Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26/12/2024, 02:14
General
-
Target
40dcb466c6b031d19f6ddb73885a1ac49ee054bc1190658600a39c82b90a045bN.exe
-
Size
456KB
-
MD5
09c3002f31a60134be42bdb5cda62c00
-
SHA1
b53a7ec811fe4271239a32779efaa4ea342551e2
-
SHA256
40dcb466c6b031d19f6ddb73885a1ac49ee054bc1190658600a39c82b90a045b
-
SHA512
7430e6994f482cfe9fb881ad992b9650d1cd64a5dcb3e11dee0dc3213cccb1ff534006d747e3e3843880dfd1a4829e41e4f6e6b1aa8d949bda2582f68d28c139
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeRQ:q7Tc2NYHUrAwfMp3CDRQ
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 49 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\40dcb466c6b031d19f6ddb73885a1ac49ee054bc1190658600a39c82b90a045bN.exe"C:\Users\Admin\AppData\Local\Temp\40dcb466c6b031d19f6ddb73885a1ac49ee054bc1190658600a39c82b90a045bN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrllfl.exec:\xlrllfl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvj.exec:\dvpvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntntbh.exec:\ntntbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnnn.exec:\thnnnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bntbb.exec:\1bntbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jvjp.exec:\7jvjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ntttb.exec:\3ntttb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjjp.exec:\5vjjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1thhnn.exec:\1thhnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnhb.exec:\hbnnhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttthh.exec:\bttthh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddj.exec:\dpddj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbbb.exec:\tnbbbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjp.exec:\pdjjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbhh.exec:\tnbbhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtbt.exec:\bthtbt.exe17⤵
- Executes dropped EXE
-
\??\c:\9tbbbb.exec:\9tbbbb.exe18⤵
- Executes dropped EXE
-
\??\c:\vjppd.exec:\vjppd.exe19⤵
- Executes dropped EXE
-
\??\c:\nhbhnn.exec:\nhbhnn.exe20⤵
- Executes dropped EXE
-
\??\c:\bthbnn.exec:\bthbnn.exe21⤵
- Executes dropped EXE
-
\??\c:\xrllrrx.exec:\xrllrrx.exe22⤵
- Executes dropped EXE
-
\??\c:\ppjjp.exec:\ppjjp.exe23⤵
- Executes dropped EXE
-
\??\c:\rlxfllr.exec:\rlxfllr.exe24⤵
- Executes dropped EXE
-
\??\c:\7btbhn.exec:\7btbhn.exe25⤵
- Executes dropped EXE
-
\??\c:\jpvpv.exec:\jpvpv.exe26⤵
- Executes dropped EXE
-
\??\c:\rlxlrll.exec:\rlxlrll.exe27⤵
- Executes dropped EXE
-
\??\c:\rlxrxfl.exec:\rlxrxfl.exe28⤵
- Executes dropped EXE
-
\??\c:\9rxrrxx.exec:\9rxrrxx.exe29⤵
- Executes dropped EXE
-
\??\c:\1dppp.exec:\1dppp.exe30⤵
- Executes dropped EXE
-
\??\c:\xrfrffl.exec:\xrfrffl.exe31⤵
- Executes dropped EXE
-
\??\c:\5lxrrll.exec:\5lxrrll.exe32⤵
- Executes dropped EXE
-
\??\c:\lfxffff.exec:\lfxffff.exe33⤵
- Executes dropped EXE
-
\??\c:\3pvvd.exec:\3pvvd.exe34⤵
- Executes dropped EXE
-
\??\c:\3rfffff.exec:\3rfffff.exe35⤵
- Executes dropped EXE
-
\??\c:\5fxfffr.exec:\5fxfffr.exe36⤵
- Executes dropped EXE
-
\??\c:\7thbbb.exec:\7thbbb.exe37⤵
- Executes dropped EXE
-
\??\c:\jvppd.exec:\jvppd.exe38⤵
- Executes dropped EXE
-
\??\c:\1xffffx.exec:\1xffffx.exe39⤵
- Executes dropped EXE
-
\??\c:\bnttbb.exec:\bnttbb.exe40⤵
- Executes dropped EXE
-
\??\c:\3hhhnh.exec:\3hhhnh.exe41⤵
- Executes dropped EXE
-
\??\c:\jvdvj.exec:\jvdvj.exe42⤵
- Executes dropped EXE
-
\??\c:\frllxfl.exec:\frllxfl.exe43⤵
- Executes dropped EXE
-
\??\c:\hbhntt.exec:\hbhntt.exe44⤵
- Executes dropped EXE
-
\??\c:\thtntn.exec:\thtntn.exe45⤵
- Executes dropped EXE
-
