Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26/12/2024, 16:57
General
-
Target
5997c21c83b9bda568c721c5e072f88394bb82f97b57b7b4cf5f9fde341b4f99.exe
-
Size
453KB
-
MD5
ff12cce6f28003906be1bf1600dcd20b
-
SHA1
c3fc64a3520c166d4d27fdb472cda71fa2fff3cb
-
SHA256
5997c21c83b9bda568c721c5e072f88394bb82f97b57b7b4cf5f9fde341b4f99
-
SHA512
1d5bd843186ec038605524e709564555584ff81d94a94cf6f8a55cb3e55831233541d757ac0ccca3fdc25e26d8a6600a25f4fad93234f7bc1457051b76fff325
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeY:q7Tc2NYHUrAwfMp3CDY
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 45 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 43 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5997c21c83b9bda568c721c5e072f88394bb82f97b57b7b4cf5f9fde341b4f99.exe"C:\Users\Admin\AppData\Local\Temp\5997c21c83b9bda568c721c5e072f88394bb82f97b57b7b4cf5f9fde341b4f99.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ntthbh.exec:\ntthbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrffl.exec:\lfrrffl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthbn.exec:\nnthbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlllrx.exec:\rxlllrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpjd.exec:\9vpjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlrxxf.exec:\rxlrxxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrrllx.exec:\lxrrllx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpvd.exec:\vdpvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnbbt.exec:\7hnbbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrfxlx.exec:\xrrfxlx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjp.exec:\pjvjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfflxx.exec:\lrfflxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllxlxr.exec:\fllxlxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrxxx.exec:\rxxrxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnntb.exec:\nbnntb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlllr.exec:\rxrlllr.exe17⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe18⤵
- Executes dropped EXE
-
\??\c:\tbbtnt.exec:\tbbtnt.exe19⤵
- Executes dropped EXE
-
\??\c:\3djdd.exec:\3djdd.exe20⤵
- Executes dropped EXE
-
\??\c:\frxllfr.exec:\frxllfr.exe21⤵
- Executes dropped EXE
-
\??\c:\djvjp.exec:\djvjp.exe22⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe23⤵
- Executes dropped EXE
-
\??\c:\xrlrflr.exec:\xrlrflr.exe24⤵
- Executes dropped EXE
-
\??\c:\fflfxrl.exec:\fflfxrl.exe25⤵
- Executes dropped EXE
-
\??\c:\pdjjv.exec:\pdjjv.exe26⤵
- Executes dropped EXE
-
\??\c:\tthttn.exec:\tthttn.exe27⤵
- Executes dropped EXE
-
\??\c:\jpvpv.exec:\jpvpv.exe28⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe29⤵
- Executes dropped EXE
-
\??\c:\nnthbn.exec:\nnthbn.exe30⤵
- Executes dropped EXE
-
\??\c:\pvppp.exec:\pvppp.exe31⤵
- Executes dropped EXE
-
\??\c:\llfxrxl.exec:\llfxrxl.exe32⤵
- Executes dropped EXE
-
\??\c:\pvddd.exec:\pvddd.exe33⤵
- Executes dropped EXE
-
\??\c:\jddpp.exec:\jddpp.exe34⤵
- Executes dropped EXE
-
\??\c:\bhnnbh.exec:\bhnnbh.exe35⤵
- Executes dropped EXE
-
\??\c:\5dvjj.exec:\5dvjj.exe36⤵
- Executes dropped EXE
-
\??\c:\bnthnt.exec:\bnthnt.exe37⤵
- Executes dropped EXE
-
\??\c:\1ppdv.exec:\1ppdv.exe38⤵
- Executes dropped EXE
-
\??\c:\lxllffx.exec:\lxllffx.exe39⤵
- Executes dropped EXE
-
\??\c:\tnthht.exec:\tnthht.exe40⤵
- Executes dropped EXE
-
\??\c:\btthtn.exec:\btthtn.exe41⤵
- Executes dropped EXE
-
\??\c:\jppjj.exec:\jppjj.exe42⤵
- Executes dropped EXE
-
\??\c:\1hnthn.exec:\1hnthn.exe43⤵
- Executes dropped EXE
