Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
18/09/2024, 19:18
General
-
Target
1f726e54200936fa3a52f685ee1e37cf66a7e6d3313f8bfcba42ae0363b653c1.exe
-
Size
485KB
-
MD5
a73729110af72f656a3d255bf48ae9e1
-
SHA1
64c799d5a4d60d781a5baa97239f805ec690b0a0
-
SHA256
1f726e54200936fa3a52f685ee1e37cf66a7e6d3313f8bfcba42ae0363b653c1
-
SHA512
ab6374f73f20ef42bd78c1a8d40428c26fb2dc3058749772cd7a06a75fb67ccaededf30bcbf99ad9c3820a365a09b2f69862f97dc6051a31190e55907bb0ef83
-
SSDEEP
6144:n3C9BRo7tvnJ9oH0IRgZvjkUo7tvnJ9oH0IiVByq9CPobNVV:n3C9ytvngQjgtvngSV3CPobNVV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1f726e54200936fa3a52f685ee1e37cf66a7e6d3313f8bfcba42ae0363b653c1.exe"C:\Users\Admin\AppData\Local\Temp\1f726e54200936fa3a52f685ee1e37cf66a7e6d3313f8bfcba42ae0363b653c1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbdjlb.exec:\hbdjlb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dflfh.exec:\dflfh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vhfvvt.exec:\vhfvvt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rdhrpdh.exec:\rdhrpdh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lvxxhdp.exec:\lvxxhdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\brvxr.exec:\brvxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dnbbddl.exec:\dnbbddl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxhjpd.exec:\pxhjpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ptvbdd.exec:\ptvbdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjhjj.exec:\vjhjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tfvrltf.exec:\tfvrltf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fdrlfbt.exec:\fdrlfbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlpnxl.exec:\xlpnxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dnrlhh.exec:\dnrlhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vphxfrn.exec:\vphxfrn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fbdtvbr.exec:\fbdtvbr.exe17⤵
- Executes dropped EXE
-
\??\c:\pjbfpx.exec:\pjbfpx.exe18⤵
- Executes dropped EXE
-
\??\c:\nnlvx.exec:\nnlvx.exe19⤵
- Executes dropped EXE
-
\??\c:\fhbjrr.exec:\fhbjrr.exe20⤵
- Executes dropped EXE
-
\??\c:\hlljvtl.exec:\hlljvtl.exe21⤵
- Executes dropped EXE
-
\??\c:\npvhjb.exec:\npvhjb.exe22⤵
- Executes dropped EXE
-
\??\c:\vlpdjh.exec:\vlpdjh.exe23⤵
- Executes dropped EXE
-
\??\c:\btbvxt.exec:\btbvxt.exe24⤵
- Executes dropped EXE
-
\??\c:\rhbbx.exec:\rhbbx.exe25⤵
- Executes dropped EXE
-
\??\c:\vljfhfd.exec:\vljfhfd.exe26⤵
- Executes dropped EXE
-
\??\c:\dxxbvf.exec:\dxxbvf.exe27⤵
- Executes dropped EXE
-
\??\c:\tpxbphl.exec:\tpxbphl.exe28⤵
- Executes dropped EXE
-
\??\c:\pbbxp.exec:\pbbxp.exe29⤵
- Executes dropped EXE
-
\??\c:\fvhvx.exec:\fvhvx.exe30⤵
- Executes dropped EXE
-
\??\c:\jttrvfr.exec:\jttrvfr.exe31⤵
- Executes dropped EXE
-
\??\c:\vvjhrvp.exec:\vvjhrvp.exe32⤵
- Executes dropped EXE
-
\??\c:\jbltxnl.exec:\jbltxnl.exe33⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\pndjnd.exec:\pndjnd.exe34⤵
- Executes dropped EXE
-
\??\c:\nrlrrdx.exec:\nrlrrdx.exe35⤵
- Executes dropped EXE
-
