Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
09/10/2024, 23:07
General
-
Target
899fc589a4a7c023e7497fe780629e6f9e04b3bd01bd2425179ce011894d5106.exe
-
Size
82KB
-
MD5
f4f8241fc9d81bfd489ebead911bd6bb
-
SHA1
33500321b4f7a3fa6d059f6df286434dac12320f
-
SHA256
899fc589a4a7c023e7497fe780629e6f9e04b3bd01bd2425179ce011894d5106
-
SHA512
dc09e95e0a13011ad9255c39f5ea1ee6abf6a10072b520990f77b2bd108c89e04fc62e35f489acb72469d4ef568e03314fafea261223629d08b6c17ec33757a5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89Q1:ymb3NkkiQ3mdBjFIIp9L9QrrA82
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\899fc589a4a7c023e7497fe780629e6f9e04b3bd01bd2425179ce011894d5106.exe"C:\Users\Admin\AppData\Local\Temp\899fc589a4a7c023e7497fe780629e6f9e04b3bd01bd2425179ce011894d5106.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\btttbb.exec:\btttbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvj.exec:\pjpvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhtb.exec:\tnhhtb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpv.exec:\pddpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflrrx.exec:\fxflrrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhthn.exec:\hhhthn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pppd.exec:\7pppd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxllr.exec:\xrrxllr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhnn.exec:\nhhhnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjpj.exec:\pvjpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxfxfl.exec:\7fxfxfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxxrf.exec:\rxfxxrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbhtt.exec:\3tbhtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjd.exec:\ddvjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlrrf.exec:\rlxlrrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnbth.exec:\1bnbth.exe17⤵
- Executes dropped EXE
-
\??\c:\nbtnnb.exec:\nbtnnb.exe18⤵
- Executes dropped EXE
-
\??\c:\9jvvj.exec:\9jvvj.exe19⤵
- Executes dropped EXE
-
\??\c:\3rrfxlr.exec:\3rrfxlr.exe20⤵
- Executes dropped EXE
-
\??\c:\xxrfllf.exec:\xxrfllf.exe21⤵
- Executes dropped EXE
-
\??\c:\nntnhb.exec:\nntnhb.exe22⤵
- Executes dropped EXE
-
\??\c:\jjvvj.exec:\jjvvj.exe23⤵
- Executes dropped EXE
-
\??\c:\fffxlfx.exec:\fffxlfx.exe24⤵
- Executes dropped EXE
-
\??\c:\ntthth.exec:\ntthth.exe25⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe26⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe27⤵
- Executes dropped EXE
-
\??\c:\bbtbnn.exec:\bbtbnn.exe28⤵
- Executes dropped EXE
-
\??\c:\tttbtt.exec:\tttbtt.exe29⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe30⤵
- Executes dropped EXE
-
\??\c:\9fxlrxf.exec:\9fxlrxf.exe31⤵
- Executes dropped EXE
-
\??\c:\7rxlxlr.exec:\7rxlxlr.exe32⤵
- Executes dropped EXE
-
\??\c:\bntnnt.exec:\bntnnt.exe33⤵
- Executes dropped EXE
-
\??\c:\vvvjd.exec:\vvvjd.exe34⤵
- Executes dropped EXE
-
\??\c:\pvvdp.exec:\pvvdp.exe35⤵
- Executes dropped EXE
-
\??\c:\3lxxlxr.exec:\3lxxlxr.exe36⤵
- Executes dropped EXE
-
\??\c:\9httbh.exec:\9httbh.exe37⤵
- Executes dropped EXE
-
\??\c:\bbbnbn.exec:\bbbnbn.exe38⤵
- Executes dropped EXE
-
\??\c:\fxxfrxf.exec:\fxxfrxf.exe39⤵
- Executes dropped EXE
-
\??\c:\bbnnbn.exec:\bbnnbn.exe40⤵
- Executes dropped EXE
-
\??\c:\nhbbhn.exec:\nhbbhn.exe41⤵
- Executes dropped EXE
-
\??\c:\5vjvj.exec:\5vjvj.exe42⤵
- Executes dropped EXE
-
\??\c:\5lrrffr.exec:\5lrrffr.exe43⤵
- Executes dropped EXE
-
\??\c:\fxfxfrf.exec:\fxfxfrf.exe44⤵
- Executes dropped EXE
-
\??\c:\5ttbhh.exec:\5ttbhh.exe45⤵
- Executes dropped EXE
