Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
02/10/2024, 22:13
General
-
Target
8202cac402db2a20ef7787012659180a20f126c76438cb7a3fea95298a91a5f8N.exe
-
Size
64KB
-
MD5
a36d3b9fbe4e5f29220b5d4566c47790
-
SHA1
41736eb9e71d5808278e306522cfc8e56d01615f
-
SHA256
8202cac402db2a20ef7787012659180a20f126c76438cb7a3fea95298a91a5f8
-
SHA512
71b18f5ac4925c4ee2764f0d68ba082cdb11f397a544e3cd0d9fba5c28b82a7c0cb24e7d4a83e216ab5d7f4d4cee423f97b26ffadd61901067956353da5ddac5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxiP:ymb3NkkiQ3mdBjF0y7kbK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8202cac402db2a20ef7787012659180a20f126c76438cb7a3fea95298a91a5f8N.exe"C:\Users\Admin\AppData\Local\Temp\8202cac402db2a20ef7787012659180a20f126c76438cb7a3fea95298a91a5f8N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbtb.exec:\tntbtb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnthn.exec:\hbnthn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rllflx.exec:\5rllflx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhtbn.exec:\tnhtbn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhttn.exec:\thhttn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrflrf.exec:\lfrflrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfxxl.exec:\fflfxxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjp.exec:\dvpjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjd.exec:\ppdjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxxxfl.exec:\5lxxxfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttbb.exec:\ttttbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vppv.exec:\7vppv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvvd.exec:\5jvvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllrllx.exec:\lllrllx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlxffl.exec:\xxlxffl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bnntt.exec:\5bnntt.exe17⤵
- Executes dropped EXE
-
\??\c:\1jvvv.exec:\1jvvv.exe18⤵
- Executes dropped EXE
-
\??\c:\dvpjj.exec:\dvpjj.exe19⤵
- Executes dropped EXE
-
\??\c:\xfxxrff.exec:\xfxxrff.exe20⤵
- Executes dropped EXE
-
\??\c:\ttbhtb.exec:\ttbhtb.exe21⤵
- Executes dropped EXE
-
\??\c:\htntbn.exec:\htntbn.exe22⤵
- Executes dropped EXE
-
\??\c:\vvjpv.exec:\vvjpv.exe23⤵
- Executes dropped EXE
-
\??\c:\xrfrxfr.exec:\xrfrxfr.exe24⤵
- Executes dropped EXE
-
\??\c:\1rfxfxr.exec:\1rfxfxr.exe25⤵
- Executes dropped EXE
-
\??\c:\tthbbt.exec:\tthbbt.exe26⤵
- Executes dropped EXE
-
\??\c:\3bbnbb.exec:\3bbnbb.exe27⤵
- Executes dropped EXE
-
\??\c:\7pjdj.exec:\7pjdj.exe28⤵
- Executes dropped EXE
-
\??\c:\lfflxrf.exec:\lfflxrf.exe29⤵
- Executes dropped EXE
-
\??\c:\hbhnbh.exec:\hbhnbh.exe30⤵
- Executes dropped EXE
-
\??\c:\5pjdj.exec:\5pjdj.exe31⤵
- Executes dropped EXE
-
\??\c:\xflffrl.exec:\xflffrl.exe32⤵
- Executes dropped EXE
-
\??\c:\5nbbhn.exec:\5nbbhn.exe33⤵
- Executes dropped EXE
-
\??\c:\hbttbb.exec:\hbttbb.exe34⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe35⤵
- Executes dropped EXE
-
\??\c:\3fxrxxf.exec:\3fxrxxf.exe36⤵
- Executes dropped EXE
-
\??\c:\ffrflrf.exec:\ffrflrf.exe37⤵
- Executes dropped EXE
-
\??\c:\hnhhhh.exec:\hnhhhh.exe38⤵
- Executes dropped EXE
-
\??\c:\7tthtb.exec:\7tthtb.exe39⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe40⤵
- Executes dropped EXE
-
\??\c:\vjdvv.exec:\vjdvv.exe41⤵
- Executes dropped EXE
-
\??\c:\xxrxlfx.exec:\xxrxlfx.exe42⤵
- Executes dropped EXE
-
\??\c:\rrfrxfx.exec:\rrfrxfx.exe43⤵
- Executes dropped EXE
-
\??\c:\7nhhnn.exec:\7nhhnn.exe44⤵
- Executes dropped EXE
-
\??\c:\3jpdp.exec:\3jpdp.exe45⤵
- Executes dropped EXE
-
\??\c:\vvpdd.exec:\vvpdd.exe46⤵
- Executes dropped EXE
