Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
21/05/2024, 02:19
General
-
Target
a5cd8159bd049e1717fea530136cbb8ab8eae8bb6358bd281e448cb21e41d468.exe
-
Size
363KB
-
MD5
ad4f6b9ace9998795638cb8b347249f8
-
SHA1
6a847e8f4fe7d25a78e3281a5669154190775d9c
-
SHA256
a5cd8159bd049e1717fea530136cbb8ab8eae8bb6358bd281e448cb21e41d468
-
SHA512
aa9b9a9b2cf468c0bd8e7b87c1b21871e4b0a78bc31fbdf1b0a950cd731554d9c737dfb4f4398e1cb7e6b3f90b912ca639624d8834102cf17f013389726f7558
-
SSDEEP
6144:9cm4FmowdHoSdSyEAxyx/ZrTTr4qIMgE81:/4wFHoSQuxy3rTXIM181
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 53 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a5cd8159bd049e1717fea530136cbb8ab8eae8bb6358bd281e448cb21e41d468.exe"C:\Users\Admin\AppData\Local\Temp\a5cd8159bd049e1717fea530136cbb8ab8eae8bb6358bd281e448cb21e41d468.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrnxd.exec:\xrnxd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fvnpdx.exec:\fvnpdx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddbxj.exec:\ddbxj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrlxft.exec:\hrlxft.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfnhxxd.exec:\lfnhxxd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rtpjbv.exec:\rtpjbv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dflnjpn.exec:\dflnjpn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nlfdnrt.exec:\nlfdnrt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tdtrh.exec:\tdtrh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjtrl.exec:\tjtrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnnlvl.exec:\ntnnlvl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxnrdtd.exec:\vxnrdtd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bvjbbhv.exec:\bvjbbhv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hprhffx.exec:\hprhffx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvbdn.exec:\xvbdn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vnxtn.exec:\vnxtn.exe17⤵
- Executes dropped EXE
-
\??\c:\dvphtd.exec:\dvphtd.exe18⤵
- Executes dropped EXE
-
\??\c:\lvhljx.exec:\lvhljx.exe19⤵
- Executes dropped EXE
-
\??\c:\rrnpdjd.exec:\rrnpdjd.exe20⤵
- Executes dropped EXE
-
\??\c:\fhrhrvt.exec:\fhrhrvt.exe21⤵
- Executes dropped EXE
-
\??\c:\vnbtdf.exec:\vnbtdf.exe22⤵
- Executes dropped EXE
-
