Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
19/12/2024, 03:41
General
-
Target
31fb62663d933be51a04f0a6d6f54e0b7288404babf7c27e12f7b4bcb56871daN.exe
-
Size
71KB
-
MD5
66fa6c1fb1547424cebaef7242860150
-
SHA1
1c1dd06ff332fe1220277b6d065360582719cfc6
-
SHA256
31fb62663d933be51a04f0a6d6f54e0b7288404babf7c27e12f7b4bcb56871da
-
SHA512
4ab5bb1d0665d717954d87eafc4b2672add840c52452bbc077f06236a06c6c3fc2554c6709469d30a9b56de934b0713f05f6e93703c6a2441781b0e1405e2473
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6Mu/ePS3A89:ymb3NkkiQ3mdBjFI46TQ89
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\31fb62663d933be51a04f0a6d6f54e0b7288404babf7c27e12f7b4bcb56871daN.exe"C:\Users\Admin\AppData\Local\Temp\31fb62663d933be51a04f0a6d6f54e0b7288404babf7c27e12f7b4bcb56871daN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9pdpv.exec:\9pdpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrxfr.exec:\xlrrxfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7htbnn.exec:\7htbnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllrlrl.exec:\lllrlrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrxrf.exec:\rrxrxrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnbnt.exec:\9hnbnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhhn.exec:\nhbhhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjp.exec:\jjdjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrflx.exec:\fxlrflx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnbh.exec:\nbtnbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvvd.exec:\5dvvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jdvv.exec:\9jdvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfrxlr.exec:\flfrxlr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttbh.exec:\nnttbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbntb.exec:\bbbntb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjvj.exec:\3vjvj.exe17⤵
- Executes dropped EXE
-
\??\c:\flrffxr.exec:\flrffxr.exe18⤵
- Executes dropped EXE
-
\??\c:\rrlrrxr.exec:\rrlrrxr.exe19⤵
- Executes dropped EXE
-
\??\c:\7btntb.exec:\7btntb.exe20⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe21⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe22⤵
- Executes dropped EXE
-
\??\c:\xfrxxxl.exec:\xfrxxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\3tnnnn.exec:\3tnnnn.exe24⤵
- Executes dropped EXE
-
\??\c:\btthnn.exec:\btthnn.exe25⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe26⤵
- Executes dropped EXE
-
\??\c:\fxxxffr.exec:\fxxxffr.exe27⤵
- Executes dropped EXE
-
\??\c:\5flrxfr.exec:\5flrxfr.exe28⤵
- Executes dropped EXE
-
\??\c:\7tthnn.exec:\7tthnn.exe29⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe30⤵
- Executes dropped EXE
-
\??\c:\rflrffr.exec:\rflrffr.exe31⤵
- Executes dropped EXE
-
\??\c:\1fxrfrx.exec:\1fxrfrx.exe32⤵
- Executes dropped EXE
-
\??\c:\nhnbhn.exec:\nhnbhn.exe33⤵
- Executes dropped EXE
-
\??\c:\1jpvd.exec:\1jpvd.exe34⤵
- Executes dropped EXE
-
\??\c:\vjvdj.exec:\vjvdj.exe35⤵
- Executes dropped EXE
-
\??\c:\llflxxf.exec:\llflxxf.exe36⤵
- Executes dropped EXE
-
\??\c:\llxrxfr.exec:\llxrxfr.exe37⤵
- Executes dropped EXE
-
\??\c:\nhnntb.exec:\nhnntb.exe38⤵
- Executes dropped EXE
-
\??\c:\hbnthb.exec:\hbnthb.exe39⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe40⤵
- Executes dropped EXE
-
\??\c:\ddjpj.exec:\ddjpj.exe41⤵
- Executes dropped EXE
-
\??\c:\fxxfrrl.exec:\fxxfrrl.exe42⤵
- Executes dropped EXE
-
\??\c:\frrrrrf.exec:\frrrrrf.exe43⤵
- Executes dropped EXE
-
\??\c:\hbntbb.exec:\hbntbb.exe44⤵
- Executes dropped EXE
-
\??\c:\bbnbnn.exec:\bbnbnn.exe45⤵
- Executes dropped EXE
-
