Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
300s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
18/03/2025, 05:16
General
-
Target
786a239ae39c35117b5388ec4d7705898c5d1f3192c237f68be8db6f332b1a22.exe
-
Size
396KB
-
MD5
bec7c9faf5bb63cdc51302fe0ea5e002
-
SHA1
715d1d2cf44a04d8522bf6eef3721df1c26eafe3
-
SHA256
786a239ae39c35117b5388ec4d7705898c5d1f3192c237f68be8db6f332b1a22
-
SHA512
18739b242b3a74406958f00225d5e28ea6021acc6e7c4e226aecd8956f13fc826223e7ce526ca7f96582a143ef880b228637bf4b24757c7b15c98e4603d1c10f
-
SSDEEP
6144:7vbuWQu/cuaS2l8iE0B55FrJJJekPdb5J22l:7vqWQub2lrE0B55FpekPdb/22l
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\786a239ae39c35117b5388ec4d7705898c5d1f3192c237f68be8db6f332b1a22.exe"C:\Users\Admin\AppData\Local\Temp\786a239ae39c35117b5388ec4d7705898c5d1f3192c237f68be8db6f332b1a22.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Syslemmxmce.exe"C:\Users\Admin\AppData\Local\Temp\Syslemmxmce.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
71KB
MD583142242e97b8953c386f988aa694e4a
SHA1833ed12fc15b356136dcdd27c61a50f59c5c7d50
SHA256d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755
SHA512bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10
-
Filesize
396KB
MD583ea8d6727682d283bf74725bd855a05
SHA113099e35557bf90b32c17627b3a55d2c1454f1a9
SHA256efad552bfec7951f18cd1716a35bf95e548b4e2603bf289e7e81d84138188836
SHA5127cc614d294a29a81d25d170219dfebf231aeb931c2d9293830bc43d3fc8fb01a0c5c18a45a1772128c5bfc6592cde1eaf4f60fec1f41c936503df58e5b052fd7
-
Filesize
183KB
MD5109cab5505f5e065b63d01361467a83b
SHA14ed78955b9272a9ed689b51bf2bf4a86a25e53fc
SHA256ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673
SHA512753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc
-
Filesize
102B
MD538e573fac354271844137cc55e09b34e
SHA1905c43906d277227ccc2e1a2bed33a44269d4655
SHA256a0b303cb2d365f5412329c87a505c707c67f40804208526b3ec20bd1ca50a5d7
SHA51252a3bb75cb648594c08bce3a68a5bd5924a6ea847f85bc6bd02be1d569ae16368fb473c0abd4f5dedbc2ee4181ca68b2f52e2888c61c979c891bf432390e631a