Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
21/07/2024, 11:39
General
-
Target
ba263b5510097e7131341ad4a1aa5770N.exe
-
Size
411KB
-
MD5
ba263b5510097e7131341ad4a1aa5770
-
SHA1
ca5a3f86aaf15f34d052362923faa1416e9d4acc
-
SHA256
66a32ca5e5e746a11ffc4aceac32c26500d08a17ddb728ee864dd50267f72441
-
SHA512
a0916adac105cfc96a2fde7ad2f02ff176b0ff92069f59485e0801a3ef7cfc81468049949c31902fd09d9e56d52953d2cd3b9f39ae031b0814033740c673ccc2
-
SSDEEP
3072:PhOm2sI93UufdC67cihfmCiiiXAsACF486jJSp1BwcZN:Pcm7ImGddXtWrXD486jJq1BwcZN
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 44 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 54 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ba263b5510097e7131341ad4a1aa5770N.exe"C:\Users\Admin\AppData\Local\Temp\ba263b5510097e7131341ad4a1aa5770N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdrhlf.exec:\jdrhlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tddfn.exec:\tddfn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lbjjrlp.exec:\lbjjrlp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhdll.exec:\nhdll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjlpj.exec:\tjlpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xnhthp.exec:\xnhthp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffhhtn.exec:\ffhhtn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvhtbr.exec:\xvhtbr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ptbbnlp.exec:\ptbbnlp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dhrvjnt.exec:\dhrvjnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djblxxx.exec:\djblxxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjdvj.exec:\hjdvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvrhffb.exec:\vvrhffb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbprfb.exec:\hbprfb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnr.exec:\ttnnr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jlxvnv.exec:\jlxvnv.exe17⤵
- Executes dropped EXE
-
\??\c:\nppdvlr.exec:\nppdvlr.exe18⤵
- Executes dropped EXE
-
\??\c:\xjjjnl.exec:\xjjjnl.exe19⤵
- Executes dropped EXE
-
\??\c:\txxfnfl.exec:\txxfnfl.exe20⤵
- Executes dropped EXE
-
\??\c:\hhdllxd.exec:\hhdllxd.exe21⤵
- Executes dropped EXE
-
\??\c:\dffbth.exec:\dffbth.exe22⤵
- Executes dropped EXE
-
\??\c:\fjlbr.exec:\fjlbr.exe23⤵
- Executes dropped EXE
-
\??\c:\dbldnl.exec:\dbldnl.exe24⤵
- Executes dropped EXE
-
\??\c:\tfrbld.exec:\tfrbld.exe25⤵
- Executes dropped EXE
-
\??\c:\vhdfjl.exec:\vhdfjl.exe26⤵
- Executes dropped EXE
-
\??\c:\rflxb.exec:\rflxb.exe27⤵
- Executes dropped EXE
-
\??\c:\tjlffxr.exec:\tjlffxr.exe28⤵
- Executes dropped EXE
-
\??\c:\nlnnb.exec:\nlnnb.exe29⤵
- Executes dropped EXE
-
\??\c:\ppvjp.exec:\ppvjp.exe30⤵
- Executes dropped EXE
-
\??\c:\ddjxndj.exec:\ddjxndj.exe31⤵
- Executes dropped EXE
-
\??\c:\dxrtx.exec:\dxrtx.exe32⤵
- Executes dropped EXE
-
\??\c:\hffdf.exec:\hffdf.exe33⤵
- Executes dropped EXE
-
\??\c:\nbddv.exec:\nbddv.exe34⤵
- Executes dropped EXE
-
\??\c:\dfjlnbb.exec:\dfjlnbb.exe35⤵
- Executes dropped EXE
-
\??\c:\nlvpxpn.exec:\nlvpxpn.exe36⤵
- Executes dropped EXE
-
\??\c:\dnxxbn.exec:\dnxxbn.exe37⤵
- Executes dropped EXE
-
\??\c:\prfvlp.exec:\prfvlp.exe38⤵
- Executes dropped EXE
-
\??\c:\brrxlxn.exec:\brrxlxn.exe39⤵
- Executes dropped EXE
-
\??\c:\vldvll.exec:\vldvll.exe40⤵
- Executes dropped EXE
-
\??\c:\xpvbbj.exec:\xpvbbj.exe41⤵
- Executes dropped EXE
-
\??\c:\vdhplr.exec:\vdhplr.exe42⤵
- Executes dropped EXE
