Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
10/10/2024, 00:49
General
-
Target
b52e80380e15b9aab7cfc06c38aafb76850e775ea25c15d5be2e49e0f95b5c9a.exe
-
Size
72KB
-
MD5
366778de520f3ba12fe89324217a5d77
-
SHA1
5ac6cfafe568e64b92e4a9ce734b7babcdef0030
-
SHA256
b52e80380e15b9aab7cfc06c38aafb76850e775ea25c15d5be2e49e0f95b5c9a
-
SHA512
6614a436a29a1a1872a218a5a99e794dc26ae017cc7a8ebfe32da17b10ce4f8cb43643ed0a619889047c4ae7f5d76ee49d0c60dbf35d2705af5584cb1dba2b40
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIdiW65OA:ymb3NkkiQ3mdBjFIFdJ8bViW6r
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b52e80380e15b9aab7cfc06c38aafb76850e775ea25c15d5be2e49e0f95b5c9a.exe"C:\Users\Admin\AppData\Local\Temp\b52e80380e15b9aab7cfc06c38aafb76850e775ea25c15d5be2e49e0f95b5c9a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnbbb.exec:\9tnbbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djjj.exec:\1djjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjd.exec:\dvjjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrrlfx.exec:\1lrrlfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttbb.exec:\bnttbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vddj.exec:\1vddj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxffl.exec:\xxxxffl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhhh.exec:\bhnhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppp.exec:\pjppp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vpjj.exec:\1vpjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxxxl.exec:\fxlxxxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrflx.exec:\lfrrflx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbnb.exec:\nnnbnb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjj.exec:\jjpjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dpvv.exec:\5dpvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lflxxl.exec:\1lflxxl.exe17⤵
- Executes dropped EXE
-
\??\c:\7rlrxfl.exec:\7rlrxfl.exe18⤵
- Executes dropped EXE
-
\??\c:\tnhntt.exec:\tnhntt.exe19⤵
- Executes dropped EXE
-
\??\c:\dpvpv.exec:\dpvpv.exe20⤵
- Executes dropped EXE
-
\??\c:\9pvvd.exec:\9pvvd.exe21⤵
- Executes dropped EXE
-
\??\c:\9ffffxf.exec:\9ffffxf.exe22⤵
- Executes dropped EXE
-
\??\c:\rlrxffl.exec:\rlrxffl.exe23⤵
- Executes dropped EXE
-
\??\c:\bbnnnh.exec:\bbnnnh.exe24⤵
- Executes dropped EXE
-
\??\c:\bhnnnb.exec:\bhnnnb.exe25⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe26⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe27⤵
- Executes dropped EXE
-
\??\c:\rfllxxf.exec:\rfllxxf.exe28⤵
- Executes dropped EXE
-
\??\c:\hbtbnn.exec:\hbtbnn.exe29⤵
- Executes dropped EXE
-
\??\c:\9httbt.exec:\9httbt.exe30⤵
- Executes dropped EXE
-
\??\c:\1vdjv.exec:\1vdjv.exe31⤵
- Executes dropped EXE
-
\??\c:\7djvv.exec:\7djvv.exe32⤵
- Executes dropped EXE
-
\??\c:\9rllxfl.exec:\9rllxfl.exe33⤵
- Executes dropped EXE
-
\??\c:\xrflxrx.exec:\xrflxrx.exe34⤵
- Executes dropped EXE
-
\??\c:\1ntbtt.exec:\1ntbtt.exe35⤵
- Executes dropped EXE
-
\??\c:\jvjpd.exec:\jvjpd.exe36⤵
- Executes dropped EXE
-
\??\c:\jvdpp.exec:\jvdpp.exe37⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe38⤵
- Executes dropped EXE
-
\??\c:\lfrxxlf.exec:\lfrxxlf.exe39⤵
- Executes dropped EXE
-
\??\c:\tbhnnb.exec:\tbhnnb.exe40⤵
- Executes dropped EXE
-
\??\c:\tbhttt.exec:\tbhttt.exe41⤵
- Executes dropped EXE
-
\??\c:\dpvvj.exec:\dpvvj.exe42⤵
- Executes dropped EXE
-
\??\c:\vpjpj.exec:\vpjpj.exe43⤵
- Executes dropped EXE
-
\??\c:\9vpvj.exec:\9vpvj.exe44⤵
- Executes dropped EXE
-
\??\c:\frlrrxr.exec:\frlrrxr.exe45⤵
