Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
11/01/2025, 06:48
General
-
Target
cf4e40fa9c7f045f3e2116a721dd34a461ffd52b290a15350c29f552d179390c.exe
-
Size
456KB
-
MD5
75ecf0f1e5b5e84fd0676e4a3ce49ae7
-
SHA1
adca04000e1f81a2cf9c2f3151749e272716ead3
-
SHA256
cf4e40fa9c7f045f3e2116a721dd34a461ffd52b290a15350c29f552d179390c
-
SHA512
16b1931a0aa94d411c637cd95b911b5ccb9c36269181fdfec325fec439a9590d97013d913dd33d3a443d0fc34ca8ecd8b0d95a19368ec05df376912bffe6302d
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeo:q7Tc2NYHUrAwfMp3CDo
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 43 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 44 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cf4e40fa9c7f045f3e2116a721dd34a461ffd52b290a15350c29f552d179390c.exe"C:\Users\Admin\AppData\Local\Temp\cf4e40fa9c7f045f3e2116a721dd34a461ffd52b290a15350c29f552d179390c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddvd.exec:\1ddvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxxlf.exec:\frlxxlf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlllrrx.exec:\xlllrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdj.exec:\pjvdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\64060.exec:\64060.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fllrlr.exec:\3fllrlr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4240262.exec:\4240262.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4200606.exec:\4200606.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5llrxlr.exec:\5llrxlr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppv.exec:\dvppv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\802888.exec:\802888.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\864400.exec:\864400.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvj.exec:\jdpvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\80200.exec:\80200.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2684440.exec:\2684440.exe17⤵
- Executes dropped EXE
-
\??\c:\64686.exec:\64686.exe18⤵
- Executes dropped EXE
-
\??\c:\64482.exec:\64482.exe19⤵
- Executes dropped EXE
-
\??\c:\420666.exec:\420666.exe20⤵
- Executes dropped EXE
-
\??\c:\g6884.exec:\g6884.exe21⤵
- Executes dropped EXE
-
\??\c:\7vvvv.exec:\7vvvv.exe22⤵
- Executes dropped EXE
-
\??\c:\802666.exec:\802666.exe23⤵
- Executes dropped EXE
-
\??\c:\k08440.exec:\k08440.exe24⤵
- Executes dropped EXE
-
\??\c:\60228.exec:\60228.exe25⤵
- Executes dropped EXE
-
\??\c:\604088.exec:\604088.exe26⤵
- Executes dropped EXE
-
\??\c:\2028406.exec:\2028406.exe27⤵
- Executes dropped EXE
-
\??\c:\8082226.exec:\8082226.exe28⤵
- Executes dropped EXE
-
\??\c:\m8242.exec:\m8242.exe29⤵
- Executes dropped EXE
-
\??\c:\2088244.exec:\2088244.exe30⤵
- Executes dropped EXE
-
\??\c:\pdjvd.exec:\pdjvd.exe31⤵
- Executes dropped EXE
-
\??\c:\u068620.exec:\u068620.exe32⤵
- Executes dropped EXE
-
\??\c:\jvvpv.exec:\jvvpv.exe33⤵
- Executes dropped EXE
-
\??\c:\tnhhtt.exec:\tnhhtt.exe34⤵
- Executes dropped EXE
-
\??\c:\424804.exec:\424804.exe35⤵
- Executes dropped EXE
-
\??\c:\w26622.exec:\w26622.exe36⤵
- Executes dropped EXE
-
\??\c:\bbbnhn.exec:\bbbnhn.exe37⤵
- Executes dropped EXE
-
\??\c:\hhhtth.exec:\hhhtth.exe38⤵
- Executes dropped EXE
-
\??\c:\jvppd.exec:\jvppd.exe39⤵
- Executes dropped EXE
-
\??\c:\9pdjp.exec:\9pdjp.exe40⤵
- Executes dropped EXE
-
\??\c:\ffrxflx.exec:\ffrxflx.exe41⤵
- Executes dropped EXE
-
\??\c:\a6044.exec:\a6044.exe42⤵
- Executes dropped EXE
-
\??\c:\86840.exec:\86840.exe43⤵
- Executes dropped EXE
-
\??\c:\20848.exec:\20848.exe44⤵
- Executes dropped EXE
-
