Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
21/07/2024, 10:19
General
-
Target
ac049a6229d96e4451d6b03228d79680N.exe
-
Size
83KB
-
MD5
ac049a6229d96e4451d6b03228d79680
-
SHA1
b22ebdbccddea87fc6f2364ea6076a0e8b4e7b4e
-
SHA256
3326111efe62b87d6ab415d126b0c330e13bbb51648aad2d46d8cd6f1667a731
-
SHA512
c3b812a70d7995438ea42d6c14fa22e0b58bd010cb106f0ffc7cc298f9e1b5397ae4ec8e14b8584a73121a1eaabd93b2fa3247178382924ae914e96784bc8003
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73t6MlYqn+jMp9E+zLT71:ymb3NkkiQ3mdBjFo73tvn+Yp9ZD71
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac049a6229d96e4451d6b03228d79680N.exe"C:\Users\Admin\AppData\Local\Temp\ac049a6229d96e4451d6b03228d79680N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ftxjht.exec:\ftxjht.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\plnjpx.exec:\plnjpx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vnpbf.exec:\vnpbf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhfbtjx.exec:\hhfbtjx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntrlj.exec:\ntrlj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lttrb.exec:\lttrb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbrpvnn.exec:\rbrpvnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljhhh.exec:\ljhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dxjpjt.exec:\dxjpjt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflhh.exec:\xflhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hpphdr.exec:\hpphdr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrjfd.exec:\rrjfd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dhpnrxn.exec:\dhpnrxn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\trxlbf.exec:\trxlbf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dnrbxx.exec:\dnrbxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hddfff.exec:\hddfff.exe17⤵
- Executes dropped EXE
-
\??\c:\dhrtd.exec:\dhrtd.exe18⤵
- Executes dropped EXE
-
\??\c:\lxbpfhp.exec:\lxbpfhp.exe19⤵
- Executes dropped EXE
-
\??\c:\lrjjnhv.exec:\lrjjnhv.exe20⤵
- Executes dropped EXE
-
\??\c:\xrbbnh.exec:\xrbbnh.exe21⤵
- Executes dropped EXE
-
\??\c:\lphxvh.exec:\lphxvh.exe22⤵
- Executes dropped EXE
-
\??\c:\btpdnp.exec:\btpdnp.exe23⤵
- Executes dropped EXE
-
\??\c:\tnvdt.exec:\tnvdt.exe24⤵
- Executes dropped EXE
-
\??\c:\pvtxhxh.exec:\pvtxhxh.exe25⤵
- Executes dropped EXE
-
\??\c:\ltvxf.exec:\ltvxf.exe26⤵
- Executes dropped EXE
-
\??\c:\rlppr.exec:\rlppr.exe27⤵
- Executes dropped EXE
-
\??\c:\hxjxn.exec:\hxjxn.exe28⤵
- Executes dropped EXE
-
\??\c:\fbrhxfd.exec:\fbrhxfd.exe29⤵
- Executes dropped EXE
-
\??\c:\vjhlxd.exec:\vjhlxd.exe30⤵
- Executes dropped EXE
-
\??\c:\ftjtxp.exec:\ftjtxp.exe31⤵
- Executes dropped EXE
-
\??\c:\tbfxxn.exec:\tbfxxn.exe32⤵
- Executes dropped EXE
-
\??\c:\rflbnd.exec:\rflbnd.exe33⤵
- Executes dropped EXE
-
\??\c:\bjfnjfx.exec:\bjfnjfx.exe34⤵
- Executes dropped EXE
-
\??\c:\pvvrrff.exec:\pvvrrff.exe35⤵
- Executes dropped EXE
-
\??\c:\rpdpx.exec:\rpdpx.exe36⤵
- Executes dropped EXE
-
\??\c:\tlthp.exec:\tlthp.exe37⤵
- Executes dropped EXE
-
\??\c:\tvrbttb.exec:\tvrbttb.exe38⤵
- Executes dropped EXE
-
\??\c:\jlptnv.exec:\jlptnv.exe39⤵
- Executes dropped EXE
-
\??\c:\xdhvv.exec:\xdhvv.exe40⤵
- Executes dropped EXE
-
\??\c:\prfbpv.exec:\prfbpv.exe41⤵
- Executes dropped EXE
-
\??\c:\jnjvxh.exec:\jnjvxh.exe42⤵
- Executes dropped EXE
-
\??\c:\hphvl.exec:\hphvl.exe43⤵
- Executes dropped EXE
