Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
20/06/2024, 18:53
General
-
Target
0bb826603f2f510c8134076126abc2c7486c7ca7b815577a17cad6b6cb8003aa.exe
-
Size
79KB
-
MD5
03a45a7fbddc33fac1faeefc970c02a5
-
SHA1
d11c0e236a23b098bb50b69334d524c7443b722d
-
SHA256
0bb826603f2f510c8134076126abc2c7486c7ca7b815577a17cad6b6cb8003aa
-
SHA512
f1f2a3768b76755438a1a53268df64e7fe98cc1113642762031648bd9a724c6a5f5369f1c77f0c297076af047177c3aab66116576a49e014864f20b1abc6750b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5rINH6Y:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCun
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
UPX dump on OEP (original entry point) 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0bb826603f2f510c8134076126abc2c7486c7ca7b815577a17cad6b6cb8003aa.exe"C:\Users\Admin\AppData\Local\Temp\0bb826603f2f510c8134076126abc2c7486c7ca7b815577a17cad6b6cb8003aa.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnfhtv.exec:\nnfhtv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pbxphr.exec:\pbxphr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppbf.exec:\vppbf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xjrnvhl.exec:\xjrnvhl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nvxtttn.exec:\nvxtttn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ftrhbtt.exec:\ftrhbtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfdrtv.exec:\pfdrtv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvhjt.exec:\dvvhjt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hdhxb.exec:\hdhxb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdnbb.exec:\vdnbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vtnpf.exec:\vtnpf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxtnv.exec:\hxtnv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdxlfx.exec:\xdxlfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vtrvj.exec:\vtrvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jbtnpxv.exec:\jbtnpxv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tdldht.exec:\tdldht.exe17⤵
- Executes dropped EXE
-
\??\c:\vfnxpn.exec:\vfnxpn.exe18⤵
- Executes dropped EXE
-
\??\c:\jrhlnd.exec:\jrhlnd.exe19⤵
- Executes dropped EXE
-
\??\c:\rjjjd.exec:\rjjjd.exe20⤵
- Executes dropped EXE
-
\??\c:\rbnhnx.exec:\rbnhnx.exe21⤵
- Executes dropped EXE
-
\??\c:\rbxlfll.exec:\rbxlfll.exe22⤵
- Executes dropped EXE
-
\??\c:\nljpvvx.exec:\nljpvvx.exe23⤵
- Executes dropped EXE
-
\??\c:\rtjrdt.exec:\rtjrdt.exe24⤵
- Executes dropped EXE
-
\??\c:\vxbrjvp.exec:\vxbrjvp.exe25⤵
- Executes dropped EXE
-
\??\c:\jrvhhrt.exec:\jrvhhrt.exe26⤵
- Executes dropped EXE
-
\??\c:\lthbvdv.exec:\lthbvdv.exe27⤵
- Executes dropped EXE
-
\??\c:\dnlhp.exec:\dnlhp.exe28⤵
- Executes dropped EXE
-
\??\c:\xtvbrt.exec:\xtvbrt.exe29⤵
- Executes dropped EXE
-
\??\c:\txjlvl.exec:\txjlvl.exe30⤵
- Executes dropped EXE
-
\??\c:\tjpxh.exec:\tjpxh.exe31⤵
- Executes dropped EXE
-
\??\c:\dfhtdn.exec:\dfhtdn.exe32⤵
- Executes dropped EXE
-
\??\c:\hbhht.exec:\hbhht.exe33⤵
- Executes dropped EXE
-
\??\c:\lvdtlv.exec:\lvdtlv.exe34⤵
- Executes dropped EXE
-
\??\c:\frndn.exec:\frndn.exe35⤵
- Executes dropped EXE
-
\??\c:\rbhrnl.exec:\rbhrnl.exe36⤵
- Executes dropped EXE
-
\??\c:\lbxhp.exec:\lbxhp.exe37⤵
- Executes dropped EXE
-
\??\c:\hrvtv.exec:\hrvtv.exe38⤵
- Executes dropped EXE
-
\??\c:\brxfpt.exec:\brxfpt.exe39⤵
- Executes dropped EXE
-
\??\c:\nlfblfh.exec:\nlfblfh.exe40⤵
- Executes dropped EXE
-
\??\c:\bflnjlr.exec:\bflnjlr.exe41⤵
- Executes dropped EXE
-
