Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
18/10/2024, 02:57
General
-
Target
765e7940e30473f76c0ed2cb8eb1604447f64ce4cc7528afd5fa19bc5f4091baN.exe
-
Size
83KB
-
MD5
53ba38a37b6381e2ff8d282025783d10
-
SHA1
eeb7079c29be0c453cf6259c5d8c0843276c4921
-
SHA256
765e7940e30473f76c0ed2cb8eb1604447f64ce4cc7528afd5fa19bc5f4091ba
-
SHA512
11f8f1d21cd2e5a1fc3a6a89a09a85e6415178d244d2e942046a20d2fe93ea69996cb4379fee26bab337c5347314bb7717ca0767049be8173a6aef498d138081
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QF:ymb3NkkiQ3mdBjFIIp9L9QrrA8Q
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\765e7940e30473f76c0ed2cb8eb1604447f64ce4cc7528afd5fa19bc5f4091baN.exe"C:\Users\Admin\AppData\Local\Temp\765e7940e30473f76c0ed2cb8eb1604447f64ce4cc7528afd5fa19bc5f4091baN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfflfr.exec:\xrfflfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhthnt.exec:\nhthnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpj.exec:\ppjpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdjv.exec:\jvdjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xlflxl.exec:\9xlflxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9thhbb.exec:\9thhbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbnhn.exec:\1hbnhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrflx.exec:\lfrrflx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrxxfr.exec:\frrxxfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbnb.exec:\bbtbnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbbnt.exec:\3hbbnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppp.exec:\dvppp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvd.exec:\pjvvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfrrx.exec:\rflfrrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rrrxrx.exec:\3rrrxrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbb.exec:\nhttbb.exe17⤵
- Executes dropped EXE
-
\??\c:\tnbhbn.exec:\tnbhbn.exe18⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe19⤵
- Executes dropped EXE
-
\??\c:\9jjjp.exec:\9jjjp.exe20⤵
- Executes dropped EXE
-
\??\c:\llfrxxf.exec:\llfrxxf.exe21⤵
- Executes dropped EXE
-
\??\c:\1lfrxxl.exec:\1lfrxxl.exe22⤵
- Executes dropped EXE
-
\??\c:\rlflxxl.exec:\rlflxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\tnnbnn.exec:\tnnbnn.exe24⤵
- Executes dropped EXE
-
\??\c:\nhbbhb.exec:\nhbbhb.exe25⤵
- Executes dropped EXE
-
\??\c:\dvvdv.exec:\dvvdv.exe26⤵
- Executes dropped EXE
-
\??\c:\pdpvv.exec:\pdpvv.exe27⤵
- Executes dropped EXE
-
\??\c:\1jjjd.exec:\1jjjd.exe28⤵
- Executes dropped EXE
-
\??\c:\lfxffrf.exec:\lfxffrf.exe29⤵
- Executes dropped EXE
-
\??\c:\3rllrxf.exec:\3rllrxf.exe30⤵
- Executes dropped EXE
-
\??\c:\hhbnbh.exec:\hhbnbh.exe31⤵
- Executes dropped EXE
-
\??\c:\hthnbb.exec:\hthnbb.exe32⤵
- Executes dropped EXE
-
\??\c:\7dppp.exec:\7dppp.exe33⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe34⤵
- Executes dropped EXE
-
\??\c:\1vjjd.exec:\1vjjd.exe35⤵
- Executes dropped EXE
-
\??\c:\fxrrxxl.exec:\fxrrxxl.exe36⤵
- Executes dropped EXE
-
\??\c:\rllrflx.exec:\rllrflx.exe37⤵
- Executes dropped EXE
-
\??\c:\9xrxffr.exec:\9xrxffr.exe38⤵
- Executes dropped EXE
-
\??\c:\ttntht.exec:\ttntht.exe39⤵
- Executes dropped EXE
-
\??\c:\7nhhtb.exec:\7nhhtb.exe40⤵
- Executes dropped EXE
-
\??\c:\btnbnn.exec:\btnbnn.exe41⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe42⤵
- Executes dropped EXE
-
\??\c:\dpvdj.exec:\dpvdj.exe43⤵
- Executes dropped EXE
-
\??\c:\dvpdj.exec:\dvpdj.exe44⤵
- Executes dropped EXE
-
\??\c:\xxrlxfr.exec:\xxrlxfr.exe45⤵
- Executes dropped EXE
-
