Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
04/10/2024, 14:08
General
-
Target
0d1ec1b806cc1742419653d61dcf4de5d03cc548ca0eac9190c8a60f3bea8305N.exe
-
Size
59KB
-
MD5
a50d0c8b93ee5501fdab131d957baec0
-
SHA1
c0c01a3bc75dabdb82bcccdf6a9a4c0c146aad67
-
SHA256
0d1ec1b806cc1742419653d61dcf4de5d03cc548ca0eac9190c8a60f3bea8305
-
SHA512
f05de455f218ab8f2a92a5d18f7b6f6af9328de916cad4ea92e0724963c6dd8558e377be21b6272e13da9c28369789b13e25d90965eb64725e813fae9d9da4d9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgTdx:ymb3NkkiQ3mdBjFIg/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0d1ec1b806cc1742419653d61dcf4de5d03cc548ca0eac9190c8a60f3bea8305N.exe"C:\Users\Admin\AppData\Local\Temp\0d1ec1b806cc1742419653d61dcf4de5d03cc548ca0eac9190c8a60f3bea8305N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffflr.exec:\rfffflr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9htthb.exec:\9htthb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnttt.exec:\bnnttt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjd.exec:\pdpjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dppv.exec:\9dppv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthnt.exec:\btthnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btthn.exec:\9btthn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxffxrr.exec:\xxffxrr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxllll.exec:\9fxllll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnnn.exec:\tnbnnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbhnn.exec:\7tbhnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvj.exec:\pjvvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfxlf.exec:\rflfxlf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrrxr.exec:\xrlrrxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnnn.exec:\httnnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbt.exec:\nhhhbt.exe17⤵
- Executes dropped EXE
-
\??\c:\dvdjd.exec:\dvdjd.exe18⤵
- Executes dropped EXE
-
\??\c:\pjvjp.exec:\pjvjp.exe19⤵
- Executes dropped EXE
-
\??\c:\xxxfxlf.exec:\xxxfxlf.exe20⤵
- Executes dropped EXE
-
\??\c:\3nhhnt.exec:\3nhhnt.exe21⤵
- Executes dropped EXE
-
\??\c:\bnbttn.exec:\bnbttn.exe22⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe23⤵
- Executes dropped EXE
-
\??\c:\jpvvd.exec:\jpvvd.exe24⤵
- Executes dropped EXE
-
\??\c:\1xllxxl.exec:\1xllxxl.exe25⤵
- Executes dropped EXE
-
\??\c:\xflllff.exec:\xflllff.exe26⤵
- Executes dropped EXE
-
\??\c:\5nbhhh.exec:\5nbhhh.exe27⤵
- Executes dropped EXE
-
\??\c:\tbhttt.exec:\tbhttt.exe28⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe29⤵
- Executes dropped EXE
-
\??\c:\rfxfxxx.exec:\rfxfxxx.exe30⤵
- Executes dropped EXE
-
\??\c:\3fxxffl.exec:\3fxxffl.exe31⤵
- Executes dropped EXE
-
\??\c:\5nthhb.exec:\5nthhb.exe32⤵
- Executes dropped EXE
-
\??\c:\bhbnhn.exec:\bhbnhn.exe33⤵
- Executes dropped EXE
-
\??\c:\dppvp.exec:\dppvp.exe34⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe35⤵
- Executes dropped EXE
-
\??\c:\1xlrlff.exec:\1xlrlff.exe36⤵
- Executes dropped EXE
-
\??\c:\xllrxff.exec:\xllrxff.exe37⤵
- Executes dropped EXE
-
\??\c:\bnbttt.exec:\bnbttt.exe38⤵
- Executes dropped EXE
-
\??\c:\htnhhh.exec:\htnhhh.exe39⤵
- Executes dropped EXE
-
\??\c:\bnbtnh.exec:\bnbtnh.exe40⤵
- Executes dropped EXE
-
\??\c:\jvjvd.exec:\jvjvd.exe41⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe42⤵
- Executes dropped EXE
-
\??\c:\lrxrlff.exec:\lrxrlff.exe43⤵
- Executes dropped EXE
-
\??\c:\lxxrrxf.exec:\lxxrrxf.exe44⤵
- Executes dropped EXE
-
\??\c:\lfllrrr.exec:\lfllrrr.exe45⤵
