Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
01/10/2024, 15:08
General
-
Target
99af7873f0df3f7d6dc9bfec3895259b554755c6e479ea8ac448fccde1b83da4N.exe
-
Size
72KB
-
MD5
0eb6da3ab12da2004224e2979d5ff0d0
-
SHA1
c13bbf22ce0e5f046a87d489f33e2d74dd507623
-
SHA256
99af7873f0df3f7d6dc9bfec3895259b554755c6e479ea8ac448fccde1b83da4
-
SHA512
f0fd27f65e01d2bf0dae924b39e7151c31c1b345790cfa83977376eea361b687785e383db9f5c6e15a4df99f68425a97ab73a01957570029a7796b4ea1313447
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfjP:ymb3NkkiQ3mdBjFI4V/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\99af7873f0df3f7d6dc9bfec3895259b554755c6e479ea8ac448fccde1b83da4N.exe"C:\Users\Admin\AppData\Local\Temp\99af7873f0df3f7d6dc9bfec3895259b554755c6e479ea8ac448fccde1b83da4N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrlxr.exec:\fxlrlxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnnnb.exec:\1bnnnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjd.exec:\vvvjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrllrx.exec:\lxrllrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrffl.exec:\lfrrffl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tthtb.exec:\5tthtb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbbhh.exec:\hnbbhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrffxr.exec:\rrrffxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnntb.exec:\nhnntb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhnn.exec:\tnhhnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdd.exec:\pdvdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fllfxl.exec:\3fllfxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlflr.exec:\lfrlflr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbtn.exec:\hhhbtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbht.exec:\nhtbht.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvjv.exec:\9vvjv.exe17⤵
- Executes dropped EXE
-
\??\c:\jjjvd.exec:\jjjvd.exe18⤵
- Executes dropped EXE
-
\??\c:\rlllrxl.exec:\rlllrxl.exe19⤵
- Executes dropped EXE
-
\??\c:\bbbhnt.exec:\bbbhnt.exe20⤵
- Executes dropped EXE
-
\??\c:\ttnbbb.exec:\ttnbbb.exe21⤵
- Executes dropped EXE
-
\??\c:\jddjp.exec:\jddjp.exe22⤵
- Executes dropped EXE
-
\??\c:\pdvdj.exec:\pdvdj.exe23⤵
- Executes dropped EXE
-
\??\c:\9fxlxfr.exec:\9fxlxfr.exe24⤵
- Executes dropped EXE
-
\??\c:\tbhnbh.exec:\tbhnbh.exe25⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe26⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe27⤵
- Executes dropped EXE
-
\??\c:\ffrxlfr.exec:\ffrxlfr.exe28⤵
- Executes dropped EXE
-
\??\c:\hhbhbn.exec:\hhbhbn.exe29⤵
- Executes dropped EXE
-
\??\c:\vjvdd.exec:\vjvdd.exe30⤵
- Executes dropped EXE
-
\??\c:\rlflrxl.exec:\rlflrxl.exe31⤵
- Executes dropped EXE
-
\??\c:\lfrxflr.exec:\lfrxflr.exe32⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe33⤵
- Executes dropped EXE
-
\??\c:\nhthhn.exec:\nhthhn.exe34⤵
- Executes dropped EXE
-
\??\c:\pppvd.exec:\pppvd.exe35⤵
- Executes dropped EXE
-
\??\c:\ffflflr.exec:\ffflflr.exe36⤵
- Executes dropped EXE
-
\??\c:\nhbnht.exec:\nhbnht.exe37⤵
- Executes dropped EXE
-
\??\c:\tnbnht.exec:\tnbnht.exe38⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe39⤵
- Executes dropped EXE
-
\??\c:\3jpvp.exec:\3jpvp.exe40⤵
- Executes dropped EXE
-
\??\c:\rlxfrxx.exec:\rlxfrxx.exe41⤵
- Executes dropped EXE
-
\??\c:\llflrff.exec:\llflrff.exe42⤵
- Executes dropped EXE
-
\??\c:\ttbhtt.exec:\ttbhtt.exe43⤵
- Executes dropped EXE
-
\??\c:\hhhnth.exec:\hhhnth.exe44⤵
- Executes dropped EXE
-
\??\c:\ddpdv.exec:\ddpdv.exe45⤵
- Executes dropped EXE