-
\??\c:\fffxffl.exec:\fffxffl.exe47⤵
- Executes dropped EXE
-
\??\c:\llrxfrl.exec:\llrxfrl.exe48⤵
- Executes dropped EXE
-
\??\c:\tnthtb.exec:\tnthtb.exe49⤵
- Executes dropped EXE
-
\??\c:\ttbnnb.exec:\ttbnnb.exe50⤵
- Executes dropped EXE
-
\??\c:\pvppd.exec:\pvppd.exe51⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe52⤵
- Executes dropped EXE
-
\??\c:\xxlllrx.exec:\xxlllrx.exe53⤵
- Executes dropped EXE
-
\??\c:\ffrfrxf.exec:\ffrfrxf.exe54⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe55⤵
- Executes dropped EXE
-
\??\c:\nntnnb.exec:\nntnnb.exe56⤵
- Executes dropped EXE
-
\??\c:\jpdjd.exec:\jpdjd.exe57⤵
- Executes dropped EXE
-
\??\c:\7pjvv.exec:\7pjvv.exe58⤵
- Executes dropped EXE
-
\??\c:\llxrfrl.exec:\llxrfrl.exe59⤵
- Executes dropped EXE
-
\??\c:\fxrrlrr.exec:\fxrrlrr.exe60⤵
- Executes dropped EXE
-
\??\c:\thhnnb.exec:\thhnnb.exe61⤵
- Executes dropped EXE
-
\??\c:\3nbtnn.exec:\3nbtnn.exe62⤵
- Executes dropped EXE
-
\??\c:\vpvdp.exec:\vpvdp.exe63⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe64⤵
- Executes dropped EXE
-
\??\c:\fxrrrxl.exec:\fxrrrxl.exe65⤵
- Executes dropped EXE
-
\??\c:\9llrxrf.exec:\9llrxrf.exe66⤵
-
\??\c:\nbthht.exec:\nbthht.exe67⤵
-
\??\c:\nhbhtt.exec:\nhbhtt.exe68⤵
-
\??\c:\1ddpv.exec:\1ddpv.exe69⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe70⤵
-
\??\c:\3rlrflx.exec:\3rlrflx.exe71⤵
-
\??\c:\tnthtt.exec:\tnthtt.exe72⤵
-
\??\c:\hntbnt.exec:\hntbnt.exe73⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe74⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe75⤵
-
\??\c:\3lxxxxl.exec:\3lxxxxl.exe76⤵
-
\??\c:\lflflrl.exec:\lflflrl.exe77⤵
-
\??\c:\tnbthn.exec:\tnbthn.exe78⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe79⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe80⤵
-
\??\c:\rlxlrxl.exec:\rlxlrxl.exe81⤵
-
\??\c:\7xlrlrr.exec:\7xlrlrr.exe82⤵
-
\??\c:\1nhbnb.exec:\1nhbnb.exe83⤵
-
\??\c:\bnhhhn.exec:\bnhhhn.exe84⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe85⤵
-
\??\c:\jddpj.exec:\jddpj.exe86⤵
-
\??\c:\llfrxfl.exec:\llfrxfl.exe87⤵
-
\??\c:\lflrxlr.exec:\lflrxlr.exe88⤵
-
\??\c:\nntbhn.exec:\nntbhn.exe89⤵
-
\??\c:\1nnbbn.exec:\1nnbbn.exe90⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe91⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe92⤵
-
\??\c:\xfffllr.exec:\xfffllr.exe93⤵
-
\??\c:\lxlrflr.exec:\lxlrflr.exe94⤵
-
\??\c:\tttnth.exec:\tttnth.exe95⤵
-
\??\c:\htbhth.exec:\htbhth.exe96⤵
-
\??\c:\vvdjp.exec:\vvdjp.exe97⤵
-
\??\c:\vdjjp.exec:\vdjjp.exe98⤵
-
\??\c:\flxrlrx.exec:\flxrlrx.exe99⤵
-
\??\c:\rlrrxxx.exec:\rlrrxxx.exe100⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9btthn.exec:\9btthn.exe101⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3nhntn.exec:\3nhntn.exe102⤵
-
\??\c:\5pjjv.exec:\5pjjv.exe103⤵
-
\??\c:\7xllxlr.exec:\7xllxlr.exe104⤵
-
\??\c:\xrfrflr.exec:\xrfrflr.exe105⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe106⤵
-
\??\c:\htnnbb.exec:\htnnbb.exe107⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe108⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vddvp.exec:\vddvp.exe109⤵
-
\??\c:\llfrxxx.exec:\llfrxxx.exe110⤵
-
\??\c:\fflflff.exec:\fflflff.exe111⤵
-
\??\c:\hnnhhn.exec:\hnnhhn.exe112⤵
-
\??\c:\pdvdp.exec:\pdvdp.exe113⤵
-
\??\c:\frllllx.exec:\frllllx.exe114⤵
-
\??\c:\rlrxfrx.exec:\rlrxfrx.exe115⤵
-
\??\c:\bnhhnn.exec:\bnhhnn.exe116⤵
-
\??\c:\ttntbb.exec:\ttntbb.exe117⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe118⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe119⤵
-
\??\c:\fxlxrrx.exec:\fxlxrrx.exe120⤵
-
\??\c:\ffxfllr.exec:\ffxfllr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-