\??\c:\5vjpp.exec:\5vjpp.exe46⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe47⤵
- Executes dropped EXE
-
\??\c:\ffrxlfr.exec:\ffrxlfr.exe48⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tbhbhh.exec:\tbhbhh.exe49⤵
- Executes dropped EXE
-
\??\c:\7nhntn.exec:\7nhntn.exe50⤵
- Executes dropped EXE
-
\??\c:\5pdvj.exec:\5pdvj.exe51⤵
- Executes dropped EXE
-
\??\c:\lxffllr.exec:\lxffllr.exe52⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rfllrxf.exec:\rfllrxf.exe53⤵
- Executes dropped EXE
-
\??\c:\9tbtbb.exec:\9tbtbb.exe54⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe55⤵
- Executes dropped EXE
-
\??\c:\vvjdp.exec:\vvjdp.exe56⤵
- Executes dropped EXE
-
\??\c:\3flxxrr.exec:\3flxxrr.exe57⤵
- Executes dropped EXE
-
\??\c:\5hhhnh.exec:\5hhhnh.exe58⤵
- Executes dropped EXE
-
\??\c:\7htnnt.exec:\7htnnt.exe59⤵
- Executes dropped EXE
-
\??\c:\9vjdj.exec:\9vjdj.exe60⤵
- Executes dropped EXE
-
\??\c:\rlffrxl.exec:\rlffrxl.exe61⤵
- Executes dropped EXE
-
\??\c:\lxlrxxf.exec:\lxlrxxf.exe62⤵
- Executes dropped EXE
-
\??\c:\7tbntn.exec:\7tbntn.exe63⤵
- Executes dropped EXE
-
\??\c:\vjddp.exec:\vjddp.exe64⤵
- Executes dropped EXE
-
\??\c:\jvjdd.exec:\jvjdd.exe65⤵
- Executes dropped EXE
-
\??\c:\llrrfxx.exec:\llrrfxx.exe66⤵
-
\??\c:\5bnhnt.exec:\5bnhnt.exe67⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe68⤵
-
\??\c:\vpddj.exec:\vpddj.exe69⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe70⤵
-
\??\c:\1xfflll.exec:\1xfflll.exe71⤵
-
\??\c:\1tbntb.exec:\1tbntb.exe72⤵
-
\??\c:\5nbntn.exec:\5nbntn.exe73⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe74⤵
-
\??\c:\7lrrrfx.exec:\7lrrrfx.exe75⤵
-
\??\c:\rflrxxl.exec:\rflrxxl.exe76⤵
-
\??\c:\7bhhnn.exec:\7bhhnn.exe77⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe78⤵
-
\??\c:\5vjdd.exec:\5vjdd.exe79⤵
-
\??\c:\5fxrrrx.exec:\5fxrrrx.exe80⤵
-
\??\c:\ntbhtn.exec:\ntbhtn.exe81⤵
-
\??\c:\hthbnn.exec:\hthbnn.exe82⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe83⤵
-
\??\c:\rlrfffl.exec:\rlrfffl.exe84⤵
-
\??\c:\lfxrllr.exec:\lfxrllr.exe85⤵
-
\??\c:\9tbhhn.exec:\9tbhhn.exe86⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9vvdd.exec:\9vvdd.exe87⤵
-
\??\c:\lxrrxxl.exec:\lxrrxxl.exe88⤵
-
\??\c:\llxxffr.exec:\llxxffr.exe89⤵
-
\??\c:\hbnthh.exec:\hbnthh.exe90⤵
-
\??\c:\nnbntb.exec:\nnbntb.exe91⤵
-
\??\c:\3jppv.exec:\3jppv.exe92⤵
-
\??\c:\7xrrrxr.exec:\7xrrrxr.exe93⤵
-
\??\c:\1rffrrf.exec:\1rffrrf.exe94⤵
-
\??\c:\bnnnbb.exec:\bnnnbb.exe95⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe96⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe97⤵
-
\??\c:\9fxrrrx.exec:\9fxrrrx.exe98⤵
-
\??\c:\bbtntt.exec:\bbtntt.exe99⤵
-
\??\c:\1nbhnn.exec:\1nbhnn.exe100⤵
-
\??\c:\jvdjp.exec:\jvdjp.exe101⤵
-
\??\c:\xlfxflr.exec:\xlfxflr.exe102⤵
-
\??\c:\9rlfllr.exec:\9rlfllr.exe103⤵
-
\??\c:\nnbtbt.exec:\nnbtbt.exe104⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe105⤵
-
\??\c:\7pddj.exec:\7pddj.exe106⤵
-
\??\c:\9lllrrx.exec:\9lllrrx.exe107⤵
-
\??\c:\9bbtbb.exec:\9bbtbb.exe108⤵
-
\??\c:\bhtthh.exec:\bhtthh.exe109⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe110⤵
-
\??\c:\frllrrx.exec:\frllrrx.exe111⤵
-
\??\c:\xlrrllx.exec:\xlrrllx.exe112⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe113⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe114⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe115⤵
-
\??\c:\xlfxffl.exec:\xlfxffl.exe116⤵
-
\??\c:\btbttt.exec:\btbttt.exe117⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9tnntt.exec:\9tnntt.exe118⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe119⤵
-
\??\c:\7djdp.exec:\7djdp.exe120⤵
-
\??\c:\rxlxfxx.exec:\rxlxfxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-