Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
33s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19/03/2024, 23:24
General
-
Target
a7bf533f1a90f5c4e34b6aa212b9fe9b3930a067e6286944a905dbed2196a700.exe
-
Size
186KB
-
MD5
38be3a5adb22dcd58d4ef375b1953947
-
SHA1
fa18c2f8b8e125bf1ad55172c2fdceaa87a77607
-
SHA256
a7bf533f1a90f5c4e34b6aa212b9fe9b3930a067e6286944a905dbed2196a700
-
SHA512
52ee0069b54a1bd644884e82ca01f4ae4b432bb12451b7b8f77ff6fcd8d53a537379b1cc0dd76fc82364ec90ce21b96298be5799d27816662034ded4b563c43e
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqgT4+IJJIBbS:PhOm2sI93UufdC67ciJTmEbS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 45 IoCs
-
UPX dump on OEP (original entry point) 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a7bf533f1a90f5c4e34b6aa212b9fe9b3930a067e6286944a905dbed2196a700.exe"C:\Users\Admin\AppData\Local\Temp\a7bf533f1a90f5c4e34b6aa212b9fe9b3930a067e6286944a905dbed2196a700.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjbll.exec:\pvjbll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\plrfr.exec:\plrfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hftdd.exec:\hftdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjljb.exec:\pjljb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rvrbn.exec:\rvrbn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rtbnn.exec:\rtbnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfldr.exec:\rfldr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phdbvnf.exec:\phdbvnf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxbltd.exec:\vxbltd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tlpjx.exec:\tlpjx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnrbl.exec:\tnrbl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvprr.exec:\vvprr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lvbbnfd.exec:\lvbbnfd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fnrhn.exec:\fnrhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pnlbtd.exec:\pnlbtd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbpdhf.exec:\bbpdhf.exe17⤵
- Executes dropped EXE
-
\??\c:\nfbrv.exec:\nfbrv.exe18⤵
- Executes dropped EXE
-
\??\c:\nrpntvx.exec:\nrpntvx.exe19⤵
- Executes dropped EXE
-
\??\c:\vdhvfpb.exec:\vdhvfpb.exe20⤵
- Executes dropped EXE
-
\??\c:\rvtbd.exec:\rvtbd.exe21⤵
- Executes dropped EXE
-
\??\c:\hrblt.exec:\hrblt.exe22⤵
- Executes dropped EXE
-
\??\c:\fjlhr.exec:\fjlhr.exe23⤵
- Executes dropped EXE
-
\??\c:\jnfjlx.exec:\jnfjlx.exe24⤵
- Executes dropped EXE
-
\??\c:\hdjtdh.exec:\hdjtdh.exe25⤵
- Executes dropped EXE
-
\??\c:\pfjdlvr.exec:\pfjdlvr.exe26⤵
- Executes dropped EXE
-
\??\c:\ffjlf.exec:\ffjlf.exe27⤵
- Executes dropped EXE
-
\??\c:\vvdjjtr.exec:\vvdjjtr.exe28⤵
- Executes dropped EXE
-
\??\c:\bpbhhrd.exec:\bpbhhrd.exe29⤵
- Executes dropped EXE
-
\??\c:\jblhxv.exec:\jblhxv.exe30⤵
- Executes dropped EXE
-
\??\c:\rpddv.exec:\rpddv.exe31⤵
- Executes dropped EXE
-
\??\c:\vxfxnd.exec:\vxfxnd.exe32⤵
- Executes dropped EXE
-
\??\c:\brrrvvl.exec:\brrrvvl.exe33⤵
- Executes dropped EXE
-
\??\c:\xfxvr.exec:\xfxvr.exe34⤵
- Executes dropped EXE
-
\??\c:\rptrfjl.exec:\rptrfjl.exe35⤵
- Executes dropped EXE
-
\??\c:\bdvph.exec:\bdvph.exe36⤵
- Executes dropped EXE
-
\??\c:\hpdjxbt.exec:\hpdjxbt.exe37⤵
- Executes dropped EXE
-
\??\c:\vjxvtv.exec:\vjxvtv.exe38⤵
- Executes dropped EXE
-
\??\c:\xtjfd.exec:\xtjfd.exe39⤵
- Executes dropped EXE
-
\??\c:\jbfffx.exec:\jbfffx.exe40⤵
- Executes dropped EXE
-
\??\c:\fpjnxp.exec:\fpjnxp.exe41⤵
- Executes dropped EXE
