Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26/12/2024, 18:59
General
-
Target
8d790afbd7117dc2db7f59df25ede17212526262896ed873968f67f9ce596af9.exe
-
Size
67KB
-
MD5
df8b88fb741ef858f4868d7e64e878d5
-
SHA1
89abebe428318bdc93cafae3f4696da2ed37e873
-
SHA256
8d790afbd7117dc2db7f59df25ede17212526262896ed873968f67f9ce596af9
-
SHA512
f98dd9a45af3ce11ae87b70bba0aff668ce62beeca6168703c6847fd84f5bbb3ceac88b16389257efd315eeef66d332513e1778e37e587941df814ce30ef8e6e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxeu:ymb3NkkiQ3mdBjF0y7kbUu
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8d790afbd7117dc2db7f59df25ede17212526262896ed873968f67f9ce596af9.exe"C:\Users\Admin\AppData\Local\Temp\8d790afbd7117dc2db7f59df25ede17212526262896ed873968f67f9ce596af9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvdd.exec:\pvvdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxflr.exec:\rlxxflr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbhnh.exec:\7nbhnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjpj.exec:\3vjpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxllll.exec:\frxllll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbhn.exec:\bnbbhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nhtnn.exec:\7nhtnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpj.exec:\pjvpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlrrf.exec:\frxlrrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxxxl.exec:\rlrxxxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnthb.exec:\hbnthb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pddv.exec:\7pddv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdd.exec:\pjvdd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrxfxf.exec:\lxrxfxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lxffxf.exec:\3lxffxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnttt.exec:\7tnttt.exe17⤵
- Executes dropped EXE
-
\??\c:\vvddj.exec:\vvddj.exe18⤵
- Executes dropped EXE
-
\??\c:\pjpjp.exec:\pjpjp.exe19⤵
- Executes dropped EXE
-
\??\c:\xlxrrrx.exec:\xlxrrrx.exe20⤵
- Executes dropped EXE
-
\??\c:\xlxxxrx.exec:\xlxxxrx.exe21⤵
- Executes dropped EXE
-
\??\c:\bntbhh.exec:\bntbhh.exe22⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe23⤵
- Executes dropped EXE
-
\??\c:\1jvjj.exec:\1jvjj.exe24⤵
- Executes dropped EXE
-
\??\c:\xlxrllr.exec:\xlxrllr.exe25⤵
- Executes dropped EXE
-
\??\c:\lfxfffl.exec:\lfxfffl.exe26⤵
- Executes dropped EXE
-
\??\c:\1bhtbb.exec:\1bhtbb.exe27⤵
- Executes dropped EXE
-
\??\c:\9jdjd.exec:\9jdjd.exe28⤵
- Executes dropped EXE
-
\??\c:\vpvdv.exec:\vpvdv.exe29⤵
- Executes dropped EXE
-
\??\c:\lxfxflr.exec:\lxfxflr.exe30⤵
- Executes dropped EXE
-
\??\c:\3tnnnb.exec:\3tnnnb.exe31⤵
- Executes dropped EXE
-
\??\c:\9hntth.exec:\9hntth.exe32⤵
- Executes dropped EXE
-
\??\c:\jppvv.exec:\jppvv.exe33⤵
- Executes dropped EXE
-
\??\c:\7pvpp.exec:\7pvpp.exe34⤵
- Executes dropped EXE
-
\??\c:\3flffxf.exec:\3flffxf.exe35⤵
- Executes dropped EXE
-
\??\c:\rfrrlll.exec:\rfrrlll.exe36⤵
- Executes dropped EXE
-
\??\c:\7bbttt.exec:\7bbttt.exe37⤵
- Executes dropped EXE
-
\??\c:\tbhtnb.exec:\tbhtnb.exe38⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe39⤵
- Executes dropped EXE
-
\??\c:\3vjvv.exec:\3vjvv.exe40⤵
- Executes dropped EXE
-
\??\c:\xrxrrll.exec:\xrxrrll.exe41⤵
- Executes dropped EXE
-
\??\c:\xlrllff.exec:\xlrllff.exe42⤵
- Executes dropped EXE
-
\??\c:\htttnh.exec:\htttnh.exe43⤵
- Executes dropped EXE
-
\??\c:\ttbhbb.exec:\ttbhbb.exe44⤵
- Executes dropped EXE
-
\??\c:\jvvjd.exec:\jvvjd.exe45⤵