- Executes dropped EXE
-
\??\c:\thnhhn.exec:\thnhhn.exe46⤵
- Executes dropped EXE
-
\??\c:\5hhbtt.exec:\5hhbtt.exe47⤵
- Executes dropped EXE
-
\??\c:\jdjvd.exec:\jdjvd.exe48⤵
- Executes dropped EXE
-
\??\c:\7jjjp.exec:\7jjjp.exe49⤵
- Executes dropped EXE
-
\??\c:\9xfxrlx.exec:\9xfxrlx.exe50⤵
- Executes dropped EXE
-
\??\c:\frfxfrl.exec:\frfxfrl.exe51⤵
- Executes dropped EXE
-
\??\c:\nbhnnh.exec:\nbhnnh.exe52⤵
- Executes dropped EXE
-
\??\c:\bbnhbn.exec:\bbnhbn.exe53⤵
- Executes dropped EXE
-
\??\c:\9tbtnb.exec:\9tbtnb.exe54⤵
- Executes dropped EXE
-
\??\c:\5jvpj.exec:\5jvpj.exe55⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe56⤵
- Executes dropped EXE
-
\??\c:\lrlxxll.exec:\lrlxxll.exe57⤵
- Executes dropped EXE
-
\??\c:\7xfrrrx.exec:\7xfrrrx.exe58⤵
- Executes dropped EXE
-
\??\c:\3bhbbt.exec:\3bhbbt.exe59⤵
- Executes dropped EXE
-
\??\c:\hbhbhn.exec:\hbhbhn.exe60⤵
- Executes dropped EXE
-
\??\c:\dpvdj.exec:\dpvdj.exe61⤵
- Executes dropped EXE
-
\??\c:\ddjjv.exec:\ddjjv.exe62⤵
- Executes dropped EXE
-
\??\c:\vdddd.exec:\vdddd.exe63⤵
- Executes dropped EXE
-
\??\c:\lxxrlrf.exec:\lxxrlrf.exe64⤵
- Executes dropped EXE
-
\??\c:\xrfrxlr.exec:\xrfrxlr.exe65⤵
- Executes dropped EXE
-
\??\c:\bnnnbt.exec:\bnnnbt.exe66⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe67⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe68⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe69⤵
-
\??\c:\lxfxrll.exec:\lxfxrll.exe70⤵
-
\??\c:\xrflrrx.exec:\xrflrrx.exe71⤵
-
\??\c:\frxlfxr.exec:\frxlfxr.exe72⤵
-
\??\c:\nbhhnh.exec:\nbhhnh.exe73⤵
-
\??\c:\vpddd.exec:\vpddd.exe74⤵
-
\??\c:\xlrxxrl.exec:\xlrxxrl.exe75⤵
-
\??\c:\rllffxf.exec:\rllffxf.exe76⤵
-
\??\c:\nbbnnh.exec:\nbbnnh.exe77⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe78⤵
-
\??\c:\1jpjj.exec:\1jpjj.exe79⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe80⤵
-
\??\c:\3frrxrx.exec:\3frrxrx.exe81⤵
-
\??\c:\xrxlxxf.exec:\xrxlxxf.exe82⤵
-
\??\c:\lxflxxx.exec:\lxflxxx.exe83⤵
-
\??\c:\bbtbnn.exec:\bbtbnn.exe84⤵
-
\??\c:\bntbbh.exec:\bntbbh.exe85⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe86⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe87⤵
-
\??\c:\rlxlrrx.exec:\rlxlrrx.exe88⤵
-
\??\c:\fxllrxf.exec:\fxllrxf.exe89⤵
-
\??\c:\rlxxfff.exec:\rlxxfff.exe90⤵
-
\??\c:\bbbnbt.exec:\bbbnbt.exe91⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe92⤵
-
\??\c:\jddjp.exec:\jddjp.exe93⤵
-
\??\c:\xlxrxrx.exec:\xlxrxrx.exe94⤵
-
\??\c:\rlffflr.exec:\rlffflr.exe95⤵
-
\??\c:\frxffxf.exec:\frxffxf.exe96⤵
-
\??\c:\bnbhtt.exec:\bnbhtt.exe97⤵
-
\??\c:\tbnbbt.exec:\tbnbbt.exe98⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe99⤵
-
\??\c:\dvddj.exec:\dvddj.exe100⤵
-
\??\c:\rllrrxf.exec:\rllrrxf.exe101⤵
-
\??\c:\3fxfrrr.exec:\3fxfrrr.exe102⤵
-
\??\c:\lfrfrrx.exec:\lfrfrrx.exe103⤵
-
\??\c:\nhthnn.exec:\nhthnn.exe104⤵
-
\??\c:\pjppp.exec:\pjppp.exe105⤵
-
\??\c:\djdjd.exec:\djdjd.exe106⤵
-
\??\c:\jvddp.exec:\jvddp.exe107⤵
-
\??\c:\lrlrlfx.exec:\lrlrlfx.exe108⤵
-
\??\c:\lfrfrrx.exec:\lfrfrrx.exe109⤵
-
\??\c:\1httbt.exec:\1httbt.exe110⤵
-
\??\c:\7tnhtt.exec:\7tnhtt.exe111⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe112⤵
-
\??\c:\5pppp.exec:\5pppp.exe113⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe114⤵
-
\??\c:\xrlrffl.exec:\xrlrffl.exe115⤵
-
\??\c:\7xllxfr.exec:\7xllxfr.exe116⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe117⤵
-
\??\c:\5htbnn.exec:\5htbnn.exe118⤵
-
\??\c:\hhbbhh.exec:\hhbbhh.exe119⤵
-
\??\c:\vpddd.exec:\vpddd.exe120⤵
-
\??\c:\1jddj.exec:\1jddj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-