\??\c:\46604.exec:\46604.exe45⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe46⤵
- Executes dropped EXE
-
\??\c:\80444.exec:\80444.exe47⤵
- Executes dropped EXE
-
\??\c:\3rrxrlf.exec:\3rrxrlf.exe48⤵
- Executes dropped EXE
-
\??\c:\088408.exec:\088408.exe49⤵
- Executes dropped EXE
-
\??\c:\8688680.exec:\8688680.exe50⤵
- Executes dropped EXE
-
\??\c:\648248.exec:\648248.exe51⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe52⤵
- Executes dropped EXE
-
\??\c:\048844.exec:\048844.exe53⤵
- Executes dropped EXE
-
\??\c:\0424280.exec:\0424280.exe54⤵
- Executes dropped EXE
-
\??\c:\lxlfxfr.exec:\lxlfxfr.exe55⤵
- Executes dropped EXE
-
\??\c:\xllxxlf.exec:\xllxxlf.exe56⤵
- Executes dropped EXE
-
\??\c:\0424068.exec:\0424068.exe57⤵
- Executes dropped EXE
-
\??\c:\6428046.exec:\6428046.exe58⤵
- Executes dropped EXE
-
\??\c:\w68284.exec:\w68284.exe59⤵
- Executes dropped EXE
-
\??\c:\rfxxlfr.exec:\rfxxlfr.exe60⤵
- Executes dropped EXE
-
\??\c:\64846.exec:\64846.exe61⤵
- Executes dropped EXE
-
\??\c:\5vvdv.exec:\5vvdv.exe62⤵
- Executes dropped EXE
-
\??\c:\646206.exec:\646206.exe63⤵
- Executes dropped EXE
-
\??\c:\thtntn.exec:\thtntn.exe64⤵
- Executes dropped EXE
-
\??\c:\xxxrllr.exec:\xxxrllr.exe65⤵
- Executes dropped EXE
-
\??\c:\9httnn.exec:\9httnn.exe66⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe67⤵
-
\??\c:\hhnbhn.exec:\hhnbhn.exe68⤵
-
\??\c:\5vpdj.exec:\5vpdj.exe69⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe70⤵
-
\??\c:\xrxfrxx.exec:\xrxfrxx.exe71⤵
-
\??\c:\7hthnt.exec:\7hthnt.exe72⤵
-
\??\c:\hhhnbb.exec:\hhhnbb.exe73⤵
- System Location Discovery: System Language Discovery
-
\??\c:\e22866.exec:\e22866.exe74⤵
-
\??\c:\vvjvv.exec:\vvjvv.exe75⤵
-
\??\c:\w26806.exec:\w26806.exe76⤵
-
\??\c:\1bnnnn.exec:\1bnnnn.exe77⤵
-
\??\c:\486684.exec:\486684.exe78⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe79⤵
-
\??\c:\824288.exec:\824288.exe80⤵
-
\??\c:\jdddp.exec:\jdddp.exe81⤵
-
\??\c:\hnhbhb.exec:\hnhbhb.exe82⤵
-
\??\c:\8684480.exec:\8684480.exe83⤵
-
\??\c:\048448.exec:\048448.exe84⤵
-
\??\c:\0866224.exec:\0866224.exe85⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe86⤵
-
\??\c:\2602406.exec:\2602406.exe87⤵
-
\??\c:\20840.exec:\20840.exe88⤵
-
\??\c:\i006880.exec:\i006880.exe89⤵
-
\??\c:\rrrrflx.exec:\rrrrflx.exe90⤵
-
\??\c:\s0400.exec:\s0400.exe91⤵
-
\??\c:\20240.exec:\20240.exe92⤵
-
\??\c:\3lrrlff.exec:\3lrrlff.exe93⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe94⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tnnbhn.exec:\tnnbhn.exe95⤵
-
\??\c:\26402.exec:\26402.exe96⤵
-
\??\c:\04280.exec:\04280.exe97⤵
-
\??\c:\a4842.exec:\a4842.exe98⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe99⤵
-
\??\c:\68426.exec:\68426.exe100⤵
-
\??\c:\s2000.exec:\s2000.exe101⤵
-
\??\c:\9llrrxl.exec:\9llrrxl.exe102⤵
-
\??\c:\q08028.exec:\q08028.exe103⤵
-
\??\c:\s6688.exec:\s6688.exe104⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe105⤵
-
\??\c:\64662.exec:\64662.exe106⤵
-
\??\c:\g8808.exec:\g8808.exe107⤵
-
\??\c:\q22802.exec:\q22802.exe108⤵
-
\??\c:\o428002.exec:\o428002.exe109⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe110⤵
-
\??\c:\ttnbbh.exec:\ttnbbh.exe111⤵
-
\??\c:\7jdjj.exec:\7jdjj.exe112⤵
-
\??\c:\lfffxfr.exec:\lfffxfr.exe113⤵
-
\??\c:\1jpdv.exec:\1jpdv.exe114⤵
-
\??\c:\rrlxlxl.exec:\rrlxlxl.exe115⤵
-
\??\c:\0866224.exec:\0866224.exe116⤵
-
\??\c:\ffrfrxl.exec:\ffrfrxl.exe117⤵
-
\??\c:\86844.exec:\86844.exe118⤵
-
\??\c:\602622.exec:\602622.exe119⤵
-
\??\c:\046288.exec:\046288.exe120⤵
-
\??\c:\66200.exec:\66200.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-