Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
25/12/2024, 21:40
General
-
Target
74091e51c5b3ee973e1ef38240689bf7743d694c0ef240c1b5a6f9124e32657e.exe
-
Size
454KB
-
MD5
3b8697916aff86e42255e5cc4f31ac69
-
SHA1
22ea5b5e0aa777d9b044a024493edabd918d0204
-
SHA256
74091e51c5b3ee973e1ef38240689bf7743d694c0ef240c1b5a6f9124e32657e
-
SHA512
41ed4250d7bdb48a4a0ccb2c9c72bca02f34b3f6b1405d6441298dde42db7d8bbf8b0accb6ea7b7f10d159ffc0b71b5772199b4e431a3234c61ca91fbd59ded0
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbed:q7Tc2NYHUrAwfMp3CDd
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 44 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\74091e51c5b3ee973e1ef38240689bf7743d694c0ef240c1b5a6f9124e32657e.exe"C:\Users\Admin\AppData\Local\Temp\74091e51c5b3ee973e1ef38240689bf7743d694c0ef240c1b5a6f9124e32657e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhbb.exec:\bthhbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfrxr.exec:\fxxfrxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvjp.exec:\5dvjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhbh.exec:\nhbhbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjv.exec:\pjjjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxfrxl.exec:\lxxfrxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthtb.exec:\hhthtb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jvvd.exec:\3jvvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdj.exec:\vppdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvjd.exec:\ppvjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbhn.exec:\hbtbhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrlrf.exec:\xrrrlrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbhbb.exec:\htbhbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjv.exec:\dvvjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbnth.exec:\hhbnth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbnt.exec:\ttnbnt.exe17⤵
- Executes dropped EXE
-
\??\c:\xxrxlrf.exec:\xxrxlrf.exe18⤵
- Executes dropped EXE
-
\??\c:\bnbhnn.exec:\bnbhnn.exe19⤵
- Executes dropped EXE
-
\??\c:\ddpvv.exec:\ddpvv.exe20⤵
- Executes dropped EXE
-
\??\c:\rrlrllf.exec:\rrlrllf.exe21⤵
- Executes dropped EXE
-
\??\c:\9fxxrfx.exec:\9fxxrfx.exe22⤵
- Executes dropped EXE
-
\??\c:\tnbthn.exec:\tnbthn.exe23⤵
- Executes dropped EXE
-
\??\c:\frfrfrl.exec:\frfrfrl.exe24⤵
- Executes dropped EXE
-
\??\c:\ddppj.exec:\ddppj.exe25⤵
- Executes dropped EXE
-
\??\c:\bhhthh.exec:\bhhthh.exe26⤵
- Executes dropped EXE
-
\??\c:\hbbtht.exec:\hbbtht.exe27⤵
- Executes dropped EXE
-
\??\c:\lrrxrff.exec:\lrrxrff.exe28⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe29⤵
- Executes dropped EXE
-
\??\c:\xrflrrx.exec:\xrflrrx.exe30⤵
- Executes dropped EXE
-
\??\c:\pjdjd.exec:\pjdjd.exe31⤵
- Executes dropped EXE
-
\??\c:\xrrxlfl.exec:\xrrxlfl.exe32⤵
- Executes dropped EXE
-
\??\c:\nhthtb.exec:\nhthtb.exe33⤵
- Executes dropped EXE
-
\??\c:\5jvdj.exec:\5jvdj.exe34⤵
- Executes dropped EXE
-
\??\c:\hhhnhh.exec:\hhhnhh.exe35⤵
- Executes dropped EXE
-
\??\c:\hhbtbh.exec:\hhbtbh.exe36⤵
- Executes dropped EXE
-
\??\c:\3pjpp.exec:\3pjpp.exe37⤵
- Executes dropped EXE
-
\??\c:\xxxrfrr.exec:\xxxrfrr.exe38⤵
- Executes dropped EXE
-
\??\c:\nntttb.exec:\nntttb.exe39⤵
- Executes dropped EXE
-
\??\c:\3vdvj.exec:\3vdvj.exe40⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe41⤵
- Executes dropped EXE
-
\??\c:\rlfrflf.exec:\rlfrflf.exe42⤵
- Executes dropped EXE
-
\??\c:\ttbhth.exec:\ttbhth.exe43⤵
- Executes dropped EXE
-
\??\c:\dvvdj.exec:\dvvdj.exe44⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe45⤵