-
\??\c:\rxblpnb.exec:\rxblpnb.exe43⤵
- Executes dropped EXE
-
\??\c:\dxpvdp.exec:\dxpvdp.exe44⤵
- Executes dropped EXE
-
\??\c:\jlfdlxv.exec:\jlfdlxv.exe45⤵
- Executes dropped EXE
-
\??\c:\bfhblh.exec:\bfhblh.exe46⤵
- Executes dropped EXE
-
\??\c:\ndlbhb.exec:\ndlbhb.exe47⤵
- Executes dropped EXE
-
\??\c:\dtblv.exec:\dtblv.exe48⤵
- Executes dropped EXE
-
\??\c:\dbrld.exec:\dbrld.exe49⤵
- Executes dropped EXE
-
\??\c:\jhjpf.exec:\jhjpf.exe50⤵
- Executes dropped EXE
-
\??\c:\xtjbr.exec:\xtjbr.exe51⤵
- Executes dropped EXE
-
\??\c:\rptrr.exec:\rptrr.exe52⤵
- Executes dropped EXE
-
\??\c:\trrbdxl.exec:\trrbdxl.exe53⤵
- Executes dropped EXE
-
\??\c:\vfvhtbv.exec:\vfvhtbv.exe54⤵
- Executes dropped EXE
-
\??\c:\ntxpbnj.exec:\ntxpbnj.exe55⤵
- Executes dropped EXE
-
\??\c:\dtdlvt.exec:\dtdlvt.exe56⤵
- Executes dropped EXE
-
\??\c:\djxhdr.exec:\djxhdr.exe57⤵
- Executes dropped EXE
-
\??\c:\hltjhnx.exec:\hltjhnx.exe58⤵
- Executes dropped EXE
-
\??\c:\hfjnffr.exec:\hfjnffr.exe59⤵
- Executes dropped EXE
-
\??\c:\tpfllht.exec:\tpfllht.exe60⤵
- Executes dropped EXE
-
\??\c:\rjbhd.exec:\rjbhd.exe61⤵
- Executes dropped EXE
-
\??\c:\ldbljh.exec:\ldbljh.exe62⤵
- Executes dropped EXE
-
\??\c:\pdxrtxv.exec:\pdxrtxv.exe63⤵
- Executes dropped EXE
-
\??\c:\tlrhll.exec:\tlrhll.exe64⤵
- Executes dropped EXE
-
\??\c:\lltpndp.exec:\lltpndp.exe65⤵
- Executes dropped EXE
-
\??\c:\txlbn.exec:\txlbn.exe66⤵
-
\??\c:\dlrrf.exec:\dlrrf.exe67⤵
-
\??\c:\dpxtj.exec:\dpxtj.exe68⤵
-
\??\c:\bpfrdvb.exec:\bpfrdvb.exe69⤵
-
\??\c:\hdlll.exec:\hdlll.exe70⤵
-
\??\c:\ljlrj.exec:\ljlrj.exe71⤵
-
\??\c:\nblhrdb.exec:\nblhrdb.exe72⤵
-
\??\c:\rvhth.exec:\rvhth.exe73⤵
-
\??\c:\ttdpfrr.exec:\ttdpfrr.exe74⤵
-
\??\c:\rtfvpt.exec:\rtfvpt.exe75⤵
-
\??\c:\ddxjfl.exec:\ddxjfl.exe76⤵
-
\??\c:\fjltx.exec:\fjltx.exe77⤵
-
\??\c:\ddvfbhl.exec:\ddvfbhl.exe78⤵
-
\??\c:\pjlxl.exec:\pjlxl.exe79⤵
-
\??\c:\lpjrxt.exec:\lpjrxt.exe80⤵
-
\??\c:\jbrrx.exec:\jbrrx.exe81⤵
-
\??\c:\brllxpt.exec:\brllxpt.exe82⤵
-
\??\c:\nddrbt.exec:\nddrbt.exe83⤵
-
\??\c:\drntpv.exec:\drntpv.exe84⤵
-
\??\c:\drxjlfb.exec:\drxjlfb.exe85⤵
-
\??\c:\nbdndn.exec:\nbdndn.exe86⤵
-
\??\c:\flflxx.exec:\flflxx.exe87⤵
-
\??\c:\jlrtlv.exec:\jlrtlv.exe88⤵
-
\??\c:\nftjhph.exec:\nftjhph.exe89⤵
-
\??\c:\dfptxp.exec:\dfptxp.exe90⤵
-
\??\c:\tnfphv.exec:\tnfphv.exe91⤵
-
\??\c:\rtvth.exec:\rtvth.exe92⤵
-
\??\c:\nthnlb.exec:\nthnlb.exe93⤵
-
\??\c:\xdbbf.exec:\xdbbf.exe94⤵
-
\??\c:\rndvddl.exec:\rndvddl.exe95⤵
-
\??\c:\fnltn.exec:\fnltn.exe96⤵
-
\??\c:\ltftfd.exec:\ltftfd.exe97⤵
-
\??\c:\hjtfvp.exec:\hjtfvp.exe98⤵
-
\??\c:\blvhfh.exec:\blvhfh.exe99⤵
-
\??\c:\jltpph.exec:\jltpph.exe100⤵
-
\??\c:\rbdfb.exec:\rbdfb.exe101⤵
-
\??\c:\rrvxt.exec:\rrvxt.exe102⤵
-
\??\c:\ddjtjjx.exec:\ddjtjjx.exe103⤵
-
\??\c:\dpthnp.exec:\dpthnp.exe104⤵
-
\??\c:\hhjbht.exec:\hhjbht.exe105⤵
-
\??\c:\ffnpp.exec:\ffnpp.exe106⤵
-
\??\c:\pbnhpr.exec:\pbnhpr.exe107⤵
-
\??\c:\dntrbr.exec:\dntrbr.exe108⤵
-
\??\c:\rfxnhnj.exec:\rfxnhnj.exe109⤵
-
\??\c:\ldnprn.exec:\ldnprn.exe110⤵
-
\??\c:\bpnxrvp.exec:\bpnxrvp.exe111⤵
-
\??\c:\nvpbvrh.exec:\nvpbvrh.exe112⤵
-
\??\c:\xvbpvf.exec:\xvbpvf.exe113⤵
-
\??\c:\vprttlx.exec:\vprttlx.exe114⤵
-
\??\c:\xbdrnfx.exec:\xbdrnfx.exe115⤵
-
\??\c:\jrbtxt.exec:\jrbtxt.exe116⤵
-
\??\c:\rxrpl.exec:\rxrpl.exe117⤵
-
\??\c:\xbfbbfn.exec:\xbfbbfn.exe118⤵
-
\??\c:\fbfdh.exec:\fbfdh.exe119⤵
-
\??\c:\nffnd.exec:\nffnd.exe120⤵
-
\??\c:\hnxxx.exec:\hnxxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-