Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
18/12/2024, 00:41
General
-
Target
90cca53dda68a2defa24dedfb9e313c9b1e4a59bf1eb9cc29c051913bf2b4e9b.exe
-
Size
81KB
-
MD5
d2b4f6f679f26d1c45f59bc6ddfe0258
-
SHA1
310c393478aee3411b866c49861b17787e27e736
-
SHA256
90cca53dda68a2defa24dedfb9e313c9b1e4a59bf1eb9cc29c051913bf2b4e9b
-
SHA512
087e3ac22285a33527cf975a86442837e9e371826a2594e3d562dc1eebcc72b6113db98c338eb8aafd53bc3b5115224f8ee7c54432647a8943804511cef5cfcf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5rINFE4yeqT:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCu4rb
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\90cca53dda68a2defa24dedfb9e313c9b1e4a59bf1eb9cc29c051913bf2b4e9b.exe"C:\Users\Admin\AppData\Local\Temp\90cca53dda68a2defa24dedfb9e313c9b1e4a59bf1eb9cc29c051913bf2b4e9b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvdj.exec:\9vvdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvv.exec:\pjvvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20446.exec:\20446.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\08068.exec:\08068.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllrxf.exec:\rlllrxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\042846.exec:\042846.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpv.exec:\jdvpv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbbht.exec:\1nbbht.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\08068.exec:\08068.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnnb.exec:\nhnnnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhtb.exec:\nhbhtb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhtt.exec:\bbnhtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c468444.exec:\c468444.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttnb.exec:\nhttnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\82620.exec:\82620.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrfffx.exec:\3xrfffx.exe17⤵
- Executes dropped EXE
-
\??\c:\20840.exec:\20840.exe18⤵
- Executes dropped EXE
-
\??\c:\868888.exec:\868888.exe19⤵
- Executes dropped EXE
-
\??\c:\486806.exec:\486806.exe20⤵
- Executes dropped EXE
-
\??\c:\tnttnb.exec:\tnttnb.exe21⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe22⤵
- Executes dropped EXE
-
\??\c:\26064.exec:\26064.exe23⤵
- Executes dropped EXE
-
\??\c:\08662.exec:\08662.exe24⤵
- Executes dropped EXE
-
\??\c:\q64682.exec:\q64682.exe25⤵
- Executes dropped EXE
-
\??\c:\26408.exec:\26408.exe26⤵
- Executes dropped EXE
-
\??\c:\xrffrrf.exec:\xrffrrf.exe27⤵
- Executes dropped EXE
-
\??\c:\bthntt.exec:\bthntt.exe28⤵
- Executes dropped EXE
-
\??\c:\g6844.exec:\g6844.exe29⤵
- Executes dropped EXE
-
\??\c:\fxrxllx.exec:\fxrxllx.exe30⤵
- Executes dropped EXE
-
\??\c:\5jpvj.exec:\5jpvj.exe31⤵
- Executes dropped EXE
-
\??\c:\4866280.exec:\4866280.exe32⤵
- Executes dropped EXE
-
\??\c:\a2244.exec:\a2244.exe33⤵
- Executes dropped EXE
-
\??\c:\g8624.exec:\g8624.exe34⤵
- Executes dropped EXE
-
\??\c:\7lfflfl.exec:\7lfflfl.exe35⤵
- Executes dropped EXE
-
\??\c:\5frxlfr.exec:\5frxlfr.exe36⤵
- Executes dropped EXE
-
\??\c:\c466828.exec:\c466828.exe37⤵
- Executes dropped EXE
-
\??\c:\lfxfxrf.exec:\lfxfxrf.exe38⤵
- Executes dropped EXE
-
\??\c:\0466880.exec:\0466880.exe39⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\2684602.exec:\2684602.exe40⤵
- Executes dropped EXE
-
\??\c:\tnhtht.exec:\tnhtht.exe41⤵
- Executes dropped EXE
-
\??\c:\pdvvd.exec:\pdvvd.exe42⤵
- Executes dropped EXE
-
\??\c:\420624.exec:\420624.exe43⤵
- Executes dropped EXE
-
\??\c:\c800228.exec:\c800228.exe44⤵
