Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26/12/2024, 10:06
General
-
Target
1673809f57a324d864a1281330eca760c4b1a6d351de82acd31905ff8d803d38.exe
-
Size
453KB
-
MD5
4266a5bf9a89d5a443e3fb62308f9867
-
SHA1
7ab3f62ce74a276c137b3ca9fda651f0ec9d75f5
-
SHA256
1673809f57a324d864a1281330eca760c4b1a6d351de82acd31905ff8d803d38
-
SHA512
78d5d3cdcf162cd618d9703165b28cc7355ff26e3876c9f92abb8ee96cd3b767080a1242314911f0f1deb5441fa8c6196c8b70f0ae7e6c2c4b5f29f6b4b6de93
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeD:q7Tc2NYHUrAwfMp3CDD
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 45 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 42 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1673809f57a324d864a1281330eca760c4b1a6d351de82acd31905ff8d803d38.exe"C:\Users\Admin\AppData\Local\Temp\1673809f57a324d864a1281330eca760c4b1a6d351de82acd31905ff8d803d38.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjj.exec:\jpjjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlxrfl.exec:\lrlxrfl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djppp.exec:\djppp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvdj.exec:\9vvdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhthtn.exec:\bhthtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvdp.exec:\5vvdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfrfr.exec:\rllfrfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvvj.exec:\1dvvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflfrl.exec:\xrflfrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrxrf.exec:\rrrrxrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxfrlf.exec:\3fxfrlf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvj.exec:\pdvvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbhtb.exec:\3hbhtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddd.exec:\jvddd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfrlxx.exec:\xxfrlxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvp.exec:\dvvvp.exe17⤵
- Executes dropped EXE
-
\??\c:\htnbhh.exec:\htnbhh.exe18⤵
- Executes dropped EXE
-
\??\c:\7vvjj.exec:\7vvjj.exe19⤵
- Executes dropped EXE
-
\??\c:\hbnnnn.exec:\hbnnnn.exe20⤵
- Executes dropped EXE
-
\??\c:\pppdv.exec:\pppdv.exe21⤵
- Executes dropped EXE
-
\??\c:\bbhnth.exec:\bbhnth.exe22⤵
- Executes dropped EXE
-
\??\c:\xlllrxx.exec:\xlllrxx.exe23⤵
- Executes dropped EXE
-
\??\c:\7dvdd.exec:\7dvdd.exe24⤵
- Executes dropped EXE
-
\??\c:\bhhtth.exec:\bhhtth.exe25⤵
- Executes dropped EXE
-
\??\c:\xxrxflx.exec:\xxrxflx.exe26⤵
- Executes dropped EXE
-
\??\c:\5nbhtb.exec:\5nbhtb.exe27⤵
- Executes dropped EXE
-
\??\c:\lrrffff.exec:\lrrffff.exe28⤵
- Executes dropped EXE
-
\??\c:\nhbttb.exec:\nhbttb.exe29⤵
- Executes dropped EXE
-
\??\c:\nhttbt.exec:\nhttbt.exe30⤵
- Executes dropped EXE
-
\??\c:\jjjvv.exec:\jjjvv.exe31⤵
- Executes dropped EXE
-
\??\c:\5hbbhh.exec:\5hbbhh.exe32⤵
- Executes dropped EXE
-
\??\c:\3jpdv.exec:\3jpdv.exe33⤵
- Executes dropped EXE
-
\??\c:\thbhbb.exec:\thbhbb.exe34⤵
- Executes dropped EXE
-
\??\c:\5dpvj.exec:\5dpvj.exe35⤵
-
\??\c:\ntbhtn.exec:\ntbhtn.exe36⤵
- Executes dropped EXE
-
\??\c:\jdddd.exec:\jdddd.exe37⤵
- Executes dropped EXE
-
\??\c:\bnnhht.exec:\bnnhht.exe38⤵
- Executes dropped EXE
-
\??\c:\pvjvj.exec:\pvjvj.exe39⤵
- Executes dropped EXE
-
\??\c:\xlrrrfr.exec:\xlrrrfr.exe40⤵
- Executes dropped EXE
-
\??\c:\djdjv.exec:\djdjv.exe41⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xlrrfxr.exec:\xlrrfxr.exe42⤵
- Executes dropped EXE
-
\??\c:\btnhtb.exec:\btnhtb.exe43⤵
- Executes dropped EXE
-
\??\c:\5ppdp.exec:\5ppdp.exe44⤵
- Executes dropped EXE
-
