Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
19/12/2024, 05:51
General
-
Target
354031771af37f4cfe7d31435341e5c8e420f1479edb343476681c4c82029e4c.exe
-
Size
82KB
-
MD5
7b9f0a7b90de77b4940357127d5be098
-
SHA1
95c14897730771404ce4afe3748ff5ac5341fb61
-
SHA256
354031771af37f4cfe7d31435341e5c8e420f1479edb343476681c4c82029e4c
-
SHA512
a4d1e321aa4caedda459290e7ed690c45db5bd141bf565732a70231ec5669fd6ee6a2d64c13e2bc9d89b3886d5472ab244767180424610fe709c4781fd8d4548
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5rINFE4yeqB:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCu4rJ
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\354031771af37f4cfe7d31435341e5c8e420f1479edb343476681c4c82029e4c.exe"C:\Users\Admin\AppData\Local\Temp\354031771af37f4cfe7d31435341e5c8e420f1479edb343476681c4c82029e4c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxrrf.exec:\rxxxrrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflllf.exec:\llflllf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjp.exec:\pjdjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfflll.exec:\rlfflll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llxxrr.exec:\3llxxrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbhn.exec:\tntbhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpdd.exec:\9jpdd.exe9⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdjp.exec:\jvdjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xlxxrr.exec:\9xlxxrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhnnt.exec:\nbhnnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnhh.exec:\bnnnhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddp.exec:\dpddp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpp.exec:\jvjpp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrxrf.exec:\ffrrxrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfrxl.exec:\rlxfrxl.exe17⤵
- Executes dropped EXE
-
\??\c:\btbhnh.exec:\btbhnh.exe18⤵
- Executes dropped EXE
-
\??\c:\nhbbbt.exec:\nhbbbt.exe19⤵
- Executes dropped EXE
-
\??\c:\9vpdv.exec:\9vpdv.exe20⤵
- Executes dropped EXE
-
\??\c:\ddjvp.exec:\ddjvp.exe21⤵
- Executes dropped EXE
-
\??\c:\pjvdv.exec:\pjvdv.exe22⤵
- Executes dropped EXE
-
\??\c:\xxlxlrf.exec:\xxlxlrf.exe23⤵
- Executes dropped EXE
-
\??\c:\lllrfrl.exec:\lllrfrl.exe24⤵
- Executes dropped EXE
-
\??\c:\lfrrxff.exec:\lfrrxff.exe25⤵
- Executes dropped EXE
-
\??\c:\bbnbnt.exec:\bbnbnt.exe26⤵
- Executes dropped EXE
-
\??\c:\ddvdj.exec:\ddvdj.exe27⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe28⤵
- Executes dropped EXE
-
\??\c:\3jvpp.exec:\3jvpp.exe29⤵
- Executes dropped EXE
-
\??\c:\7ddpp.exec:\7ddpp.exe30⤵
- Executes dropped EXE
-
\??\c:\xxxrlrl.exec:\xxxrlrl.exe31⤵
- Executes dropped EXE
-
\??\c:\xffrrlx.exec:\xffrrlx.exe32⤵
- Executes dropped EXE
-
\??\c:\bnhnth.exec:\bnhnth.exe33⤵
- Executes dropped EXE
-
\??\c:\vjdpp.exec:\vjdpp.exe34⤵
- Executes dropped EXE
-
\??\c:\9lffrrf.exec:\9lffrrf.exe35⤵
- Executes dropped EXE
-
\??\c:\hhtbht.exec:\hhtbht.exe36⤵
- Executes dropped EXE
-
\??\c:\9vjpd.exec:\9vjpd.exe37⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe38⤵
- Executes dropped EXE
-
\??\c:\xlxrrlr.exec:\xlxrrlr.exe39⤵
- Executes dropped EXE
-
\??\c:\lxfflfl.exec:\lxfflfl.exe40⤵
- Executes dropped EXE
-
\??\c:\nbhbhb.exec:\nbhbhb.exe41⤵
- Executes dropped EXE
-
\??\c:\9tbbtn.exec:\9tbbtn.exe42⤵
- Executes dropped EXE
-
\??\c:\pjpvp.exec:\pjpvp.exe43⤵
- Executes dropped EXE
-
\??\c:\pdvjj.exec:\pdvjj.exe44⤵
- Executes dropped EXE
-
\??\c:\jdpvv.exec:\jdpvv.exe45⤵
- Executes dropped EXE
