Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
18/12/2024, 22:57
General
-
Target
b9bfde52331d733a7121d06bcd7eedd0a808e7176888f001df7341d263da49a9N.exe
-
Size
82KB
-
MD5
4ee152c31e1671b2e904510a13db0a70
-
SHA1
5f48b6a05fe1a676160096ed842d6cac672ddba7
-
SHA256
b9bfde52331d733a7121d06bcd7eedd0a808e7176888f001df7341d263da49a9
-
SHA512
0baef0e2e84e51aaf89fcb7a04a800e4285024bc9bd5e64a088b37a7100568fe0760a01e7f5389a49401da3391e850842a32f50b27c6e583e64e754b6332b14c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73tgygQwKjiawEmB5Gth:ymb3NkkiQ3mdBjFo73thgQ/wEko
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b9bfde52331d733a7121d06bcd7eedd0a808e7176888f001df7341d263da49a9N.exe"C:\Users\Admin\AppData\Local\Temp\b9bfde52331d733a7121d06bcd7eedd0a808e7176888f001df7341d263da49a9N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbht.exec:\nhtbht.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvv.exec:\ppjvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbhn.exec:\nbnbhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbhnn.exec:\thbhnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjpv.exec:\3pjpv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflrfx.exec:\llflrfx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbbb.exec:\thhbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3htnbn.exec:\3htnbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjpd.exec:\3vjpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrllx.exec:\rxxrllx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbnt.exec:\nntbnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhttb.exec:\nbhttb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvjd.exec:\jpvjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjp.exec:\jvjjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxllxfr.exec:\rxllxfr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxflrf.exec:\rrxflrf.exe17⤵
- Executes dropped EXE
-
\??\c:\nhttht.exec:\nhttht.exe18⤵
- Executes dropped EXE
-
\??\c:\htbhbn.exec:\htbhbn.exe19⤵
- Executes dropped EXE
-
\??\c:\1jjdp.exec:\1jjdp.exe20⤵
- Executes dropped EXE
-
\??\c:\rxlfffl.exec:\rxlfffl.exe21⤵
- Executes dropped EXE
-
\??\c:\xrfxxfr.exec:\xrfxxfr.exe22⤵
- Executes dropped EXE
-
\??\c:\5lflxff.exec:\5lflxff.exe23⤵
- Executes dropped EXE
-
\??\c:\hnnhht.exec:\hnnhht.exe24⤵
- Executes dropped EXE
-
\??\c:\dddpv.exec:\dddpv.exe25⤵
- Executes dropped EXE
-
\??\c:\jjvpj.exec:\jjvpj.exe26⤵
- Executes dropped EXE
-
\??\c:\xllxrlf.exec:\xllxrlf.exe27⤵
- Executes dropped EXE
-
\??\c:\tnbbnb.exec:\tnbbnb.exe28⤵
- Executes dropped EXE
-
\??\c:\tnbhnn.exec:\tnbhnn.exe29⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe30⤵
- Executes dropped EXE
-
\??\c:\djdjv.exec:\djdjv.exe31⤵
- Executes dropped EXE
-
\??\c:\ffrrflx.exec:\ffrrflx.exe32⤵
- Executes dropped EXE
-
\??\c:\btbbht.exec:\btbbht.exe33⤵
- Executes dropped EXE
-
\??\c:\bthnbh.exec:\bthnbh.exe34⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe35⤵
- Executes dropped EXE
-
\??\c:\1pjvj.exec:\1pjvj.exe36⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe37⤵
- Executes dropped EXE
-
\??\c:\5frflrf.exec:\5frflrf.exe38⤵
- Executes dropped EXE
-
\??\c:\xlxxrxl.exec:\xlxxrxl.exe39⤵
- Executes dropped EXE
-
\??\c:\hhtbtn.exec:\hhtbtn.exe40⤵
- Executes dropped EXE
-
\??\c:\hbhhnn.exec:\hbhhnn.exe41⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe42⤵
- Executes dropped EXE
-
\??\c:\5pjjp.exec:\5pjjp.exe43⤵
- Executes dropped EXE
-
\??\c:\5rrxflx.exec:\5rrxflx.exe44⤵
- Executes dropped EXE
