Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
07/09/2024, 22:05
General
-
Target
db1e03fa390f2aecbb5862318d6cda60N.exe
-
Size
82KB
-
MD5
db1e03fa390f2aecbb5862318d6cda60
-
SHA1
7a0d75492148cd9724300f91a5d39792d51c9519
-
SHA256
c123e2d3e7a3a6ff937f3e1646afdc14cf1ad55a088cfc86734c5efa41df822f
-
SHA512
573f6306678b9df5a493fa3e1932461478448eb4084778daa4aae99036faafdd42d722a999fa2dc2b90e603d5cb743c64fb81c8c35df0557600da18fb9d2e46d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89Qj:ymb3NkkiQ3mdBjFIIp9L9QrrA8G
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 38 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\db1e03fa390f2aecbb5862318d6cda60N.exe"C:\Users\Admin\AppData\Local\Temp\db1e03fa390f2aecbb5862318d6cda60N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bjlld.exec:\bjlld.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\ntlrxb.exec:\ntlrxb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbnxp.exec:\ttbnxp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxdxnr.exec:\lxdxnr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvfln.exec:\hvfln.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxtjv.exec:\hxtjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxdtlxj.exec:\lxdtlxj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fvlbxl.exec:\fvlbxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpplxlt.exec:\jpplxlt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ptjxhfb.exec:\ptjxhfb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfldrt.exec:\pfldrt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lppfblr.exec:\lppfblr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thldn.exec:\thldn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ptxhb.exec:\ptxhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlnh.exec:\rrlnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhrfrnn.exec:\rhrfrnn.exe17⤵
- Executes dropped EXE
-
\??\c:\trlht.exec:\trlht.exe18⤵
- Executes dropped EXE
-
\??\c:\tjhrptp.exec:\tjhrptp.exe19⤵
- Executes dropped EXE
-
\??\c:\ndvtd.exec:\ndvtd.exe20⤵
- Executes dropped EXE
-
\??\c:\ftxtppr.exec:\ftxtppr.exe21⤵
- Executes dropped EXE
-
\??\c:\fvprtv.exec:\fvprtv.exe22⤵
- Executes dropped EXE
-
\??\c:\pfnhtfl.exec:\pfnhtfl.exe23⤵
- Executes dropped EXE
-
\??\c:\vbftfb.exec:\vbftfb.exe24⤵
- Executes dropped EXE
-
\??\c:\bttfxl.exec:\bttfxl.exe25⤵
- Executes dropped EXE
-
\??\c:\xlnfr.exec:\xlnfr.exe26⤵
- Executes dropped EXE
-
\??\c:\jtjjxnp.exec:\jtjjxnp.exe27⤵
- Executes dropped EXE
-
\??\c:\dnxljbf.exec:\dnxljbf.exe28⤵
- Executes dropped EXE
-
\??\c:\nttpblh.exec:\nttpblh.exe29⤵
- Executes dropped EXE
-
\??\c:\lnhjr.exec:\lnhjr.exe30⤵
- Executes dropped EXE
-
\??\c:\lhhxfr.exec:\lhhxfr.exe31⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xbddvrt.exec:\xbddvrt.exe32⤵
- Executes dropped EXE
-
\??\c:\hxxjjlp.exec:\hxxjjlp.exe33⤵
- Executes dropped EXE
-
\??\c:\brhrtjf.exec:\brhrtjf.exe34⤵
- Executes dropped EXE
-
\??\c:\vrprnj.exec:\vrprnj.exe35⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rfbhv.exec:\rfbhv.exe36⤵
- Executes dropped EXE
-
\??\c:\hfnvptb.exec:\hfnvptb.exe37⤵
- Executes dropped EXE
-
\??\c:\pjljrp.exec:\pjljrp.exe38⤵
- Executes dropped EXE
-
\??\c:\pplxph.exec:\pplxph.exe39⤵
- Executes dropped EXE
-
\??\c:\rdnldvt.exec:\rdnldvt.exe40⤵
- Executes dropped EXE
-
\??\c:\txndhd.exec:\txndhd.exe41⤵
- Executes dropped EXE
-
\??\c:\rpldrjx.exec:\rpldrjx.exe42⤵
- Executes dropped EXE
-
\??\c:\ljvhfvv.exec:\ljvhfvv.exe43⤵
- Executes dropped EXE
-
\??\c:\fdfrdjf.exec:\fdfrdjf.exe44⤵
