Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26/12/2024, 11:12
General
-
Target
a730c7928d48338f2b0ca072585ccf95901f7dd35f73a8cea92b8e85ac11cb41N.exe
-
Size
453KB
-
MD5
9faebdeedd066ef8fef5bd2a18868370
-
SHA1
5baef415cc595543fa22492ebf01468a3a14db85
-
SHA256
a730c7928d48338f2b0ca072585ccf95901f7dd35f73a8cea92b8e85ac11cb41
-
SHA512
3691dbf72f175b963caaf861144c95e290ba491d14151bfa17f3ad8431192cbd9d6f8be58f49a8b50d0cb1e4fb8ad56d0968c6fe5fd3df05d817c710abd1f749
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbea:q7Tc2NYHUrAwfMp3CDa
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 47 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a730c7928d48338f2b0ca072585ccf95901f7dd35f73a8cea92b8e85ac11cb41N.exe"C:\Users\Admin\AppData\Local\Temp\a730c7928d48338f2b0ca072585ccf95901f7dd35f73a8cea92b8e85ac11cb41N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbbb.exec:\bnbbbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvd.exec:\pjvvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xlrxxl.exec:\1xlrxxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhhnb.exec:\9nhhnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvj.exec:\jdpvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ffflrf.exec:\5ffflrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnn.exec:\bthhnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvpp.exec:\1jvpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfllfr.exec:\xrfllfr.exe10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\9thhhh.exec:\9thhhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xlrrxf.exec:\7xlrrxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhhnh.exec:\5hhhnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdp.exec:\vpjdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnntt.exec:\thnntt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffllx.exec:\rlffllx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5htntt.exec:\5htntt.exe17⤵
- Executes dropped EXE
-
\??\c:\fxflxxf.exec:\fxflxxf.exe18⤵
- Executes dropped EXE
-
\??\c:\1htbht.exec:\1htbht.exe19⤵
- Executes dropped EXE
-
\??\c:\7dpdd.exec:\7dpdd.exe20⤵
- Executes dropped EXE
-
\??\c:\xfxfxlf.exec:\xfxfxlf.exe21⤵
- Executes dropped EXE
-
\??\c:\vvjjj.exec:\vvjjj.exe22⤵
- Executes dropped EXE
-
\??\c:\fxlxlxf.exec:\fxlxlxf.exe23⤵
- Executes dropped EXE
-
\??\c:\htbbhh.exec:\htbbhh.exe24⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe25⤵
- Executes dropped EXE
-
\??\c:\9bnntn.exec:\9bnntn.exe26⤵
- Executes dropped EXE
-
\??\c:\5ppvj.exec:\5ppvj.exe27⤵
- Executes dropped EXE
-
\??\c:\thhnht.exec:\thhnht.exe28⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe29⤵
- Executes dropped EXE
-
\??\c:\1rflrfx.exec:\1rflrfx.exe30⤵
- Executes dropped EXE
-
\??\c:\djdpv.exec:\djdpv.exe31⤵
- Executes dropped EXE
-
\??\c:\fxlrllr.exec:\fxlrllr.exe32⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe33⤵
- Executes dropped EXE
-
\??\c:\3pjpv.exec:\3pjpv.exe34⤵
- Executes dropped EXE
-
\??\c:\xlxflrf.exec:\xlxflrf.exe35⤵
- Executes dropped EXE
-
\??\c:\9tbttt.exec:\9tbttt.exe36⤵
- Executes dropped EXE
-
\??\c:\7vjjj.exec:\7vjjj.exe37⤵
- Executes dropped EXE
-
\??\c:\xlrlrlr.exec:\xlrlrlr.exe38⤵
- Executes dropped EXE
-
\??\c:\frflrxf.exec:\frflrxf.exe39⤵
- Executes dropped EXE
-
\??\c:\9ttbbb.exec:\9ttbbb.exe40⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe41⤵
- Executes dropped EXE
-
\??\c:\lflxffr.exec:\lflxffr.exe42⤵
- Executes dropped EXE
-
\??\c:\hththh.exec:\hththh.exe43⤵
- Executes dropped EXE
-
