Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
19/12/2024, 01:31
General
-
Target
a6d62540f96ee7968e596946f696fd956a2d1932ffb71e745fccf3c26be5435a.exe
-
Size
455KB
-
MD5
aa97f363fc325c4030361c94df2e9071
-
SHA1
22a53f17d292159cb08e22c8067c301378d362b5
-
SHA256
a6d62540f96ee7968e596946f696fd956a2d1932ffb71e745fccf3c26be5435a
-
SHA512
a43715f274e65808b80eaa99bb91579120d550efe6ef8c7c30f731dfd1522e5d7717016d4b5d49db95074c3f5016ec80649ba35084e898ad503563c2914b2290
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeW:q7Tc2NYHUrAwfMp3CDW
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 35 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 48 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a6d62540f96ee7968e596946f696fd956a2d1932ffb71e745fccf3c26be5435a.exe"C:\Users\Admin\AppData\Local\Temp\a6d62540f96ee7968e596946f696fd956a2d1932ffb71e745fccf3c26be5435a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvdd.exec:\vjvdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxfxxr.exec:\5fxfxxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\826640.exec:\826640.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrxxl.exec:\frlrxxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvj.exec:\jdvvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\202804.exec:\202804.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhnnh.exec:\1bhnnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlffxff.exec:\xlffxff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfrrrf.exec:\frfrrrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjpv.exec:\pjjpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjjj.exec:\pvjjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\44488.exec:\44488.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhnnn.exec:\nbhnnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\208844.exec:\208844.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnntn.exec:\nbnntn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w86288.exec:\w86288.exe17⤵
- Executes dropped EXE
-
\??\c:\42844.exec:\42844.exe18⤵
- Executes dropped EXE
-
\??\c:\6488480.exec:\6488480.exe19⤵
- Executes dropped EXE
-
\??\c:\hnthbb.exec:\hnthbb.exe20⤵
- Executes dropped EXE
-
\??\c:\lfllfxr.exec:\lfllfxr.exe21⤵
- Executes dropped EXE
-
\??\c:\rrflxxl.exec:\rrflxxl.exe22⤵
- Executes dropped EXE
-
\??\c:\7jvvv.exec:\7jvvv.exe23⤵
- Executes dropped EXE
-
\??\c:\tnhnbt.exec:\tnhnbt.exe24⤵
- Executes dropped EXE
-
\??\c:\fxllxff.exec:\fxllxff.exe25⤵
- Executes dropped EXE
-
\??\c:\26888.exec:\26888.exe26⤵
- Executes dropped EXE
-
\??\c:\w62262.exec:\w62262.exe27⤵
- Executes dropped EXE
-
\??\c:\nhbhnt.exec:\nhbhnt.exe28⤵
- Executes dropped EXE
-
\??\c:\4284008.exec:\4284008.exe29⤵
- Executes dropped EXE
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe30⤵
- Executes dropped EXE
-
\??\c:\4802442.exec:\4802442.exe31⤵
- Executes dropped EXE
-
\??\c:\400620.exec:\400620.exe32⤵
- Executes dropped EXE
-
\??\c:\486688.exec:\486688.exe33⤵
- Executes dropped EXE
-
\??\c:\pdvvv.exec:\pdvvv.exe34⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe35⤵
- Executes dropped EXE
-
\??\c:\rrlfffl.exec:\rrlfffl.exe36⤵
- Executes dropped EXE
-
\??\c:\xxlxfrx.exec:\xxlxfrx.exe37⤵
- Executes dropped EXE
-
\??\c:\hbhbbh.exec:\hbhbbh.exe38⤵
- Executes dropped EXE
-
\??\c:\lxllllr.exec:\lxllllr.exe39⤵
- Executes dropped EXE
-
\??\c:\7dpvd.exec:\7dpvd.exe40⤵
- Executes dropped EXE
-
\??\c:\w86248.exec:\w86248.exe41⤵
- Executes dropped EXE
-
\??\c:\tnhbhh.exec:\tnhbhh.exe42⤵
- Executes dropped EXE
-