- Executes dropped EXE
-
\??\c:\xfxxllx.exec:\xfxxllx.exe46⤵
- Executes dropped EXE
-
\??\c:\bttnhn.exec:\bttnhn.exe47⤵
- Executes dropped EXE
-
\??\c:\vppvj.exec:\vppvj.exe48⤵
- Executes dropped EXE
-
\??\c:\lfflrrf.exec:\lfflrrf.exe49⤵
- Executes dropped EXE
-
\??\c:\nhthhh.exec:\nhthhh.exe50⤵
- Executes dropped EXE
-
\??\c:\tnhthn.exec:\tnhthn.exe51⤵
- Executes dropped EXE
-
\??\c:\dvvjj.exec:\dvvjj.exe52⤵
- Executes dropped EXE
-
\??\c:\7rrxrfr.exec:\7rrxrfr.exe53⤵
- Executes dropped EXE
-
\??\c:\3nhnhn.exec:\3nhnhn.exe54⤵
- Executes dropped EXE
-
\??\c:\vdvdj.exec:\vdvdj.exe55⤵
- Executes dropped EXE
-
\??\c:\9dppd.exec:\9dppd.exe56⤵
- Executes dropped EXE
-
\??\c:\lrxfllf.exec:\lrxfllf.exe57⤵
- Executes dropped EXE
-
\??\c:\1tbnbt.exec:\1tbnbt.exe58⤵
- Executes dropped EXE
-
\??\c:\9pjjp.exec:\9pjjp.exe59⤵
- Executes dropped EXE
-
\??\c:\rlflxxl.exec:\rlflxxl.exe60⤵
- Executes dropped EXE
-
\??\c:\rxlrrxl.exec:\rxlrrxl.exe61⤵
- Executes dropped EXE
-
\??\c:\5tnbht.exec:\5tnbht.exe62⤵
- Executes dropped EXE
-
\??\c:\jjjvv.exec:\jjjvv.exe63⤵
- Executes dropped EXE
-
\??\c:\7rlrfll.exec:\7rlrfll.exe64⤵
- Executes dropped EXE
-
\??\c:\ffxlxfx.exec:\ffxlxfx.exe65⤵
- Executes dropped EXE
-
\??\c:\7tntbn.exec:\7tntbn.exe66⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe67⤵
-
\??\c:\fxlfrrx.exec:\fxlfrrx.exe68⤵
-
\??\c:\9lxflrx.exec:\9lxflrx.exe69⤵
-
\??\c:\tnhnth.exec:\tnhnth.exe70⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe71⤵
-
\??\c:\7pddj.exec:\7pddj.exe72⤵
-
\??\c:\xxlrxfl.exec:\xxlrxfl.exe73⤵
-
\??\c:\7nnnbb.exec:\7nnnbb.exe74⤵
-
\??\c:\pppvd.exec:\pppvd.exe75⤵
-
\??\c:\7fxfllx.exec:\7fxfllx.exe76⤵
-
\??\c:\7tnnht.exec:\7tnnht.exe77⤵
-
\??\c:\httbnb.exec:\httbnb.exe78⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe79⤵
-
\??\c:\lxrrffr.exec:\lxrrffr.exe80⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe81⤵
-
\??\c:\thbhnn.exec:\thbhnn.exe82⤵
-
\??\c:\3pjvj.exec:\3pjvj.exe83⤵
-
\??\c:\flxfrxl.exec:\flxfrxl.exe84⤵
-
\??\c:\7lflfrf.exec:\7lflfrf.exe85⤵
-
\??\c:\5thhnn.exec:\5thhnn.exe86⤵
-
\??\c:\1ppdd.exec:\1ppdd.exe87⤵
-
\??\c:\rlfrxxl.exec:\rlfrxxl.exe88⤵
-
\??\c:\bbnntb.exec:\bbnntb.exe89⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe90⤵
-
\??\c:\3ddvp.exec:\3ddvp.exe91⤵
-
\??\c:\fxxfflx.exec:\fxxfflx.exe92⤵
-
\??\c:\5rfrxlx.exec:\5rfrxlx.exe93⤵
-
\??\c:\5bbnhn.exec:\5bbnhn.exe94⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe95⤵
-
\??\c:\5pdjp.exec:\5pdjp.exe96⤵
-
\??\c:\llflxlf.exec:\llflxlf.exe97⤵
-
\??\c:\ttnbhn.exec:\ttnbhn.exe98⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe99⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe100⤵
-
\??\c:\rrxrffr.exec:\rrxrffr.exe101⤵
-
\??\c:\3xlrfrf.exec:\3xlrfrf.exe102⤵
-
\??\c:\hbhtnn.exec:\hbhtnn.exe103⤵
-
\??\c:\1pjpv.exec:\1pjpv.exe104⤵
-
\??\c:\jjjpv.exec:\jjjpv.exe105⤵
-
\??\c:\llrxllr.exec:\llrxllr.exe106⤵
-
\??\c:\1nbhbn.exec:\1nbhbn.exe107⤵
-
\??\c:\hhbbhh.exec:\hhbbhh.exe108⤵
-
\??\c:\1vvpj.exec:\1vvpj.exe109⤵
-
\??\c:\fxflflf.exec:\fxflflf.exe110⤵
-
\??\c:\hbttbh.exec:\hbttbh.exe111⤵
-
\??\c:\7thnbh.exec:\7thnbh.exe112⤵
-
\??\c:\vjppv.exec:\vjppv.exe113⤵
-
\??\c:\rlxxrfr.exec:\rlxxrfr.exe114⤵
-
\??\c:\tnnbtt.exec:\tnnbtt.exe115⤵
-
\??\c:\bbtbth.exec:\bbtbth.exe116⤵
-
\??\c:\lfrrxrx.exec:\lfrrxrx.exe117⤵
-
\??\c:\1hnnbh.exec:\1hnnbh.exe118⤵
-
\??\c:\1hbntt.exec:\1hbntt.exe119⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe120⤵
-
\??\c:\xrflllf.exec:\xrflllf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-