Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
18/12/2024, 23:12
General
-
Target
821452e264bbb67e863b82946c7b42ccdb2036c974ae64a51b057a88af32ee1e.exe
-
Size
454KB
-
MD5
5523b2433e4431919418f543a1ffe491
-
SHA1
96c62ba2753c7a4b5e37834b5c780b68fb1d4da2
-
SHA256
821452e264bbb67e863b82946c7b42ccdb2036c974ae64a51b057a88af32ee1e
-
SHA512
fdc7832f6b505b76e8b922c6e42fe619d656ddecdea707616a416ccf72ce5256b9183e1dff44a950ff71f6fd367efd2caa57e767674b5b4973aab07d859557b3
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbe/:q7Tc2NYHUrAwfMp3CD/
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 46 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\821452e264bbb67e863b82946c7b42ccdb2036c974ae64a51b057a88af32ee1e.exe"C:\Users\Admin\AppData\Local\Temp\821452e264bbb67e863b82946c7b42ccdb2036c974ae64a51b057a88af32ee1e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\4008206.exec:\4008206.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbthb.exec:\nnbthb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i044628.exec:\i044628.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\260240.exec:\260240.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbnnt.exec:\tbbnnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthth.exec:\ttthth.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\828844.exec:\828844.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e04688.exec:\e04688.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8808088.exec:\8808088.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0824286.exec:\0824286.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m0862.exec:\m0862.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbnn.exec:\bhhbnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvpv.exec:\1vvpv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5flllfl.exec:\5flllfl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w86866.exec:\w86866.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8800600.exec:\8800600.exe17⤵
- Executes dropped EXE
-
\??\c:\864028.exec:\864028.exe18⤵
- Executes dropped EXE
-
\??\c:\1xllrxl.exec:\1xllrxl.exe19⤵
- Executes dropped EXE
-
\??\c:\fffrfrf.exec:\fffrfrf.exe20⤵
- Executes dropped EXE
-
\??\c:\o800662.exec:\o800662.exe21⤵
- Executes dropped EXE
-
\??\c:\c822480.exec:\c822480.exe22⤵
- Executes dropped EXE
-
\??\c:\260244.exec:\260244.exe23⤵
- Executes dropped EXE
-
\??\c:\llxlxfr.exec:\llxlxfr.exe24⤵
- Executes dropped EXE
-
\??\c:\426806.exec:\426806.exe25⤵
- Executes dropped EXE
-
\??\c:\nhhttt.exec:\nhhttt.exe26⤵
- Executes dropped EXE
-
\??\c:\g0442.exec:\g0442.exe27⤵
- Executes dropped EXE
-
\??\c:\k00202.exec:\k00202.exe28⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rxfxrlr.exec:\rxfxrlr.exe29⤵
- Executes dropped EXE
-
\??\c:\htthtb.exec:\htthtb.exe30⤵
- Executes dropped EXE
-
\??\c:\3xlrrxr.exec:\3xlrrxr.exe31⤵
- Executes dropped EXE
-
\??\c:\3pjvp.exec:\3pjvp.exe32⤵
- Executes dropped EXE
-
\??\c:\q42840.exec:\q42840.exe33⤵
- Executes dropped EXE
-
\??\c:\u884286.exec:\u884286.exe34⤵
- Executes dropped EXE
-
\??\c:\48686.exec:\48686.exe35⤵
- Executes dropped EXE
-
\??\c:\6666464.exec:\6666464.exe36⤵
- Executes dropped EXE
-
\??\c:\9rffxrr.exec:\9rffxrr.exe37⤵
- Executes dropped EXE
-
\??\c:\xflrrfx.exec:\xflrrfx.exe38⤵
- Executes dropped EXE
-
\??\c:\28228.exec:\28228.exe39⤵
- Executes dropped EXE
-
\??\c:\s8024.exec:\s8024.exe40⤵
- Executes dropped EXE
-
\??\c:\04284.exec:\04284.exe41⤵
- Executes dropped EXE
-
\??\c:\080026.exec:\080026.exe42⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe43⤵
- Executes dropped EXE
-
\??\c:\hhbhtt.exec:\hhbhtt.exe44⤵
