Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
10/10/2024, 03:59
General
-
Target
b69d26d08a193aa53d5a21592ee29fef8be0c25f6d445b5b8cf35128e9766d7dN.exe
-
Size
66KB
-
MD5
29a7b54cca8b8ee40972bc949edacca0
-
SHA1
57a9eeedd7234ea9ee8ccb094b18fa4aa63d21de
-
SHA256
b69d26d08a193aa53d5a21592ee29fef8be0c25f6d445b5b8cf35128e9766d7d
-
SHA512
01141ed95e51c08a34aa94bfb5e166f9bfacc3c87196f79627f8ea57db9c60ac600107618a75eba962f9f673ef211ecad341b904fc291a0198e0906d31d11ec8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxeH:ymb3NkkiQ3mdBjF0y7kbUH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b69d26d08a193aa53d5a21592ee29fef8be0c25f6d445b5b8cf35128e9766d7dN.exe"C:\Users\Admin\AppData\Local\Temp\b69d26d08a193aa53d5a21592ee29fef8be0c25f6d445b5b8cf35128e9766d7dN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbhb.exec:\bntbhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dpdj.exec:\9dpdj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fflrrf.exec:\5fflrrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhnt.exec:\tnbhnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllrff.exec:\fxllrff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntbn.exec:\bbntbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvdj.exec:\vjvdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxxxl.exec:\rfxxxxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrxrxl.exec:\5lrxrxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnnt.exec:\bthnnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhntt.exec:\3nhntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjj.exec:\jdjjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrrrx.exec:\ffrrrrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xffrrx.exec:\9xffrrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnthhb.exec:\hnthhb.exe17⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe18⤵
- Executes dropped EXE
-
\??\c:\rlxrrrf.exec:\rlxrrrf.exe19⤵
- Executes dropped EXE
-
\??\c:\rlxrllr.exec:\rlxrllr.exe20⤵
- Executes dropped EXE
-
\??\c:\9nttbt.exec:\9nttbt.exe21⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tnbnnt.exec:\tnbnnt.exe22⤵
- Executes dropped EXE
-
\??\c:\pdjjp.exec:\pdjjp.exe23⤵
- Executes dropped EXE
-
\??\c:\jpvdd.exec:\jpvdd.exe24⤵
- Executes dropped EXE
-
\??\c:\fxlxflr.exec:\fxlxflr.exe25⤵
- Executes dropped EXE
-
\??\c:\htbttt.exec:\htbttt.exe26⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe27⤵
- Executes dropped EXE
-
\??\c:\xlrllxf.exec:\xlrllxf.exe28⤵
- Executes dropped EXE
-
\??\c:\9rflxxf.exec:\9rflxxf.exe29⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe30⤵
- Executes dropped EXE
-
\??\c:\9hthtn.exec:\9hthtn.exe31⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe32⤵
- Executes dropped EXE
-
\??\c:\dpdpp.exec:\dpdpp.exe33⤵
- Executes dropped EXE
-
\??\c:\1xlflff.exec:\1xlflff.exe34⤵
- Executes dropped EXE
-
\??\c:\bbnbhn.exec:\bbnbhn.exe35⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe36⤵
- Executes dropped EXE
-
\??\c:\1dvdj.exec:\1dvdj.exe37⤵
- Executes dropped EXE
-
\??\c:\9rfllrx.exec:\9rfllrx.exe38⤵
- Executes dropped EXE
-
\??\c:\fxffffr.exec:\fxffffr.exe39⤵
- Executes dropped EXE
-
\??\c:\3htnbh.exec:\3htnbh.exe40⤵
- Executes dropped EXE
-
\??\c:\1bbbhh.exec:\1bbbhh.exe41⤵
- Executes dropped EXE
-
\??\c:\vdpvv.exec:\vdpvv.exe42⤵
- Executes dropped EXE
-
\??\c:\llrffxr.exec:\llrffxr.exe43⤵
- Executes dropped EXE
-
\??\c:\flrrfrr.exec:\flrrfrr.exe44⤵
- Executes dropped EXE
-
\??\c:\1xflllr.exec:\1xflllr.exe45⤵
- Executes dropped EXE
-
\??\c:\9tnttb.exec:\9tnttb.exe46⤵
