Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26/12/2024, 05:10
General
-
Target
1736376b090e6f3776955926d598c0a025649d5d0f8872601d55e9c1780bb142.exe
-
Size
456KB
-
MD5
46587820306ccc5ffdaaeb8d521c3f77
-
SHA1
698ccd51d7de7529f6f011a543cf4e1019b22b88
-
SHA256
1736376b090e6f3776955926d598c0a025649d5d0f8872601d55e9c1780bb142
-
SHA512
d41a3fb95ce5ec167583249aadc5e2eae2ea365fe27a987560395be226d1ec413c803de84562fb2691eb7fd40a107f2334b513dd66f93d9ac14fe40cffb650f1
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeLK:q7Tc2NYHUrAwfMp3CDLK
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 46 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1736376b090e6f3776955926d598c0a025649d5d0f8872601d55e9c1780bb142.exe"C:\Users\Admin\AppData\Local\Temp\1736376b090e6f3776955926d598c0a025649d5d0f8872601d55e9c1780bb142.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjvv.exec:\pvjvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvd.exec:\pdvvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lxlfrr.exec:\3lxlfrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvpv.exec:\3vvpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllflx.exec:\fxllflx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppv.exec:\pdppv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllrrr.exec:\rfllrrr.exe8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvd.exec:\vjdvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflllf.exec:\lfflllf.exe10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbbb.exec:\thbbbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxfrx.exec:\xrrxfrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhnbh.exec:\nhhnbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdjj.exec:\7pdjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxxxrr.exec:\9rxxxrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ntnnh.exec:\9ntnnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjp.exec:\ppjjp.exe17⤵
- Executes dropped EXE
-
\??\c:\xrflxxl.exec:\xrflxxl.exe18⤵
- Executes dropped EXE
-
\??\c:\jvpvp.exec:\jvpvp.exe19⤵
- Executes dropped EXE
-
\??\c:\xrfxlll.exec:\xrfxlll.exe20⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe21⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe22⤵
- Executes dropped EXE
-
\??\c:\hbbntb.exec:\hbbntb.exe23⤵
- Executes dropped EXE
-
\??\c:\9nnnnt.exec:\9nnnnt.exe24⤵
- Executes dropped EXE
-
\??\c:\9lrrlrx.exec:\9lrrlrx.exe25⤵
- Executes dropped EXE
-
\??\c:\9ntbbb.exec:\9ntbbb.exe26⤵
- Executes dropped EXE
-
\??\c:\jvjpp.exec:\jvjpp.exe27⤵
- Executes dropped EXE
-
\??\c:\fxfxxrx.exec:\fxfxxrx.exe28⤵
- Executes dropped EXE
-
\??\c:\9dppv.exec:\9dppv.exe29⤵
- Executes dropped EXE
-
\??\c:\9pjpp.exec:\9pjpp.exe30⤵
- Executes dropped EXE
-
\??\c:\9frfxrr.exec:\9frfxrr.exe31⤵
- Executes dropped EXE
-
\??\c:\hntnhh.exec:\hntnhh.exe32⤵
- Executes dropped EXE
-
\??\c:\rrfrffr.exec:\rrfrffr.exe33⤵
- Executes dropped EXE
-
\??\c:\3nbttt.exec:\3nbttt.exe34⤵
- Executes dropped EXE
-
\??\c:\1pddd.exec:\1pddd.exe35⤵
- Executes dropped EXE
-
\??\c:\rflllfx.exec:\rflllfx.exe36⤵
- Executes dropped EXE
-
\??\c:\ttnbnt.exec:\ttnbnt.exe37⤵
- Executes dropped EXE
-
\??\c:\btbhnh.exec:\btbhnh.exe38⤵
- Executes dropped EXE
-
\??\c:\7jvdp.exec:\7jvdp.exe39⤵
- Executes dropped EXE
-
\??\c:\lfxlxxr.exec:\lfxlxxr.exe40⤵
- Executes dropped EXE
-
\??\c:\xrffrrf.exec:\xrffrrf.exe41⤵
- Executes dropped EXE
-
\??\c:\hhbhtt.exec:\hhbhtt.exe42⤵
- Executes dropped EXE
-
\??\c:\ddpdp.exec:\ddpdp.exe43⤵
- Executes dropped EXE
-
\??\c:\9jvvv.exec:\9jvvv.exe44⤵
- Executes dropped EXE
-
\??\c:\fxxrlfl.exec:\fxxrlfl.exe45⤵
- Executes dropped EXE
-
