Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
02/10/2024, 06:01
General
-
Target
a046554dc6305c61fda6c7116d20c4104361f94d8162d79aa11349db82c6586bN.exe
-
Size
71KB
-
MD5
1a1fd3ac0b6520ebacbfa48578d8f8f0
-
SHA1
16abafff7e2c954929e5052ce32d64ccd9809f30
-
SHA256
a046554dc6305c61fda6c7116d20c4104361f94d8162d79aa11349db82c6586b
-
SHA512
58cdd84cffdb816dec83ba8c8b0e4fbce2b2d3429b20f5e4603c50daf1e6c0af16c0c49eccaf8a0036a9c561408c2bb80300af3633db7d88823a54eda9bd8f28
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfj/:ymb3NkkiQ3mdBjFI4VP
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a046554dc6305c61fda6c7116d20c4104361f94d8162d79aa11349db82c6586bN.exe"C:\Users\Admin\AppData\Local\Temp\a046554dc6305c61fda6c7116d20c4104361f94d8162d79aa11349db82c6586bN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbn.exec:\tnnhbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdpd.exec:\5vdpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdv.exec:\dvpdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrxlx.exec:\xxlrxlx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbth.exec:\tbhbth.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppdj.exec:\pppdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllrlx.exec:\rrllrlx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxflr.exec:\xrxxflr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbbht.exec:\1hbbht.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjd.exec:\ddvjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dvpd.exec:\3dvpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffflxlx.exec:\ffflxlx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhnth.exec:\nbhnth.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhnb.exec:\tnnhnb.exe15⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjpd.exec:\jjjpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrfrr.exec:\xrfrfrr.exe17⤵
- Executes dropped EXE
-
\??\c:\lffrlrf.exec:\lffrlrf.exe18⤵
- Executes dropped EXE
-
\??\c:\hbnhtn.exec:\hbnhtn.exe19⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe20⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe21⤵
- Executes dropped EXE
-
\??\c:\xrfxflf.exec:\xrfxflf.exe22⤵
- Executes dropped EXE
-
\??\c:\tnnbnn.exec:\tnnbnn.exe23⤵
- Executes dropped EXE
-
\??\c:\ttthtn.exec:\ttthtn.exe24⤵
- Executes dropped EXE
-
\??\c:\9jdjp.exec:\9jdjp.exe25⤵
- Executes dropped EXE
-
\??\c:\fflffrl.exec:\fflffrl.exe26⤵
- Executes dropped EXE
-
\??\c:\rrlrfll.exec:\rrlrfll.exe27⤵
- Executes dropped EXE
-
\??\c:\5hhbnb.exec:\5hhbnb.exe28⤵
- Executes dropped EXE
-
\??\c:\1btbhn.exec:\1btbhn.exe29⤵
- Executes dropped EXE
-
\??\c:\pjvjj.exec:\pjvjj.exe30⤵
- Executes dropped EXE
-
\??\c:\9xxflrf.exec:\9xxflrf.exe31⤵
- Executes dropped EXE
-
\??\c:\9bhhtb.exec:\9bhhtb.exe32⤵
- Executes dropped EXE
-
\??\c:\tnhtnt.exec:\tnhtnt.exe33⤵
- Executes dropped EXE
-
\??\c:\jjpvp.exec:\jjpvp.exe34⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xxxrxrl.exec:\xxxrxrl.exe35⤵
- Executes dropped EXE
-
\??\c:\lfxxlrf.exec:\lfxxlrf.exe36⤵
- Executes dropped EXE
-
\??\c:\bbbtnt.exec:\bbbtnt.exe37⤵
- Executes dropped EXE
-
\??\c:\1ttthn.exec:\1ttthn.exe38⤵
- Executes dropped EXE
-
\??\c:\ppjdd.exec:\ppjdd.exe39⤵
- Executes dropped EXE
-
\??\c:\rrlrlfr.exec:\rrlrlfr.exe40⤵
- Executes dropped EXE
-
\??\c:\rxrrlrx.exec:\rxrrlrx.exe41⤵
- Executes dropped EXE
-
\??\c:\hhbnth.exec:\hhbnth.exe42⤵
- Executes dropped EXE
-
\??\c:\bbbhnn.exec:\bbbhnn.exe43⤵
- Executes dropped EXE
-
\??\c:\vpvdp.exec:\vpvdp.exe44⤵
- Executes dropped EXE
-
\??\c:\jppvp.exec:\jppvp.exe45⤵
- Executes dropped EXE
-
\??\c:\fxxfrxf.exec:\fxxfrxf.exe46⤵
