Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
02/10/2024, 11:20
General
-
Target
375a88bef01a4a3237a62d910b471c4022ac477e53b25a761f4944cbb7b3a69eN.exe
-
Size
70KB
-
MD5
5ef41b873a0d73ab902e390f788ec5d0
-
SHA1
35dc366a5a453f99d1d95ba2dd00922134534191
-
SHA256
375a88bef01a4a3237a62d910b471c4022ac477e53b25a761f4944cbb7b3a69e
-
SHA512
28f109170c6553a9c65728da9a90b1dfc2777cf473c52e782cbc3c2ce2858dc768d739f1ba65f449cf1765b128a14c2f3790bff999e5da949c5403d265758bd0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfj5h9:ymb3NkkiQ3mdBjFI4V9
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\375a88bef01a4a3237a62d910b471c4022ac477e53b25a761f4944cbb7b3a69eN.exe"C:\Users\Admin\AppData\Local\Temp\375a88bef01a4a3237a62d910b471c4022ac477e53b25a761f4944cbb7b3a69eN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\djppv.exec:\djppv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjp.exec:\ppdjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rfllff.exec:\1rfllff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthtbb.exec:\tthtbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ntbhh.exec:\3ntbhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jjvj.exec:\7jjvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnbb.exec:\bthnbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvv.exec:\dpdvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxrfr.exec:\lfxxrfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnbt.exec:\btnnbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvv.exec:\dvpvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdpv.exec:\ppdpv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxflx.exec:\rlxxflx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnbb.exec:\hhtnbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hbttb.exec:\5hbttb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjj.exec:\dvjjj.exe17⤵
- Executes dropped EXE
-
\??\c:\1frxfxr.exec:\1frxfxr.exe18⤵
- Executes dropped EXE
-
\??\c:\lfxxrxx.exec:\lfxxrxx.exe19⤵
- Executes dropped EXE
-
\??\c:\nhbhtb.exec:\nhbhtb.exe20⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe21⤵
- Executes dropped EXE
-
\??\c:\9jdvd.exec:\9jdvd.exe22⤵
- Executes dropped EXE
-
\??\c:\xlxflfl.exec:\xlxflfl.exe23⤵
- Executes dropped EXE
-
\??\c:\rlrxxff.exec:\rlrxxff.exe24⤵
- Executes dropped EXE
-
\??\c:\5nbhnn.exec:\5nbhnn.exe25⤵
- Executes dropped EXE
-
\??\c:\dpddd.exec:\dpddd.exe26⤵
- Executes dropped EXE
-
\??\c:\1pppv.exec:\1pppv.exe27⤵
- Executes dropped EXE
-
\??\c:\tnhhnn.exec:\tnhhnn.exe28⤵
- Executes dropped EXE
-
\??\c:\5bthnh.exec:\5bthnh.exe29⤵
- Executes dropped EXE
-
\??\c:\ddvjp.exec:\ddvjp.exe30⤵
- Executes dropped EXE
-
\??\c:\rfrxxrf.exec:\rfrxxrf.exe31⤵
- Executes dropped EXE
-
\??\c:\3xllxxl.exec:\3xllxxl.exe32⤵
- Executes dropped EXE
-
\??\c:\hthbbt.exec:\hthbbt.exe33⤵
- Executes dropped EXE
-
\??\c:\1ddpv.exec:\1ddpv.exe34⤵
- Executes dropped EXE
-
\??\c:\rlxlrxf.exec:\rlxlrxf.exe35⤵
- Executes dropped EXE
-
\??\c:\xfflxfl.exec:\xfflxfl.exe36⤵
- Executes dropped EXE
-
\??\c:\hthhnb.exec:\hthhnb.exe37⤵
- Executes dropped EXE
-
\??\c:\hbtbhn.exec:\hbtbhn.exe38⤵
- Executes dropped EXE
-
\??\c:\3pjvd.exec:\3pjvd.exe39⤵
- Executes dropped EXE
-
\??\c:\3vvjj.exec:\3vvjj.exe40⤵
- Executes dropped EXE
-
\??\c:\3frrxxf.exec:\3frrxxf.exe41⤵
- Executes dropped EXE
-
\??\c:\xrlrflx.exec:\xrlrflx.exe42⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\1bnbhh.exec:\1bnbhh.exe43⤵
- Executes dropped EXE
-
\??\c:\1bhhnb.exec:\1bhhnb.exe44⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe45⤵