\??\c:\nltxrxr.exec:\nltxrxr.exe23⤵
- Executes dropped EXE
-
\??\c:\jplvjp.exec:\jplvjp.exe24⤵
- Executes dropped EXE
-
\??\c:\njttp.exec:\njttp.exe25⤵
- Executes dropped EXE
-
\??\c:\vxfplh.exec:\vxfplh.exe26⤵
- Executes dropped EXE
-
\??\c:\dtdrt.exec:\dtdrt.exe27⤵
- Executes dropped EXE
-
\??\c:\vlrbvnh.exec:\vlrbvnh.exe28⤵
- Executes dropped EXE
-
\??\c:\xblhtl.exec:\xblhtl.exe29⤵
- Executes dropped EXE
-
\??\c:\xxflj.exec:\xxflj.exe30⤵
- Executes dropped EXE
-
\??\c:\tlnph.exec:\tlnph.exe31⤵
- Executes dropped EXE
-
\??\c:\ndtljl.exec:\ndtljl.exe32⤵
- Executes dropped EXE
-
\??\c:\bjllp.exec:\bjllp.exe33⤵
- Executes dropped EXE
-
\??\c:\jxpflb.exec:\jxpflb.exe34⤵
- Executes dropped EXE
-
\??\c:\rhrdjp.exec:\rhrdjp.exe35⤵
- Executes dropped EXE
-
\??\c:\fnttr.exec:\fnttr.exe36⤵
- Executes dropped EXE
-
\??\c:\pnpjh.exec:\pnpjh.exe37⤵
- Executes dropped EXE
-
\??\c:\bvhlnhf.exec:\bvhlnhf.exe38⤵
- Executes dropped EXE
-
\??\c:\jffjxp.exec:\jffjxp.exe39⤵
- Executes dropped EXE
-
\??\c:\xdllbl.exec:\xdllbl.exe40⤵
- Executes dropped EXE
-
\??\c:\dfljtfb.exec:\dfljtfb.exe41⤵
- Executes dropped EXE
-
\??\c:\hdpbnt.exec:\hdpbnt.exe42⤵
- Executes dropped EXE
-
\??\c:\xjphfn.exec:\xjphfn.exe43⤵
- Executes dropped EXE
-
\??\c:\lhvhjjh.exec:\lhvhjjh.exe44⤵
- Executes dropped EXE
-
\??\c:\hdnxplj.exec:\hdnxplj.exe45⤵
- Executes dropped EXE
-
\??\c:\ftbnf.exec:\ftbnf.exe46⤵
- Executes dropped EXE
-
\??\c:\xhfxrnf.exec:\xhfxrnf.exe47⤵
- Executes dropped EXE
-
\??\c:\vlffh.exec:\vlffh.exe48⤵
- Executes dropped EXE
-
\??\c:\xhndvr.exec:\xhndvr.exe49⤵
- Executes dropped EXE
-
\??\c:\jvrfdfp.exec:\jvrfdfp.exe50⤵
- Executes dropped EXE
-
\??\c:\lnvrr.exec:\lnvrr.exe51⤵
- Executes dropped EXE
-
\??\c:\nldhjj.exec:\nldhjj.exe52⤵
- Executes dropped EXE
-
\??\c:\jrvfjx.exec:\jrvfjx.exe53⤵
- Executes dropped EXE
-
\??\c:\vlhfvfh.exec:\vlhfvfh.exe54⤵
- Executes dropped EXE
-
\??\c:\jjbhfbp.exec:\jjbhfbp.exe55⤵
- Executes dropped EXE
-
\??\c:\jpvfnrf.exec:\jpvfnrf.exe56⤵
- Executes dropped EXE
-
\??\c:\jrrpld.exec:\jrrpld.exe57⤵
- Executes dropped EXE
-
\??\c:\thlvhdl.exec:\thlvhdl.exe58⤵
- Executes dropped EXE
-
\??\c:\hxjtjpr.exec:\hxjtjpr.exe59⤵
- Executes dropped EXE
-
\??\c:\vbhpx.exec:\vbhpx.exe60⤵
- Executes dropped EXE
-
\??\c:\dhpbt.exec:\dhpbt.exe61⤵
- Executes dropped EXE
-