\??\c:\lfrfllr.exec:\lfrfllr.exe45⤵
- Executes dropped EXE
-
\??\c:\nbbhbb.exec:\nbbhbb.exe46⤵
- Executes dropped EXE
-
\??\c:\pppdd.exec:\pppdd.exe47⤵
- Executes dropped EXE
-
\??\c:\rlxflrf.exec:\rlxflrf.exe48⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\7pvjv.exec:\7pvjv.exe49⤵
- Executes dropped EXE
-
\??\c:\lfxrlxf.exec:\lfxrlxf.exe50⤵
- Executes dropped EXE
-
\??\c:\tbbtnt.exec:\tbbtnt.exe51⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe52⤵
- Executes dropped EXE
-
\??\c:\xrrxlxx.exec:\xrrxlxx.exe53⤵
- Executes dropped EXE
-
\??\c:\5nhhth.exec:\5nhhth.exe54⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe55⤵
- Executes dropped EXE
-
\??\c:\xlfxlxx.exec:\xlfxlxx.exe56⤵
- Executes dropped EXE
-
\??\c:\nttnht.exec:\nttnht.exe57⤵
- Executes dropped EXE
-
\??\c:\vddjj.exec:\vddjj.exe58⤵
- Executes dropped EXE
-
\??\c:\vvvjd.exec:\vvvjd.exe59⤵
- Executes dropped EXE
-
\??\c:\7xfrxfr.exec:\7xfrxfr.exe60⤵
- Executes dropped EXE
-
\??\c:\dvdpp.exec:\dvdpp.exe61⤵
- Executes dropped EXE
-
\??\c:\1lflrxf.exec:\1lflrxf.exe62⤵
- Executes dropped EXE
-
\??\c:\rlrxllx.exec:\rlrxllx.exe63⤵
- Executes dropped EXE
-
\??\c:\htbthb.exec:\htbthb.exe64⤵
- Executes dropped EXE
-
\??\c:\5lflxlf.exec:\5lflxlf.exe65⤵
- Executes dropped EXE
-
\??\c:\bnbbhh.exec:\bnbbhh.exe66⤵
- Executes dropped EXE
-
\??\c:\jjvpj.exec:\jjvpj.exe67⤵
-
\??\c:\xfxllfl.exec:\xfxllfl.exe68⤵
-
\??\c:\3hntth.exec:\3hntth.exe69⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe70⤵
-
\??\c:\llrlfrf.exec:\llrlfrf.exe71⤵
-
\??\c:\nhhnhn.exec:\nhhnhn.exe72⤵
-
\??\c:\jjvdd.exec:\jjvdd.exe73⤵
-
\??\c:\frfffxf.exec:\frfffxf.exe74⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe75⤵
-
\??\c:\jjjvv.exec:\jjjvv.exe76⤵
-
\??\c:\xrrxfrl.exec:\xrrxfrl.exe77⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe78⤵
-
\??\c:\rxlrxxl.exec:\rxlrxxl.exe79⤵
-
\??\c:\3thbth.exec:\3thbth.exe80⤵
-
\??\c:\dddpd.exec:\dddpd.exe81⤵
-
\??\c:\lrrlrxl.exec:\lrrlrxl.exe82⤵
-
\??\c:\hnnhht.exec:\hnnhht.exe83⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pvvjj.exec:\pvvjj.exe84⤵
-
\??\c:\rrrlxfx.exec:\rrrlxfx.exe85⤵
-
\??\c:\nnhthn.exec:\nnhthn.exe86⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe87⤵
-
\??\c:\frxrrrx.exec:\frxrrrx.exe88⤵
-
\??\c:\lfrlffx.exec:\lfrlffx.exe89⤵
-
\??\c:\hnnbnt.exec:\hnnbnt.exe90⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe91⤵
-
\??\c:\fllrlxl.exec:\fllrlxl.exe92⤵
-
\??\c:\tnbhth.exec:\tnbhth.exe93⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe94⤵
-
\??\c:\hhnbtn.exec:\hhnbtn.exe95⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe96⤵
-
\??\c:\7dppp.exec:\7dppp.exe97⤵
-
\??\c:\bbtbnb.exec:\bbtbnb.exe98⤵
-
\??\c:\tbbnhb.exec:\tbbnhb.exe99⤵
-
\??\c:\9xrxrxr.exec:\9xrxrxr.exe100⤵
-
\??\c:\nhhtbh.exec:\nhhtbh.exe101⤵
-
\??\c:\bbhbth.exec:\bbhbth.exe102⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pdpjj.exec:\pdpjj.exe103⤵
-
\??\c:\7fxxlxl.exec:\7fxxlxl.exe104⤵
-
\??\c:\ntbnbn.exec:\ntbnbn.exe105⤵
-
\??\c:\5pjvd.exec:\5pjvd.exe106⤵
-
\??\c:\ffflxfx.exec:\ffflxfx.exe107⤵
-
\??\c:\bbbnhb.exec:\bbbnhb.exe108⤵
-
\??\c:\ppdpp.exec:\ppdpp.exe109⤵
-
\??\c:\xfrxxff.exec:\xfrxxff.exe110⤵
-
\??\c:\hbnhtn.exec:\hbnhtn.exe111⤵
-
\??\c:\1dvvj.exec:\1dvvj.exe112⤵
-
\??\c:\xfllrfl.exec:\xfllrfl.exe113⤵
-
\??\c:\flxxlxl.exec:\flxxlxl.exe114⤵
-
\??\c:\nnhthh.exec:\nnhthh.exe115⤵
-
\??\c:\jpvjv.exec:\jpvjv.exe116⤵
-
\??\c:\lfxrflr.exec:\lfxrflr.exe117⤵
-
\??\c:\llxfllx.exec:\llxfllx.exe118⤵
-
\??\c:\7hbbhn.exec:\7hbbhn.exe119⤵
-
\??\c:\1pdjp.exec:\1pdjp.exe120⤵
-
\??\c:\5xxlxlr.exec:\5xxlxlr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-