- Executes dropped EXE
-
\??\c:\3jvdd.exec:\3jvdd.exe46⤵
- Executes dropped EXE
-
\??\c:\fxfxllr.exec:\fxfxllr.exe47⤵
- Executes dropped EXE
-
\??\c:\5llfxxl.exec:\5llfxxl.exe48⤵
- Executes dropped EXE
-
\??\c:\thbbtt.exec:\thbbtt.exe49⤵
- Executes dropped EXE
-
\??\c:\tnbhth.exec:\tnbhth.exe50⤵
- Executes dropped EXE
-
\??\c:\vvjpv.exec:\vvjpv.exe51⤵
- Executes dropped EXE
-
\??\c:\5dddd.exec:\5dddd.exe52⤵
- Executes dropped EXE
-
\??\c:\xrlrlxx.exec:\xrlrlxx.exe53⤵
- Executes dropped EXE
-
\??\c:\xfxlfrx.exec:\xfxlfrx.exe54⤵
- Executes dropped EXE
-
\??\c:\tnbtbt.exec:\tnbtbt.exe55⤵
- Executes dropped EXE
-
\??\c:\7tbbnt.exec:\7tbbnt.exe56⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe57⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe58⤵
- Executes dropped EXE
-
\??\c:\lfrrrxf.exec:\lfrrrxf.exe59⤵
- Executes dropped EXE
-
\??\c:\xrlxfxl.exec:\xrlxfxl.exe60⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nbhhnn.exec:\nbhhnn.exe61⤵
- Executes dropped EXE
-
\??\c:\hbtbhn.exec:\hbtbhn.exe62⤵
- Executes dropped EXE
-
\??\c:\3pvdd.exec:\3pvdd.exe63⤵
- Executes dropped EXE
-
\??\c:\dpjdj.exec:\dpjdj.exe64⤵
- Executes dropped EXE
-
\??\c:\1ntntt.exec:\1ntntt.exe65⤵
- Executes dropped EXE
-
\??\c:\hbttnt.exec:\hbttnt.exe66⤵
-
\??\c:\9jjpp.exec:\9jjpp.exe67⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe68⤵
-
\??\c:\llflrfl.exec:\llflrfl.exe69⤵
-
\??\c:\fxllrll.exec:\fxllrll.exe70⤵
-
\??\c:\thntbh.exec:\thntbh.exe71⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe72⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe73⤵
-
\??\c:\7jdvj.exec:\7jdvj.exe74⤵
-
\??\c:\xxlrxff.exec:\xxlrxff.exe75⤵
-
\??\c:\xlllrlr.exec:\xlllrlr.exe76⤵
-
\??\c:\tntbbb.exec:\tntbbb.exe77⤵
-
\??\c:\7hbbnt.exec:\7hbbnt.exe78⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe79⤵
-
\??\c:\dvddd.exec:\dvddd.exe80⤵
-
\??\c:\llrxrfr.exec:\llrxrfr.exe81⤵
-
\??\c:\5fffrrx.exec:\5fffrrx.exe82⤵
-
\??\c:\9nbbhb.exec:\9nbbhb.exe83⤵
-
\??\c:\btthbb.exec:\btthbb.exe84⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe85⤵
-
\??\c:\pvddd.exec:\pvddd.exe86⤵
-
\??\c:\frxrlrx.exec:\frxrlrx.exe87⤵
-
\??\c:\lxlrrrx.exec:\lxlrrrx.exe88⤵
-
\??\c:\tnbhtt.exec:\tnbhtt.exe89⤵
-
\??\c:\9ntnnn.exec:\9ntnnn.exe90⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe91⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe92⤵
-
\??\c:\5lrrrlr.exec:\5lrrrlr.exe93⤵
-
\??\c:\rfflxff.exec:\rfflxff.exe94⤵
-
\??\c:\htbbhh.exec:\htbbhh.exe95⤵
-
\??\c:\hbhtth.exec:\hbhtth.exe96⤵
-
\??\c:\djjdd.exec:\djjdd.exe97⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe98⤵
-
\??\c:\lfxflrl.exec:\lfxflrl.exe99⤵
-
\??\c:\3llrlrf.exec:\3llrlrf.exe100⤵
-
\??\c:\xrxfxff.exec:\xrxfxff.exe101⤵
-
\??\c:\nhntbb.exec:\nhntbb.exe102⤵
-
\??\c:\nhnbhn.exec:\nhnbhn.exe103⤵
-
\??\c:\3pvvv.exec:\3pvvv.exe104⤵
-
\??\c:\ddppp.exec:\ddppp.exe105⤵
-
\??\c:\3jjpv.exec:\3jjpv.exe106⤵
-
\??\c:\3lffllf.exec:\3lffllf.exe107⤵
-
\??\c:\rlfllrf.exec:\rlfllrf.exe108⤵
-
\??\c:\1bnnnh.exec:\1bnnnh.exe109⤵
-
\??\c:\7hthtt.exec:\7hthtt.exe110⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe111⤵
-
\??\c:\9dvdj.exec:\9dvdj.exe112⤵
-
\??\c:\fxlrrxl.exec:\fxlrrxl.exe113⤵
-
\??\c:\5fxxllr.exec:\5fxxllr.exe114⤵
-
\??\c:\7xrxffx.exec:\7xrxffx.exe115⤵
-
\??\c:\5nbnbt.exec:\5nbnbt.exe116⤵
-
\??\c:\nhthth.exec:\nhthth.exe117⤵
-
\??\c:\9djjj.exec:\9djjj.exe118⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe119⤵
-
\??\c:\5fxxfxr.exec:\5fxxfxr.exe120⤵
-
\??\c:\9xrxflx.exec:\9xrxflx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-