\??\c:\7pddj.exec:\7pddj.exe44⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\3jvjp.exec:\3jvjp.exe45⤵
- Executes dropped EXE
-
\??\c:\xrlrxrf.exec:\xrlrxrf.exe46⤵
- Executes dropped EXE
-
\??\c:\lfrxllx.exec:\lfrxllx.exe47⤵
- Executes dropped EXE
-
\??\c:\tnhntn.exec:\tnhntn.exe48⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe49⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ffflxxl.exec:\ffflxxl.exe50⤵
- Executes dropped EXE
-
\??\c:\rxrxllr.exec:\rxrxllr.exe51⤵
- Executes dropped EXE
-
\??\c:\9thhhb.exec:\9thhhb.exe52⤵
- Executes dropped EXE
-
\??\c:\jpjjv.exec:\jpjjv.exe53⤵
- Executes dropped EXE
-
\??\c:\xxxfxlx.exec:\xxxfxlx.exe54⤵
- Executes dropped EXE
-
\??\c:\rxlrxlr.exec:\rxlrxlr.exe55⤵
- Executes dropped EXE
-
\??\c:\bbhhtt.exec:\bbhhtt.exe56⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe57⤵
- Executes dropped EXE
-
\??\c:\lfrxffr.exec:\lfrxffr.exe58⤵
- Executes dropped EXE
-
\??\c:\tnhnbh.exec:\tnhnbh.exe59⤵
- Executes dropped EXE
-
\??\c:\ddppd.exec:\ddppd.exe60⤵
- Executes dropped EXE
-
\??\c:\xxrxflr.exec:\xxrxflr.exe61⤵
- Executes dropped EXE
-
\??\c:\1xxfflx.exec:\1xxfflx.exe62⤵
- Executes dropped EXE
-
\??\c:\hbtbnh.exec:\hbtbnh.exe63⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe64⤵
- Executes dropped EXE
-
\??\c:\lfxlrxl.exec:\lfxlrxl.exe65⤵
- Executes dropped EXE
-
\??\c:\hbthbn.exec:\hbthbn.exe66⤵
-
\??\c:\bnbhnh.exec:\bnbhnh.exe67⤵
-
\??\c:\vpddj.exec:\vpddj.exe68⤵
-
\??\c:\3rffxff.exec:\3rffxff.exe69⤵
-
\??\c:\5bnnnn.exec:\5bnnnn.exe70⤵
-
\??\c:\tbbbhh.exec:\tbbbhh.exe71⤵
-
\??\c:\5vjpd.exec:\5vjpd.exe72⤵
-
\??\c:\fxlfflx.exec:\fxlfflx.exe73⤵
-
\??\c:\lffrlrl.exec:\lffrlrl.exe74⤵
-
\??\c:\bhtnth.exec:\bhtnth.exe75⤵
-
\??\c:\pdddd.exec:\pdddd.exe76⤵
-
\??\c:\rffffll.exec:\rffffll.exe77⤵
-
\??\c:\tnhtbb.exec:\tnhtbb.exe78⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe79⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe80⤵
-
\??\c:\xrflrrr.exec:\xrflrrr.exe81⤵
-
\??\c:\htbthh.exec:\htbthh.exe82⤵
-
\??\c:\7htnnt.exec:\7htnnt.exe83⤵
-
\??\c:\1jppj.exec:\1jppj.exe84⤵
-
\??\c:\xrfllfl.exec:\xrfllfl.exe85⤵
-
\??\c:\5nbnhb.exec:\5nbnhb.exe86⤵
-
\??\c:\nnhnnb.exec:\nnhnnb.exe87⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe88⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe89⤵
-
\??\c:\xrxxrfl.exec:\xrxxrfl.exe90⤵
-
\??\c:\1nthnt.exec:\1nthnt.exe91⤵
-
\??\c:\bnbnbt.exec:\bnbnbt.exe92⤵
-
\??\c:\5djjd.exec:\5djjd.exe93⤵
-
\??\c:\9ffxxrl.exec:\9ffxxrl.exe94⤵
-
\??\c:\rffflff.exec:\rffflff.exe95⤵
-
\??\c:\thbbhb.exec:\thbbhb.exe96⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe97⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe98⤵
-
\??\c:\xfrlxrx.exec:\xfrlxrx.exe99⤵
-
\??\c:\ttnbhh.exec:\ttnbhh.exe100⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe101⤵
-
\??\c:\5jvdj.exec:\5jvdj.exe102⤵
-
\??\c:\3llrxff.exec:\3llrxff.exe103⤵
-
\??\c:\9bhbhh.exec:\9bhbhh.exe104⤵
-
\??\c:\1dpjd.exec:\1dpjd.exe105⤵
-
\??\c:\3dvdd.exec:\3dvdd.exe106⤵
-
\??\c:\9lxxffl.exec:\9lxxffl.exe107⤵
-
\??\c:\1thnnn.exec:\1thnnn.exe108⤵
-
\??\c:\1vjvj.exec:\1vjvj.exe109⤵
-
\??\c:\5pdjj.exec:\5pdjj.exe110⤵
-
\??\c:\lfrrxxl.exec:\lfrrxxl.exe111⤵
-
\??\c:\7tnbbh.exec:\7tnbbh.exe112⤵
-
\??\c:\ttthnn.exec:\ttthnn.exe113⤵
-
\??\c:\3pvpp.exec:\3pvpp.exe114⤵
-
\??\c:\1xrrlrl.exec:\1xrrlrl.exe115⤵
-
\??\c:\llllrff.exec:\llllrff.exe116⤵
-
\??\c:\5hnntb.exec:\5hnntb.exe117⤵
-
\??\c:\1jdjv.exec:\1jdjv.exe118⤵
-
\??\c:\rrlrxfr.exec:\rrlrxfr.exe119⤵
-
\??\c:\xrrlxff.exec:\xrrlxff.exe120⤵
-
\??\c:\thtttt.exec:\thtttt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-