-
\??\c:\xhbvx.exec:\xhbvx.exe42⤵
- Executes dropped EXE
-
\??\c:\xlxfrrr.exec:\xlxfrrr.exe43⤵
- Executes dropped EXE
-
\??\c:\prvhf.exec:\prvhf.exe44⤵
- Executes dropped EXE
-
\??\c:\fdndb.exec:\fdndb.exe45⤵
- Executes dropped EXE
-
\??\c:\btvlt.exec:\btvlt.exe46⤵
- Executes dropped EXE
-
\??\c:\drxpx.exec:\drxpx.exe47⤵
- Executes dropped EXE
-
\??\c:\rlrtrv.exec:\rlrtrv.exe48⤵
- Executes dropped EXE
-
\??\c:\lrnplt.exec:\lrnplt.exe49⤵
- Executes dropped EXE
-
\??\c:\ttjbl.exec:\ttjbl.exe50⤵
- Executes dropped EXE
-
\??\c:\txftfjd.exec:\txftfjd.exe51⤵
- Executes dropped EXE
-
\??\c:\hrhvdfj.exec:\hrhvdfj.exe52⤵
- Executes dropped EXE
-
\??\c:\lvdpnpx.exec:\lvdpnpx.exe53⤵
- Executes dropped EXE
-
\??\c:\jjjjfhv.exec:\jjjjfhv.exe54⤵
- Executes dropped EXE
-
\??\c:\bdpbpnl.exec:\bdpbpnl.exe55⤵
- Executes dropped EXE
-
\??\c:\xvvvr.exec:\xvvvr.exe56⤵
- Executes dropped EXE
-
\??\c:\pfvdvtb.exec:\pfvdvtb.exe57⤵
- Executes dropped EXE
-
\??\c:\jlxrnj.exec:\jlxrnj.exe58⤵
- Executes dropped EXE
-
\??\c:\jrfvvp.exec:\jrfvvp.exe59⤵
- Executes dropped EXE
-
\??\c:\lbvfxph.exec:\lbvfxph.exe60⤵
- Executes dropped EXE
-
\??\c:\htntvr.exec:\htntvr.exe61⤵
- Executes dropped EXE
-
\??\c:\jnthf.exec:\jnthf.exe62⤵
- Executes dropped EXE
-
\??\c:\hnrhp.exec:\hnrhp.exe63⤵
- Executes dropped EXE
-
\??\c:\ptxfxp.exec:\ptxfxp.exe64⤵
- Executes dropped EXE
-
\??\c:\prvllb.exec:\prvllb.exe65⤵
- Executes dropped EXE
-
\??\c:\rljvrd.exec:\rljvrd.exe66⤵
-
\??\c:\xxhxr.exec:\xxhxr.exe67⤵
-
\??\c:\jfnrbd.exec:\jfnrbd.exe68⤵
-
\??\c:\fppjr.exec:\fppjr.exe69⤵
-
\??\c:\tlfdtv.exec:\tlfdtv.exe70⤵
-
\??\c:\xlfdll.exec:\xlfdll.exe71⤵
-
\??\c:\vrnfx.exec:\vrnfx.exe72⤵
-
\??\c:\jhnxrv.exec:\jhnxrv.exe73⤵
-
\??\c:\tlxrdpb.exec:\tlxrdpb.exe74⤵
-
\??\c:\hjrxdld.exec:\hjrxdld.exe75⤵
-
\??\c:\lndvl.exec:\lndvl.exe76⤵
-
\??\c:\prxxnbr.exec:\prxxnbr.exe77⤵
-
\??\c:\ljpjl.exec:\ljpjl.exe78⤵
-
\??\c:\pfxppl.exec:\pfxppl.exe79⤵
-
\??\c:\jrvvdb.exec:\jrvvdb.exe80⤵
-
\??\c:\xjxxf.exec:\xjxxf.exe81⤵
-
\??\c:\jhjphd.exec:\jhjphd.exe82⤵
-
\??\c:\tbnffdj.exec:\tbnffdj.exe83⤵
-
\??\c:\flldjv.exec:\flldjv.exe84⤵
-
\??\c:\lfljtd.exec:\lfljtd.exe85⤵
-
\??\c:\vnjplx.exec:\vnjplx.exe86⤵
-
\??\c:\bfrxx.exec:\bfrxx.exe87⤵
-
\??\c:\tdhxthf.exec:\tdhxthf.exe88⤵
-
\??\c:\fvlpffj.exec:\fvlpffj.exe89⤵
-
\??\c:\vbnfrj.exec:\vbnfrj.exe90⤵
-
\??\c:\xnvjxp.exec:\xnvjxp.exe91⤵
-
\??\c:\pldjt.exec:\pldjt.exe92⤵
-
\??\c:\jjbvddt.exec:\jjbvddt.exe93⤵
-
\??\c:\nvdbfdr.exec:\nvdbfdr.exe94⤵
-
\??\c:\jrrnjr.exec:\jrrnjr.exe95⤵
-
\??\c:\fvfrj.exec:\fvfrj.exe96⤵
-
\??\c:\vvrtjf.exec:\vvrtjf.exe97⤵
-
\??\c:\jhlvb.exec:\jhlvb.exe98⤵
-
\??\c:\vbptxn.exec:\vbptxn.exe99⤵
-
\??\c:\pfbftfn.exec:\pfbftfn.exe100⤵
-
\??\c:\fjrnpp.exec:\fjrnpp.exe101⤵
-
\??\c:\rxfjjxd.exec:\rxfjjxd.exe102⤵
-
\??\c:\rlfhxdd.exec:\rlfhxdd.exe103⤵
-
\??\c:\dpdrrj.exec:\dpdrrj.exe104⤵
-
\??\c:\fxxnbfb.exec:\fxxnbfb.exe105⤵
-
\??\c:\nllfp.exec:\nllfp.exe106⤵
-
\??\c:\bbtxd.exec:\bbtxd.exe107⤵
-
\??\c:\bxfrbnv.exec:\bxfrbnv.exe108⤵
-
\??\c:\xvtvxhn.exec:\xvtvxhn.exe109⤵
-
\??\c:\rnvjbrx.exec:\rnvjbrx.exe110⤵
-
\??\c:\ntvtl.exec:\ntvtl.exe111⤵
-
\??\c:\drhvxj.exec:\drhvxj.exe112⤵
-
\??\c:\bppdt.exec:\bppdt.exe113⤵
-
\??\c:\ldpdn.exec:\ldpdn.exe114⤵
-
\??\c:\fpnpn.exec:\fpnpn.exe115⤵
-
\??\c:\dttfrf.exec:\dttfrf.exe116⤵
-
\??\c:\hrrjdfr.exec:\hrrjdfr.exe117⤵
-
\??\c:\vpxvxb.exec:\vpxvxb.exe118⤵
-
\??\c:\lftjj.exec:\lftjj.exe119⤵
-
\??\c:\tvfbhp.exec:\tvfbhp.exe120⤵
-
\??\c:\pbnrpp.exec:\pbnrpp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-