Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
30/05/2024, 01:14
General
-
Target
0b00471d05fbec8dd89515394b80f290.exe
-
Size
285KB
-
MD5
0b00471d05fbec8dd89515394b80f290
-
SHA1
4aa9a985ace19b0d038111d1afde7b4234f0c54a
-
SHA256
6c41fdb38c34bf7a747ce56735724d39b0e49b359db808a41da4b08b7016e141
-
SHA512
980850f5a3daa22c203ed1e3af85e686843cee9198bf5d979b6af2684114019e145a413ee0ffa6fb8b3ab13ca2937efae0188952acdb65fa57879b671f0ef9fe
-
SSDEEP
6144:kcm4FmowdHoSphraHcpOFltH4t+IDvSXrh5g8hZTyoImg:y4wFHoS3eFp3IDvSbh5nP+oImg
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 47 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0b00471d05fbec8dd89515394b80f290.exe"C:\Users\Admin\AppData\Local\Temp\0b00471d05fbec8dd89515394b80f290.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\llrdn.exec:\llrdn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxvtjr.exec:\ffxvtjr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bxjvjrv.exec:\bxjvjrv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbjtt.exec:\tbjtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xhflpnd.exec:\xhflpnd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btndv.exec:\btndv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdrpn.exec:\jdrpn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vbldxtr.exec:\vbldxtr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pnbxh.exec:\pnbxh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbjxh.exec:\rbjxh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dtxttdt.exec:\dtxttdt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxptxx.exec:\nxptxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdrhplp.exec:\xdrhplp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nvxlpbd.exec:\nvxlpbd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxhttvl.exec:\pxhttvl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vphvvj.exec:\vphvvj.exe17⤵
- Executes dropped EXE
-
\??\c:\lxpvph.exec:\lxpvph.exe18⤵
- Executes dropped EXE
-
\??\c:\fhhrd.exec:\fhhrd.exe19⤵
- Executes dropped EXE
-
\??\c:\ttfhtrn.exec:\ttfhtrn.exe20⤵
- Executes dropped EXE
-
\??\c:\jfplbr.exec:\jfplbr.exe21⤵
- Executes dropped EXE
-
\??\c:\bvvfld.exec:\bvvfld.exe22⤵
- Executes dropped EXE
-
\??\c:\fhfjdjv.exec:\fhfjdjv.exe23⤵
- Executes dropped EXE
-
\??\c:\jnbxrd.exec:\jnbxrd.exe24⤵
- Executes dropped EXE
-
\??\c:\fbhfd.exec:\fbhfd.exe25⤵
- Executes dropped EXE
-
\??\c:\dlljv.exec:\dlljv.exe26⤵
- Executes dropped EXE
-
\??\c:\vbxbdf.exec:\vbxbdf.exe27⤵
- Executes dropped EXE
-
\??\c:\drjphl.exec:\drjphl.exe28⤵
- Executes dropped EXE
-
\??\c:\hnrrn.exec:\hnrrn.exe29⤵
- Executes dropped EXE
-
\??\c:\xhprfj.exec:\xhprfj.exe30⤵
- Executes dropped EXE
-
\??\c:\ltrvrv.exec:\ltrvrv.exe31⤵
- Executes dropped EXE
-
\??\c:\lddvx.exec:\lddvx.exe32⤵
- Executes dropped EXE
-
\??\c:\txnth.exec:\txnth.exe33⤵
- Executes dropped EXE
-
\??\c:\nxnjvph.exec:\nxnjvph.exe34⤵
- Executes dropped EXE
-
\??\c:\pdvjv.exec:\pdvjv.exe35⤵
- Executes dropped EXE
-
\??\c:\lhfdn.exec:\lhfdn.exe36⤵
- Executes dropped EXE
-
\??\c:\dtxdpn.exec:\dtxdpn.exe37⤵
- Executes dropped EXE
-
\??\c:\vhtpp.exec:\vhtpp.exe38⤵
- Executes dropped EXE
-
\??\c:\rrtfrj.exec:\rrtfrj.exe39⤵
- Executes dropped EXE
-
\??\c:\vtjvnx.exec:\vtjvnx.exe40⤵
- Executes dropped EXE
-
\??\c:\jfhtdxv.exec:\jfhtdxv.exe41⤵
- Executes dropped EXE
-
\??\c:\rhrxp.exec:\rhrxp.exe42⤵
- Executes dropped EXE
-
\??\c:\xhvnxr.exec:\xhvnxr.exe43⤵