- Executes dropped EXE
-
\??\c:\thbbhb.exec:\thbbhb.exe47⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe48⤵
- Executes dropped EXE
-
\??\c:\jjpdv.exec:\jjpdv.exe49⤵
- Executes dropped EXE
-
\??\c:\fflxrfr.exec:\fflxrfr.exe50⤵
- Executes dropped EXE
-
\??\c:\xrlllfr.exec:\xrlllfr.exe51⤵
- Executes dropped EXE
-
\??\c:\3thbhb.exec:\3thbhb.exe52⤵
- Executes dropped EXE
-
\??\c:\nbhtnn.exec:\nbhtnn.exe53⤵
- Executes dropped EXE
-
\??\c:\vvvvj.exec:\vvvvj.exe54⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe55⤵
- Executes dropped EXE
-
\??\c:\1rxflll.exec:\1rxflll.exe56⤵
- Executes dropped EXE
-
\??\c:\ffrffff.exec:\ffrffff.exe57⤵
- Executes dropped EXE
-
\??\c:\5bnhnb.exec:\5bnhnb.exe58⤵
- Executes dropped EXE
-
\??\c:\dvjpj.exec:\dvjpj.exe59⤵
- Executes dropped EXE
-
\??\c:\vvpdd.exec:\vvpdd.exe60⤵
- Executes dropped EXE
-
\??\c:\lxlllfl.exec:\lxlllfl.exe61⤵
- Executes dropped EXE
-
\??\c:\rfxrllx.exec:\rfxrllx.exe62⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe63⤵
- Executes dropped EXE
-
\??\c:\7xrxrfl.exec:\7xrxrfl.exe64⤵
- Executes dropped EXE
-
\??\c:\lxfllll.exec:\lxfllll.exe65⤵
- Executes dropped EXE
-
\??\c:\hbtnhh.exec:\hbtnhh.exe66⤵
-
\??\c:\9nhnnb.exec:\9nhnnb.exe67⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe68⤵
-
\??\c:\fxlrrxf.exec:\fxlrrxf.exe69⤵
-
\??\c:\ffrxfrx.exec:\ffrxfrx.exe70⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe71⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe72⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe73⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe74⤵
-
\??\c:\xrllrxl.exec:\xrllrxl.exe75⤵
-
\??\c:\lxllrlr.exec:\lxllrlr.exe76⤵
-
\??\c:\xlrrrrx.exec:\xlrrrrx.exe77⤵
-
\??\c:\3bthhn.exec:\3bthhn.exe78⤵
-
\??\c:\5tnhnh.exec:\5tnhnh.exe79⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ddjpj.exec:\ddjpj.exe80⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ddjjj.exec:\ddjjj.exe81⤵
-
\??\c:\lffrffr.exec:\lffrffr.exe82⤵
-
\??\c:\5xllrrl.exec:\5xllrrl.exe83⤵
-
\??\c:\xlffrrx.exec:\xlffrrx.exe84⤵
-
\??\c:\ntnnht.exec:\ntnnht.exe85⤵
-
\??\c:\5bnbhn.exec:\5bnbhn.exe86⤵
-
\??\c:\vvjvv.exec:\vvjvv.exe87⤵
-
\??\c:\5jdjp.exec:\5jdjp.exe88⤵
-
\??\c:\rlffllr.exec:\rlffllr.exe89⤵
-
\??\c:\lfxfrxf.exec:\lfxfrxf.exe90⤵
-
\??\c:\xrrlrlr.exec:\xrrlrlr.exe91⤵
-
\??\c:\bnhhtn.exec:\bnhhtn.exe92⤵
-
\??\c:\3nttbn.exec:\3nttbn.exe93⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe94⤵
-
\??\c:\pdpdp.exec:\pdpdp.exe95⤵
-
\??\c:\9vppp.exec:\9vppp.exe96⤵
-
\??\c:\ffffxxx.exec:\ffffxxx.exe97⤵
-
\??\c:\llxflfr.exec:\llxflfr.exe98⤵
-
\??\c:\7btbbh.exec:\7btbbh.exe99⤵
-
\??\c:\btnntt.exec:\btnntt.exe100⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe101⤵
-
\??\c:\dvddj.exec:\dvddj.exe102⤵
-
\??\c:\3rxxrrl.exec:\3rxxrrl.exe103⤵
-
\??\c:\flxxxxr.exec:\flxxxxr.exe104⤵
-
\??\c:\xxlllrx.exec:\xxlllrx.exe105⤵
-
\??\c:\7bnntb.exec:\7bnntb.exe106⤵
-
\??\c:\httttn.exec:\httttn.exe107⤵
-
\??\c:\1nnbhn.exec:\1nnbhn.exe108⤵
-
\??\c:\3djjj.exec:\3djjj.exe109⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe110⤵
-
\??\c:\lfxfrxf.exec:\lfxfrxf.exe111⤵
-
\??\c:\frfflrr.exec:\frfflrr.exe112⤵
-
\??\c:\hbhbnh.exec:\hbhbnh.exe113⤵
-
\??\c:\hbttbt.exec:\hbttbt.exe114⤵
-
\??\c:\9tntth.exec:\9tntth.exe115⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe116⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe117⤵
-
\??\c:\pjppp.exec:\pjppp.exe118⤵
-
\??\c:\7lfrxxx.exec:\7lfrxxx.exe119⤵
-
\??\c:\rlflllx.exec:\rlflllx.exe120⤵
-
\??\c:\thbhnn.exec:\thbhnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-