Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
30/09/2024, 03:04
General
-
Target
027b1105ae474cb53c12c847688ff41715ba0b74638000291d7d7d8da9a2891bN.exe
-
Size
80KB
-
MD5
03195d14c12a391bff77049cc121a240
-
SHA1
4ebd807db9270f9bf794b1754b76b8d9be14e19d
-
SHA256
027b1105ae474cb53c12c847688ff41715ba0b74638000291d7d7d8da9a2891b
-
SHA512
be31a3a395889eaa8e3d7286608ac6204349cdbb685fc736961439032ea842e05751ae94f81140b0dc6c849b876e3094f6929befa1b16337598bdad7b2a247ed
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5rINFE4yeCH:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCu4T
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\027b1105ae474cb53c12c847688ff41715ba0b74638000291d7d7d8da9a2891bN.exe"C:\Users\Admin\AppData\Local\Temp\027b1105ae474cb53c12c847688ff41715ba0b74638000291d7d7d8da9a2891bN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhtth.exec:\hhhtth.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddvd.exec:\1ddvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflrxxf.exec:\rflrxxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tbhhn.exec:\9tbhhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvvp.exec:\3pvvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rfrxxf.exec:\7rfrxxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrllrl.exec:\9xrllrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbnt.exec:\tnbbnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhnt.exec:\nhbhnt.exe10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdpp.exec:\ppdpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjpd.exec:\9jjpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffllr.exec:\fxffllr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxflfl.exec:\frxflfl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnttb.exec:\hbnttb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnhn.exec:\httnhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pddv.exec:\9pddv.exe17⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe18⤵
- Executes dropped EXE
-
\??\c:\9rlflfl.exec:\9rlflfl.exe19⤵
- Executes dropped EXE
-
\??\c:\rfrrxfl.exec:\rfrrxfl.exe20⤵
- Executes dropped EXE
-
\??\c:\fxflxfr.exec:\fxflxfr.exe21⤵
- Executes dropped EXE
-
\??\c:\hnbhnt.exec:\hnbhnt.exe22⤵
- Executes dropped EXE
-
\??\c:\tbntnb.exec:\tbntnb.exe23⤵
- Executes dropped EXE
-
\??\c:\9pppd.exec:\9pppd.exe24⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe25⤵
- Executes dropped EXE
-
\??\c:\lflrffl.exec:\lflrffl.exe26⤵
- Executes dropped EXE
-
\??\c:\ffxrfrf.exec:\ffxrfrf.exe27⤵
- Executes dropped EXE
-
\??\c:\tnbttn.exec:\tnbttn.exe28⤵
- Executes dropped EXE
-
\??\c:\nbbbtn.exec:\nbbbtn.exe29⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe30⤵
- Executes dropped EXE
-
\??\c:\3jvvd.exec:\3jvvd.exe31⤵
- Executes dropped EXE
-
\??\c:\rfrrxxf.exec:\rfrrxxf.exe32⤵
- Executes dropped EXE
-
\??\c:\fxrxlrx.exec:\fxrxlrx.exe33⤵
- Executes dropped EXE
-
\??\c:\xrflxxf.exec:\xrflxxf.exe34⤵
- Executes dropped EXE
-
\??\c:\bnbhtn.exec:\bnbhtn.exe35⤵
- Executes dropped EXE
-
\??\c:\7ntttb.exec:\7ntttb.exe36⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe37⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe38⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe39⤵
- Executes dropped EXE
-
\??\c:\lxxfxxl.exec:\lxxfxxl.exe40⤵
- Executes dropped EXE
-
\??\c:\9lfxrrx.exec:\9lfxrrx.exe41⤵
- Executes dropped EXE
-
\??\c:\1fxfrrx.exec:\1fxfrrx.exe42⤵
- Executes dropped EXE
-
\??\c:\btbhtt.exec:\btbhtt.exe43⤵
- Executes dropped EXE
-
\??\c:\bbttbb.exec:\bbttbb.exe44⤵
- Executes dropped EXE
-