-
\??\c:\1rfrxrf.exec:\1rfrxrf.exe46⤵
- Executes dropped EXE
-
\??\c:\xfxrrlx.exec:\xfxrrlx.exe47⤵
- Executes dropped EXE
-
\??\c:\7nhhnt.exec:\7nhhnt.exe48⤵
- Executes dropped EXE
-
\??\c:\hbtbhn.exec:\hbtbhn.exe49⤵
- Executes dropped EXE
-
\??\c:\jjpdp.exec:\jjpdp.exe50⤵
- Executes dropped EXE
-
\??\c:\fxfxlrx.exec:\fxfxlrx.exe51⤵
- Executes dropped EXE
-
\??\c:\fxxlxrf.exec:\fxxlxrf.exe52⤵
- Executes dropped EXE
-
\??\c:\bbthtt.exec:\bbthtt.exe53⤵
- Executes dropped EXE
-
\??\c:\tnhnnt.exec:\tnhnnt.exe54⤵
- Executes dropped EXE
-
\??\c:\vjdjp.exec:\vjdjp.exe55⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe56⤵
- Executes dropped EXE
-
\??\c:\dpdjv.exec:\dpdjv.exe57⤵
- Executes dropped EXE
-
\??\c:\lfrrffr.exec:\lfrrffr.exe58⤵
- Executes dropped EXE
-
\??\c:\xlxxlrx.exec:\xlxxlrx.exe59⤵
- Executes dropped EXE
-
\??\c:\9tnhtb.exec:\9tnhtb.exe60⤵
- Executes dropped EXE
-
\??\c:\ttnthh.exec:\ttnthh.exe61⤵
- Executes dropped EXE
-
\??\c:\1dpdp.exec:\1dpdp.exe62⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe63⤵
- Executes dropped EXE
-
\??\c:\fflrrrf.exec:\fflrrrf.exe64⤵
- Executes dropped EXE
-
\??\c:\rxrfrll.exec:\rxrfrll.exe65⤵
- Executes dropped EXE
-
\??\c:\nhtthh.exec:\nhtthh.exe66⤵
-
\??\c:\ththtt.exec:\ththtt.exe67⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe68⤵
-
\??\c:\jddjv.exec:\jddjv.exe69⤵
-
\??\c:\xxrxrxl.exec:\xxrxrxl.exe70⤵
-
\??\c:\rlrxlxl.exec:\rlrxlxl.exe71⤵
-
\??\c:\nnbntt.exec:\nnbntt.exe72⤵
-
\??\c:\1hhthh.exec:\1hhthh.exe73⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe74⤵
-
\??\c:\7vdjd.exec:\7vdjd.exe75⤵
-
\??\c:\rllxfrf.exec:\rllxfrf.exe76⤵
-
\??\c:\xrlffxf.exec:\xrlffxf.exe77⤵
-
\??\c:\xrlxfrf.exec:\xrlxfrf.exe78⤵
-
\??\c:\nnbhbt.exec:\nnbhbt.exe79⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe80⤵
-
\??\c:\3vpvj.exec:\3vpvj.exe81⤵
-
\??\c:\3ddpd.exec:\3ddpd.exe82⤵
-
\??\c:\rllfxfl.exec:\rllfxfl.exe83⤵
-
\??\c:\9xrlxxl.exec:\9xrlxxl.exe84⤵
-
\??\c:\tbthbb.exec:\tbthbb.exe85⤵
-
\??\c:\hbbnnt.exec:\hbbnnt.exe86⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe87⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe88⤵
-
\??\c:\1lllflx.exec:\1lllflx.exe89⤵
-
\??\c:\rrllrlx.exec:\rrllrlx.exe90⤵
-
\??\c:\bthtbt.exec:\bthtbt.exe91⤵
-
\??\c:\tnbhbb.exec:\tnbhbb.exe92⤵
-
\??\c:\hhhnnh.exec:\hhhnnh.exe93⤵
-
\??\c:\5dvjp.exec:\5dvjp.exe94⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe95⤵
-
\??\c:\llfxflr.exec:\llfxflr.exe96⤵
-
\??\c:\xrffxfx.exec:\xrffxfx.exe97⤵
-
\??\c:\tththn.exec:\tththn.exe98⤵
-
\??\c:\tthnnt.exec:\tthnnt.exe99⤵
-
\??\c:\vdppj.exec:\vdppj.exe100⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe101⤵
-
\??\c:\ffxlxfl.exec:\ffxlxfl.exe102⤵
-
\??\c:\rlllllx.exec:\rlllllx.exe103⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe104⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe105⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe106⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe107⤵
-
\??\c:\fxrrxxl.exec:\fxrrxxl.exe108⤵
-
\??\c:\frlxlrx.exec:\frlxlrx.exe109⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe110⤵
-
\??\c:\5btbhh.exec:\5btbhh.exe111⤵
-
\??\c:\3dvpj.exec:\3dvpj.exe112⤵
-
\??\c:\vppvj.exec:\vppvj.exe113⤵
-
\??\c:\xxllrrf.exec:\xxllrrf.exe114⤵
-
\??\c:\fxrlxrf.exec:\fxrlxrf.exe115⤵
-
\??\c:\btbhhn.exec:\btbhhn.exe116⤵
-
\??\c:\9tbbnt.exec:\9tbbnt.exe117⤵
-
\??\c:\7hbhtt.exec:\7hbhtt.exe118⤵
-
\??\c:\3dppj.exec:\3dppj.exe119⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe120⤵
-
\??\c:\5rflrrf.exec:\5rflrrf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-