- Executes dropped EXE
-
\??\c:\9xrxllr.exec:\9xrxllr.exe46⤵
- Executes dropped EXE
-
\??\c:\nhnntt.exec:\nhnntt.exe47⤵
- Executes dropped EXE
-
\??\c:\hbnbnn.exec:\hbnbnn.exe48⤵
- Executes dropped EXE
-
\??\c:\5pvpd.exec:\5pvpd.exe49⤵
- Executes dropped EXE
-
\??\c:\3ddjv.exec:\3ddjv.exe50⤵
- Executes dropped EXE
-
\??\c:\fxxfrlf.exec:\fxxfrlf.exe51⤵
- Executes dropped EXE
-
\??\c:\lfrfxfr.exec:\lfrfxfr.exe52⤵
- Executes dropped EXE
-
\??\c:\tbnnbh.exec:\tbnnbh.exe53⤵
- Executes dropped EXE
-
\??\c:\9nbhnh.exec:\9nbhnh.exe54⤵
- Executes dropped EXE
-
\??\c:\nhbbbh.exec:\nhbbbh.exe55⤵
- Executes dropped EXE
-
\??\c:\5jddd.exec:\5jddd.exe56⤵
- Executes dropped EXE
-
\??\c:\rxrxrfr.exec:\rxrxrfr.exe57⤵
- Executes dropped EXE
-
\??\c:\9xlxffr.exec:\9xlxffr.exe58⤵
- Executes dropped EXE
-
\??\c:\fxxflrx.exec:\fxxflrx.exe59⤵
- Executes dropped EXE
-
\??\c:\bththh.exec:\bththh.exe60⤵
- Executes dropped EXE
-
\??\c:\htnntb.exec:\htnntb.exe61⤵
- Executes dropped EXE
-
\??\c:\9jdjv.exec:\9jdjv.exe62⤵
- Executes dropped EXE
-
\??\c:\9vppp.exec:\9vppp.exe63⤵
- Executes dropped EXE
-
\??\c:\frxflrr.exec:\frxflrr.exe64⤵
- Executes dropped EXE
-
\??\c:\3xflxxr.exec:\3xflxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\tnbhtn.exec:\tnbhtn.exe66⤵
-
\??\c:\3hbhnh.exec:\3hbhnh.exe67⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe68⤵
-
\??\c:\vjvjv.exec:\vjvjv.exe69⤵
-
\??\c:\rrxlllr.exec:\rrxlllr.exe70⤵
-
\??\c:\xrlrrxf.exec:\xrlrrxf.exe71⤵
-
\??\c:\tbtttb.exec:\tbtttb.exe72⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe73⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe74⤵
-
\??\c:\pjddp.exec:\pjddp.exe75⤵
-
\??\c:\lfxfffl.exec:\lfxfffl.exe76⤵
-
\??\c:\fxflxxf.exec:\fxflxxf.exe77⤵
-
\??\c:\fxlxrlx.exec:\fxlxrlx.exe78⤵
-
\??\c:\7bbnth.exec:\7bbnth.exe79⤵
-
\??\c:\9ttbbb.exec:\9ttbbb.exe80⤵
-
\??\c:\dpdjd.exec:\dpdjd.exe81⤵
-
\??\c:\pjppd.exec:\pjppd.exe82⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe83⤵
-
\??\c:\frxxllr.exec:\frxxllr.exe84⤵
-
\??\c:\xrfrffl.exec:\xrfrffl.exe85⤵
-
\??\c:\1nhthb.exec:\1nhthb.exe86⤵
-
\??\c:\3nbhtb.exec:\3nbhtb.exe87⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe88⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe89⤵
-
\??\c:\vppjd.exec:\vppjd.exe90⤵
-
\??\c:\ffrlrxx.exec:\ffrlrxx.exe91⤵
-
\??\c:\lxrxlrl.exec:\lxrxlrl.exe92⤵
-
\??\c:\bnbhnh.exec:\bnbhnh.exe93⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe94⤵
-
\??\c:\djdjv.exec:\djdjv.exe95⤵
-
\??\c:\jvjvv.exec:\jvjvv.exe96⤵
-
\??\c:\5xxfffl.exec:\5xxfffl.exe97⤵
-
\??\c:\xlflxxl.exec:\xlflxxl.exe98⤵
-
\??\c:\5frrxxl.exec:\5frrxxl.exe99⤵
-
\??\c:\nhhnbb.exec:\nhhnbb.exe100⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe101⤵
-
\??\c:\jdpdd.exec:\jdpdd.exe102⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe103⤵
-
\??\c:\lxrrfxl.exec:\lxrrfxl.exe104⤵
-
\??\c:\xrfflll.exec:\xrfflll.exe105⤵
-
\??\c:\3frxlfl.exec:\3frxlfl.exe106⤵
-
\??\c:\nhnntn.exec:\nhnntn.exe107⤵
-
\??\c:\hbnttt.exec:\hbnttt.exe108⤵
-
\??\c:\3dpvj.exec:\3dpvj.exe109⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe110⤵
-
\??\c:\9rflrrf.exec:\9rflrrf.exe111⤵
-
\??\c:\5xrxllr.exec:\5xrxllr.exe112⤵
-
\??\c:\7hbbbb.exec:\7hbbbb.exe113⤵
-
\??\c:\7bbhth.exec:\7bbhth.exe114⤵
-
\??\c:\nbhhtt.exec:\nbhhtt.exe115⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe116⤵
-
\??\c:\dpddj.exec:\dpddj.exe117⤵
-
\??\c:\7frfflr.exec:\7frfflr.exe118⤵
-
\??\c:\fxflrfx.exec:\fxflrfx.exe119⤵
-
\??\c:\nhtbtt.exec:\nhtbtt.exe120⤵
-
\??\c:\nnhntt.exec:\nnhntt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-