-
\??\c:\xrflrrx.exec:\xrflrrx.exe45⤵
- Executes dropped EXE
-
\??\c:\nhhhhn.exec:\nhhhhn.exe46⤵
- Executes dropped EXE
-
\??\c:\7vppd.exec:\7vppd.exe47⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe48⤵
- Executes dropped EXE
-
\??\c:\3xxlllx.exec:\3xxlllx.exe49⤵
- Executes dropped EXE
-
\??\c:\1rllllf.exec:\1rllllf.exe50⤵
- Executes dropped EXE
-
\??\c:\3hhhtb.exec:\3hhhtb.exe51⤵
- Executes dropped EXE
-
\??\c:\ntnbnb.exec:\ntnbnb.exe52⤵
- Executes dropped EXE
-
\??\c:\5vjdj.exec:\5vjdj.exe53⤵
- Executes dropped EXE
-
\??\c:\djvvv.exec:\djvvv.exe54⤵
- Executes dropped EXE
-
\??\c:\1fflrrf.exec:\1fflrrf.exe55⤵
- Executes dropped EXE
-
\??\c:\bbtbnt.exec:\bbtbnt.exe56⤵
- Executes dropped EXE
-
\??\c:\nhttbb.exec:\nhttbb.exe57⤵
- Executes dropped EXE
-
\??\c:\ppjpp.exec:\ppjpp.exe58⤵
- Executes dropped EXE
-
\??\c:\9frlrxl.exec:\9frlrxl.exe59⤵
- Executes dropped EXE
-
\??\c:\ffxlxll.exec:\ffxlxll.exe60⤵
- Executes dropped EXE
-
\??\c:\nnhhnh.exec:\nnhhnh.exe61⤵
- Executes dropped EXE
-
\??\c:\tnbttt.exec:\tnbttt.exe62⤵
- Executes dropped EXE
-
\??\c:\7vpjj.exec:\7vpjj.exe63⤵
- Executes dropped EXE
-
\??\c:\5rlrlfr.exec:\5rlrlfr.exe64⤵
- Executes dropped EXE
-
\??\c:\xrlxlff.exec:\xrlxlff.exe65⤵
- Executes dropped EXE
-
\??\c:\tthnhh.exec:\tthnhh.exe66⤵
-
\??\c:\tththn.exec:\tththn.exe67⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe68⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe69⤵
-
\??\c:\7frxfxf.exec:\7frxfxf.exe70⤵
-
\??\c:\tnhnnt.exec:\tnhnnt.exe71⤵
-
\??\c:\hnbnbb.exec:\hnbnbb.exe72⤵
-
\??\c:\1pjdj.exec:\1pjdj.exe73⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe74⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe75⤵
-
\??\c:\lfllfxr.exec:\lfllfxr.exe76⤵
-
\??\c:\hnbbhn.exec:\hnbbhn.exe77⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe78⤵
-
\??\c:\vddvd.exec:\vddvd.exe79⤵
-
\??\c:\1rrrlfl.exec:\1rrrlfl.exe80⤵
-
\??\c:\1hthnt.exec:\1hthnt.exe81⤵
-
\??\c:\nnhhth.exec:\nnhhth.exe82⤵
-
\??\c:\3vjvv.exec:\3vjvv.exe83⤵
-
\??\c:\dvddd.exec:\dvddd.exe84⤵
-
\??\c:\lfxxlxx.exec:\lfxxlxx.exe85⤵
-
\??\c:\3nttnn.exec:\3nttnn.exe86⤵
-
\??\c:\5hhtbh.exec:\5hhtbh.exe87⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe88⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe89⤵
-
\??\c:\rrfllll.exec:\rrfllll.exe90⤵
-
\??\c:\fflxrxl.exec:\fflxrxl.exe91⤵
-
\??\c:\3ntnbn.exec:\3ntnbn.exe92⤵
-
\??\c:\djjjp.exec:\djjjp.exe93⤵
-
\??\c:\jpjdj.exec:\jpjdj.exe94⤵
-
\??\c:\fxrrxfr.exec:\fxrrxfr.exe95⤵
-
\??\c:\frllffl.exec:\frllffl.exe96⤵
-
\??\c:\1nbhnn.exec:\1nbhnn.exe97⤵
-
\??\c:\hbhtht.exec:\hbhtht.exe98⤵
-
\??\c:\dddvd.exec:\dddvd.exe99⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe100⤵
-
\??\c:\xllrflr.exec:\xllrflr.exe101⤵
-
\??\c:\xfxxrlx.exec:\xfxxrlx.exe102⤵
-
\??\c:\1htthh.exec:\1htthh.exe103⤵
-
\??\c:\hhtbht.exec:\hhtbht.exe104⤵
-
\??\c:\5vppp.exec:\5vppp.exe105⤵
-
\??\c:\djdpp.exec:\djdpp.exe106⤵
-
\??\c:\9jvdd.exec:\9jvdd.exe107⤵
-
\??\c:\7lxrrlx.exec:\7lxrrlx.exe108⤵
-
\??\c:\llflxfl.exec:\llflxfl.exe109⤵
-
\??\c:\9nbhnt.exec:\9nbhnt.exe110⤵
-
\??\c:\htnthh.exec:\htnthh.exe111⤵
-
\??\c:\djvpv.exec:\djvpv.exe112⤵
-
\??\c:\llxxflx.exec:\llxxflx.exe113⤵
-
\??\c:\9rrfrfl.exec:\9rrfrfl.exe114⤵
-
\??\c:\frxxfxf.exec:\frxxfxf.exe115⤵
-
\??\c:\ntbtbb.exec:\ntbtbb.exe116⤵
-
\??\c:\bhbtth.exec:\bhbtth.exe117⤵
-
\??\c:\3jpvj.exec:\3jpvj.exe118⤵
-
\??\c:\jppvj.exec:\jppvj.exe119⤵
-
\??\c:\xxllrxf.exec:\xxllrxf.exe120⤵
-
\??\c:\flrfxfx.exec:\flrfxfx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-