Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26/12/2024, 11:33
General
-
Target
611fdbbf9fe6dcc79b5dd38517d8a4a216ab76bf282d03073fa62333e5f2cdebN.exe
-
Size
454KB
-
MD5
142781dfefbfce562adc6c69705cfe40
-
SHA1
2497072efe163965a01fc7791068a3f80983f1e3
-
SHA256
611fdbbf9fe6dcc79b5dd38517d8a4a216ab76bf282d03073fa62333e5f2cdeb
-
SHA512
437c3f73231032bde19be472a5eef3577689225849d1980254d715fdf55b1a44e5142b2074fb48d16dbe28f1844200a9e7c624e2dcfd63ca499d96782b01d0d3
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbey:q7Tc2NYHUrAwfMp3CDy
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 45 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\611fdbbf9fe6dcc79b5dd38517d8a4a216ab76bf282d03073fa62333e5f2cdebN.exe"C:\Users\Admin\AppData\Local\Temp\611fdbbf9fe6dcc79b5dd38517d8a4a216ab76bf282d03073fa62333e5f2cdebN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1flxxxr.exec:\1flxxxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\642206.exec:\642206.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\826802.exec:\826802.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48680.exec:\48680.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppd.exec:\dpppd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\60868.exec:\60868.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8206880.exec:\8206880.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvdp.exec:\9jvdp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbbh.exec:\nhtbbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhnnn.exec:\5bhnnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdv.exec:\ddvdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlxfx.exec:\lfxlxfx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrlrf.exec:\rrfrlrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20848.exec:\20848.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48620.exec:\48620.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04802.exec:\04802.exe17⤵
- Executes dropped EXE
-
\??\c:\c824002.exec:\c824002.exe18⤵
- Executes dropped EXE
-
\??\c:\260622.exec:\260622.exe19⤵
- Executes dropped EXE
-
\??\c:\q06206.exec:\q06206.exe20⤵
- Executes dropped EXE
-
\??\c:\e84080.exec:\e84080.exe21⤵
- Executes dropped EXE
-
\??\c:\5thtbn.exec:\5thtbn.exe22⤵
- Executes dropped EXE
-
\??\c:\0424284.exec:\0424284.exe23⤵
- Executes dropped EXE
-
\??\c:\llrfrxl.exec:\llrfrxl.exe24⤵
- Executes dropped EXE
-
\??\c:\btttbh.exec:\btttbh.exe25⤵
- Executes dropped EXE
-
\??\c:\o028006.exec:\o028006.exe26⤵
- Executes dropped EXE
-
\??\c:\nnhtbh.exec:\nnhtbh.exe27⤵
- Executes dropped EXE
-
\??\c:\vdvdj.exec:\vdvdj.exe28⤵
- Executes dropped EXE
-
\??\c:\868284.exec:\868284.exe29⤵
- Executes dropped EXE
-
\??\c:\rlrlffx.exec:\rlrlffx.exe30⤵
- Executes dropped EXE
-
\??\c:\e64808.exec:\e64808.exe31⤵
- Executes dropped EXE
-
\??\c:\4828064.exec:\4828064.exe32⤵
- Executes dropped EXE
-
\??\c:\jvppv.exec:\jvppv.exe33⤵
- Executes dropped EXE
-
\??\c:\264080.exec:\264080.exe34⤵
- Executes dropped EXE
-
\??\c:\7bhbhb.exec:\7bhbhb.exe35⤵
- Executes dropped EXE
-
\??\c:\vvjdd.exec:\vvjdd.exe36⤵
- Executes dropped EXE
-
\??\c:\240688.exec:\240688.exe37⤵
- Executes dropped EXE
-
\??\c:\m6406.exec:\m6406.exe38⤵
- Executes dropped EXE
-
\??\c:\1thhnh.exec:\1thhnh.exe39⤵
- Executes dropped EXE
-
\??\c:\9tttnn.exec:\9tttnn.exe40⤵
- Executes dropped EXE
-
\??\c:\g6446.exec:\g6446.exe41⤵
- Executes dropped EXE
-
\??\c:\lxllrxl.exec:\lxllrxl.exe42⤵
- Executes dropped EXE
-
