Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
26/12/2024, 11:27
General
-
Target
b3c949ec785b5189fe376fcb915d5f1c923f9de3eb19b3b0891f909b619e10cfN.exe
-
Size
452KB
-
MD5
975c19201fb17237426cbcd542b42000
-
SHA1
3748f62e0333bf6f5bce48ca4c8c7371d7196dee
-
SHA256
b3c949ec785b5189fe376fcb915d5f1c923f9de3eb19b3b0891f909b619e10cf
-
SHA512
a8072e820e1c893ee464931fc07af988d899e3ec6be0c2e0d147aa6852b34e43c757d0fbf9f9ae8c9609c8516096e4e2a596fe544601e3b49ec0d69c5976b9d8
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAber:q7Tc2NYHUrAwfMp3CDr
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 41 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b3c949ec785b5189fe376fcb915d5f1c923f9de3eb19b3b0891f909b619e10cfN.exe"C:\Users\Admin\AppData\Local\Temp\b3c949ec785b5189fe376fcb915d5f1c923f9de3eb19b3b0891f909b619e10cfN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxxrrx.exec:\7rxxrrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppd.exec:\vdppd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rrrxxx.exec:\3rrrxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdd.exec:\ddjdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffllr.exec:\lfffllr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhtn.exec:\btbhtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfflff.exec:\rlfflff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxfxf.exec:\llxxfxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhhh.exec:\bnnhhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxlfr.exec:\lfrxlfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvdj.exec:\vvvdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rfffff.exec:\5rfffff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddpp.exec:\dddpp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllxxf.exec:\xfllxxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvpp.exec:\5pvpp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddj.exec:\ddddj.exe17⤵
- Executes dropped EXE
-
\??\c:\7bbhth.exec:\7bbhth.exe18⤵
- Executes dropped EXE
-
\??\c:\flxfffl.exec:\flxfffl.exe19⤵
- Executes dropped EXE
-
\??\c:\bbhhhn.exec:\bbhhhn.exe20⤵
- Executes dropped EXE
-
\??\c:\rrfxlrx.exec:\rrfxlrx.exe21⤵
- Executes dropped EXE
-
\??\c:\nthhnt.exec:\nthhnt.exe22⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe23⤵
- Executes dropped EXE
-
\??\c:\btttnh.exec:\btttnh.exe24⤵
- Executes dropped EXE
-
\??\c:\jjpvp.exec:\jjpvp.exe25⤵
- Executes dropped EXE
-
\??\c:\9lrrxrx.exec:\9lrrxrx.exe26⤵
- Executes dropped EXE
-
\??\c:\nnnhhn.exec:\nnnhhn.exe27⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe28⤵
- Executes dropped EXE
-
\??\c:\hthhnn.exec:\hthhnn.exe29⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe30⤵
- Executes dropped EXE
-
\??\c:\lrrllll.exec:\lrrllll.exe31⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe32⤵
- Executes dropped EXE
-
\??\c:\7rxrfff.exec:\7rxrfff.exe33⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe34⤵
- Executes dropped EXE
-
\??\c:\flrxffl.exec:\flrxffl.exe35⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe36⤵
- Executes dropped EXE
-
\??\c:\ffrrxfl.exec:\ffrrxfl.exe37⤵
- Executes dropped EXE
-
\??\c:\7xrrxxf.exec:\7xrrxxf.exe38⤵
- Executes dropped EXE
-
\??\c:\httnnh.exec:\httnnh.exe39⤵
- Executes dropped EXE
-
\??\c:\9jvvp.exec:\9jvvp.exe40⤵
- Executes dropped EXE
-
\??\c:\1rfxxrr.exec:\1rfxxrr.exe41⤵
- Executes dropped EXE
-
\??\c:\hhntbh.exec:\hhntbh.exe42⤵
- Executes dropped EXE
-
\??\c:\1httnt.exec:\1httnt.exe43⤵
- Executes dropped EXE
-
\??\c:\jpddj.exec:\jpddj.exe44⤵