\??\c:\6488440.exec:\6488440.exe43⤵
- Executes dropped EXE
-
\??\c:\c626262.exec:\c626262.exe44⤵
- Executes dropped EXE
-
\??\c:\rrflrrf.exec:\rrflrrf.exe45⤵
- Executes dropped EXE
-
\??\c:\04606.exec:\04606.exe46⤵
- Executes dropped EXE
-
\??\c:\9xrlrfl.exec:\9xrlrfl.exe47⤵
- Executes dropped EXE
-
\??\c:\9jjdp.exec:\9jjdp.exe48⤵
- Executes dropped EXE
-
\??\c:\640066.exec:\640066.exe49⤵
- Executes dropped EXE
-
\??\c:\rflxxlf.exec:\rflxxlf.exe50⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe51⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe52⤵
- Executes dropped EXE
-
\??\c:\hthnbt.exec:\hthnbt.exe53⤵
- Executes dropped EXE
-
\??\c:\64680.exec:\64680.exe54⤵
- Executes dropped EXE
-
\??\c:\264060.exec:\264060.exe55⤵
- Executes dropped EXE
-
\??\c:\hthnbt.exec:\hthnbt.exe56⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ppdjj.exec:\ppdjj.exe58⤵
- Executes dropped EXE
-
\??\c:\9rxflfl.exec:\9rxflfl.exe59⤵
- Executes dropped EXE
-
\??\c:\4826884.exec:\4826884.exe60⤵
- Executes dropped EXE
-
\??\c:\0802442.exec:\0802442.exe61⤵
- Executes dropped EXE
-
\??\c:\c648424.exec:\c648424.exe62⤵
- Executes dropped EXE
-
\??\c:\1xrfllr.exec:\1xrfllr.exe63⤵
- Executes dropped EXE
-
\??\c:\3lxrxrr.exec:\3lxrxrr.exe64⤵
- Executes dropped EXE
-
\??\c:\nbhhnn.exec:\nbhhnn.exe65⤵
- Executes dropped EXE
-
\??\c:\604682.exec:\604682.exe66⤵
-
\??\c:\20806.exec:\20806.exe67⤵
-
\??\c:\1fxxflr.exec:\1fxxflr.exe68⤵
-
\??\c:\g2406.exec:\g2406.exe69⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe70⤵
-
\??\c:\5pdjd.exec:\5pdjd.exe71⤵
-
\??\c:\pdppd.exec:\pdppd.exe72⤵
-
\??\c:\5jvjd.exec:\5jvjd.exe73⤵
-
\??\c:\flxrlfx.exec:\flxrlfx.exe74⤵
-
\??\c:\66680.exec:\66680.exe75⤵
-
\??\c:\7vjpj.exec:\7vjpj.exe76⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe77⤵
-
\??\c:\824688.exec:\824688.exe78⤵
-
\??\c:\pddjp.exec:\pddjp.exe79⤵
-
\??\c:\dpddd.exec:\dpddd.exe80⤵
-
\??\c:\xfflxrf.exec:\xfflxrf.exe81⤵
-
\??\c:\9nnnbb.exec:\9nnnbb.exe82⤵
-
\??\c:\djppp.exec:\djppp.exe83⤵
-
\??\c:\g4066.exec:\g4066.exe84⤵
-
\??\c:\3jjjd.exec:\3jjjd.exe85⤵
-
\??\c:\tthtbh.exec:\tthtbh.exe86⤵
-
\??\c:\1vjvj.exec:\1vjvj.exe87⤵
-
\??\c:\6062228.exec:\6062228.exe88⤵
-
\??\c:\060640.exec:\060640.exe89⤵
-
\??\c:\4822846.exec:\4822846.exe90⤵
-
\??\c:\a6402.exec:\a6402.exe91⤵
-
\??\c:\ttbbnh.exec:\ttbbnh.exe92⤵
-
\??\c:\26884.exec:\26884.exe93⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe94⤵
-
\??\c:\60880.exec:\60880.exe95⤵
-
\??\c:\2224282.exec:\2224282.exe96⤵
-
\??\c:\fflfffr.exec:\fflfffr.exe97⤵
-
\??\c:\jpppj.exec:\jpppj.exe98⤵
-
\??\c:\26884.exec:\26884.exe99⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe100⤵
-
\??\c:\1hnnnt.exec:\1hnnnt.exe101⤵
-
\??\c:\8802888.exec:\8802888.exe102⤵
-
\??\c:\tnhbhn.exec:\tnhbhn.exe103⤵
-
\??\c:\lfxrfll.exec:\lfxrfll.exe104⤵
-
\??\c:\g4228.exec:\g4228.exe105⤵
-
\??\c:\60846.exec:\60846.exe106⤵
-
\??\c:\208422.exec:\208422.exe107⤵
-
\??\c:\864026.exec:\864026.exe108⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe109⤵
-
\??\c:\bhhthn.exec:\bhhthn.exe110⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe111⤵
-
\??\c:\6044062.exec:\6044062.exe112⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe113⤵
-
\??\c:\bhnbnb.exec:\bhnbnb.exe114⤵
-
\??\c:\xlflxfl.exec:\xlflxfl.exe115⤵
-
\??\c:\5ttthn.exec:\5ttthn.exe116⤵
-
\??\c:\9dvvv.exec:\9dvvv.exe117⤵
-
\??\c:\htbhtt.exec:\htbhtt.exe118⤵
-
\??\c:\rrxxrrf.exec:\rrxxrrf.exe119⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe120⤵
-
\??\c:\c462802.exec:\c462802.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-