-
\??\c:\xrffllr.exec:\xrffllr.exe46⤵
- Executes dropped EXE
-
\??\c:\3lxllll.exec:\3lxllll.exe47⤵
- Executes dropped EXE
-
\??\c:\xllrxxf.exec:\xllrxxf.exe48⤵
- Executes dropped EXE
-
\??\c:\9bhnhn.exec:\9bhnhn.exe49⤵
- Executes dropped EXE
-
\??\c:\htbnhb.exec:\htbnhb.exe50⤵
- Executes dropped EXE
-
\??\c:\dpjjd.exec:\dpjjd.exe51⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe52⤵
- Executes dropped EXE
-
\??\c:\5jvvv.exec:\5jvvv.exe53⤵
- Executes dropped EXE
-
\??\c:\1fxxrll.exec:\1fxxrll.exe54⤵
- Executes dropped EXE
-
\??\c:\5lrxxxf.exec:\5lrxxxf.exe55⤵
- Executes dropped EXE
-
\??\c:\nhttbh.exec:\nhttbh.exe56⤵
- Executes dropped EXE
-
\??\c:\htbbbb.exec:\htbbbb.exe57⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe58⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe59⤵
- Executes dropped EXE
-
\??\c:\7fxxflr.exec:\7fxxflr.exe60⤵
- Executes dropped EXE
-
\??\c:\fxrxxrf.exec:\fxrxxrf.exe61⤵
- Executes dropped EXE
-
\??\c:\1tbhnn.exec:\1tbhnn.exe62⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe63⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe64⤵
- Executes dropped EXE
-
\??\c:\flxrrrx.exec:\flxrrrx.exe65⤵
- Executes dropped EXE
-
\??\c:\lffflrx.exec:\lffflrx.exe66⤵
-
\??\c:\hthnbh.exec:\hthnbh.exe67⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe68⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe69⤵
-
\??\c:\rlrrlrr.exec:\rlrrlrr.exe70⤵
-
\??\c:\3llrlrr.exec:\3llrlrr.exe71⤵
-
\??\c:\nhnnnb.exec:\nhnnnb.exe72⤵
-
\??\c:\bbthtb.exec:\bbthtb.exe73⤵
-
\??\c:\jpjpv.exec:\jpjpv.exe74⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe75⤵
-
\??\c:\3xllxfx.exec:\3xllxfx.exe76⤵
-
\??\c:\fxrlxrx.exec:\fxrlxrx.exe77⤵
-
\??\c:\5fxxlrf.exec:\5fxxlrf.exe78⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe79⤵
-
\??\c:\bnnttn.exec:\bnnttn.exe80⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe81⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe82⤵
-
\??\c:\fxfffll.exec:\fxfffll.exe83⤵
-
\??\c:\lfffllx.exec:\lfffllx.exe84⤵
-
\??\c:\rrfxfff.exec:\rrfxfff.exe85⤵
-
\??\c:\1thhnn.exec:\1thhnn.exe86⤵
-
\??\c:\1hhtbh.exec:\1hhtbh.exe87⤵
-
\??\c:\djvvv.exec:\djvvv.exe88⤵
-
\??\c:\pvppp.exec:\pvppp.exe89⤵
-
\??\c:\9lflxfl.exec:\9lflxfl.exe90⤵
-
\??\c:\tttbbb.exec:\tttbbb.exe91⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe92⤵
-
\??\c:\djpvp.exec:\djpvp.exe93⤵
-
\??\c:\3frxrlx.exec:\3frxrlx.exe94⤵
-
\??\c:\1hbhhh.exec:\1hbhhh.exe95⤵
-
\??\c:\httnhb.exec:\httnhb.exe96⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe97⤵
-
\??\c:\rlxflfl.exec:\rlxflfl.exe98⤵
-
\??\c:\rrlrffx.exec:\rrlrffx.exe99⤵
-
\??\c:\nhnnnh.exec:\nhnnnh.exe100⤵
-
\??\c:\bbbbbn.exec:\bbbbbn.exe101⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe102⤵
-
\??\c:\7vjdj.exec:\7vjdj.exe103⤵
-
\??\c:\7pddd.exec:\7pddd.exe104⤵
-
\??\c:\xlfffll.exec:\xlfffll.exe105⤵
-
\??\c:\lxlrxfr.exec:\lxlrxfr.exe106⤵
-
\??\c:\bnttbh.exec:\bnttbh.exe107⤵
-
\??\c:\7dpjd.exec:\7dpjd.exe108⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe109⤵
-
\??\c:\fxlxllx.exec:\fxlxllx.exe110⤵
-
\??\c:\fxrrxlf.exec:\fxrrxlf.exe111⤵
-
\??\c:\bhtnnt.exec:\bhtnnt.exe112⤵
-
\??\c:\btnttt.exec:\btnttt.exe113⤵
-
\??\c:\pddvv.exec:\pddvv.exe114⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe115⤵
-
\??\c:\lffffrx.exec:\lffffrx.exe116⤵
-
\??\c:\lrfxxxl.exec:\lrfxxxl.exe117⤵
-
\??\c:\nnbhth.exec:\nnbhth.exe118⤵
-
\??\c:\9jdjj.exec:\9jdjj.exe119⤵
-
\??\c:\3jppp.exec:\3jppp.exe120⤵
-
\??\c:\xlrffxl.exec:\xlrffxl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-