Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
18/12/2024, 23:41
General
-
Target
8a39b2b17a431219043790a609486d59fc0ff541d9ff24155858d99f88e206fd.exe
-
Size
456KB
-
MD5
4f4711dc16fd510b8eb7c602d68a2069
-
SHA1
50d1e340a14439e58e98152a912a546250bdfb45
-
SHA256
8a39b2b17a431219043790a609486d59fc0ff541d9ff24155858d99f88e206fd
-
SHA512
40b1053252f7d3e775693ac3fdae9aefc29ed8c76fab9f7219bb2775c2709061b8d3bb39428ff9428ef49951c420a0a16e13a3612562fc6e27c15f36d4262c9e
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeRh:q7Tc2NYHUrAwfMp3CDRh
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 48 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8a39b2b17a431219043790a609486d59fc0ff541d9ff24155858d99f88e206fd.exe"C:\Users\Admin\AppData\Local\Temp\8a39b2b17a431219043790a609486d59fc0ff541d9ff24155858d99f88e206fd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntnt.exec:\bbntnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppvp.exec:\jppvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxffrf.exec:\ffxffrf.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhtb.exec:\nnbhtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjjv.exec:\pvjjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rlrlrl.exec:\5rlrlrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbnt.exec:\bnbbnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjv.exec:\pjjjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddj.exec:\vvddj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxllrrx.exec:\rxllrrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdjv.exec:\jpdjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvjv.exec:\1vvjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdj.exec:\pdvdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxlrxf.exec:\7rxlrxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvdj.exec:\vjvdj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rlrxxx.exec:\1rlrxxx.exe17⤵
- Executes dropped EXE
-
\??\c:\7jdjp.exec:\7jdjp.exe18⤵
- Executes dropped EXE
-
\??\c:\rrxlxxf.exec:\rrxlxxf.exe19⤵
- Executes dropped EXE
-
\??\c:\ppjjp.exec:\ppjjp.exe20⤵
- Executes dropped EXE
-
\??\c:\bbhhnt.exec:\bbhhnt.exe21⤵
- Executes dropped EXE
-
\??\c:\pvjvj.exec:\pvjvj.exe22⤵
- Executes dropped EXE
-
\??\c:\bnhnbh.exec:\bnhnbh.exe23⤵
- Executes dropped EXE
-
\??\c:\vjvjv.exec:\vjvjv.exe24⤵
- Executes dropped EXE
-
\??\c:\hhnnbb.exec:\hhnnbb.exe25⤵
- Executes dropped EXE
-
\??\c:\ffrfrxl.exec:\ffrfrxl.exe26⤵
- Executes dropped EXE
-
\??\c:\1tntbb.exec:\1tntbb.exe27⤵
- Executes dropped EXE
-
\??\c:\pdvdp.exec:\pdvdp.exe28⤵
- Executes dropped EXE
-
\??\c:\1ttbbn.exec:\1ttbbn.exe29⤵
- Executes dropped EXE
-
\??\c:\dpdjp.exec:\dpdjp.exe30⤵
- Executes dropped EXE
-
\??\c:\xflxllx.exec:\xflxllx.exe31⤵
- Executes dropped EXE
-
\??\c:\bhntbh.exec:\bhntbh.exe32⤵
- Executes dropped EXE
-
\??\c:\1lxlxfr.exec:\1lxlxfr.exe33⤵
- Executes dropped EXE
-
\??\c:\lrflxfl.exec:\lrflxfl.exe34⤵
- Executes dropped EXE
-
\??\c:\bntbnt.exec:\bntbnt.exe35⤵
- Executes dropped EXE
-
\??\c:\1rfxfxf.exec:\1rfxfxf.exe36⤵
- Executes dropped EXE
-
\??\c:\bbnbnn.exec:\bbnbnn.exe37⤵
- Executes dropped EXE
-
\??\c:\nnnnbb.exec:\nnnnbb.exe38⤵
- Executes dropped EXE
-
\??\c:\vdjpv.exec:\vdjpv.exe39⤵
- Executes dropped EXE
-
\??\c:\1frrxfr.exec:\1frrxfr.exe40⤵
- Executes dropped EXE
-
\??\c:\bbhhhb.exec:\bbhhhb.exe41⤵
- Executes dropped EXE
-
\??\c:\ntbbnn.exec:\ntbbnn.exe42⤵
- Executes dropped EXE
-
\??\c:\djvdj.exec:\djvdj.exe43⤵
- Executes dropped EXE
-
