Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
27/07/2024, 22:46
General
-
Target
5da15c041a8cae693b0211b0e6205ff6a2d820ba126e5f566e7683ea5a8fc144.exe
-
Size
64KB
-
MD5
f72ac762b0aa8a358d48048e892c60f6
-
SHA1
48ce0b25ea916d3271d1acac8f092a3fa6fad58e
-
SHA256
5da15c041a8cae693b0211b0e6205ff6a2d820ba126e5f566e7683ea5a8fc144
-
SHA512
c0a6eba162140e0ee8c872e761080ff763a2159cc20e4a6661ed04027e26bc36f710d6074e5b58d0bb63933b2d02641836591935510f0ee2c7dddb387ddf95a3
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzkzNYFJ:ymb3NkkiQ3mdBjFIvlpyJ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5da15c041a8cae693b0211b0e6205ff6a2d820ba126e5f566e7683ea5a8fc144.exe"C:\Users\Admin\AppData\Local\Temp\5da15c041a8cae693b0211b0e6205ff6a2d820ba126e5f566e7683ea5a8fc144.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pltpb.exec:\pltpb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxbtlb.exec:\fxbtlb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvhjr.exec:\hvhjr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jhtdvx.exec:\jhtdvx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rtlvbd.exec:\rtlvbd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvfnt.exec:\dvfnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nvhdv.exec:\nvhdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dlblvf.exec:\dlblvf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jhnjhv.exec:\jhnjhv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnljf.exec:\bnljf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljttnxb.exec:\ljttnxb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpxjftp.exec:\jpxjftp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbnrx.exec:\rbnrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlplphb.exec:\rlplphb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xjfxjv.exec:\xjfxjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vnfxf.exec:\vnfxf.exe17⤵
- Executes dropped EXE
-
\??\c:\xjbdv.exec:\xjbdv.exe18⤵
- Executes dropped EXE
-
\??\c:\tvjdlv.exec:\tvjdlv.exe19⤵
- Executes dropped EXE
-
\??\c:\nbtjhvb.exec:\nbtjhvb.exe20⤵
- Executes dropped EXE
-
\??\c:\rjlnr.exec:\rjlnr.exe21⤵
- Executes dropped EXE
-
\??\c:\tfftjpn.exec:\tfftjpn.exe22⤵
- Executes dropped EXE
-
\??\c:\bhvrnvv.exec:\bhvrnvv.exe23⤵
- Executes dropped EXE
-
\??\c:\pflfth.exec:\pflfth.exe24⤵
- Executes dropped EXE
-
\??\c:\fhdpf.exec:\fhdpf.exe25⤵
- Executes dropped EXE
-
\??\c:\djdlj.exec:\djdlj.exe26⤵
- Executes dropped EXE
-
\??\c:\lvlthd.exec:\lvlthd.exe27⤵
- Executes dropped EXE
-
\??\c:\flbff.exec:\flbff.exe28⤵
- Executes dropped EXE
-
\??\c:\vpjvrdd.exec:\vpjvrdd.exe29⤵
- Executes dropped EXE
-
\??\c:\pbhvt.exec:\pbhvt.exe30⤵
- Executes dropped EXE
-
\??\c:\jtdrvv.exec:\jtdrvv.exe31⤵
- Executes dropped EXE
-
\??\c:\pxffh.exec:\pxffh.exe32⤵
- Executes dropped EXE
-
\??\c:\tbljbp.exec:\tbljbp.exe33⤵
- Executes dropped EXE
-
\??\c:\ldjnxpb.exec:\ldjnxpb.exe34⤵
- Executes dropped EXE
-
\??\c:\xdvhvnh.exec:\xdvhvnh.exe35⤵
- Executes dropped EXE
-
\??\c:\jlvnjj.exec:\jlvnjj.exe36⤵
- Executes dropped EXE
-
\??\c:\lpnltb.exec:\lpnltb.exe37⤵
- Executes dropped EXE
-
\??\c:\lvnbnbb.exec:\lvnbnbb.exe38⤵
- Executes dropped EXE
-
\??\c:\bjfnf.exec:\bjfnf.exe39⤵
- Executes dropped EXE
-
\??\c:\nnrtvr.exec:\nnrtvr.exe40⤵
- Executes dropped EXE
-
\??\c:\ndndxp.exec:\ndndxp.exe41⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hlblt.exec:\hlblt.exe42⤵
- Executes dropped EXE
-
