Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
109s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
13/10/2023, 20:32
General
-
Target
NEAS.9730a3a4057d957a8c5ad124f46f4120.exe
-
Size
87KB
-
MD5
9730a3a4057d957a8c5ad124f46f4120
-
SHA1
cc3425224fd9db2502bef03fc76e06547cb7d8f5
-
SHA256
617e0d9d77d1b193ee9119b82f73f6c0da2ea7ec8229b78567f0223e0bfa1aa6
-
SHA512
c2364d7dfe0f8967b2297d8ee9004fa70174de8df1917dff6475d9f2e11041b4af80aac97392f67a334775f1094a1873b3c3eb734d34e2c3ee35f9e23eedb81b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDWiekja1br3GGBxfotIChPzBW:ymb3NkkiQ3mdBjFWXkj7afouZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.9730a3a4057d957a8c5ad124f46f4120.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.9730a3a4057d957a8c5ad124f46f4120.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bpvlhd.exec:\bpvlhd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vfphtfn.exec:\vfphtfn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xthlv.exec:\xthlv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xnvhbr.exec:\xnvhbr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vldfdvr.exec:\vldfdvr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjtlfnb.exec:\vjtlfnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjbnbnt.exec:\hjbnbnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hpvjn.exec:\hpvjn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xpptdp.exec:\xpptdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fndfh.exec:\fndfh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntrbl.exec:\nntrbl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvlptl.exec:\pjvlptl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdbhb.exec:\jdbhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xtxvfjh.exec:\xtxvfjh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfp.exec:\fxxfp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbdjtn.exec:\bbdjtn.exe17⤵
- Executes dropped EXE
-
\??\c:\dlnnl.exec:\dlnnl.exe18⤵
- Executes dropped EXE
-
\??\c:\rfdfxll.exec:\rfdfxll.exe19⤵
- Executes dropped EXE
-
\??\c:\txhvvht.exec:\txhvvht.exe20⤵
- Executes dropped EXE
-
\??\c:\bjhrtfh.exec:\bjhrtfh.exe21⤵
- Executes dropped EXE
-
\??\c:\bnvvv.exec:\bnvvv.exe22⤵
- Executes dropped EXE
-
\??\c:\fthhr.exec:\fthhr.exe23⤵
- Executes dropped EXE
-
\??\c:\jbdbhv.exec:\jbdbhv.exe24⤵
- Executes dropped EXE
-
\??\c:\xlrvrj.exec:\xlrvrj.exe25⤵
- Executes dropped EXE
-
\??\c:\rjdbl.exec:\rjdbl.exe26⤵
- Executes dropped EXE
-
\??\c:\dhxlvhl.exec:\dhxlvhl.exe27⤵
- Executes dropped EXE
-
\??\c:\hdldp.exec:\hdldp.exe28⤵
- Executes dropped EXE
-
\??\c:\xpndf.exec:\xpndf.exe29⤵
- Executes dropped EXE
-
\??\c:\trvxhp.exec:\trvxhp.exe30⤵
- Executes dropped EXE
-
\??\c:\rhffxfn.exec:\rhffxfn.exe31⤵
- Executes dropped EXE
-
\??\c:\drbpjj.exec:\drbpjj.exe32⤵
- Executes dropped EXE
-
\??\c:\lnnrt.exec:\lnnrt.exe33⤵
- Executes dropped EXE
-
\??\c:\rpjnnr.exec:\rpjnnr.exe34⤵
-
\??\c:\fppdv.exec:\fppdv.exe35⤵
- Executes dropped EXE
-
\??\c:\thnvjxb.exec:\thnvjxb.exe36⤵
- Executes dropped EXE
-
\??\c:\fjvbd.exec:\fjvbd.exe37⤵
- Executes dropped EXE
-
\??\c:\bxbhx.exec:\bxbhx.exe38⤵
- Executes dropped EXE
-
\??\c:\jnjtjxf.exec:\jnjtjxf.exe39⤵
- Executes dropped EXE
-
\??\c:\tlhdrbf.exec:\tlhdrbf.exe40⤵
- Executes dropped EXE
-
\??\c:\rhlbt.exec:\rhlbt.exe41⤵
- Executes dropped EXE
-
\??\c:\pbhxxb.exec:\pbhxxb.exe42⤵
- Executes dropped EXE
-
\??\c:\ptndn.exec:\ptndn.exe43⤵