\??\c:\ffllrrx.exec:\ffllrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\5ntnnn.exec:\5ntnnn.exe45⤵
- Executes dropped EXE
-
\??\c:\jjppd.exec:\jjppd.exe46⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe47⤵
- Executes dropped EXE
-
\??\c:\fffrfff.exec:\fffrfff.exe48⤵
- Executes dropped EXE
-
\??\c:\3ntbhn.exec:\3ntbhn.exe49⤵
- Executes dropped EXE
-
\??\c:\vvppp.exec:\vvppp.exe50⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe51⤵
- Executes dropped EXE
-
\??\c:\xxxxffl.exec:\xxxxffl.exe52⤵
- Executes dropped EXE
-
\??\c:\9btbhn.exec:\9btbhn.exe53⤵
- Executes dropped EXE
-
\??\c:\vjpvv.exec:\vjpvv.exe54⤵
- Executes dropped EXE
-
\??\c:\xxrxlxr.exec:\xxrxlxr.exe55⤵
- Executes dropped EXE
-
\??\c:\hhnhhh.exec:\hhnhhh.exe56⤵
- Executes dropped EXE
-
\??\c:\dpdjv.exec:\dpdjv.exe57⤵
- Executes dropped EXE
-
\??\c:\vdpvd.exec:\vdpvd.exe58⤵
- Executes dropped EXE
-
\??\c:\lrlfllx.exec:\lrlfllx.exe59⤵
- Executes dropped EXE
-
\??\c:\7thhhh.exec:\7thhhh.exe60⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe61⤵
- Executes dropped EXE
-
\??\c:\7dvvd.exec:\7dvvd.exe62⤵
- Executes dropped EXE
-
\??\c:\xxrrxrr.exec:\xxrrxrr.exe63⤵
- Executes dropped EXE
-
\??\c:\bbbbbb.exec:\bbbbbb.exe64⤵
- Executes dropped EXE
-
\??\c:\ppvdj.exec:\ppvdj.exe65⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ddpvv.exec:\ddpvv.exe66⤵
-
\??\c:\xxlffff.exec:\xxlffff.exe67⤵
-
\??\c:\tntntt.exec:\tntntt.exe68⤵
-
\??\c:\vdpdj.exec:\vdpdj.exe69⤵
-
\??\c:\xxllrxl.exec:\xxllrxl.exe70⤵
-
\??\c:\xxxxfxf.exec:\xxxxfxf.exe71⤵
-
\??\c:\hhnnbn.exec:\hhnnbn.exe72⤵
-
\??\c:\ddppd.exec:\ddppd.exe73⤵
-
\??\c:\rxlxxlx.exec:\rxlxxlx.exe74⤵
-
\??\c:\llxxxxl.exec:\llxxxxl.exe75⤵
-
\??\c:\1nntnb.exec:\1nntnb.exe76⤵
-
\??\c:\1jjpd.exec:\1jjpd.exe77⤵
-
\??\c:\1fxfrxl.exec:\1fxfrxl.exe78⤵
-
\??\c:\1hhntb.exec:\1hhntb.exe79⤵
-
\??\c:\htnthn.exec:\htnthn.exe80⤵
-
\??\c:\lrllxxl.exec:\lrllxxl.exe81⤵
-
\??\c:\bhthnt.exec:\bhthnt.exe82⤵
-
\??\c:\1vjdj.exec:\1vjdj.exe83⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe84⤵
-
\??\c:\5rrxlrx.exec:\5rrxlrx.exe85⤵
-
\??\c:\bnbbht.exec:\bnbbht.exe86⤵
-
\??\c:\9vppd.exec:\9vppd.exe87⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe88⤵
-
\??\c:\xxlrrxl.exec:\xxlrrxl.exe89⤵
-
\??\c:\hnhhtb.exec:\hnhhtb.exe90⤵
-
\??\c:\1jvdp.exec:\1jvdp.exe91⤵
-
\??\c:\fflxlxf.exec:\fflxlxf.exe92⤵
-
\??\c:\ffrxfrf.exec:\ffrxfrf.exe93⤵
-
\??\c:\hthbnb.exec:\hthbnb.exe94⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe95⤵
-
\??\c:\lxfflrr.exec:\lxfflrr.exe96⤵
-
\??\c:\bbhntb.exec:\bbhntb.exe97⤵
-
\??\c:\vvdjv.exec:\vvdjv.exe98⤵
-
\??\c:\djvdd.exec:\djvdd.exe99⤵
-
\??\c:\3lffrxl.exec:\3lffrxl.exe100⤵
-
\??\c:\btnbhh.exec:\btnbhh.exe101⤵
-
\??\c:\nnbtbh.exec:\nnbtbh.exe102⤵
-
\??\c:\djvvj.exec:\djvvj.exe103⤵
-
\??\c:\xxxxlll.exec:\xxxxlll.exe104⤵
-
\??\c:\hntbhh.exec:\hntbhh.exe105⤵
-
\??\c:\nbbbbn.exec:\nbbbbn.exe106⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe107⤵
-
\??\c:\xlffrfl.exec:\xlffrfl.exe108⤵
-
\??\c:\bhbhnt.exec:\bhbhnt.exe109⤵
-
\??\c:\9btbbt.exec:\9btbbt.exe110⤵
-
\??\c:\jpjjp.exec:\jpjjp.exe111⤵
-
\??\c:\ffrrxxf.exec:\ffrrxxf.exe112⤵
-
\??\c:\tnbhhn.exec:\tnbhhn.exe113⤵
-
\??\c:\5btthn.exec:\5btthn.exe114⤵
-
\??\c:\rxlrxlr.exec:\rxlrxlr.exe115⤵
-
\??\c:\tthhnn.exec:\tthhnn.exe116⤵
-
\??\c:\jpdpv.exec:\jpdpv.exe117⤵
-
\??\c:\ffffrrf.exec:\ffffrrf.exe118⤵
-
\??\c:\rrxxffl.exec:\rrxxffl.exe119⤵
-
\??\c:\hbhbhn.exec:\hbhbhn.exe120⤵
-
\??\c:\9pddj.exec:\9pddj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-