\??\c:\rfrxfxf.exec:\rfrxfxf.exe46⤵
- Executes dropped EXE
-
\??\c:\nnbtbb.exec:\nnbtbb.exe47⤵
- Executes dropped EXE
-
\??\c:\pdddj.exec:\pdddj.exe48⤵
- Executes dropped EXE
-
\??\c:\xxlxfxl.exec:\xxlxfxl.exe49⤵
- Executes dropped EXE
-
\??\c:\xflfrff.exec:\xflfrff.exe50⤵
- Executes dropped EXE
-
\??\c:\3nbbnt.exec:\3nbbnt.exe51⤵
- Executes dropped EXE
-
\??\c:\1dppp.exec:\1dppp.exe52⤵
- Executes dropped EXE
-
\??\c:\5pvdp.exec:\5pvdp.exe53⤵
- Executes dropped EXE
-
\??\c:\xrflxfr.exec:\xrflxfr.exe54⤵
- Executes dropped EXE
-
\??\c:\hthhbn.exec:\hthhbn.exe55⤵
- Executes dropped EXE
-
\??\c:\bthhhb.exec:\bthhhb.exe56⤵
- Executes dropped EXE
-
\??\c:\vjdvd.exec:\vjdvd.exe57⤵
- Executes dropped EXE
-
\??\c:\7rfllll.exec:\7rfllll.exe58⤵
- Executes dropped EXE
-
\??\c:\7xlxrxx.exec:\7xlxrxx.exe59⤵
- Executes dropped EXE
-
\??\c:\nhhhtt.exec:\nhhhtt.exe60⤵
- Executes dropped EXE
-
\??\c:\9vdpv.exec:\9vdpv.exe61⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe62⤵
- Executes dropped EXE
-
\??\c:\ffxrfxf.exec:\ffxrfxf.exe63⤵
- Executes dropped EXE
-
\??\c:\lxllrff.exec:\lxllrff.exe64⤵
- Executes dropped EXE
-
\??\c:\hhtbnh.exec:\hhtbnh.exe65⤵
- Executes dropped EXE
-
\??\c:\1jppj.exec:\1jppj.exe66⤵
-
\??\c:\5lllfrl.exec:\5lllfrl.exe67⤵
-
\??\c:\9flflff.exec:\9flflff.exe68⤵
-
\??\c:\httntt.exec:\httntt.exe69⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe70⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe71⤵
-
\??\c:\xfrrxrr.exec:\xfrrxrr.exe72⤵
-
\??\c:\hhtbnh.exec:\hhtbnh.exe73⤵
-
\??\c:\nbnntt.exec:\nbnntt.exe74⤵
-
\??\c:\pjddp.exec:\pjddp.exe75⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe76⤵
-
\??\c:\frxxllr.exec:\frxxllr.exe77⤵
-
\??\c:\rfrllff.exec:\rfrllff.exe78⤵
-
\??\c:\nhtbbt.exec:\nhtbbt.exe79⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe80⤵
-
\??\c:\frfflrr.exec:\frfflrr.exe81⤵
-
\??\c:\rflrrxf.exec:\rflrrxf.exe82⤵
-
\??\c:\nhtbbb.exec:\nhtbbb.exe83⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pdjjj.exec:\pdjjj.exe84⤵
-
\??\c:\3jvpv.exec:\3jvpv.exe85⤵
-
\??\c:\xrflffl.exec:\xrflffl.exe86⤵
-
\??\c:\bntnbb.exec:\bntnbb.exe87⤵
-
\??\c:\nhnbnh.exec:\nhnbnh.exe88⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe89⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe90⤵
-
\??\c:\fxxlrxr.exec:\fxxlrxr.exe91⤵
-
\??\c:\fxlrrrx.exec:\fxlrrrx.exe92⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe93⤵
-
\??\c:\1pjpd.exec:\1pjpd.exe94⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe95⤵
-
\??\c:\9xllrrx.exec:\9xllrrx.exe96⤵
-
\??\c:\5hbhhh.exec:\5hbhhh.exe97⤵
-
\??\c:\1pvdd.exec:\1pvdd.exe98⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe99⤵
-
\??\c:\lfrrxfr.exec:\lfrrxfr.exe100⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9rxllff.exec:\9rxllff.exe101⤵
-
\??\c:\5tnhnh.exec:\5tnhnh.exe102⤵
-
\??\c:\5bntbb.exec:\5bntbb.exe103⤵
-
\??\c:\vjvdp.exec:\vjvdp.exe104⤵
-
\??\c:\lfxxxfl.exec:\lfxxxfl.exe105⤵
-
\??\c:\xrfffxf.exec:\xrfffxf.exe106⤵
-
\??\c:\httttb.exec:\httttb.exe107⤵
-
\??\c:\thtnnh.exec:\thtnnh.exe108⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe109⤵
-
\??\c:\1frfffr.exec:\1frfffr.exe110⤵
-
\??\c:\xrffllr.exec:\xrffllr.exe111⤵
-
\??\c:\hbthhn.exec:\hbthhn.exe112⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe113⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe114⤵
-
\??\c:\fxllllx.exec:\fxllllx.exe115⤵
-
\??\c:\1rfrflr.exec:\1rfrflr.exe116⤵
-
\??\c:\9nbhnn.exec:\9nbhnn.exe117⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe118⤵
-
\??\c:\1jdjj.exec:\1jdjj.exe119⤵
-
\??\c:\rrlrrlr.exec:\rrlrrlr.exe120⤵
-
\??\c:\bthtbb.exec:\bthtbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-