- Executes dropped EXE
-
\??\c:\86840.exec:\86840.exe45⤵
- Executes dropped EXE
-
\??\c:\0460062.exec:\0460062.exe46⤵
- Executes dropped EXE
-
\??\c:\jdjvp.exec:\jdjvp.exe47⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe48⤵
- Executes dropped EXE
-
\??\c:\2088884.exec:\2088884.exe49⤵
- Executes dropped EXE
-
\??\c:\w00688.exec:\w00688.exe50⤵
- Executes dropped EXE
-
\??\c:\hbhhhb.exec:\hbhhhb.exe51⤵
- Executes dropped EXE
-
\??\c:\04680.exec:\04680.exe52⤵
- Executes dropped EXE
-
\??\c:\08628.exec:\08628.exe53⤵
- Executes dropped EXE
-
\??\c:\7pdjj.exec:\7pdjj.exe54⤵
- Executes dropped EXE
-
\??\c:\5rxfffl.exec:\5rxfffl.exe55⤵
- Executes dropped EXE
-
\??\c:\0424222.exec:\0424222.exe56⤵
- Executes dropped EXE
-
\??\c:\rrlrxxf.exec:\rrlrxxf.exe57⤵
- Executes dropped EXE
-
\??\c:\rfxxffl.exec:\rfxxffl.exe58⤵
- Executes dropped EXE
-
\??\c:\480628.exec:\480628.exe59⤵
- Executes dropped EXE
-
\??\c:\btnntn.exec:\btnntn.exe60⤵
- Executes dropped EXE
-
\??\c:\862628.exec:\862628.exe61⤵
- Executes dropped EXE
-
\??\c:\tnnhhh.exec:\tnnhhh.exe62⤵
- Executes dropped EXE
-
\??\c:\868888.exec:\868888.exe63⤵
- Executes dropped EXE
-
\??\c:\a2064.exec:\a2064.exe64⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe65⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe66⤵
-
\??\c:\lrrfrfr.exec:\lrrfrfr.exe67⤵
-
\??\c:\fxfxfxf.exec:\fxfxfxf.exe68⤵
-
\??\c:\xlfflfr.exec:\xlfflfr.exe69⤵
-
\??\c:\20668.exec:\20668.exe70⤵
-
\??\c:\1dpvd.exec:\1dpvd.exe71⤵
-
\??\c:\4684068.exec:\4684068.exe72⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe73⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe74⤵
-
\??\c:\2688488.exec:\2688488.exe75⤵
-
\??\c:\0206264.exec:\0206264.exe76⤵
-
\??\c:\00602.exec:\00602.exe77⤵
-
\??\c:\446284.exec:\446284.exe78⤵
-
\??\c:\c420062.exec:\c420062.exe79⤵
-
\??\c:\xlxflll.exec:\xlxflll.exe80⤵
-
\??\c:\268022.exec:\268022.exe81⤵
-
\??\c:\xlffrlr.exec:\xlffrlr.exe82⤵
-
\??\c:\828060.exec:\828060.exe83⤵
-
\??\c:\7btbhn.exec:\7btbhn.exe84⤵
-
\??\c:\242286.exec:\242286.exe85⤵
- System Location Discovery: System Language Discovery
-
\??\c:\c800242.exec:\c800242.exe86⤵
-
\??\c:\ntbbbh.exec:\ntbbbh.exe87⤵
-
\??\c:\rlxxfrx.exec:\rlxxfrx.exe88⤵
-
\??\c:\1pjvd.exec:\1pjvd.exe89⤵
-
\??\c:\a8000.exec:\a8000.exe90⤵
-
\??\c:\5lfffrx.exec:\5lfffrx.exe91⤵
-
\??\c:\rfxrflr.exec:\rfxrflr.exe92⤵
-
\??\c:\hbhntt.exec:\hbhntt.exe93⤵
-
\??\c:\thttbn.exec:\thttbn.exe94⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe95⤵
-
\??\c:\44804.exec:\44804.exe96⤵
-
\??\c:\820622.exec:\820622.exe97⤵
-
\??\c:\pdppv.exec:\pdppv.exe98⤵
-
\??\c:\fxllrlr.exec:\fxllrlr.exe99⤵
-
\??\c:\828464.exec:\828464.exe100⤵
-
\??\c:\rflxffl.exec:\rflxffl.exe101⤵
-
\??\c:\6866222.exec:\6866222.exe102⤵
-
\??\c:\0804062.exec:\0804062.exe103⤵
-
\??\c:\i400222.exec:\i400222.exe104⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe105⤵
-
\??\c:\u666006.exec:\u666006.exe106⤵
-
\??\c:\u084046.exec:\u084046.exe107⤵
-
\??\c:\9rfffff.exec:\9rfffff.exe108⤵
-
\??\c:\vpddp.exec:\vpddp.exe109⤵
-
\??\c:\fxlrxxx.exec:\fxlrxxx.exe110⤵
-
\??\c:\5frxflx.exec:\5frxflx.exe111⤵
-
\??\c:\2068806.exec:\2068806.exe112⤵
-
\??\c:\btntbh.exec:\btntbh.exe113⤵
-
\??\c:\6426246.exec:\6426246.exe114⤵
-
\??\c:\fxlrrrx.exec:\fxlrrrx.exe115⤵
-
\??\c:\lfrfffl.exec:\lfrfffl.exe116⤵
-
\??\c:\9btntn.exec:\9btntn.exe117⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe118⤵
-
\??\c:\nbbbhb.exec:\nbbbhb.exe119⤵
-
\??\c:\6426884.exec:\6426884.exe120⤵
-
\??\c:\8684062.exec:\8684062.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-