\??\c:\8800006.exec:\8800006.exe43⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe44⤵
- Executes dropped EXE
-
\??\c:\08440.exec:\08440.exe45⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\1jppp.exec:\1jppp.exe46⤵
- Executes dropped EXE
-
\??\c:\g4268.exec:\g4268.exe47⤵
- Executes dropped EXE
-
\??\c:\064026.exec:\064026.exe48⤵
- Executes dropped EXE
-
\??\c:\rfffflr.exec:\rfffflr.exe49⤵
- Executes dropped EXE
-
\??\c:\024406.exec:\024406.exe50⤵
- Executes dropped EXE
-
\??\c:\hbbhbn.exec:\hbbhbn.exe51⤵
- Executes dropped EXE
-
\??\c:\rlffllr.exec:\rlffllr.exe52⤵
- Executes dropped EXE
-
\??\c:\bbnbnn.exec:\bbnbnn.exe53⤵
- Executes dropped EXE
-
\??\c:\vpdjd.exec:\vpdjd.exe54⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe55⤵
- Executes dropped EXE
-
\??\c:\1hnnth.exec:\1hnnth.exe56⤵
- Executes dropped EXE
-
\??\c:\tbbttn.exec:\tbbttn.exe57⤵
- Executes dropped EXE
-
\??\c:\s6222.exec:\s6222.exe58⤵
- Executes dropped EXE
-
\??\c:\1bhnnh.exec:\1bhnnh.exe59⤵
- Executes dropped EXE
-
\??\c:\hthnbh.exec:\hthnbh.exe60⤵
- Executes dropped EXE
-
\??\c:\4262880.exec:\4262880.exe61⤵
- Executes dropped EXE
-
\??\c:\42442.exec:\42442.exe62⤵
- Executes dropped EXE
-
\??\c:\nbbbhn.exec:\nbbbhn.exe63⤵
- Executes dropped EXE
-
\??\c:\1xfflff.exec:\1xfflff.exe64⤵
- Executes dropped EXE
-
\??\c:\thtbhn.exec:\thtbhn.exe65⤵
- Executes dropped EXE
-
\??\c:\0840068.exec:\0840068.exe66⤵
-
\??\c:\lfffxfr.exec:\lfffxfr.exe67⤵
-
\??\c:\60246.exec:\60246.exe68⤵
-
\??\c:\xrfrrxr.exec:\xrfrrxr.exe69⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe70⤵
-
\??\c:\826240.exec:\826240.exe71⤵
-
\??\c:\860246.exec:\860246.exe72⤵
-
\??\c:\864684.exec:\864684.exe73⤵
-
\??\c:\60402.exec:\60402.exe74⤵
-
\??\c:\vddpd.exec:\vddpd.exe75⤵
-
\??\c:\6040846.exec:\6040846.exe76⤵
-
\??\c:\xxrfxlx.exec:\xxrfxlx.exe77⤵
-
\??\c:\20006.exec:\20006.exe78⤵
-
\??\c:\420244.exec:\420244.exe79⤵
-
\??\c:\264028.exec:\264028.exe80⤵
-
\??\c:\4862442.exec:\4862442.exe81⤵
-
\??\c:\fxlfxlx.exec:\fxlfxlx.exe82⤵
-
\??\c:\260028.exec:\260028.exe83⤵
-
\??\c:\c020088.exec:\c020088.exe84⤵
-
\??\c:\lfxrfxl.exec:\lfxrfxl.exe85⤵
-
\??\c:\08666.exec:\08666.exe86⤵
-
\??\c:\3jjvd.exec:\3jjvd.exe87⤵
-
\??\c:\ntntnn.exec:\ntntnn.exe88⤵
-
\??\c:\s8686.exec:\s8686.exe89⤵
-
\??\c:\86068.exec:\86068.exe90⤵
-
\??\c:\dpjpj.exec:\dpjpj.exe91⤵
-
\??\c:\86840.exec:\86840.exe92⤵
-
\??\c:\vppjv.exec:\vppjv.exe93⤵
-
\??\c:\vvjvp.exec:\vvjvp.exe94⤵
-
\??\c:\fxxflrl.exec:\fxxflrl.exe95⤵
-
\??\c:\k88028.exec:\k88028.exe96⤵
-
\??\c:\2640264.exec:\2640264.exe97⤵
-
\??\c:\42680.exec:\42680.exe98⤵
-
\??\c:\tnhhhn.exec:\tnhhhn.exe99⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe100⤵
-
\??\c:\4840006.exec:\4840006.exe101⤵
-
\??\c:\4806284.exec:\4806284.exe102⤵
-
\??\c:\rllxxfr.exec:\rllxxfr.exe103⤵
-
\??\c:\m4844.exec:\m4844.exe104⤵
-
\??\c:\046206.exec:\046206.exe105⤵
-
\??\c:\3lrxxxf.exec:\3lrxxxf.exe106⤵
-
\??\c:\nhthtb.exec:\nhthtb.exe107⤵
-
\??\c:\xxrfrxl.exec:\xxrfrxl.exe108⤵
-
\??\c:\5hbnnt.exec:\5hbnnt.exe109⤵
-
\??\c:\240466.exec:\240466.exe110⤵
-
\??\c:\646064.exec:\646064.exe111⤵
-
\??\c:\hbbnnt.exec:\hbbnnt.exe112⤵
-
\??\c:\608406.exec:\608406.exe113⤵
-
\??\c:\3jvvd.exec:\3jvvd.exe114⤵
-
\??\c:\868822.exec:\868822.exe115⤵
-
\??\c:\08668.exec:\08668.exe116⤵
-
\??\c:\rlrfxfr.exec:\rlrfxfr.exe117⤵
-
\??\c:\864248.exec:\864248.exe118⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe119⤵
-
\??\c:\6080624.exec:\6080624.exe120⤵
-
\??\c:\486688.exec:\486688.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-