\??\c:\1vppv.exec:\1vppv.exe46⤵
- Executes dropped EXE
-
\??\c:\1jvdj.exec:\1jvdj.exe47⤵
- Executes dropped EXE
-
\??\c:\7rxxxfr.exec:\7rxxxfr.exe48⤵
- Executes dropped EXE
-
\??\c:\lllrxxl.exec:\lllrxxl.exe49⤵
- Executes dropped EXE
-
\??\c:\btbhnt.exec:\btbhnt.exe50⤵
- Executes dropped EXE
-
\??\c:\nhhbhh.exec:\nhhbhh.exe51⤵
- Executes dropped EXE
-
\??\c:\1jvpp.exec:\1jvpp.exe52⤵
- Executes dropped EXE
-
\??\c:\ddppj.exec:\ddppj.exe53⤵
- Executes dropped EXE
-
\??\c:\3fxllrx.exec:\3fxllrx.exe54⤵
- Executes dropped EXE
-
\??\c:\llxxlfr.exec:\llxxlfr.exe55⤵
- Executes dropped EXE
-
\??\c:\1hbhtb.exec:\1hbhtb.exe56⤵
- Executes dropped EXE
-
\??\c:\nhhhtt.exec:\nhhhtt.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\1dvdj.exec:\1dvdj.exe58⤵
- Executes dropped EXE
-
\??\c:\vppvj.exec:\vppvj.exe59⤵
- Executes dropped EXE
-
\??\c:\frxfllf.exec:\frxfllf.exe60⤵
- Executes dropped EXE
-
\??\c:\xrflrxf.exec:\xrflrxf.exe61⤵
- Executes dropped EXE
-
\??\c:\9bnthn.exec:\9bnthn.exe62⤵
- Executes dropped EXE
-
\??\c:\ttbhnt.exec:\ttbhnt.exe63⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe64⤵
- Executes dropped EXE
-
\??\c:\vvjjd.exec:\vvjjd.exe65⤵
- Executes dropped EXE
-
\??\c:\lfflrfl.exec:\lfflrfl.exe66⤵
-
\??\c:\fxflxff.exec:\fxflxff.exe67⤵
-
\??\c:\1btbnt.exec:\1btbnt.exe68⤵
-
\??\c:\bbnbbh.exec:\bbnbbh.exe69⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe70⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe71⤵
-
\??\c:\llxrffx.exec:\llxrffx.exe72⤵
-
\??\c:\xrrrxfx.exec:\xrrrxfx.exe73⤵
-
\??\c:\bhbbbh.exec:\bhbbbh.exe74⤵
-
\??\c:\nnhhnt.exec:\nnhhnt.exe75⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe76⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe77⤵
-
\??\c:\llxfllr.exec:\llxfllr.exe78⤵
-
\??\c:\9fxlfll.exec:\9fxlfll.exe79⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe80⤵
-
\??\c:\ttthhn.exec:\ttthhn.exe81⤵
-
\??\c:\5vpvv.exec:\5vpvv.exe82⤵
-
\??\c:\7jppp.exec:\7jppp.exe83⤵
-
\??\c:\xlffffl.exec:\xlffffl.exe84⤵
-
\??\c:\xxrlrlr.exec:\xxrlrlr.exe85⤵
-
\??\c:\bbnhtt.exec:\bbnhtt.exe86⤵
-
\??\c:\nhtbbb.exec:\nhtbbb.exe87⤵
-
\??\c:\vppvj.exec:\vppvj.exe88⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vjddj.exec:\vjddj.exe89⤵
-
\??\c:\9rxfllx.exec:\9rxfllx.exe90⤵
-
\??\c:\rlflrxl.exec:\rlflrxl.exe91⤵
-
\??\c:\hhnhtb.exec:\hhnhtb.exe92⤵
-
\??\c:\bthntb.exec:\bthntb.exe93⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1jdvj.exec:\1jdvj.exe94⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe95⤵
-
\??\c:\fxlrxxl.exec:\fxlrxxl.exe96⤵
-
\??\c:\rrlxrxf.exec:\rrlxrxf.exe97⤵
-
\??\c:\ttntbb.exec:\ttntbb.exe98⤵
-
\??\c:\tbtbbh.exec:\tbtbbh.exe99⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe100⤵
-
\??\c:\7jdvd.exec:\7jdvd.exe101⤵
-
\??\c:\lfxrxfr.exec:\lfxrxfr.exe102⤵
-
\??\c:\lxfxrxf.exec:\lxfxrxf.exe103⤵
-
\??\c:\tnttbt.exec:\tnttbt.exe104⤵
-
\??\c:\nntntn.exec:\nntntn.exe105⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe106⤵
-
\??\c:\vjddd.exec:\vjddd.exe107⤵
-
\??\c:\lfxlrrf.exec:\lfxlrrf.exe108⤵
-
\??\c:\ffflrxr.exec:\ffflrxr.exe109⤵
-
\??\c:\3lxfffr.exec:\3lxfffr.exe110⤵
-
\??\c:\nhhhtb.exec:\nhhhtb.exe111⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe112⤵
-
\??\c:\ddddd.exec:\ddddd.exe113⤵
-
\??\c:\dddjv.exec:\dddjv.exe114⤵
-
\??\c:\lxxrxrx.exec:\lxxrxrx.exe115⤵
-
\??\c:\ffrrxxr.exec:\ffrrxxr.exe116⤵
-
\??\c:\nhtthb.exec:\nhtthb.exe117⤵
-
\??\c:\5nbbbb.exec:\5nbbbb.exe118⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe119⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe120⤵
-
\??\c:\rlxlxxr.exec:\rlxlxxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-