Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
30/11/2024, 05:04
General
-
Target
3102d2b1579244e3a14d73747bfa01139f0493af1ee471ab10d0bc7bca581d96N.exe
-
Size
66KB
-
MD5
0c8535cb9f7a6c49d176d0a2bb466650
-
SHA1
73b6d4f2a09888ed363b87e7b6b0823d0302ac8c
-
SHA256
3102d2b1579244e3a14d73747bfa01139f0493af1ee471ab10d0bc7bca581d96
-
SHA512
a0bedadf9905fb04b30e191671718ab8b74b96f27a2e3e20730922c312c8cd9210f1b6d7e1a0f279e71643c274de71957cfc21e3795a8482dd9a14846c6ef611
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxeQ:ymb3NkkiQ3mdBjF0y7kbUQ
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3102d2b1579244e3a14d73747bfa01139f0493af1ee471ab10d0bc7bca581d96N.exe"C:\Users\Admin\AppData\Local\Temp\3102d2b1579244e3a14d73747bfa01139f0493af1ee471ab10d0bc7bca581d96N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tbthht.exec:\tbthht.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppdd.exec:\5ppdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbttn.exec:\5tbttn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvjv.exec:\9jvjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xlxlrf.exec:\3xlxlrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrffl.exec:\rlfrffl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbtnn.exec:\tbbtnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvj.exec:\jdpvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlffllr.exec:\xlffllr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbhn.exec:\btnbhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppd.exec:\jdppd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvj.exec:\dvpvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxfrxf.exec:\5lxfrxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbhn.exec:\bbnbhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhbb.exec:\nhbhbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpv.exec:\jddpv.exe17⤵
- Executes dropped EXE
-
\??\c:\lrfrlrr.exec:\lrfrlrr.exe18⤵
- Executes dropped EXE
-
\??\c:\frfflfl.exec:\frfflfl.exe19⤵
- Executes dropped EXE
-
\??\c:\hbbnth.exec:\hbbnth.exe20⤵
- Executes dropped EXE
-
\??\c:\5nhhnn.exec:\5nhhnn.exe21⤵
- Executes dropped EXE
-
\??\c:\pjjpd.exec:\pjjpd.exe22⤵
- Executes dropped EXE
-
\??\c:\ffrlrfx.exec:\ffrlrfx.exe23⤵
- Executes dropped EXE
-
\??\c:\frxrxxf.exec:\frxrxxf.exe24⤵
- Executes dropped EXE
-
\??\c:\nhbhth.exec:\nhbhth.exe25⤵
- Executes dropped EXE
-
\??\c:\1vpvv.exec:\1vpvv.exe26⤵
- Executes dropped EXE
-
\??\c:\rlflrxl.exec:\rlflrxl.exe27⤵
- Executes dropped EXE
-
\??\c:\thbtbn.exec:\thbtbn.exe28⤵
- Executes dropped EXE
-
\??\c:\htbbht.exec:\htbbht.exe29⤵
- Executes dropped EXE
-
\??\c:\vpdpd.exec:\vpdpd.exe30⤵
- Executes dropped EXE
-
\??\c:\llffrxf.exec:\llffrxf.exe31⤵
- Executes dropped EXE
-
\??\c:\tnhnhb.exec:\tnhnhb.exe32⤵
- Executes dropped EXE
-
\??\c:\hthhhn.exec:\hthhhn.exe33⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe34⤵
- Executes dropped EXE
-
\??\c:\rrlxrfr.exec:\rrlxrfr.exe35⤵
- Executes dropped EXE
-
\??\c:\rxxxlxx.exec:\rxxxlxx.exe36⤵
- Executes dropped EXE
-
\??\c:\7thtbb.exec:\7thtbb.exe37⤵
- Executes dropped EXE
-
\??\c:\jdvpv.exec:\jdvpv.exe38⤵
- Executes dropped EXE
-
\??\c:\3pvvj.exec:\3pvvj.exe39⤵
- Executes dropped EXE
-
\??\c:\rflfllx.exec:\rflfllx.exe40⤵
- Executes dropped EXE
-
\??\c:\bhnbtb.exec:\bhnbtb.exe41⤵
- Executes dropped EXE
-
\??\c:\tbbhhb.exec:\tbbhhb.exe42⤵
- Executes dropped EXE
-
\??\c:\3jdpv.exec:\3jdpv.exe43⤵
- Executes dropped EXE
-
\??\c:\jpjvp.exec:\jpjvp.exe44⤵
- Executes dropped EXE
-
\??\c:\5frlfff.exec:\5frlfff.exe45⤵
