Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
27/09/2024, 08:44
General
-
Target
9d4f60c2a85431e224da8876ef0c7947a057cb644bec2f8e9421c643a91d87b6N.exe
-
Size
71KB
-
MD5
3d4811b42888ac18bdeffe44eb497600
-
SHA1
c5908b0c3e417e082006f62202a19e2aedcf8c88
-
SHA256
9d4f60c2a85431e224da8876ef0c7947a057cb644bec2f8e9421c643a91d87b6
-
SHA512
ac4f87624d2d7a8ff92f0d287f93fe3762dc9da2de4b248df9e813545d2b14d2ded7d2c47802e3a9247b54c856d079bbfdc5f834f5a40f32afc0f662b5b6c4db
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfj1:ymb3NkkiQ3mdBjFI4VF
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9d4f60c2a85431e224da8876ef0c7947a057cb644bec2f8e9421c643a91d87b6N.exe"C:\Users\Admin\AppData\Local\Temp\9d4f60c2a85431e224da8876ef0c7947a057cb644bec2f8e9421c643a91d87b6N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpdp.exec:\vdpdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrlxfx.exec:\9rrlxfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbbbn.exec:\1bbbbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbbh.exec:\nbnbbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pdvd.exec:\9pdvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllrlr.exec:\flllrlr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhhh.exec:\bthhhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjj.exec:\pdjjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxrlr.exec:\rxfxrlr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rfxxxx.exec:\3rfxxxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbnhb.exec:\3hbnhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnthn.exec:\nhnthn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjj.exec:\vjjjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjj.exec:\jvjjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrfxxr.exec:\frrfxxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbnbh.exec:\nnbnbh.exe17⤵
- Executes dropped EXE
-
\??\c:\nbtbbb.exec:\nbtbbb.exe18⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe19⤵
- Executes dropped EXE
-
\??\c:\jpvdj.exec:\jpvdj.exe20⤵
- Executes dropped EXE
-
\??\c:\lxfffll.exec:\lxfffll.exe21⤵
- Executes dropped EXE
-
\??\c:\thbhhn.exec:\thbhhn.exe22⤵
- Executes dropped EXE
-
\??\c:\httnnn.exec:\httnnn.exe23⤵
- Executes dropped EXE
-
\??\c:\7jvvp.exec:\7jvvp.exe24⤵
- Executes dropped EXE
-
\??\c:\1frrlxr.exec:\1frrlxr.exe25⤵
- Executes dropped EXE
-
\??\c:\9lfrxrr.exec:\9lfrxrr.exe26⤵
- Executes dropped EXE
-
\??\c:\bnttnh.exec:\bnttnh.exe27⤵
- Executes dropped EXE
-
\??\c:\htbbbb.exec:\htbbbb.exe28⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe29⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe30⤵
- Executes dropped EXE
-
\??\c:\rfrllxf.exec:\rfrllxf.exe31⤵
- Executes dropped EXE
-
\??\c:\7nbbth.exec:\7nbbth.exe32⤵
- Executes dropped EXE
-
\??\c:\thnbth.exec:\thnbth.exe33⤵
- Executes dropped EXE
-
\??\c:\dpvpv.exec:\dpvpv.exe34⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe35⤵
- Executes dropped EXE
-
\??\c:\lxrrlrf.exec:\lxrrlrf.exe36⤵
- Executes dropped EXE
-
\??\c:\rxffxxx.exec:\rxffxxx.exe37⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe38⤵
- Executes dropped EXE
-
\??\c:\hnhhhb.exec:\hnhhhb.exe39⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe40⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe41⤵
- Executes dropped EXE
-
\??\c:\3lxxxll.exec:\3lxxxll.exe42⤵
- Executes dropped EXE
-
\??\c:\lrrfxrf.exec:\lrrfxrf.exe43⤵
- Executes dropped EXE
-
\??\c:\hthhtt.exec:\hthhtt.exe44⤵
- Executes dropped EXE
-
