp.exec:\jdppp.exe72⤵
-
\??\c:\rlxflfr.exec:\rlxflfr.exe73⤵
-
\??\c:\frrfffr.exec:\frrfffr.exe74⤵
-
\??\c:\bnthnt.exec:\bnthnt.exe75⤵
-
\??\c:\bbnhnn.exec:\bbnhnn.exe76⤵
-
\??\c:\1dppd.exec:\1dppd.exe77⤵
-
\??\c:\9dvjd.exec:\9dvjd.exe78⤵
-
\??\c:\rlxfffl.exec:\rlxfffl.exe79⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lllrflx.exec:\lllrflx.exe80⤵
-
\??\c:\xrfxfxl.exec:\xrfxfxl.exe81⤵
-
\??\c:\btntbb.exec:\btntbb.exe82⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe83⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe84⤵
-
\??\c:\3frrrrf.exec:\3frrrrf.exe85⤵
-
\??\c:\9frrxxf.exec:\9frrxxf.exe86⤵
-
\??\c:\7lxllll.exec:\7lxllll.exe87⤵
-
\??\c:\nnbnbh.exec:\nnbnbh.exe88⤵
-
\??\c:\btnntn.exec:\btnntn.exe89⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe90⤵
-
\??\c:\pdppd.exec:\pdppd.exe91⤵
-
\??\c:\7xlfflr.exec:\7xlfflr.exe92⤵
-
\??\c:\frrrxxf.exec:\frrrxxf.exe93⤵
-
\??\c:\bbhnbh.exec:\bbhnbh.exe94⤵
-
\??\c:\nhnbtb.exec:\nhnbtb.exe95⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe96⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe97⤵
-
\??\c:\lfrfrxl.exec:\lfrfrxl.exe98⤵
-
\??\c:\fxfffll.exec:\fxfffll.exe99⤵
-
\??\c:\3nhbbt.exec:\3nhbbt.exe100⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe101⤵
-
\??\c:\5pddj.exec:\5pddj.exe102⤵
-
\??\c:\7dvpv.exec:\7dvpv.exe103⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe104⤵
-
\??\c:\9xlfflx.exec:\9xlfflx.exe105⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rlxxffr.exec:\rlxxffr.exe106⤵
-
\??\c:\bnbtbb.exec:\bnbtbb.exe107⤵
-
\??\c:\bbnnbb.exec:\bbnnbb.exe108⤵
-
\??\c:\9ppvv.exec:\9ppvv.exe109⤵
-
\??\c:\jjddv.exec:\jjddv.exe110⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe111⤵
-
\??\c:\lxllllr.exec:\lxllllr.exe112⤵
-
\??\c:\xrfrxfr.exec:\xrfrxfr.exe113⤵
-
\??\c:\3hbhtn.exec:\3hbhtn.exe114⤵
-
\??\c:\bthbhn.exec:\bthbhn.exe115⤵
-
\??\c:\9jdjv.exec:\9jdjv.exe116⤵
-
\??\c:\lxxxrfl.exec:\lxxxrfl.exe117⤵
-
\??\c:\1xrxffl.exec:\1xrxffl.exe118⤵
-
\??\c:\nhttbt.exec:\nhttbt.exe119⤵
-
\??\c:\hnbbbt.exec:\hnbbbt.exe120⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-