- Executes dropped EXE
-
\??\c:\nlpdjtd.exec:\nlpdjtd.exe45⤵
- Executes dropped EXE
-
\??\c:\rrtlll.exec:\rrtlll.exe46⤵
- Executes dropped EXE
-
\??\c:\bhxld.exec:\bhxld.exe47⤵
- Executes dropped EXE
-
\??\c:\jrvjjl.exec:\jrvjjl.exe48⤵
- Executes dropped EXE
-
\??\c:\lthlb.exec:\lthlb.exe49⤵
- Executes dropped EXE
-
\??\c:\ppfvb.exec:\ppfvb.exe50⤵
- Executes dropped EXE
-
\??\c:\rtvpnr.exec:\rtvpnr.exe51⤵
- Executes dropped EXE
-
\??\c:\vthrl.exec:\vthrl.exe52⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jfbrrdj.exec:\jfbrrdj.exe53⤵
- Executes dropped EXE
-
\??\c:\xvrrlr.exec:\xvrrlr.exe54⤵
- Executes dropped EXE
-
\??\c:\xppnvl.exec:\xppnvl.exe55⤵
- Executes dropped EXE
-
\??\c:\xhpjxb.exec:\xhpjxb.exe56⤵
- Executes dropped EXE
-
\??\c:\njvll.exec:\njvll.exe57⤵
- Executes dropped EXE
-
\??\c:\httpft.exec:\httpft.exe58⤵
- Executes dropped EXE
-
\??\c:\vjlxdx.exec:\vjlxdx.exe59⤵
- Executes dropped EXE
-
\??\c:\hphnr.exec:\hphnr.exe60⤵
- Executes dropped EXE
-
\??\c:\hvbjx.exec:\hvbjx.exe61⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jjpvtpp.exec:\jjpvtpp.exe62⤵
- Executes dropped EXE
-
\??\c:\pxlpl.exec:\pxlpl.exe63⤵
- Executes dropped EXE
-
\??\c:\xtxrvn.exec:\xtxrvn.exe64⤵
- Executes dropped EXE
-
\??\c:\vdnhhn.exec:\vdnhhn.exe65⤵
- Executes dropped EXE
-
\??\c:\vntdjbt.exec:\vntdjbt.exe66⤵
-
\??\c:\nvdlp.exec:\nvdlp.exe67⤵
-
\??\c:\rjrbd.exec:\rjrbd.exe68⤵
-
\??\c:\nldvp.exec:\nldvp.exe69⤵
-
\??\c:\vdfppl.exec:\vdfppl.exe70⤵
-
\??\c:\fnxdt.exec:\fnxdt.exe71⤵
-
\??\c:\nbtxvdf.exec:\nbtxvdf.exe72⤵
-
\??\c:\vdlhv.exec:\vdlhv.exe73⤵
-
\??\c:\hpfhfdd.exec:\hpfhfdd.exe74⤵
-
\??\c:\vflhjpb.exec:\vflhjpb.exe75⤵
-
\??\c:\prnrfvv.exec:\prnrfvv.exe76⤵
-
\??\c:\htvxbpb.exec:\htvxbpb.exe77⤵
-
\??\c:\tvpltb.exec:\tvpltb.exe78⤵
-
\??\c:\dppplpt.exec:\dppplpt.exe79⤵
-
\??\c:\jvdjptd.exec:\jvdjptd.exe80⤵
-
\??\c:\dbrbjdv.exec:\dbrbjdv.exe81⤵
-
\??\c:\vhhxx.exec:\vhhxx.exe82⤵
-
\??\c:\pnttx.exec:\pnttx.exe83⤵
-
\??\c:\xrphf.exec:\xrphf.exe84⤵
-
\??\c:\vrrrxff.exec:\vrrrxff.exe85⤵
-
\??\c:\txnldtx.exec:\txnldtx.exe86⤵
-
\??\c:\ntxhjvt.exec:\ntxhjvt.exe87⤵
-
\??\c:\thrpn.exec:\thrpn.exe88⤵
-
\??\c:\bfrfbvb.exec:\bfrfbvb.exe89⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bfrnh.exec:\bfrnh.exe90⤵
-
\??\c:\ndjvp.exec:\ndjvp.exe91⤵
-
\??\c:\btdfbp.exec:\btdfbp.exe92⤵
-
\??\c:\vtdlrhv.exec:\vtdlrhv.exe93⤵
-
\??\c:\rfhhvx.exec:\rfhhvx.exe94⤵
-
\??\c:\rvjhjn.exec:\rvjhjn.exe95⤵
-
\??\c:\ndrbrt.exec:\ndrbrt.exe96⤵
-
\??\c:\rlxrh.exec:\rlxrh.exe97⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hbttv.exec:\hbttv.exe98⤵
-
\??\c:\vfjxbr.exec:\vfjxbr.exe99⤵
-
\??\c:\vlrbx.exec:\vlrbx.exe100⤵
-
\??\c:\dpvlrv.exec:\dpvlrv.exe101⤵
-
\??\c:\nftbxx.exec:\nftbxx.exe102⤵
-
\??\c:\xlnbtnt.exec:\xlnbtnt.exe103⤵
-
\??\c:\rljpr.exec:\rljpr.exe104⤵
-
\??\c:\pjfntj.exec:\pjfntj.exe105⤵
-
\??\c:\hnflpbv.exec:\hnflpbv.exe106⤵
-
\??\c:\vvdrjrr.exec:\vvdrjrr.exe107⤵
-
\??\c:\ptvbhv.exec:\ptvbhv.exe108⤵
-
\??\c:\njxtn.exec:\njxtn.exe109⤵
-
\??\c:\ttvdr.exec:\ttvdr.exe110⤵
-
\??\c:\hxpttjv.exec:\hxpttjv.exe111⤵
-
\??\c:\jlprt.exec:\jlprt.exe112⤵
-
\??\c:\rpblptp.exec:\rpblptp.exe113⤵
-
\??\c:\hltvx.exec:\hltvx.exe114⤵
-
\??\c:\rnpxllr.exec:\rnpxllr.exe115⤵
-
\??\c:\tltlpdv.exec:\tltlpdv.exe116⤵
-
\??\c:\btdpr.exec:\btdpr.exe117⤵
-
\??\c:\rpdljl.exec:\rpdljl.exe118⤵
-
\??\c:\btbtrrp.exec:\btbtrrp.exe119⤵
-
\??\c:\bvtrpxd.exec:\bvtrpxd.exe120⤵
- System Location Discovery: System Language Discovery
-
\??\c:\fpfnb.exec:\fpfnb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-