\??\c:\3nbbbn.exec:\3nbbbn.exe45⤵
- Executes dropped EXE
-
\??\c:\9vjjp.exec:\9vjjp.exe46⤵
- Executes dropped EXE
-
\??\c:\7jdpp.exec:\7jdpp.exe47⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\pjdvv.exec:\pjdvv.exe48⤵
- Executes dropped EXE
-
\??\c:\frllxfr.exec:\frllxfr.exe49⤵
- Executes dropped EXE
-
\??\c:\fxrfrxf.exec:\fxrfrxf.exe50⤵
- Executes dropped EXE
-
\??\c:\7rlxrxf.exec:\7rlxrxf.exe51⤵
- Executes dropped EXE
-
\??\c:\3tnnnt.exec:\3tnnnt.exe52⤵
- Executes dropped EXE
-
\??\c:\bthbhn.exec:\bthbhn.exe53⤵
- Executes dropped EXE
-
\??\c:\btbbhb.exec:\btbbhb.exe54⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe55⤵
- Executes dropped EXE
-
\??\c:\5dvjd.exec:\5dvjd.exe56⤵
- Executes dropped EXE
-
\??\c:\7pdjp.exec:\7pdjp.exe57⤵
- Executes dropped EXE
-
\??\c:\flxxflr.exec:\flxxflr.exe58⤵
- Executes dropped EXE
-
\??\c:\5xxfrrf.exec:\5xxfrrf.exe59⤵
- Executes dropped EXE
-
\??\c:\1htbhn.exec:\1htbhn.exe60⤵
- Executes dropped EXE
-
\??\c:\hbnhtt.exec:\hbnhtt.exe61⤵
- Executes dropped EXE
-
\??\c:\tnnhtb.exec:\tnnhtb.exe62⤵
- Executes dropped EXE
-
\??\c:\7jvjd.exec:\7jvjd.exe63⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe64⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe65⤵
- Executes dropped EXE
-
\??\c:\tnnbnn.exec:\tnnbnn.exe66⤵
-
\??\c:\ttnhht.exec:\ttnhht.exe67⤵
-
\??\c:\bbhtbb.exec:\bbhtbb.exe68⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe69⤵
-
\??\c:\3xxrflr.exec:\3xxrflr.exe70⤵
-
\??\c:\tnbbtb.exec:\tnbbtb.exe71⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe72⤵
-
\??\c:\pjppj.exec:\pjppj.exe73⤵
-
\??\c:\nbttnb.exec:\nbttnb.exe74⤵
-
\??\c:\nhbhnt.exec:\nhbhnt.exe75⤵
-
\??\c:\3rxrffr.exec:\3rxrffr.exe76⤵
-
\??\c:\1lxrrrf.exec:\1lxrrrf.exe77⤵
-
\??\c:\tnnhnt.exec:\tnnhnt.exe78⤵
-
\??\c:\9jvdp.exec:\9jvdp.exe79⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pjvpd.exec:\pjvpd.exe80⤵
-
\??\c:\1lrfflr.exec:\1lrfflr.exe81⤵
-
\??\c:\nnntbn.exec:\nnntbn.exe82⤵
-
\??\c:\dddjj.exec:\dddjj.exe83⤵
-
\??\c:\3hnttb.exec:\3hnttb.exe84⤵
-
\??\c:\3hhntt.exec:\3hhntt.exe85⤵
-
\??\c:\ttnhnn.exec:\ttnhnn.exe86⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe87⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe88⤵
-
\??\c:\xrrrxfr.exec:\xrrrxfr.exe89⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe90⤵
-
\??\c:\9jdvp.exec:\9jdvp.exe91⤵
-
\??\c:\1pdvj.exec:\1pdvj.exe92⤵
-
\??\c:\xxrlllr.exec:\xxrlllr.exe93⤵
-
\??\c:\1nnntt.exec:\1nnntt.exe94⤵
-
\??\c:\3jpvd.exec:\3jpvd.exe95⤵
-
\??\c:\rlxflrf.exec:\rlxflrf.exe96⤵
-
\??\c:\7ppjv.exec:\7ppjv.exe97⤵
-
\??\c:\ffxffll.exec:\ffxffll.exe98⤵
-
\??\c:\frlfflr.exec:\frlfflr.exe99⤵
-
\??\c:\3nbhhn.exec:\3nbhhn.exe100⤵
-
\??\c:\lfxrrrr.exec:\lfxrrrr.exe101⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe102⤵
-
\??\c:\xffllff.exec:\xffllff.exe103⤵
-
\??\c:\xlxxrxx.exec:\xlxxrxx.exe104⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe105⤵
-
\??\c:\3pvpd.exec:\3pvpd.exe106⤵
-
\??\c:\5pvdp.exec:\5pvdp.exe107⤵
-
\??\c:\xxrxflx.exec:\xxrxflx.exe108⤵
-
\??\c:\3xxfrfr.exec:\3xxfrfr.exe109⤵
-
\??\c:\nhbhbn.exec:\nhbhbn.exe110⤵
-
\??\c:\vdpdd.exec:\vdpdd.exe111⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe112⤵
-
\??\c:\3rlrrrx.exec:\3rlrrrx.exe113⤵
-
\??\c:\5xllllr.exec:\5xllllr.exe114⤵
-
\??\c:\tbthhh.exec:\tbthhh.exe115⤵
-
\??\c:\ttnbbt.exec:\ttnbbt.exe116⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe117⤵
-
\??\c:\jvvdj.exec:\jvvdj.exe118⤵
-
\??\c:\rlflrxl.exec:\rlflrxl.exe119⤵
-
\??\c:\fxlflrx.exec:\fxlflrx.exe120⤵
-
\??\c:\frlffrl.exec:\frlffrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-