- Executes dropped EXE
-
\??\c:\dtbdljn.exec:\dtbdljn.exe44⤵
- Executes dropped EXE
-
\??\c:\ldbhh.exec:\ldbhh.exe45⤵
- Executes dropped EXE
-
\??\c:\hrtvl.exec:\hrtvl.exe46⤵
- Executes dropped EXE
-
\??\c:\pppxnd.exec:\pppxnd.exe47⤵
- Executes dropped EXE
-
\??\c:\ppdjhdp.exec:\ppdjhdp.exe48⤵
- Executes dropped EXE
-
\??\c:\bjpvb.exec:\bjpvb.exe49⤵
- Executes dropped EXE
-
\??\c:\bhjbrhl.exec:\bhjbrhl.exe50⤵
- Executes dropped EXE
-
\??\c:\fvnrd.exec:\fvnrd.exe51⤵
- Executes dropped EXE
-
\??\c:\pxhbtl.exec:\pxhbtl.exe52⤵
- Executes dropped EXE
-
\??\c:\xhbtr.exec:\xhbtr.exe53⤵
- Executes dropped EXE
-
\??\c:\vxdtd.exec:\vxdtd.exe54⤵
- Executes dropped EXE
-
\??\c:\rvpbrh.exec:\rvpbrh.exe55⤵
- Executes dropped EXE
-
\??\c:\xpbrvpb.exec:\xpbrvpb.exe56⤵
- Executes dropped EXE
-
\??\c:\nhdxx.exec:\nhdxx.exe57⤵
- Executes dropped EXE
-
\??\c:\rxhtv.exec:\rxhtv.exe58⤵
- Executes dropped EXE
-
\??\c:\vltndp.exec:\vltndp.exe59⤵
- Executes dropped EXE
-
\??\c:\pvtbhx.exec:\pvtbhx.exe60⤵
- Executes dropped EXE
-
\??\c:\ftdfn.exec:\ftdfn.exe61⤵
- Executes dropped EXE
-
\??\c:\drhffn.exec:\drhffn.exe62⤵
- Executes dropped EXE
-
\??\c:\htffj.exec:\htffj.exe63⤵
- Executes dropped EXE
-
\??\c:\jrppddx.exec:\jrppddx.exe64⤵
- Executes dropped EXE
-
\??\c:\rlxbt.exec:\rlxbt.exe65⤵
- Executes dropped EXE
-
\??\c:\hdnld.exec:\hdnld.exe66⤵
- Executes dropped EXE
-
\??\c:\fddpt.exec:\fddpt.exe67⤵
-
\??\c:\rdlrlhp.exec:\rdlrlhp.exe68⤵
-
\??\c:\vpdpr.exec:\vpdpr.exe69⤵
-
\??\c:\pptvrpv.exec:\pptvrpv.exe70⤵
-
\??\c:\dpfxbtr.exec:\dpfxbtr.exe71⤵
-
\??\c:\pnppxjv.exec:\pnppxjv.exe72⤵
-
\??\c:\tvbppt.exec:\tvbppt.exe73⤵
-
\??\c:\pfpnlfr.exec:\pfpnlfr.exe74⤵
-
\??\c:\bpnlhpd.exec:\bpnlhpd.exe75⤵
-
\??\c:\lrxtr.exec:\lrxtr.exe76⤵
-
\??\c:\ddjfx.exec:\ddjfx.exe77⤵
-
\??\c:\rvtrxbp.exec:\rvtrxbp.exe78⤵
-
\??\c:\rdrxjr.exec:\rdrxjr.exe79⤵
-
\??\c:\xfdflr.exec:\xfdflr.exe80⤵
-
\??\c:\dhrprfx.exec:\dhrprfx.exe81⤵
-
\??\c:\tnphj.exec:\tnphj.exe82⤵
-
\??\c:\bntxj.exec:\bntxj.exe83⤵
-
\??\c:\rrnjfpx.exec:\rrnjfpx.exe84⤵
-
\??\c:\plxhxn.exec:\plxhxn.exe85⤵
-
\??\c:\rljhjl.exec:\rljhjl.exe86⤵
-
\??\c:\jdhtdvx.exec:\jdhtdvx.exe87⤵
-
\??\c:\dnrnh.exec:\dnrnh.exe88⤵
-
\??\c:\hhrpxjp.exec:\hhrpxjp.exe89⤵
-
\??\c:\tbtllnt.exec:\tbtllnt.exe90⤵
-
\??\c:\rrrhf.exec:\rrrhf.exe91⤵
-
\??\c:\pxpxbbr.exec:\pxpxbbr.exe92⤵
-
\??\c:\rnvtd.exec:\rnvtd.exe93⤵
-
\??\c:\fxftnlf.exec:\fxftnlf.exe94⤵
-
\??\c:\lxhbl.exec:\lxhbl.exe95⤵
-
\??\c:\xxpdpdb.exec:\xxpdpdb.exe96⤵
-
\??\c:\thtfxl.exec:\thtfxl.exe97⤵
-
\??\c:\hvhbd.exec:\hvhbd.exe98⤵
-
\??\c:\hbxrhd.exec:\hbxrhd.exe99⤵
-
\??\c:\ldhjdd.exec:\ldhjdd.exe100⤵
-
\??\c:\nrndjr.exec:\nrndjr.exe101⤵
-
\??\c:\jrvpft.exec:\jrvpft.exe102⤵
-
\??\c:\hrvrv.exec:\hrvrv.exe103⤵
-
\??\c:\blptv.exec:\blptv.exe104⤵
-
\??\c:\hvvvnb.exec:\hvvvnb.exe105⤵
-
\??\c:\jfvnpr.exec:\jfvnpr.exe106⤵
-
\??\c:\vxlbxp.exec:\vxlbxp.exe107⤵
-
\??\c:\rhfnx.exec:\rhfnx.exe108⤵
-
\??\c:\hhffvtt.exec:\hhffvtt.exe109⤵
-
\??\c:\ltpfj.exec:\ltpfj.exe110⤵
-
\??\c:\tjflbt.exec:\tjflbt.exe111⤵
-
\??\c:\hfbthbv.exec:\hfbthbv.exe112⤵
-
\??\c:\dhjpr.exec:\dhjpr.exe113⤵
-
\??\c:\fnlhh.exec:\fnlhh.exe114⤵
-
\??\c:\rpnhtj.exec:\rpnhtj.exe115⤵
-
\??\c:\tdhvtx.exec:\tdhvtx.exe116⤵
-
\??\c:\jnpfjvn.exec:\jnpfjvn.exe117⤵
-
\??\c:\dbplv.exec:\dbplv.exe118⤵
-
\??\c:\lnfjb.exec:\lnfjb.exe119⤵
-
\??\c:\ljhhn.exec:\ljhhn.exe120⤵
-
\??\c:\ptlxxn.exec:\ptlxxn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-