- Executes dropped EXE
-
\??\c:\rrxllrl.exec:\rrxllrl.exe45⤵
- Executes dropped EXE
-
\??\c:\bbntth.exec:\bbntth.exe46⤵
- Executes dropped EXE
-
\??\c:\3bhhhh.exec:\3bhhhh.exe47⤵
- Executes dropped EXE
-
\??\c:\1ddvj.exec:\1ddvj.exe48⤵
- Executes dropped EXE
-
\??\c:\lxllxrf.exec:\lxllxrf.exe49⤵
- Executes dropped EXE
-
\??\c:\xxffllr.exec:\xxffllr.exe50⤵
- Executes dropped EXE
-
\??\c:\tthbbh.exec:\tthbbh.exe51⤵
- Executes dropped EXE
-
\??\c:\1ddvp.exec:\1ddvp.exe52⤵
- Executes dropped EXE
-
\??\c:\lrxrllf.exec:\lrxrllf.exe53⤵
- Executes dropped EXE
-
\??\c:\ffrrflr.exec:\ffrrflr.exe54⤵
- Executes dropped EXE
-
\??\c:\3nbtnn.exec:\3nbtnn.exe55⤵
- Executes dropped EXE
-
\??\c:\7vvdj.exec:\7vvdj.exe56⤵
- Executes dropped EXE
-
\??\c:\xxffllr.exec:\xxffllr.exe57⤵
- Executes dropped EXE
-
\??\c:\xxfllrx.exec:\xxfllrx.exe58⤵
- Executes dropped EXE
-
\??\c:\nntttt.exec:\nntttt.exe59⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe60⤵
- Executes dropped EXE
-
\??\c:\9xlfrrr.exec:\9xlfrrr.exe61⤵
- Executes dropped EXE
-
\??\c:\rfxrlfl.exec:\rfxrlfl.exe62⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bbtbnn.exec:\bbtbnn.exe63⤵
- Executes dropped EXE
-
\??\c:\9vppj.exec:\9vppj.exe64⤵
- Executes dropped EXE
-
\??\c:\3rflrlx.exec:\3rflrlx.exe65⤵
- Executes dropped EXE
-
\??\c:\nnnnbh.exec:\nnnnbh.exe66⤵
- Executes dropped EXE
-
\??\c:\bbhhnn.exec:\bbhhnn.exe67⤵
-
\??\c:\vddvj.exec:\vddvj.exe68⤵
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe69⤵
-
\??\c:\hbhbnt.exec:\hbhbnt.exe70⤵
-
\??\c:\tntntn.exec:\tntntn.exe71⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe72⤵
-
\??\c:\xflrrxf.exec:\xflrrxf.exe73⤵
-
\??\c:\hhnhnt.exec:\hhnhnt.exe74⤵
-
\??\c:\5pjpv.exec:\5pjpv.exe75⤵
-
\??\c:\ffllrxf.exec:\ffllrxf.exe76⤵
-
\??\c:\5rlllll.exec:\5rlllll.exe77⤵
-
\??\c:\3bhhnt.exec:\3bhhnt.exe78⤵
-
\??\c:\bhnntn.exec:\bhnntn.exe79⤵
-
\??\c:\djvdv.exec:\djvdv.exe80⤵
-
\??\c:\3rfflll.exec:\3rfflll.exe81⤵
-
\??\c:\bhnbbh.exec:\bhnbbh.exe82⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe83⤵
-
\??\c:\vpvjp.exec:\vpvjp.exe84⤵
-
\??\c:\llrrlll.exec:\llrrlll.exe85⤵
-
\??\c:\hhnhnh.exec:\hhnhnh.exe86⤵
-
\??\c:\pddjj.exec:\pddjj.exe87⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe88⤵
-
\??\c:\flxrfrr.exec:\flxrfrr.exe89⤵
-
\??\c:\9bnnnn.exec:\9bnnnn.exe90⤵
-
\??\c:\7tbbbb.exec:\7tbbbb.exe91⤵
-
\??\c:\5jpvd.exec:\5jpvd.exe92⤵
-
\??\c:\flxxffl.exec:\flxxffl.exe93⤵
-
\??\c:\flrxllr.exec:\flrxllr.exe94⤵
-
\??\c:\9htbtt.exec:\9htbtt.exe95⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe96⤵
-
\??\c:\3vvvv.exec:\3vvvv.exe97⤵
-
\??\c:\fxrxxfl.exec:\fxrxxfl.exe98⤵
-
\??\c:\tnnttb.exec:\tnnttb.exe99⤵
-
\??\c:\hbnttb.exec:\hbnttb.exe100⤵
-
\??\c:\dvddd.exec:\dvddd.exe101⤵
-
\??\c:\xxflxlf.exec:\xxflxlf.exe102⤵
-
\??\c:\hhbnhh.exec:\hhbnhh.exe103⤵
-
\??\c:\tbhnnn.exec:\tbhnnn.exe104⤵
-
\??\c:\3ddjp.exec:\3ddjp.exe105⤵
-
\??\c:\3frlffl.exec:\3frlffl.exe106⤵
-
\??\c:\xrxxflx.exec:\xrxxflx.exe107⤵
-
\??\c:\hbttbh.exec:\hbttbh.exe108⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe109⤵
-
\??\c:\ffllrrx.exec:\ffllrrx.exe110⤵
-
\??\c:\5xlrflr.exec:\5xlrflr.exe111⤵
-
\??\c:\7nhnnn.exec:\7nhnnn.exe112⤵
-
\??\c:\hbtnbt.exec:\hbtnbt.exe113⤵
-
\??\c:\pjppp.exec:\pjppp.exe114⤵
-
\??\c:\rlxflll.exec:\rlxflll.exe115⤵
-
\??\c:\lflllrf.exec:\lflllrf.exe116⤵
-
\??\c:\hbhnnt.exec:\hbhnnt.exe117⤵
-
\??\c:\3vpvd.exec:\3vpvd.exe118⤵
-
\??\c:\vdpdp.exec:\vdpdp.exe119⤵
-
\??\c:\btbhht.exec:\btbhht.exe120⤵
-
\??\c:\7dpjp.exec:\7dpjp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-