- Executes dropped EXE
-
\??\c:\rxfflll.exec:\rxfflll.exe46⤵
- Executes dropped EXE
-
\??\c:\3bbbnn.exec:\3bbbnn.exe47⤵
- Executes dropped EXE
-
\??\c:\3nnhnt.exec:\3nnhnt.exe48⤵
- Executes dropped EXE
-
\??\c:\3tnbbh.exec:\3tnbbh.exe49⤵
- Executes dropped EXE
-
\??\c:\jpjvv.exec:\jpjvv.exe50⤵
- Executes dropped EXE
-
\??\c:\1fllxlf.exec:\1fllxlf.exe51⤵
- Executes dropped EXE
-
\??\c:\fxlfxxl.exec:\fxlfxxl.exe52⤵
- Executes dropped EXE
-
\??\c:\bnbhhb.exec:\bnbhhb.exe53⤵
- Executes dropped EXE
-
\??\c:\nhhtnb.exec:\nhhtnb.exe54⤵
- Executes dropped EXE
-
\??\c:\hbthnt.exec:\hbthnt.exe55⤵
- Executes dropped EXE
-
\??\c:\dvpjj.exec:\dvpjj.exe56⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe57⤵
- Executes dropped EXE
-
\??\c:\lxlrrxl.exec:\lxlrrxl.exe58⤵
- Executes dropped EXE
-
\??\c:\9frxrfl.exec:\9frxrfl.exe59⤵
- Executes dropped EXE
-
\??\c:\nnhntt.exec:\nnhntt.exe60⤵
- Executes dropped EXE
-
\??\c:\tththh.exec:\tththh.exe61⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe62⤵
- Executes dropped EXE
-
\??\c:\5vvdp.exec:\5vvdp.exe63⤵
- Executes dropped EXE
-
\??\c:\xxrrlxx.exec:\xxrrlxx.exe64⤵
- Executes dropped EXE
-
\??\c:\lrlfrlf.exec:\lrlfrlf.exe65⤵
- Executes dropped EXE
-
\??\c:\bnbbbh.exec:\bnbbbh.exe66⤵
-
\??\c:\nhbntt.exec:\nhbntt.exe67⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe68⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe69⤵
-
\??\c:\7pdjj.exec:\7pdjj.exe70⤵
-
\??\c:\rlrflrf.exec:\rlrflrf.exe71⤵
-
\??\c:\1rrxxfr.exec:\1rrxxfr.exe72⤵
-
\??\c:\hbbhbt.exec:\hbbhbt.exe73⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe74⤵
-
\??\c:\djdpd.exec:\djdpd.exe75⤵
-
\??\c:\jpjvv.exec:\jpjvv.exe76⤵
-
\??\c:\5llfrxl.exec:\5llfrxl.exe77⤵
-
\??\c:\xlllrlr.exec:\xlllrlr.exe78⤵
-
\??\c:\nbtbhn.exec:\nbtbhn.exe79⤵
-
\??\c:\tbbnbh.exec:\tbbnbh.exe80⤵
-
\??\c:\1vjpp.exec:\1vjpp.exe81⤵
-
\??\c:\xflfxfx.exec:\xflfxfx.exe82⤵
-
\??\c:\rlfrlxl.exec:\rlfrlxl.exe83⤵
-
\??\c:\5thhhn.exec:\5thhhn.exe84⤵
-
\??\c:\bbhttb.exec:\bbhttb.exe85⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe86⤵
-
\??\c:\llflrxx.exec:\llflrxx.exe87⤵
-
\??\c:\lxlxxlf.exec:\lxlxxlf.exe88⤵
-
\??\c:\nhthnn.exec:\nhthnn.exe89⤵
-
\??\c:\hnhtht.exec:\hnhtht.exe90⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe91⤵
-
\??\c:\dpjjp.exec:\dpjjp.exe92⤵
-
\??\c:\5lrrxfl.exec:\5lrrxfl.exe93⤵
-
\??\c:\hbhnnn.exec:\hbhnnn.exe94⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe95⤵
-
\??\c:\7vpdd.exec:\7vpdd.exe96⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe97⤵
-
\??\c:\ffrllff.exec:\ffrllff.exe98⤵
-
\??\c:\hnthht.exec:\hnthht.exe99⤵
-
\??\c:\5tnhnn.exec:\5tnhnn.exe100⤵
-
\??\c:\3pvpd.exec:\3pvpd.exe101⤵
-
\??\c:\llffrrf.exec:\llffrrf.exe102⤵
-
\??\c:\9llxrxr.exec:\9llxrxr.exe103⤵
-
\??\c:\hbhtnb.exec:\hbhtnb.exe104⤵
-
\??\c:\btbhtn.exec:\btbhtn.exe105⤵
-
\??\c:\7jvdp.exec:\7jvdp.exe106⤵
-
\??\c:\rlrxrrf.exec:\rlrxrrf.exe107⤵
-
\??\c:\xfflfrr.exec:\xfflfrr.exe108⤵
-
\??\c:\btntnb.exec:\btntnb.exe109⤵
-
\??\c:\nnnnbb.exec:\nnnnbb.exe110⤵
-
\??\c:\jjvdd.exec:\jjvdd.exe111⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe112⤵
-
\??\c:\flrflrf.exec:\flrflrf.exe113⤵
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe114⤵
-
\??\c:\tnhtbn.exec:\tnhtbn.exe115⤵
-
\??\c:\xxrxllr.exec:\xxrxllr.exe116⤵
-
\??\c:\llfffxf.exec:\llfffxf.exe117⤵
-
\??\c:\hnnbbn.exec:\hnnbbn.exe118⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe119⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe120⤵
-
\??\c:\lxxxlll.exec:\lxxxlll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-