-
\??\c:\pvhxfh.exec:\pvhxfh.exe44⤵
- Executes dropped EXE
-
\??\c:\hjjlhjd.exec:\hjjlhjd.exe45⤵
- Executes dropped EXE
-
\??\c:\tflpx.exec:\tflpx.exe46⤵
- Executes dropped EXE
-
\??\c:\llxxp.exec:\llxxp.exe47⤵
- Executes dropped EXE
-
\??\c:\xptxl.exec:\xptxl.exe48⤵
- Executes dropped EXE
-
\??\c:\fbdhpfh.exec:\fbdhpfh.exe49⤵
- Executes dropped EXE
-
\??\c:\drrrnnb.exec:\drrrnnb.exe50⤵
- Executes dropped EXE
-
\??\c:\dfddd.exec:\dfddd.exe51⤵
- Executes dropped EXE
-
\??\c:\vntfn.exec:\vntfn.exe52⤵
- Executes dropped EXE
-
\??\c:\xfpnd.exec:\xfpnd.exe53⤵
- Executes dropped EXE
-
\??\c:\rdpdvtj.exec:\rdpdvtj.exe54⤵
- Executes dropped EXE
-
\??\c:\jdfvlj.exec:\jdfvlj.exe55⤵
- Executes dropped EXE
-
\??\c:\pfvppt.exec:\pfvppt.exe56⤵
- Executes dropped EXE
-
\??\c:\lvrhbr.exec:\lvrhbr.exe57⤵
- Executes dropped EXE
-
\??\c:\fnlxt.exec:\fnlxt.exe58⤵
- Executes dropped EXE
-
\??\c:\rjpfl.exec:\rjpfl.exe59⤵
- Executes dropped EXE
-
\??\c:\rnjxrn.exec:\rnjxrn.exe60⤵
- Executes dropped EXE
-
\??\c:\pjrfl.exec:\pjrfl.exe61⤵
- Executes dropped EXE
-
\??\c:\hnprl.exec:\hnprl.exe62⤵
- Executes dropped EXE
-
\??\c:\nfndpjn.exec:\nfndpjn.exe63⤵
- Executes dropped EXE
-
\??\c:\jjdljth.exec:\jjdljth.exe64⤵
- Executes dropped EXE
-
\??\c:\ddppvdt.exec:\ddppvdt.exe65⤵
- Executes dropped EXE
-
\??\c:\tnpxvv.exec:\tnpxvv.exe66⤵
-
\??\c:\pptbtjx.exec:\pptbtjx.exe67⤵
-
\??\c:\xppnjfl.exec:\xppnjfl.exe68⤵
-
\??\c:\jpnpnfx.exec:\jpnpnfx.exe69⤵
-
\??\c:\bdnvvjh.exec:\bdnvvjh.exe70⤵
-
\??\c:\bjdxjh.exec:\bjdxjh.exe71⤵
-
\??\c:\nvnftdv.exec:\nvnftdv.exe72⤵
-
\??\c:\jvthlnr.exec:\jvthlnr.exe73⤵
-
\??\c:\jjtxdx.exec:\jjtxdx.exe74⤵
-
\??\c:\dplltr.exec:\dplltr.exe75⤵
-
\??\c:\ldxhrh.exec:\ldxhrh.exe76⤵
-
\??\c:\dvhpj.exec:\dvhpj.exe77⤵
-
\??\c:\pvhlt.exec:\pvhlt.exe78⤵
-
\??\c:\tvbhnx.exec:\tvbhnx.exe79⤵
-
\??\c:\rxjjb.exec:\rxjjb.exe80⤵
-
\??\c:\vdjlbft.exec:\vdjlbft.exe81⤵
-
\??\c:\vlvbh.exec:\vlvbh.exe82⤵
-
\??\c:\hdtjjbr.exec:\hdtjjbr.exe83⤵
-
\??\c:\dfjlpb.exec:\dfjlpb.exe84⤵
-
\??\c:\pfrbd.exec:\pfrbd.exe85⤵
-
\??\c:\nvtfvhj.exec:\nvtfvhj.exe86⤵
-
\??\c:\dvdfh.exec:\dvdfh.exe87⤵
-
\??\c:\bppvhjf.exec:\bppvhjf.exe88⤵
-
\??\c:\bnjlltt.exec:\bnjlltt.exe89⤵
-
\??\c:\lpvdrj.exec:\lpvdrj.exe90⤵
-
\??\c:\ltdbvjt.exec:\ltdbvjt.exe91⤵
-
\??\c:\nxdbr.exec:\nxdbr.exe92⤵
-
\??\c:\bfptdb.exec:\bfptdb.exe93⤵
-
\??\c:\pjvfpl.exec:\pjvfpl.exe94⤵
-
\??\c:\drnvfd.exec:\drnvfd.exe95⤵
-
\??\c:\dtnfp.exec:\dtnfp.exe96⤵
-
\??\c:\xpdhp.exec:\xpdhp.exe97⤵
-
\??\c:\nvtbvpv.exec:\nvtbvpv.exe98⤵
-
\??\c:\pvdjn.exec:\pvdjn.exe99⤵
-
\??\c:\vllvx.exec:\vllvx.exe100⤵
-
\??\c:\hvhtjn.exec:\hvhtjn.exe101⤵
-
\??\c:\fjfvjt.exec:\fjfvjt.exe102⤵
-
\??\c:\jfbdbl.exec:\jfbdbl.exe103⤵
-
\??\c:\jrjtvn.exec:\jrjtvn.exe104⤵
-
\??\c:\lbphp.exec:\lbphp.exe105⤵
-
\??\c:\flxnpbd.exec:\flxnpbd.exe106⤵
-
\??\c:\dtnhdn.exec:\dtnhdn.exe107⤵
-
\??\c:\xvddfhx.exec:\xvddfhx.exe108⤵
-
\??\c:\vnrltht.exec:\vnrltht.exe109⤵
-
\??\c:\rxppr.exec:\rxppr.exe110⤵
-
\??\c:\bxbfbp.exec:\bxbfbp.exe111⤵
-
\??\c:\hrlvxfb.exec:\hrlvxfb.exe112⤵
-
\??\c:\bvfrx.exec:\bvfrx.exe113⤵
-
\??\c:\rdpdvjb.exec:\rdpdvjb.exe114⤵
-
\??\c:\rjvfvvt.exec:\rjvfvvt.exe115⤵
-
\??\c:\tfvxtt.exec:\tfvxtt.exe116⤵
-
\??\c:\fhjbvx.exec:\fhjbvx.exe117⤵
-
\??\c:\lvrbrv.exec:\lvrbrv.exe118⤵
-
\??\c:\tfvxxhh.exec:\tfvxxhh.exe119⤵
-
\??\c:\npxxrbd.exec:\npxxrbd.exe120⤵
-
\??\c:\njxxfdp.exec:\njxxfdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-