\??\c:\rxtht.exec:\rxtht.exe62⤵
- Executes dropped EXE
-
\??\c:\xhhxlrh.exec:\xhhxlrh.exe63⤵
- Executes dropped EXE
-
\??\c:\jrppjn.exec:\jrppjn.exe64⤵
- Executes dropped EXE
-
\??\c:\tbfprp.exec:\tbfprp.exe65⤵
- Executes dropped EXE
-
\??\c:\xnpfrlx.exec:\xnpfrlx.exe66⤵
-
\??\c:\pdxnhb.exec:\pdxnhb.exe67⤵
-
\??\c:\tjxdxn.exec:\tjxdxn.exe68⤵
-
\??\c:\blrvhd.exec:\blrvhd.exe69⤵
-
\??\c:\nllhtdl.exec:\nllhtdl.exe70⤵
-
\??\c:\lbdnnp.exec:\lbdnnp.exe71⤵
-
\??\c:\dhxtt.exec:\dhxtt.exe72⤵
-
\??\c:\hjdxlj.exec:\hjdxlj.exe73⤵
-
\??\c:\hbptrbn.exec:\hbptrbn.exe74⤵
-
\??\c:\vhrbbf.exec:\vhrbbf.exe75⤵
-
\??\c:\xlnprf.exec:\xlnprf.exe76⤵
-
\??\c:\bvvpx.exec:\bvvpx.exe77⤵
-
\??\c:\jxvpxpj.exec:\jxvpxpj.exe78⤵
-
\??\c:\ptxddxl.exec:\ptxddxl.exe79⤵
-
\??\c:\pjjpdf.exec:\pjjpdf.exe80⤵
-
\??\c:\tjpnl.exec:\tjpnl.exe81⤵
-
\??\c:\njltlpx.exec:\njltlpx.exe82⤵
-
\??\c:\vhlhxjf.exec:\vhlhxjf.exe83⤵
-
\??\c:\rhxvj.exec:\rhxvj.exe84⤵
-
\??\c:\rjbptpt.exec:\rjbptpt.exe85⤵
-
\??\c:\xbrhp.exec:\xbrhp.exe86⤵
-
\??\c:\lnjhdd.exec:\lnjhdd.exe87⤵
-
\??\c:\bplvx.exec:\bplvx.exe88⤵
-
\??\c:\vhnnxj.exec:\vhnnxj.exe89⤵
-
\??\c:\rjvpbnx.exec:\rjvpbnx.exe90⤵
-
\??\c:\fhppxxp.exec:\fhppxxp.exe91⤵
-
\??\c:\txblhbr.exec:\txblhbr.exe92⤵
-
\??\c:\rrdnpb.exec:\rrdnpb.exe93⤵
-
\??\c:\dprvjbb.exec:\dprvjbb.exe94⤵
-
\??\c:\fffptl.exec:\fffptl.exe95⤵
-
\??\c:\jrflljl.exec:\jrflljl.exe96⤵
-
\??\c:\vphhf.exec:\vphhf.exe97⤵
-
\??\c:\nxldhfd.exec:\nxldhfd.exe98⤵
-
\??\c:\fvpbpv.exec:\fvpbpv.exe99⤵
-
\??\c:\nvvfptn.exec:\nvvfptn.exe100⤵
-
\??\c:\dvbvl.exec:\dvbvl.exe101⤵
-
\??\c:\drvlxhh.exec:\drvlxhh.exe102⤵
-
\??\c:\bvvhhbh.exec:\bvvhhbh.exe103⤵
-
\??\c:\fnhln.exec:\fnhln.exe104⤵
-
\??\c:\btvhbl.exec:\btvhbl.exe105⤵
-
\??\c:\thrpbb.exec:\thrpbb.exe106⤵
-
\??\c:\prptx.exec:\prptx.exe107⤵
-
\??\c:\tjlhxj.exec:\tjlhxj.exe108⤵
-
\??\c:\rxhvx.exec:\rxhvx.exe109⤵
-
\??\c:\tdfrl.exec:\tdfrl.exe110⤵
-
\??\c:\bnnrxn.exec:\bnnrxn.exe111⤵
-
\??\c:\fhddbd.exec:\fhddbd.exe112⤵
-
\??\c:\vlljx.exec:\vlljx.exe113⤵
-
\??\c:\ffnfx.exec:\ffnfx.exe114⤵
-
\??\c:\rrbvn.exec:\rrbvn.exe115⤵
-
\??\c:\nxhlrvb.exec:\nxhlrvb.exe116⤵
-
\??\c:\bxjjj.exec:\bxjjj.exe117⤵
-
\??\c:\bnlvr.exec:\bnlvr.exe118⤵
-
\??\c:\xttvrbj.exec:\xttvrbj.exe119⤵
-
\??\c:\nlbjbnh.exec:\nlbjbnh.exe120⤵
-
\??\c:\dfnfbt.exec:\dfnfbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-