Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
26/12/2024, 20:02
General
-
Target
e2141fccba45c56f96bba970b2023703604d2e9225479116dd7c7864b7c5d732N.exe
-
Size
454KB
-
MD5
239124d408e5a805c3897886f2266c20
-
SHA1
90e7ec9080d3957f94256c388f89e4409511d02e
-
SHA256
e2141fccba45c56f96bba970b2023703604d2e9225479116dd7c7864b7c5d732
-
SHA512
a77fa70ce2aa3e39c66198e36c2ff797efa9b242b3f64e7b8f8cdd6b3291263e5e431d5e9e9398c4cb2d839c57aa44a9339211a43c87eb1476510424b68161ca
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeM:q7Tc2NYHUrAwfMp3CDM
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 43 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2141fccba45c56f96bba970b2023703604d2e9225479116dd7c7864b7c5d732N.exe"C:\Users\Admin\AppData\Local\Temp\e2141fccba45c56f96bba970b2023703604d2e9225479116dd7c7864b7c5d732N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttbt.exec:\hhttbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ntnnt.exec:\7ntnnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrfxx.exec:\ffrrfxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdjp.exec:\vvdjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lfxffl.exec:\7lfxffl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbbhh.exec:\7nbbhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnth.exec:\hbnnth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbnbh.exec:\ttbnbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjd.exec:\ppdjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbhnb.exec:\3tbhnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvd.exec:\dpjvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttbh.exec:\nnttbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvdp.exec:\jjvdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllllrx.exec:\lllllrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvd.exec:\jjvvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rfflrx.exec:\1rfflrx.exe17⤵
- Executes dropped EXE
-
\??\c:\1rxlfxl.exec:\1rxlfxl.exe18⤵
- Executes dropped EXE
-
\??\c:\llrflxf.exec:\llrflxf.exe19⤵
- Executes dropped EXE
-
\??\c:\tnbbbh.exec:\tnbbbh.exe20⤵
- Executes dropped EXE
-
\??\c:\1lfxlrx.exec:\1lfxlrx.exe21⤵
- Executes dropped EXE
-
\??\c:\bbbhhn.exec:\bbbhhn.exe22⤵
- Executes dropped EXE
-
\??\c:\fxllflr.exec:\fxllflr.exe23⤵
- Executes dropped EXE
-
\??\c:\bntbth.exec:\bntbth.exe24⤵
- Executes dropped EXE
-
\??\c:\lrxxflr.exec:\lrxxflr.exe25⤵
- Executes dropped EXE
-
\??\c:\hbthnt.exec:\hbthnt.exe26⤵
- Executes dropped EXE
-
\??\c:\nnbhbh.exec:\nnbhbh.exe27⤵
- Executes dropped EXE
-
\??\c:\3jddv.exec:\3jddv.exe28⤵
- Executes dropped EXE
-
\??\c:\3thnbh.exec:\3thnbh.exe29⤵
- Executes dropped EXE
-
\??\c:\ddjpv.exec:\ddjpv.exe30⤵
- Executes dropped EXE
-
\??\c:\7tbhth.exec:\7tbhth.exe31⤵
- Executes dropped EXE
-
\??\c:\vdvdp.exec:\vdvdp.exe32⤵
- Executes dropped EXE
-
\??\c:\djpdv.exec:\djpdv.exe33⤵
- Executes dropped EXE
-
\??\c:\lrrfxfl.exec:\lrrfxfl.exe34⤵
- Executes dropped EXE
-
\??\c:\hbnnnt.exec:\hbnnnt.exe35⤵
- Executes dropped EXE
-
\??\c:\9djpd.exec:\9djpd.exe36⤵
- Executes dropped EXE
-
\??\c:\xrlllff.exec:\xrlllff.exe37⤵
- Executes dropped EXE
-
\??\c:\htnnhh.exec:\htnnhh.exe38⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe39⤵
- Executes dropped EXE
-
\??\c:\ffxxlfr.exec:\ffxxlfr.exe40⤵
- Executes dropped EXE
-
\??\c:\nnbbnt.exec:\nnbbnt.exe41⤵
- Executes dropped EXE
-
\??\c:\5jvjp.exec:\5jvjp.exe42⤵
- Executes dropped EXE
-
\??\c:\rflxlrx.exec:\rflxlrx.exe43⤵
- Executes dropped EXE
-
\??\c:\bhntbn.exec:\bhntbn.exe44⤵