\??\c:\tntttn.exec:\tntttn.exe45⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe46⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe47⤵
- Executes dropped EXE
-
\??\c:\jvppv.exec:\jvppv.exe48⤵
- Executes dropped EXE
-
\??\c:\1rlrxll.exec:\1rlrxll.exe49⤵
- Executes dropped EXE
-
\??\c:\lffflfl.exec:\lffflfl.exe50⤵
- Executes dropped EXE
-
\??\c:\5httbb.exec:\5httbb.exe51⤵
- Executes dropped EXE
-
\??\c:\9tbbbb.exec:\9tbbbb.exe52⤵
- Executes dropped EXE
-
\??\c:\1dppp.exec:\1dppp.exe53⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe54⤵
- Executes dropped EXE
-
\??\c:\3frlffl.exec:\3frlffl.exe55⤵
- Executes dropped EXE
-
\??\c:\xxrrxll.exec:\xxrrxll.exe56⤵
- Executes dropped EXE
-
\??\c:\hnthhn.exec:\hnthhn.exe57⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe58⤵
- Executes dropped EXE
-
\??\c:\lffflrx.exec:\lffflrx.exe59⤵
- Executes dropped EXE
-
\??\c:\rfllrrx.exec:\rfllrrx.exe60⤵
- Executes dropped EXE
-
\??\c:\frxxxxl.exec:\frxxxxl.exe61⤵
- Executes dropped EXE
-
\??\c:\nhnbhh.exec:\nhnbhh.exe62⤵
- Executes dropped EXE
-
\??\c:\vjjdj.exec:\vjjdj.exe63⤵
- Executes dropped EXE
-
\??\c:\vjpvd.exec:\vjpvd.exe64⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe65⤵
- Executes dropped EXE
-
\??\c:\fxfllff.exec:\fxfllff.exe66⤵
-
\??\c:\5rffxxl.exec:\5rffxxl.exe67⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe68⤵
-
\??\c:\9bbhtb.exec:\9bbhtb.exe69⤵
-
\??\c:\hbntbt.exec:\hbntbt.exe70⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe71⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe72⤵
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe73⤵
-
\??\c:\7lxflxf.exec:\7lxflxf.exe74⤵
-
\??\c:\5nhnnh.exec:\5nhnnh.exe75⤵
-
\??\c:\nbbbnh.exec:\nbbbnh.exe76⤵
-
\??\c:\vjppp.exec:\vjppp.exe77⤵
-
\??\c:\7pppv.exec:\7pppv.exe78⤵
-
\??\c:\xrrxfff.exec:\xrrxfff.exe79⤵
-
\??\c:\xrflllr.exec:\xrflllr.exe80⤵
-
\??\c:\nbtbbb.exec:\nbtbbb.exe81⤵
-
\??\c:\hhtnbb.exec:\hhtnbb.exe82⤵
-
\??\c:\htbhtt.exec:\htbhtt.exe83⤵
-
\??\c:\9vppp.exec:\9vppp.exe84⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe85⤵
-
\??\c:\rlllxfl.exec:\rlllxfl.exe86⤵
-
\??\c:\5xrffxx.exec:\5xrffxx.exe87⤵
-
\??\c:\lfrxxfl.exec:\lfrxxfl.exe88⤵
-
\??\c:\thntbb.exec:\thntbb.exe89⤵
-
\??\c:\1btthh.exec:\1btthh.exe90⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe91⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe92⤵
-
\??\c:\5lllllr.exec:\5lllllr.exe93⤵
-
\??\c:\xrlrxxl.exec:\xrlrxxl.exe94⤵
-
\??\c:\7hbhnn.exec:\7hbhnn.exe95⤵
-
\??\c:\9thnbb.exec:\9thnbb.exe96⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe97⤵
-
\??\c:\1vppv.exec:\1vppv.exe98⤵
-
\??\c:\xxxxfxx.exec:\xxxxfxx.exe99⤵
-
\??\c:\lxrrxrx.exec:\lxrrxrx.exe100⤵
-
\??\c:\hthnnh.exec:\hthnnh.exe101⤵
-
\??\c:\9htttn.exec:\9htttn.exe102⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe103⤵
-
\??\c:\7dvpp.exec:\7dvpp.exe104⤵
-
\??\c:\fllrfrf.exec:\fllrfrf.exe105⤵
-
\??\c:\lxrrffl.exec:\lxrrffl.exe106⤵
-
\??\c:\lfrrfll.exec:\lfrrfll.exe107⤵
-
\??\c:\nhthnn.exec:\nhthnn.exe108⤵
-
\??\c:\tnhhbn.exec:\tnhhbn.exe109⤵
-
\??\c:\1tnntn.exec:\1tnntn.exe110⤵
-
\??\c:\9pdvd.exec:\9pdvd.exe111⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe112⤵
-
\??\c:\frxfrxx.exec:\frxfrxx.exe113⤵
-
\??\c:\frlllxf.exec:\frlllxf.exe114⤵
-
\??\c:\1thhhb.exec:\1thhhb.exe115⤵
-
\??\c:\3tnnnn.exec:\3tnnnn.exe116⤵
-
\??\c:\hbhnnn.exec:\hbhnnn.exe117⤵
-
\??\c:\3pdjj.exec:\3pdjj.exe118⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pdppd.exec:\pdppd.exe119⤵
-
\??\c:\frlrxfl.exec:\frlrxfl.exe120⤵
-
\??\c:\fxlrxrr.exec:\fxlrxrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-