\??\c:\brpblbx.exec:\brpblbx.exe43⤵
- Executes dropped EXE
-
\??\c:\fxnhft.exec:\fxnhft.exe44⤵
- Executes dropped EXE
-
\??\c:\vxxdl.exec:\vxxdl.exe45⤵
- Executes dropped EXE
-
\??\c:\fxjtf.exec:\fxjtf.exe46⤵
- Executes dropped EXE
-
\??\c:\llpdn.exec:\llpdn.exe47⤵
- Executes dropped EXE
-
\??\c:\nnvdj.exec:\nnvdj.exe48⤵
- Executes dropped EXE
-
\??\c:\jdvhhrl.exec:\jdvhhrl.exe49⤵
- Executes dropped EXE
-
\??\c:\xbdjll.exec:\xbdjll.exe50⤵
- Executes dropped EXE
-
\??\c:\rhlbtjd.exec:\rhlbtjd.exe51⤵
- Executes dropped EXE
-
\??\c:\bprfljn.exec:\bprfljn.exe52⤵
- Executes dropped EXE
-
\??\c:\xlbhtv.exec:\xlbhtv.exe53⤵
- Executes dropped EXE
-
\??\c:\nhvbf.exec:\nhvbf.exe54⤵
- Executes dropped EXE
-
\??\c:\jjlllnx.exec:\jjlllnx.exe55⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xbftb.exec:\xbftb.exe56⤵
- Executes dropped EXE
-
\??\c:\tprrnp.exec:\tprrnp.exe57⤵
- Executes dropped EXE
-
\??\c:\dtpblh.exec:\dtpblh.exe58⤵
- Executes dropped EXE
-
\??\c:\plphvj.exec:\plphvj.exe59⤵
- Executes dropped EXE
-
\??\c:\btvdn.exec:\btvdn.exe60⤵
- Executes dropped EXE
-
\??\c:\ffnln.exec:\ffnln.exe61⤵
- Executes dropped EXE
-
\??\c:\nrfxll.exec:\nrfxll.exe62⤵
- Executes dropped EXE
-
\??\c:\pdxxr.exec:\pdxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\pdhdlhb.exec:\pdhdlhb.exe64⤵
- Executes dropped EXE
-
\??\c:\rvvbbx.exec:\rvvbbx.exe65⤵
- Executes dropped EXE
-
\??\c:\rfrxrpp.exec:\rfrxrpp.exe66⤵
-
\??\c:\phjnrpp.exec:\phjnrpp.exe67⤵
-
\??\c:\pxbhpx.exec:\pxbhpx.exe68⤵
-
\??\c:\lbjfbrd.exec:\lbjfbrd.exe69⤵
-
\??\c:\lnhtvvv.exec:\lnhtvvv.exe70⤵
-
\??\c:\xtrpjbv.exec:\xtrpjbv.exe71⤵
-
\??\c:\ftfjj.exec:\ftfjj.exe72⤵
-
\??\c:\txdrxv.exec:\txdrxv.exe73⤵
-
\??\c:\brjjj.exec:\brjjj.exe74⤵
-
\??\c:\nhlvtn.exec:\nhlvtn.exe75⤵
-
\??\c:\xtbjhf.exec:\xtbjhf.exe76⤵
-
\??\c:\vpflfff.exec:\vpflfff.exe77⤵
-
\??\c:\xrtvj.exec:\xrtvj.exe78⤵
-
\??\c:\vrvhptd.exec:\vrvhptd.exe79⤵
-
\??\c:\xflnfb.exec:\xflnfb.exe80⤵
-
\??\c:\xpddvrh.exec:\xpddvrh.exe81⤵
-
\??\c:\llvvh.exec:\llvvh.exe82⤵
-
\??\c:\dxrln.exec:\dxrln.exe83⤵
-
\??\c:\rtbft.exec:\rtbft.exe84⤵
-
\??\c:\djrrfp.exec:\djrrfp.exe85⤵
-
\??\c:\jjhdhvh.exec:\jjhdhvh.exe86⤵
-
\??\c:\rxrhl.exec:\rxrhl.exe87⤵
-
\??\c:\drjbh.exec:\drjbh.exe88⤵
-
\??\c:\lpbdtv.exec:\lpbdtv.exe89⤵
-
\??\c:\fthhrxh.exec:\fthhrxh.exe90⤵
-
\??\c:\dlpxrt.exec:\dlpxrt.exe91⤵
-
\??\c:\xlndfnv.exec:\xlndfnv.exe92⤵
-
\??\c:\hlrhlr.exec:\hlrhlr.exe93⤵
-
\??\c:\lrdxrfd.exec:\lrdxrfd.exe94⤵
-
\??\c:\tpplp.exec:\tpplp.exe95⤵
-
\??\c:\vjjtfrb.exec:\vjjtfrb.exe96⤵
-
\??\c:\llfpbl.exec:\llfpbl.exe97⤵
-
\??\c:\pdlrvr.exec:\pdlrvr.exe98⤵
-
\??\c:\ptbll.exec:\ptbll.exe99⤵
-
\??\c:\ptlffl.exec:\ptlffl.exe100⤵
-
\??\c:\jjdnbhj.exec:\jjdnbhj.exe101⤵
-
\??\c:\hpjplnp.exec:\hpjplnp.exe102⤵
-
\??\c:\xltvbd.exec:\xltvbd.exe103⤵
-
\??\c:\ltblb.exec:\ltblb.exe104⤵
-
\??\c:\ljffp.exec:\ljffp.exe105⤵
-
\??\c:\dbpjnrd.exec:\dbpjnrd.exe106⤵
-
\??\c:\hrtfhv.exec:\hrtfhv.exe107⤵
-
\??\c:\vdplp.exec:\vdplp.exe108⤵
-
\??\c:\fvbvx.exec:\fvbvx.exe109⤵
-
\??\c:\brpfjh.exec:\brpfjh.exe110⤵
-
\??\c:\pjjbbbd.exec:\pjjbbbd.exe111⤵
-
\??\c:\dnprh.exec:\dnprh.exe112⤵
-
\??\c:\jhnhj.exec:\jhnhj.exe113⤵
-
\??\c:\nxvthv.exec:\nxvthv.exe114⤵
-
\??\c:\lfdlf.exec:\lfdlf.exe115⤵
-
\??\c:\tfntjv.exec:\tfntjv.exe116⤵
-
\??\c:\pfvfht.exec:\pfvfht.exe117⤵
-
\??\c:\hndvf.exec:\hndvf.exe118⤵
-
\??\c:\xtxld.exec:\xtxld.exe119⤵
-
\??\c:\pxfnpvr.exec:\pxfnpvr.exe120⤵
-
\??\c:\hhrffvv.exec:\hhrffvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-