- Executes dropped EXE
-
\??\c:\bhntbh.exec:\bhntbh.exe45⤵
- Executes dropped EXE
-
\??\c:\vpvjj.exec:\vpvjj.exe46⤵
- Executes dropped EXE
-
\??\c:\3nbhnb.exec:\3nbhnb.exe47⤵
- Executes dropped EXE
-
\??\c:\hnhnbb.exec:\hnhnbb.exe48⤵
- Executes dropped EXE
-
\??\c:\pvjpj.exec:\pvjpj.exe49⤵
- Executes dropped EXE
-
\??\c:\flxxflx.exec:\flxxflx.exe50⤵
- Executes dropped EXE
-
\??\c:\bhtbnb.exec:\bhtbnb.exe51⤵
- Executes dropped EXE
-
\??\c:\vpjjj.exec:\vpjjj.exe52⤵
- Executes dropped EXE
-
\??\c:\rfxrlfx.exec:\rfxrlfx.exe53⤵
- Executes dropped EXE
-
\??\c:\ffrffxr.exec:\ffrffxr.exe54⤵
- Executes dropped EXE
-
\??\c:\5btthh.exec:\5btthh.exe55⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dpjjd.exec:\dpjjd.exe56⤵
- Executes dropped EXE
-
\??\c:\3rlrrxr.exec:\3rlrrxr.exe57⤵
- Executes dropped EXE
-
\??\c:\hbntht.exec:\hbntht.exe58⤵
- Executes dropped EXE
-
\??\c:\7pjjv.exec:\7pjjv.exe59⤵
- Executes dropped EXE
-
\??\c:\lxrfrfx.exec:\lxrfrfx.exe60⤵
- Executes dropped EXE
-
\??\c:\tbhhth.exec:\tbhhth.exe61⤵
- Executes dropped EXE
-
\??\c:\hththt.exec:\hththt.exe62⤵
- Executes dropped EXE
-
\??\c:\vvpvp.exec:\vvpvp.exe63⤵
- Executes dropped EXE
-
\??\c:\fxxrflf.exec:\fxxrflf.exe64⤵
- Executes dropped EXE
-
\??\c:\7nntbb.exec:\7nntbb.exe65⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe66⤵
-
\??\c:\ffrfrxr.exec:\ffrfrxr.exe67⤵
-
\??\c:\lrllxlx.exec:\lrllxlx.exe68⤵
-
\??\c:\3btbtb.exec:\3btbtb.exe69⤵
-
\??\c:\7dpvv.exec:\7dpvv.exe70⤵
-
\??\c:\llxrfxf.exec:\llxrfxf.exe71⤵
-
\??\c:\7tnnbt.exec:\7tnnbt.exe72⤵
-
\??\c:\1nhhtb.exec:\1nhhtb.exe73⤵
-
\??\c:\3dpdp.exec:\3dpdp.exe74⤵
-
\??\c:\9lrxlrl.exec:\9lrxlrl.exe75⤵
-
\??\c:\hhtbhn.exec:\hhtbhn.exe76⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe77⤵
-
\??\c:\djvvj.exec:\djvvj.exe78⤵
-
\??\c:\hhnnth.exec:\hhnnth.exe79⤵
-
\??\c:\hnbhth.exec:\hnbhth.exe80⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe81⤵
-
\??\c:\xrflxxl.exec:\xrflxxl.exe82⤵
-
\??\c:\tthtnb.exec:\tthtnb.exe83⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe84⤵
-
\??\c:\pvppj.exec:\pvppj.exe85⤵
-
\??\c:\3ffxlrl.exec:\3ffxlrl.exe86⤵
-
\??\c:\tbthtt.exec:\tbthtt.exe87⤵
-
\??\c:\dpjpj.exec:\dpjpj.exe88⤵
-
\??\c:\lflrllf.exec:\lflrllf.exe89⤵
-
\??\c:\tnhtnt.exec:\tnhtnt.exe90⤵
-
\??\c:\hhhnbh.exec:\hhhnbh.exe91⤵
-
\??\c:\djdpd.exec:\djdpd.exe92⤵
-
\??\c:\lfrrffr.exec:\lfrrffr.exe93⤵
-
\??\c:\xxrffrx.exec:\xxrffrx.exe94⤵
-
\??\c:\nthhnt.exec:\nthhnt.exe95⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe96⤵
-
\??\c:\3fxfrfr.exec:\3fxfrfr.exe97⤵
-
\??\c:\7xrxrfr.exec:\7xrxrfr.exe98⤵
-
\??\c:\hhnntt.exec:\hhnntt.exe99⤵
-
\??\c:\9rflrxl.exec:\9rflrxl.exe100⤵
-
\??\c:\hhthnt.exec:\hhthnt.exe101⤵
-
\??\c:\ttnntb.exec:\ttnntb.exe102⤵
-
\??\c:\pvppd.exec:\pvppd.exe103⤵
-
\??\c:\7fxrflr.exec:\7fxrflr.exe104⤵
-
\??\c:\xfrxfrx.exec:\xfrxfrx.exe105⤵
-
\??\c:\3thntb.exec:\3thntb.exe106⤵
-
\??\c:\9vppv.exec:\9vppv.exe107⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe108⤵
-
\??\c:\rxrrxfx.exec:\rxrrxfx.exe109⤵
-
\??\c:\bbntht.exec:\bbntht.exe110⤵
-
\??\c:\jpvdp.exec:\jpvdp.exe111⤵
-
\??\c:\1pdpj.exec:\1pdpj.exe112⤵
-
\??\c:\ffflrxl.exec:\ffflrxl.exe113⤵
-
\??\c:\ttnbnb.exec:\ttnbnb.exe114⤵
-
\??\c:\9hnbnb.exec:\9hnbnb.exe115⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe116⤵
-
\??\c:\rxrxlrl.exec:\rxrxlrl.exe117⤵
-
\??\c:\hnnttb.exec:\hnnttb.exe118⤵
-
\??\c:\hbbhtn.exec:\hbbhtn.exe119⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe120⤵
-
\??\c:\1flrxxf.exec:\1flrxxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-