- Executes dropped EXE
-
\??\c:\1vdvp.exec:\1vdvp.exe46⤵
- Executes dropped EXE
-
\??\c:\3flxxrr.exec:\3flxxrr.exe47⤵
- Executes dropped EXE
-
\??\c:\1lrrrrx.exec:\1lrrrrx.exe48⤵
- Executes dropped EXE
-
\??\c:\fxlrxrx.exec:\fxlrxrx.exe49⤵
- Executes dropped EXE
-
\??\c:\htttnb.exec:\htttnb.exe50⤵
- Executes dropped EXE
-
\??\c:\5bhhhn.exec:\5bhhhn.exe51⤵
- Executes dropped EXE
-
\??\c:\jppvv.exec:\jppvv.exe52⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe53⤵
- Executes dropped EXE
-
\??\c:\rlxxxrx.exec:\rlxxxrx.exe54⤵
- Executes dropped EXE
-
\??\c:\fxfxrxr.exec:\fxfxrxr.exe55⤵
- Executes dropped EXE
-
\??\c:\bthhnh.exec:\bthhnh.exe56⤵
- Executes dropped EXE
-
\??\c:\nbhbbt.exec:\nbhbbt.exe57⤵
- Executes dropped EXE
-
\??\c:\jvpdd.exec:\jvpdd.exe58⤵
- Executes dropped EXE
-
\??\c:\dpjvp.exec:\dpjvp.exe59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vjpjp.exec:\vjpjp.exe60⤵
- Executes dropped EXE
-
\??\c:\lxxrrlr.exec:\lxxrrlr.exe61⤵
- Executes dropped EXE
-
\??\c:\rflffxr.exec:\rflffxr.exe62⤵
- Executes dropped EXE
-
\??\c:\hbbttn.exec:\hbbttn.exe63⤵
- Executes dropped EXE
-
\??\c:\hthbtn.exec:\hthbtn.exe64⤵
- Executes dropped EXE
-
\??\c:\jvppv.exec:\jvppv.exe65⤵
- Executes dropped EXE
-
\??\c:\9vpvp.exec:\9vpvp.exe66⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe67⤵
-
\??\c:\lxrrrrl.exec:\lxrrrrl.exe68⤵
-
\??\c:\7rfxrrr.exec:\7rfxrrr.exe69⤵
-
\??\c:\1bbbtt.exec:\1bbbtt.exe70⤵
-
\??\c:\3djpp.exec:\3djpp.exe71⤵
-
\??\c:\5djjp.exec:\5djjp.exe72⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe73⤵
-
\??\c:\rxxllxx.exec:\rxxllxx.exe74⤵
-
\??\c:\rllxfxr.exec:\rllxfxr.exe75⤵
-
\??\c:\hnntnh.exec:\hnntnh.exe76⤵
-
\??\c:\bnthbt.exec:\bnthbt.exe77⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe78⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe79⤵
-
\??\c:\vjpdd.exec:\vjpdd.exe80⤵
-
\??\c:\5flxxlr.exec:\5flxxlr.exe81⤵
-
\??\c:\lflrffl.exec:\lflrffl.exe82⤵
-
\??\c:\nhtbnh.exec:\nhtbnh.exe83⤵
-
\??\c:\thnbtn.exec:\thnbtn.exe84⤵
-
\??\c:\vjjvj.exec:\vjjvj.exe85⤵
-
\??\c:\3pjpp.exec:\3pjpp.exe86⤵
-
\??\c:\7pvdj.exec:\7pvdj.exe87⤵
-
\??\c:\rflfxxf.exec:\rflfxxf.exe88⤵
-
\??\c:\9frllxl.exec:\9frllxl.exe89⤵
-
\??\c:\tbntnh.exec:\tbntnh.exe90⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe91⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe92⤵
-
\??\c:\pdjvp.exec:\pdjvp.exe93⤵
-
\??\c:\7xlflxl.exec:\7xlflxl.exe94⤵
-
\??\c:\rlxxxll.exec:\rlxxxll.exe95⤵
-
\??\c:\thhbbt.exec:\thhbbt.exe96⤵
-
\??\c:\7thhnt.exec:\7thhnt.exe97⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe98⤵
-
\??\c:\3vjdd.exec:\3vjdd.exe99⤵
-
\??\c:\vdjdj.exec:\vdjdj.exe100⤵
-
\??\c:\5xrrlrr.exec:\5xrrlrr.exe101⤵
-
\??\c:\1ffxxrx.exec:\1ffxxrx.exe102⤵
-
\??\c:\htnbhh.exec:\htnbhh.exe103⤵
-
\??\c:\3thttn.exec:\3thttn.exe104⤵
-
\??\c:\3djdd.exec:\3djdd.exe105⤵
-
\??\c:\5jddd.exec:\5jddd.exe106⤵
-
\??\c:\3xllfxl.exec:\3xllfxl.exe107⤵
-
\??\c:\xfrlfxr.exec:\xfrlfxr.exe108⤵
-
\??\c:\9nntbh.exec:\9nntbh.exe109⤵
-
\??\c:\tbnnhh.exec:\tbnnhh.exe110⤵
-
\??\c:\bnnnnn.exec:\bnnnnn.exe111⤵
-
\??\c:\1pjdd.exec:\1pjdd.exe112⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe113⤵
-
\??\c:\lxlfffr.exec:\lxlfffr.exe114⤵
-
\??\c:\xlxxxxf.exec:\xlxxxxf.exe115⤵
-
\??\c:\9htbtn.exec:\9htbtn.exe116⤵
-
\??\c:\nbbbbt.exec:\nbbbbt.exe117⤵
-
\??\c:\pdppj.exec:\pdppj.exe118⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe119⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe120⤵
-
\??\c:\1rrlfxx.exec:\1rrlfxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-