\??\c:\rlxflrf.exec:\rlxflrf.exe46⤵
- Executes dropped EXE
-
\??\c:\xrfflxf.exec:\xrfflxf.exe47⤵
- Executes dropped EXE
-
\??\c:\ffflxfl.exec:\ffflxfl.exe48⤵
- Executes dropped EXE
-
\??\c:\btbhnn.exec:\btbhnn.exe49⤵
- Executes dropped EXE
-
\??\c:\bthbbn.exec:\bthbbn.exe50⤵
- Executes dropped EXE
-
\??\c:\3nhhnn.exec:\3nhhnn.exe51⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe52⤵
- Executes dropped EXE
-
\??\c:\1dpdj.exec:\1dpdj.exe53⤵
- Executes dropped EXE
-
\??\c:\xrllxxl.exec:\xrllxxl.exe54⤵
- Executes dropped EXE
-
\??\c:\5tnhbb.exec:\5tnhbb.exe55⤵
- Executes dropped EXE
-
\??\c:\hbbtbb.exec:\hbbtbb.exe56⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fxlrrxx.exec:\fxlrrxx.exe58⤵
- Executes dropped EXE
-
\??\c:\nhnnnt.exec:\nhnnnt.exe59⤵
- Executes dropped EXE
-
\??\c:\1nnntb.exec:\1nnntb.exe60⤵
- Executes dropped EXE
-
\??\c:\7ppvp.exec:\7ppvp.exe61⤵
- Executes dropped EXE
-
\??\c:\frxxlrx.exec:\frxxlrx.exe62⤵
- Executes dropped EXE
-
\??\c:\5hhntb.exec:\5hhntb.exe63⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe64⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\pjvvv.exec:\pjvvv.exe65⤵
- Executes dropped EXE
-
\??\c:\xxlxlxx.exec:\xxlxlxx.exe66⤵
-
\??\c:\tnbbtb.exec:\tnbbtb.exe67⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe68⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe69⤵
-
\??\c:\rlflxfr.exec:\rlflxfr.exe70⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe71⤵
-
\??\c:\7ttbhb.exec:\7ttbhb.exe72⤵
-
\??\c:\3vjvv.exec:\3vjvv.exe73⤵
-
\??\c:\9rfxllf.exec:\9rfxllf.exe74⤵
-
\??\c:\htbtnb.exec:\htbtnb.exe75⤵
-
\??\c:\pjppj.exec:\pjppj.exe76⤵
-
\??\c:\lfrfrrf.exec:\lfrfrrf.exe77⤵
-
\??\c:\7xrrffr.exec:\7xrrffr.exe78⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe79⤵
-
\??\c:\dvddv.exec:\dvddv.exe80⤵
-
\??\c:\djvjp.exec:\djvjp.exe81⤵
-
\??\c:\lfllrrf.exec:\lfllrrf.exe82⤵
-
\??\c:\hbntnn.exec:\hbntnn.exe83⤵
-
\??\c:\3htthn.exec:\3htthn.exe84⤵
-
\??\c:\3vppd.exec:\3vppd.exe85⤵
-
\??\c:\llrrxxr.exec:\llrrxxr.exe86⤵
-
\??\c:\rllxrfr.exec:\rllxrfr.exe87⤵
-
\??\c:\thtnbt.exec:\thtnbt.exe88⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe89⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe90⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe91⤵
-
\??\c:\xxrrflr.exec:\xxrrflr.exe92⤵
-
\??\c:\7rllxrx.exec:\7rllxrx.exe93⤵
-
\??\c:\nnhhnn.exec:\nnhhnn.exe94⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe95⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe96⤵
-
\??\c:\1fxlxxl.exec:\1fxlxxl.exe97⤵
-
\??\c:\rrlllrf.exec:\rrlllrf.exe98⤵
-
\??\c:\hhtbnh.exec:\hhtbnh.exe99⤵
-
\??\c:\5bnthh.exec:\5bnthh.exe100⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe101⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe102⤵
-
\??\c:\fxllfxl.exec:\fxllfxl.exe103⤵
-
\??\c:\rlxxlfl.exec:\rlxxlfl.exe104⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe105⤵
-
\??\c:\bthhtb.exec:\bthhtb.exe106⤵
-
\??\c:\3hbtbh.exec:\3hbtbh.exe107⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe108⤵
-
\??\c:\vpddj.exec:\vpddj.exe109⤵
-
\??\c:\xrxxlfl.exec:\xrxxlfl.exe110⤵
-
\??\c:\3fxflxf.exec:\3fxflxf.exe111⤵
-
\??\c:\hbbnnt.exec:\hbbnnt.exe112⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe113⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe114⤵
-
\??\c:\pdppv.exec:\pdppv.exe115⤵
-
\??\c:\fxflfrf.exec:\fxflfrf.exe116⤵
-
\??\c:\lxxlfrl.exec:\lxxlfrl.exe117⤵
-
\??\c:\btnthb.exec:\btnthb.exe118⤵
-
\??\c:\3bnthn.exec:\3bnthn.exe119⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe120⤵
-
\??\c:\9fxxrrf.exec:\9fxxrrf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-