- Executes dropped EXE
-
\??\c:\htrtbhf.exec:\htrtbhf.exe44⤵
- Executes dropped EXE
-
\??\c:\btfbjtn.exec:\btfbjtn.exe45⤵
- Executes dropped EXE
-
\??\c:\prthpl.exec:\prthpl.exe46⤵
- Executes dropped EXE
-
\??\c:\xbhfl.exec:\xbhfl.exe47⤵
- Executes dropped EXE
-
\??\c:\rlrlhl.exec:\rlrlhl.exe48⤵
- Executes dropped EXE
-
\??\c:\tjpfbdr.exec:\tjpfbdr.exe49⤵
- Executes dropped EXE
-
\??\c:\fjrndxf.exec:\fjrndxf.exe50⤵
- Executes dropped EXE
-
\??\c:\ptdrdf.exec:\ptdrdf.exe51⤵
- Executes dropped EXE
-
\??\c:\lfbhdft.exec:\lfbhdft.exe52⤵
- Executes dropped EXE
-
\??\c:\fhdrdn.exec:\fhdrdn.exe53⤵
- Executes dropped EXE
-
\??\c:\thtnvnj.exec:\thtnvnj.exe54⤵
- Executes dropped EXE
-
\??\c:\pppfvnj.exec:\pppfvnj.exe55⤵
- Executes dropped EXE
-
\??\c:\rpbfv.exec:\rpbfv.exe56⤵
- Executes dropped EXE
-
\??\c:\xhpxh.exec:\xhpxh.exe57⤵
- Executes dropped EXE
-
\??\c:\fftdt.exec:\fftdt.exe58⤵
- Executes dropped EXE
-
\??\c:\fdjpb.exec:\fdjpb.exe59⤵
- Executes dropped EXE
-
\??\c:\xdhtxnv.exec:\xdhtxnv.exe60⤵
- Executes dropped EXE
-
\??\c:\xlpxlh.exec:\xlpxlh.exe61⤵
- Executes dropped EXE
-
\??\c:\bjlxp.exec:\bjlxp.exe62⤵
- Executes dropped EXE
-
\??\c:\xxlhjfb.exec:\xxlhjfb.exe63⤵
- Executes dropped EXE
-
\??\c:\rxdjdrx.exec:\rxdjdrx.exe64⤵
- Executes dropped EXE
-
\??\c:\ddrlv.exec:\ddrlv.exe65⤵
- Executes dropped EXE
-
\??\c:\rjdhd.exec:\rjdhd.exe66⤵
-
\??\c:\xlxdnl.exec:\xlxdnl.exe67⤵
-
\??\c:\xrvpfdn.exec:\xrvpfdn.exe68⤵
-
\??\c:\dhvltpj.exec:\dhvltpj.exe69⤵
-
\??\c:\vxlhhl.exec:\vxlhhl.exe70⤵
-
\??\c:\jhpdn.exec:\jhpdn.exe71⤵
-
\??\c:\vhxvd.exec:\vhxvd.exe72⤵
-
\??\c:\hpnnppv.exec:\hpnnppv.exe73⤵
-
\??\c:\xntdh.exec:\xntdh.exe74⤵
-
\??\c:\prhphrh.exec:\prhphrh.exe75⤵
-
\??\c:\hrxhjrn.exec:\hrxhjrn.exe76⤵
-
\??\c:\xtfhdf.exec:\xtfhdf.exe77⤵
-
\??\c:\hhbvpbt.exec:\hhbvpbt.exe78⤵
-
\??\c:\btbjnxx.exec:\btbjnxx.exe79⤵
-
\??\c:\ffvvxf.exec:\ffvvxf.exe80⤵
-
\??\c:\lndtnv.exec:\lndtnv.exe81⤵
-
\??\c:\dpvnjdr.exec:\dpvnjdr.exe82⤵
-
\??\c:\prbbr.exec:\prbbr.exe83⤵
-
\??\c:\lndph.exec:\lndph.exe84⤵
-
\??\c:\hlxhpx.exec:\hlxhpx.exe85⤵
-
\??\c:\dnbfp.exec:\dnbfp.exe86⤵
-
\??\c:\vdfphvt.exec:\vdfphvt.exe87⤵
-
\??\c:\xbjvnt.exec:\xbjvnt.exe88⤵
-
\??\c:\pvnnx.exec:\pvnnx.exe89⤵
-
\??\c:\hpdjhnj.exec:\hpdjhnj.exe90⤵
-
\??\c:\ltdht.exec:\ltdht.exe91⤵
-
\??\c:\fxrtltf.exec:\fxrtltf.exe92⤵
-
\??\c:\hhrjtjf.exec:\hhrjtjf.exe93⤵
-
\??\c:\jftrjn.exec:\jftrjn.exe94⤵
-
\??\c:\xpnppx.exec:\xpnppx.exe95⤵
-
\??\c:\ntjvlr.exec:\ntjvlr.exe96⤵
-
\??\c:\ddldlv.exec:\ddldlv.exe97⤵
-
\??\c:\nddlvd.exec:\nddlvd.exe98⤵
-
\??\c:\rxbpjf.exec:\rxbpjf.exe99⤵
-
\??\c:\xjbrf.exec:\xjbrf.exe100⤵
-
\??\c:\ldlft.exec:\ldlft.exe101⤵
-
\??\c:\fvtbj.exec:\fvtbj.exe102⤵
-
\??\c:\hdpdddn.exec:\hdpdddn.exe103⤵
-
\??\c:\nvdrndn.exec:\nvdrndn.exe104⤵
-
\??\c:\xvhhn.exec:\xvhhn.exe105⤵
-
\??\c:\vjpxtb.exec:\vjpxtb.exe106⤵
-
\??\c:\fndhx.exec:\fndhx.exe107⤵
-
\??\c:\vbvlxtb.exec:\vbvlxtb.exe108⤵
-
\??\c:\hrbvrl.exec:\hrbvrl.exe109⤵
-
\??\c:\ttthphn.exec:\ttthphn.exe110⤵
-
\??\c:\dvfdpxj.exec:\dvfdpxj.exe111⤵
-
\??\c:\rfnpvj.exec:\rfnpvj.exe112⤵
-
\??\c:\ntxpx.exec:\ntxpx.exe113⤵
-
\??\c:\npjrp.exec:\npjrp.exe114⤵
-
\??\c:\hlfdx.exec:\hlfdx.exe115⤵
-
\??\c:\fnxhdf.exec:\fnxhdf.exe116⤵
-
\??\c:\dhlvhl.exec:\dhlvhl.exe117⤵
-
\??\c:\jjbfvt.exec:\jjbfvt.exe118⤵
-
\??\c:\vhxrrn.exec:\vhxrrn.exe119⤵
-
\??\c:\thhvj.exec:\thhvj.exe120⤵
-
\??\c:\jdfpnpx.exec:\jdfpnpx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-