-
\??\c:\djdpd.exec:\djdpd.exe44⤵
- Executes dropped EXE
-
\??\c:\9xlxxfx.exec:\9xlxxfx.exe45⤵
- Executes dropped EXE
-
\??\c:\bbhbtb.exec:\bbhbtb.exe46⤵
- Executes dropped EXE
-
\??\c:\jpjvj.exec:\jpjvj.exe47⤵
- Executes dropped EXE
-
\??\c:\rlflrrr.exec:\rlflrrr.exe48⤵
- Executes dropped EXE
-
\??\c:\thtnbb.exec:\thtnbb.exe49⤵
- Executes dropped EXE
-
\??\c:\3ppdv.exec:\3ppdv.exe50⤵
- Executes dropped EXE
-
\??\c:\lllxxlx.exec:\lllxxlx.exe51⤵
- Executes dropped EXE
-
\??\c:\htbhnb.exec:\htbhnb.exe52⤵
- Executes dropped EXE
-
\??\c:\jpvvp.exec:\jpvvp.exe53⤵
- Executes dropped EXE
-
\??\c:\rxfrfll.exec:\rxfrfll.exe54⤵
- Executes dropped EXE
-
\??\c:\xrllxlr.exec:\xrllxlr.exe55⤵
- Executes dropped EXE
-
\??\c:\dddpj.exec:\dddpj.exe56⤵
- Executes dropped EXE
-
\??\c:\pjvvp.exec:\pjvvp.exe57⤵
- Executes dropped EXE
-
\??\c:\1rfrrlx.exec:\1rfrrlx.exe58⤵
- Executes dropped EXE
-
\??\c:\nbhnhb.exec:\nbhnhb.exe59⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe60⤵
- Executes dropped EXE
-
\??\c:\xrlrflx.exec:\xrlrflx.exe61⤵
- Executes dropped EXE
-
\??\c:\bthhhn.exec:\bthhhn.exe62⤵
- Executes dropped EXE
-
\??\c:\1vpvd.exec:\1vpvd.exe63⤵
- Executes dropped EXE
-
\??\c:\nnbtbb.exec:\nnbtbb.exe64⤵
- Executes dropped EXE
-
\??\c:\5pvjj.exec:\5pvjj.exe65⤵
- Executes dropped EXE
-
\??\c:\rlrflfr.exec:\rlrflfr.exe66⤵
-
\??\c:\hnntnb.exec:\hnntnb.exe67⤵
-
\??\c:\djvpp.exec:\djvpp.exe68⤵
-
\??\c:\1rflfrf.exec:\1rflfrf.exe69⤵
-
\??\c:\nnnbhn.exec:\nnnbhn.exe70⤵
-
\??\c:\7jpvv.exec:\7jpvv.exe71⤵
-
\??\c:\3rlrfll.exec:\3rlrfll.exe72⤵
-
\??\c:\nbnbbt.exec:\nbnbbt.exe73⤵
-
\??\c:\djjdj.exec:\djjdj.exe74⤵
-
\??\c:\nnhhbn.exec:\nnhhbn.exe75⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe76⤵
-
\??\c:\5xfrflf.exec:\5xfrflf.exe77⤵
-
\??\c:\bthhtb.exec:\bthhtb.exe78⤵
-
\??\c:\9vdvv.exec:\9vdvv.exe79⤵
-
\??\c:\lxxfflf.exec:\lxxfflf.exe80⤵
-
\??\c:\hhbnhn.exec:\hhbnhn.exe81⤵
-
\??\c:\lfrxlxx.exec:\lfrxlxx.exe82⤵
-
\??\c:\ttnbnt.exec:\ttnbnt.exe83⤵
-
\??\c:\vddjj.exec:\vddjj.exe84⤵
-
\??\c:\5rlrxrf.exec:\5rlrxrf.exe85⤵
-
\??\c:\tntttn.exec:\tntttn.exe86⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe87⤵
-
\??\c:\fllxrfl.exec:\fllxrfl.exe88⤵
-
\??\c:\thtbnn.exec:\thtbnn.exe89⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe90⤵
-
\??\c:\lfllxrr.exec:\lfllxrr.exe91⤵
-
\??\c:\7dvpv.exec:\7dvpv.exe92⤵
-
\??\c:\rfxxxfl.exec:\rfxxxfl.exe93⤵
-
\??\c:\3nthnt.exec:\3nthnt.exe94⤵
-
\??\c:\7jjdd.exec:\7jjdd.exe95⤵
-
\??\c:\xflfflf.exec:\xflfflf.exe96⤵
-
\??\c:\tbbthb.exec:\tbbthb.exe97⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dvjdj.exec:\dvjdj.exe98⤵
-
\??\c:\frxffrf.exec:\frxffrf.exe99⤵
-
\??\c:\tbhtth.exec:\tbhtth.exe100⤵
-
\??\c:\jddjp.exec:\jddjp.exe101⤵
-
\??\c:\rfrlxxf.exec:\rfrlxxf.exe102⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tthbnt.exec:\tthbnt.exe103⤵
-
\??\c:\9pddv.exec:\9pddv.exe104⤵
-
\??\c:\ffxfxfx.exec:\ffxfxfx.exe105⤵
-
\??\c:\tnhtth.exec:\tnhtth.exe106⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe107⤵
-
\??\c:\rlrxrfr.exec:\rlrxrfr.exe108⤵
-
\??\c:\tnbtnh.exec:\tnbtnh.exe109⤵
-
\??\c:\pdppj.exec:\pdppj.exe110⤵
-
\??\c:\rffffxx.exec:\rffffxx.exe111⤵
-
\??\c:\5bthtn.exec:\5bthtn.exe112⤵
-
\??\c:\rrxfxlf.exec:\rrxfxlf.exe113⤵
-
\??\c:\7hhbnt.exec:\7hhbnt.exe114⤵
-
\??\c:\dddjv.exec:\dddjv.exe115⤵
-
\??\c:\llfffrf.exec:\llfffrf.exe116⤵
-
\??\c:\btbthn.exec:\btbthn.exe117⤵
-
\??\c:\5jjjd.exec:\5jjjd.exe118⤵
-
\??\c:\rxxrxrr.exec:\rxxrxrr.exe119⤵
-
\??\c:\1bhthb.exec:\1bhthb.exe120⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-