- Executes dropped EXE
-
\??\c:\rllrffx.exec:\rllrffx.exe45⤵
- Executes dropped EXE
-
\??\c:\lfxfrfr.exec:\lfxfrfr.exe46⤵
- Executes dropped EXE
-
\??\c:\fffxllr.exec:\fffxllr.exe47⤵
- Executes dropped EXE
-
\??\c:\s8668.exec:\s8668.exe48⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hhbnbb.exec:\hhbnbb.exe49⤵
- Executes dropped EXE
-
\??\c:\jjdpj.exec:\jjdpj.exe50⤵
- Executes dropped EXE
-
\??\c:\ppdpv.exec:\ppdpv.exe51⤵
- Executes dropped EXE
-
\??\c:\lffrlrl.exec:\lffrlrl.exe52⤵
- Executes dropped EXE
-
\??\c:\7xrfllx.exec:\7xrfllx.exe53⤵
- Executes dropped EXE
-
\??\c:\7rllrrf.exec:\7rllrrf.exe54⤵
- Executes dropped EXE
-
\??\c:\444008.exec:\444008.exe55⤵
- Executes dropped EXE
-
\??\c:\600240.exec:\600240.exe56⤵
- Executes dropped EXE
-
\??\c:\hnthht.exec:\hnthht.exe57⤵
- Executes dropped EXE
-
\??\c:\6602060.exec:\6602060.exe58⤵
- Executes dropped EXE
-
\??\c:\0420840.exec:\0420840.exe59⤵
- Executes dropped EXE
-
\??\c:\86028.exec:\86028.exe60⤵
- Executes dropped EXE
-
\??\c:\nhbhth.exec:\nhbhth.exe61⤵
- Executes dropped EXE
-
\??\c:\xfrflrr.exec:\xfrflrr.exe62⤵
- Executes dropped EXE
-
\??\c:\rlffxxl.exec:\rlffxxl.exe63⤵
- Executes dropped EXE
-
\??\c:\hbnntt.exec:\hbnntt.exe64⤵
- Executes dropped EXE
-
\??\c:\0866264.exec:\0866264.exe65⤵
- Executes dropped EXE
-
\??\c:\080622.exec:\080622.exe66⤵
-
\??\c:\420000.exec:\420000.exe67⤵
- System Location Discovery: System Language Discovery
-
\??\c:\q46628.exec:\q46628.exe68⤵
-
\??\c:\u826280.exec:\u826280.exe69⤵
-
\??\c:\thtbhh.exec:\thtbhh.exe70⤵
-
\??\c:\2068884.exec:\2068884.exe71⤵
-
\??\c:\864060.exec:\864060.exe72⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe73⤵
-
\??\c:\60840.exec:\60840.exe74⤵
-
\??\c:\60808.exec:\60808.exe75⤵
-
\??\c:\nnbhtt.exec:\nnbhtt.exe76⤵
-
\??\c:\nbnntt.exec:\nbnntt.exe77⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe78⤵
-
\??\c:\hnhthh.exec:\hnhthh.exe79⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe80⤵
-
\??\c:\6660664.exec:\6660664.exe81⤵
-
\??\c:\hhhhbh.exec:\hhhhbh.exe82⤵
-
\??\c:\448680.exec:\448680.exe83⤵
-
\??\c:\8262446.exec:\8262446.exe84⤵
-
\??\c:\1hhhnb.exec:\1hhhnb.exe85⤵
-
\??\c:\06644.exec:\06644.exe86⤵
-
\??\c:\rxfrrlf.exec:\rxfrrlf.exe87⤵
-
\??\c:\nnntnt.exec:\nnntnt.exe88⤵
-
\??\c:\440868.exec:\440868.exe89⤵
-
\??\c:\pppvp.exec:\pppvp.exe90⤵
-
\??\c:\00424.exec:\00424.exe91⤵
-
\??\c:\26420.exec:\26420.exe92⤵
-
\??\c:\s0464.exec:\s0464.exe93⤵
-
\??\c:\8240208.exec:\8240208.exe94⤵
-
\??\c:\486806.exec:\486806.exe95⤵
-
\??\c:\dppjd.exec:\dppjd.exe96⤵
-
\??\c:\7ddpv.exec:\7ddpv.exe97⤵
-
\??\c:\48680.exec:\48680.exe98⤵
-
\??\c:\264024.exec:\264024.exe99⤵
-
\??\c:\6080202.exec:\6080202.exe100⤵
-
\??\c:\u266280.exec:\u266280.exe101⤵
-
\??\c:\lxrrllf.exec:\lxrrllf.exe102⤵
-
\??\c:\rrfrlrr.exec:\rrfrlrr.exe103⤵
-
\??\c:\nnbhtt.exec:\nnbhtt.exe104⤵
-
\??\c:\86884.exec:\86884.exe105⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe106⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe107⤵
-
\??\c:\a0840.exec:\a0840.exe108⤵
-
\??\c:\m6060.exec:\m6060.exe109⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe110⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ddjdd.exec:\ddjdd.exe111⤵
-
\??\c:\s4842.exec:\s4842.exe112⤵
-
\??\c:\66842.exec:\66842.exe113⤵
-
\??\c:\0006068.exec:\0006068.exe114⤵
-
\??\c:\260640.exec:\260640.exe115⤵
-
\??\c:\2644288.exec:\2644288.exe116⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe117⤵
-
\??\c:\u268620.exec:\u268620.exe118⤵
-
\??\c:\640662.exec:\640662.exe119⤵
-
\??\c:\rrllflf.exec:\rrllflf.exe120⤵
-
\??\c:\u080402.exec:\u080402.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-