\??\c:\bjjnbt.exec:\bjjnbt.exe42⤵
- Executes dropped EXE
-
\??\c:\ltrhl.exec:\ltrhl.exe43⤵
- Executes dropped EXE
-
\??\c:\bnpbdpr.exec:\bnpbdpr.exe44⤵
- Executes dropped EXE
-
\??\c:\dddttbl.exec:\dddttbl.exe45⤵
- Executes dropped EXE
-
\??\c:\xtlfvlr.exec:\xtlfvlr.exe46⤵
- Executes dropped EXE
-
\??\c:\btdpb.exec:\btdpb.exe47⤵
- Executes dropped EXE
-
\??\c:\vjrlnd.exec:\vjrlnd.exe48⤵
- Executes dropped EXE
-
\??\c:\vxpvpv.exec:\vxpvpv.exe49⤵
- Executes dropped EXE
-
\??\c:\jdpthj.exec:\jdpthj.exe50⤵
- Executes dropped EXE
-
\??\c:\nphfl.exec:\nphfl.exe51⤵
- Executes dropped EXE
-
\??\c:\vdvrfl.exec:\vdvrfl.exe52⤵
- Executes dropped EXE
-
\??\c:\lntbffh.exec:\lntbffh.exe53⤵
- Executes dropped EXE
-
\??\c:\vhpjxt.exec:\vhpjxt.exe54⤵
- Executes dropped EXE
-
\??\c:\pntrfpf.exec:\pntrfpf.exe55⤵
- Executes dropped EXE
-
\??\c:\tnhxdl.exec:\tnhxdl.exe56⤵
- Executes dropped EXE
-
\??\c:\hrbbtnb.exec:\hrbbtnb.exe57⤵
- Executes dropped EXE
-
\??\c:\bfrnpfh.exec:\bfrnpfh.exe58⤵
- Executes dropped EXE
-
\??\c:\fftvrxr.exec:\fftvrxr.exe59⤵
- Executes dropped EXE
-
\??\c:\jdfpjlh.exec:\jdfpjlh.exe60⤵
- Executes dropped EXE
-
\??\c:\bxprnr.exec:\bxprnr.exe61⤵
- Executes dropped EXE
-
\??\c:\tjxxp.exec:\tjxxp.exe62⤵
- Executes dropped EXE
-
\??\c:\fnjld.exec:\fnjld.exe63⤵
- Executes dropped EXE
-
\??\c:\tfjjb.exec:\tfjjb.exe64⤵
- Executes dropped EXE
-
\??\c:\fjprh.exec:\fjprh.exe65⤵
- Executes dropped EXE
-
\??\c:\bnvpp.exec:\bnvpp.exe66⤵
-
\??\c:\hdplj.exec:\hdplj.exe67⤵
-
\??\c:\ttxrlxd.exec:\ttxrlxd.exe68⤵
-
\??\c:\hvvxhf.exec:\hvvxhf.exe69⤵
-
\??\c:\xrpdb.exec:\xrpdb.exe70⤵
-
\??\c:\pppph.exec:\pppph.exe71⤵
-
\??\c:\rbjnblb.exec:\rbjnblb.exe72⤵
-
\??\c:\lhhfh.exec:\lhhfh.exe73⤵
-
\??\c:\rfblxhl.exec:\rfblxhl.exe74⤵
-
\??\c:\lxtnxh.exec:\lxtnxh.exe75⤵
-
\??\c:\rdplvdx.exec:\rdplvdx.exe76⤵
-
\??\c:\dnjdrf.exec:\dnjdrf.exe77⤵
-
\??\c:\hhbnll.exec:\hhbnll.exe78⤵
-
\??\c:\rjxfhd.exec:\rjxfhd.exe79⤵
-
\??\c:\dldphh.exec:\dldphh.exe80⤵
-
\??\c:\fpljh.exec:\fpljh.exe81⤵
-
\??\c:\xjdrr.exec:\xjdrr.exe82⤵
-
\??\c:\nrvjl.exec:\nrvjl.exe83⤵
-
\??\c:\ldblfb.exec:\ldblfb.exe84⤵
-
\??\c:\xdhttv.exec:\xdhttv.exe85⤵
-
\??\c:\lhdjdn.exec:\lhdjdn.exe86⤵
-
\??\c:\dntfhpt.exec:\dntfhpt.exe87⤵
-
\??\c:\bhxdt.exec:\bhxdt.exe88⤵
-
\??\c:\ttfbh.exec:\ttfbh.exe89⤵
-
\??\c:\bnnfdjv.exec:\bnnfdjv.exe90⤵
-
\??\c:\ttdvx.exec:\ttdvx.exe91⤵
-
\??\c:\xfjjhj.exec:\xfjjhj.exe92⤵
-
\??\c:\hrpxhpd.exec:\hrpxhpd.exe93⤵
-
\??\c:\rjrjjjh.exec:\rjrjjjh.exe94⤵
-
\??\c:\rjtvlbf.exec:\rjtvlbf.exe95⤵
-
\??\c:\lvdhdpl.exec:\lvdhdpl.exe96⤵
-
\??\c:\pnfjrl.exec:\pnfjrl.exe97⤵
-
\??\c:\jldrp.exec:\jldrp.exe98⤵
-
\??\c:\bdhjj.exec:\bdhjj.exe99⤵
-
\??\c:\tthhx.exec:\tthhx.exe100⤵
-
\??\c:\jvbrn.exec:\jvbrn.exe101⤵
-
\??\c:\dxtbhh.exec:\dxtbhh.exe102⤵
-
\??\c:\txxtb.exec:\txxtb.exe103⤵
-
\??\c:\pljjh.exec:\pljjh.exe104⤵
-
\??\c:\xpnttn.exec:\xpnttn.exe105⤵
-
\??\c:\jtdflh.exec:\jtdflh.exe106⤵
-
\??\c:\nbnxb.exec:\nbnxb.exe107⤵
-
\??\c:\dldnn.exec:\dldnn.exe108⤵
-
\??\c:\hnhnvv.exec:\hnhnvv.exe109⤵
-
\??\c:\rjdxtb.exec:\rjdxtb.exe110⤵
-
\??\c:\vjntjvb.exec:\vjntjvb.exe111⤵
-
\??\c:\pvppvf.exec:\pvppvf.exe112⤵
-
\??\c:\lrlpnb.exec:\lrlpnb.exe113⤵
-
\??\c:\hldfjb.exec:\hldfjb.exe114⤵
-
\??\c:\rxtvtv.exec:\rxtvtv.exe115⤵
-
\??\c:\ptrtjdn.exec:\ptrtjdn.exe116⤵
-
\??\c:\brvrl.exec:\brvrl.exe117⤵
-
\??\c:\xttbxh.exec:\xttbxh.exe118⤵
-
\??\c:\hjvxdpt.exec:\hjvxdpt.exe119⤵
-
\??\c:\vdrfpd.exec:\vdrfpd.exe120⤵
-
\??\c:\dvfdtx.exec:\dvfdtx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-