-
\??\c:\tthttb.exec:\tthttb.exe46⤵
- Executes dropped EXE
-
\??\c:\7vvjd.exec:\7vvjd.exe47⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe48⤵
- Executes dropped EXE
-
\??\c:\lffxfff.exec:\lffxfff.exe49⤵
- Executes dropped EXE
-
\??\c:\7hbnnn.exec:\7hbnnn.exe50⤵
- Executes dropped EXE
-
\??\c:\nhbhtb.exec:\nhbhtb.exe51⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe52⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe53⤵
- Executes dropped EXE
-
\??\c:\5fflrxf.exec:\5fflrxf.exe54⤵
- Executes dropped EXE
-
\??\c:\9nhhnn.exec:\9nhhnn.exe55⤵
- Executes dropped EXE
-
\??\c:\3btnbb.exec:\3btnbb.exe56⤵
- Executes dropped EXE
-
\??\c:\1jdvv.exec:\1jdvv.exe57⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe58⤵
- Executes dropped EXE
-
\??\c:\xrflrxl.exec:\xrflrxl.exe59⤵
- Executes dropped EXE
-
\??\c:\xfrxflr.exec:\xfrxflr.exe60⤵
- Executes dropped EXE
-
\??\c:\thnnnt.exec:\thnnnt.exe61⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe62⤵
- Executes dropped EXE
-
\??\c:\ddjvp.exec:\ddjvp.exe63⤵
- Executes dropped EXE
-
\??\c:\rlrfrxl.exec:\rlrfrxl.exe64⤵
- Executes dropped EXE
-
\??\c:\frlrrxf.exec:\frlrrxf.exe65⤵
- Executes dropped EXE
-
\??\c:\hhbhtt.exec:\hhbhtt.exe66⤵
-
\??\c:\hbnbbb.exec:\hbnbbb.exe67⤵
-
\??\c:\vdppp.exec:\vdppp.exe68⤵
-
\??\c:\lllxfrf.exec:\lllxfrf.exe69⤵
-
\??\c:\9lxllrf.exec:\9lxllrf.exe70⤵
-
\??\c:\nnnhth.exec:\nnnhth.exe71⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe72⤵
-
\??\c:\vvvjp.exec:\vvvjp.exe73⤵
-
\??\c:\ffxflll.exec:\ffxflll.exe74⤵
-
\??\c:\rllxllf.exec:\rllxllf.exe75⤵
-
\??\c:\bbtbhb.exec:\bbtbhb.exe76⤵
-
\??\c:\1thnbh.exec:\1thnbh.exe77⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe78⤵
-
\??\c:\rllrxll.exec:\rllrxll.exe79⤵
-
\??\c:\3flrlxl.exec:\3flrlxl.exe80⤵
-
\??\c:\nhhnnn.exec:\nhhnnn.exe81⤵
-
\??\c:\tbbbnh.exec:\tbbbnh.exe82⤵
-
\??\c:\vdjdj.exec:\vdjdj.exe83⤵
-
\??\c:\ffxxxlr.exec:\ffxxxlr.exe84⤵
-
\??\c:\fxlxflx.exec:\fxlxflx.exe85⤵
-
\??\c:\5nhbhn.exec:\5nhbhn.exe86⤵
-
\??\c:\nnhnhh.exec:\nnhnhh.exe87⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe88⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe89⤵
-
\??\c:\rrflrrf.exec:\rrflrrf.exe90⤵
-
\??\c:\rllxflf.exec:\rllxflf.exe91⤵
-
\??\c:\3nhnhb.exec:\3nhnhb.exe92⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe93⤵
-
\??\c:\pppvj.exec:\pppvj.exe94⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe95⤵
-
\??\c:\xxrrflx.exec:\xxrrflx.exe96⤵
-
\??\c:\xxrfrxr.exec:\xxrfrxr.exe97⤵
-
\??\c:\hbbhhn.exec:\hbbhhn.exe98⤵
-
\??\c:\5bntbh.exec:\5bntbh.exe99⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe100⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe101⤵
-
\??\c:\1xrfrxl.exec:\1xrfrxl.exe102⤵
-
\??\c:\lfxxrxr.exec:\lfxxrxr.exe103⤵
-
\??\c:\5tthnb.exec:\5tthnb.exe104⤵
-
\??\c:\hhnhtt.exec:\hhnhtt.exe105⤵
-
\??\c:\1dddv.exec:\1dddv.exe106⤵
-
\??\c:\rllrxff.exec:\rllrxff.exe107⤵
-
\??\c:\5xfrrfx.exec:\5xfrrfx.exe108⤵
-
\??\c:\7bbtbn.exec:\7bbtbn.exe109⤵
-
\??\c:\5htnnt.exec:\5htnnt.exe110⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe111⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe112⤵
-
\??\c:\xxrlxfr.exec:\xxrlxfr.exe113⤵
-
\??\c:\xxrfxlx.exec:\xxrfxlx.exe114⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe115⤵
-
\??\c:\3tbhtb.exec:\3tbhtb.exe116⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe117⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe118⤵
-
\??\c:\rlrrxlr.exec:\rlrrxlr.exe119⤵
-
\??\c:\rrlxflx.exec:\rrlxflx.exe120⤵
-
\??\c:\nnbnbh.exec:\nnbnbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-