- Executes dropped EXE
-
\??\c:\5rlfxlx.exec:\5rlfxlx.exe47⤵
- Executes dropped EXE
-
\??\c:\1tthth.exec:\1tthth.exe48⤵
- Executes dropped EXE
-
\??\c:\tthbtb.exec:\tthbtb.exe49⤵
- Executes dropped EXE
-
\??\c:\ppvjd.exec:\ppvjd.exe50⤵
- Executes dropped EXE
-
\??\c:\ppdpp.exec:\ppdpp.exe51⤵
- Executes dropped EXE
-
\??\c:\xrflxlr.exec:\xrflxlr.exe52⤵
- Executes dropped EXE
-
\??\c:\9lrlffr.exec:\9lrlffr.exe53⤵
- Executes dropped EXE
-
\??\c:\3nhbhn.exec:\3nhbhn.exe54⤵
- Executes dropped EXE
-
\??\c:\ntntnh.exec:\ntntnh.exe55⤵
- Executes dropped EXE
-
\??\c:\9jvdp.exec:\9jvdp.exe56⤵
- Executes dropped EXE
-
\??\c:\nttthn.exec:\nttthn.exe57⤵
- Executes dropped EXE
-
\??\c:\tttbnn.exec:\tttbnn.exe58⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe59⤵
- Executes dropped EXE
-
\??\c:\5dddd.exec:\5dddd.exe60⤵
- Executes dropped EXE
-
\??\c:\xxrfxlx.exec:\xxrfxlx.exe61⤵
- Executes dropped EXE
-
\??\c:\fffxfrf.exec:\fffxfrf.exe62⤵
- Executes dropped EXE
-
\??\c:\nhhnbh.exec:\nhhnbh.exe63⤵
- Executes dropped EXE
-
\??\c:\hhbntn.exec:\hhbntn.exe64⤵
- Executes dropped EXE
-
\??\c:\5pdvv.exec:\5pdvv.exe65⤵
- Executes dropped EXE
-
\??\c:\3llrflx.exec:\3llrflx.exe66⤵
-
\??\c:\xxffllr.exec:\xxffllr.exe67⤵
-
\??\c:\hhtbht.exec:\hhtbht.exe68⤵
-
\??\c:\btnbbh.exec:\btnbbh.exe69⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1nbbhh.exec:\1nbbhh.exe70⤵
-
\??\c:\5pvjp.exec:\5pvjp.exe71⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe72⤵
-
\??\c:\5fxlrxr.exec:\5fxlrxr.exe73⤵
-
\??\c:\5fllxxf.exec:\5fllxxf.exe74⤵
-
\??\c:\tttbth.exec:\tttbth.exe75⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe76⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe77⤵
-
\??\c:\3rlxxfx.exec:\3rlxxfx.exe78⤵
-
\??\c:\5xrflrl.exec:\5xrflrl.exe79⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe80⤵
-
\??\c:\thntht.exec:\thntht.exe81⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe82⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe83⤵
-
\??\c:\llxflfr.exec:\llxflfr.exe84⤵
-
\??\c:\rlfflrl.exec:\rlfflrl.exe85⤵
-
\??\c:\hnhbbn.exec:\hnhbbn.exe86⤵
-
\??\c:\9tntbt.exec:\9tntbt.exe87⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe88⤵
-
\??\c:\pvvdd.exec:\pvvdd.exe89⤵
-
\??\c:\fxfrxxl.exec:\fxfrxxl.exe90⤵
-
\??\c:\lfrflrr.exec:\lfrflrr.exe91⤵
-
\??\c:\7bnhhb.exec:\7bnhhb.exe92⤵
-
\??\c:\3ppvj.exec:\3ppvj.exe93⤵
-
\??\c:\9dvjj.exec:\9dvjj.exe94⤵
-
\??\c:\3lllfrf.exec:\3lllfrf.exe95⤵
-
\??\c:\rlflrfr.exec:\rlflrfr.exe96⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe97⤵
-
\??\c:\9tnbbh.exec:\9tnbbh.exe98⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe99⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe100⤵
-
\??\c:\llxfflr.exec:\llxfflr.exe101⤵
-
\??\c:\llflffl.exec:\llflffl.exe102⤵
-
\??\c:\7thhhh.exec:\7thhhh.exe103⤵
-
\??\c:\7hnnbn.exec:\7hnnbn.exe104⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe105⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe106⤵
-
\??\c:\xrxlxfr.exec:\xrxlxfr.exe107⤵
-
\??\c:\rrlxrxl.exec:\rrlxrxl.exe108⤵
-
\??\c:\bbhntb.exec:\bbhntb.exe109⤵
-
\??\c:\tnhnbt.exec:\tnhnbt.exe110⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe111⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe112⤵
-
\??\c:\xxlxlrl.exec:\xxlxlrl.exe113⤵
-
\??\c:\9rlxrlf.exec:\9rlxrlf.exe114⤵
-
\??\c:\hbbntt.exec:\hbbntt.exe115⤵
-
\??\c:\bhnhnb.exec:\bhnhnb.exe116⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe117⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe118⤵
-
\??\c:\rlxrxrx.exec:\rlxrxrx.exe119⤵
-
\??\c:\ffxfrxl.exec:\ffxfrxl.exe120⤵
-
\??\c:\9nbhnt.exec:\9nbhnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-