\??\c:\lxtxt.exec:\lxtxt.exe36⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\txhlhvp.exec:\txhlhvp.exe37⤵
- Executes dropped EXE
-
\??\c:\hpxph.exec:\hpxph.exe38⤵
- Executes dropped EXE
-
\??\c:\jddhnl.exec:\jddhnl.exe39⤵
- Executes dropped EXE
-
\??\c:\hnbnrrn.exec:\hnbnrrn.exe40⤵
- Executes dropped EXE
-
\??\c:\nrhvxfh.exec:\nrhvxfh.exe41⤵
- Executes dropped EXE
-
\??\c:\dfjdddv.exec:\dfjdddv.exe42⤵
- Executes dropped EXE
-
\??\c:\hrtlx.exec:\hrtlx.exe43⤵
- Executes dropped EXE
-
\??\c:\vplfjt.exec:\vplfjt.exe44⤵
- Executes dropped EXE
-
\??\c:\ljdtxvr.exec:\ljdtxvr.exe45⤵
- Executes dropped EXE
-
\??\c:\nnldn.exec:\nnldn.exe46⤵
- Executes dropped EXE
-
\??\c:\pjfxbd.exec:\pjfxbd.exe47⤵
- Executes dropped EXE
-
\??\c:\rjtddpv.exec:\rjtddpv.exe48⤵
- Executes dropped EXE
-
\??\c:\hprffdh.exec:\hprffdh.exe49⤵
- Executes dropped EXE
-
\??\c:\rttnhp.exec:\rttnhp.exe50⤵
- Executes dropped EXE
-
\??\c:\htbhtpv.exec:\htbhtpv.exe51⤵
- Executes dropped EXE
-
\??\c:\nrvbjb.exec:\nrvbjb.exe52⤵
- Executes dropped EXE
-
\??\c:\ttdhp.exec:\ttdhp.exe53⤵
- Executes dropped EXE
-
\??\c:\rhpnv.exec:\rhpnv.exe54⤵
- Executes dropped EXE
-
\??\c:\vllrx.exec:\vllrx.exe55⤵
- Executes dropped EXE
-
\??\c:\xxpvx.exec:\xxpvx.exe56⤵
- Executes dropped EXE
-
\??\c:\ltjhhp.exec:\ltjhhp.exe57⤵
- Executes dropped EXE
-
\??\c:\nltnj.exec:\nltnj.exe58⤵
- Executes dropped EXE
-
\??\c:\hvrrfdd.exec:\hvrrfdd.exe59⤵
- Executes dropped EXE
-
\??\c:\hpbld.exec:\hpbld.exe60⤵
- Executes dropped EXE
-
\??\c:\bvbnt.exec:\bvbnt.exe61⤵
- Executes dropped EXE
-
\??\c:\thfrdl.exec:\thfrdl.exe62⤵
- Executes dropped EXE
-
\??\c:\bhxrlnr.exec:\bhxrlnr.exe63⤵
- Executes dropped EXE
-
\??\c:\nvdpb.exec:\nvdpb.exe64⤵
- Executes dropped EXE
-
\??\c:\dlrlttt.exec:\dlrlttt.exe65⤵
- Executes dropped EXE
-
\??\c:\rdtrt.exec:\rdtrt.exe66⤵
-
\??\c:\djvrxh.exec:\djvrxh.exe67⤵
-
\??\c:\ljtjhvx.exec:\ljtjhvx.exe68⤵
-
\??\c:\jtjldfd.exec:\jtjldfd.exe69⤵
-
\??\c:\brtppv.exec:\brtppv.exe70⤵
-
\??\c:\xbjxdh.exec:\xbjxdh.exe71⤵
-
\??\c:\jpxlx.exec:\jpxlx.exe72⤵
-
\??\c:\vpfdbh.exec:\vpfdbh.exe73⤵
-
\??\c:\jjlpx.exec:\jjlpx.exe74⤵
-
\??\c:\ljbbpn.exec:\ljbbpn.exe75⤵
-
\??\c:\vljbjt.exec:\vljbjt.exe76⤵
-
\??\c:\fhpvbp.exec:\fhpvbp.exe77⤵
-
\??\c:\pjbrxdv.exec:\pjbrxdv.exe78⤵
-
\??\c:\lrdnf.exec:\lrdnf.exe79⤵
-
\??\c:\lhphdld.exec:\lhphdld.exe80⤵
-
\??\c:\tlttr.exec:\tlttr.exe81⤵
-
\??\c:\npnjljf.exec:\npnjljf.exe82⤵
-
\??\c:\pfxnt.exec:\pfxnt.exe83⤵
-
\??\c:\ffpbhxd.exec:\ffpbhxd.exe84⤵
-
\??\c:\tldvhxf.exec:\tldvhxf.exe85⤵
-
\??\c:\jxfvbrl.exec:\jxfvbrl.exe86⤵
-
\??\c:\lnbff.exec:\lnbff.exe87⤵
-
\??\c:\bjnbntp.exec:\bjnbntp.exe88⤵
-
\??\c:\fxbdj.exec:\fxbdj.exe89⤵
-
\??\c:\tvfpvx.exec:\tvfpvx.exe90⤵
-
\??\c:\xxntfdl.exec:\xxntfdl.exe91⤵
-
\??\c:\fxfptfr.exec:\fxfptfr.exe92⤵
- System Location Discovery: System Language Discovery
-
\??\c:\btjxt.exec:\btjxt.exe93⤵
-
\??\c:\dfrxdnl.exec:\dfrxdnl.exe94⤵
-
\??\c:\hbtvp.exec:\hbtvp.exe95⤵
-
\??\c:\dhlrhj.exec:\dhlrhj.exe96⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pnnttp.exec:\pnnttp.exe97⤵
-
\??\c:\fdfjn.exec:\fdfjn.exe98⤵
-
\??\c:\tdnhp.exec:\tdnhp.exe99⤵
-
\??\c:\fhvfr.exec:\fhvfr.exe100⤵
-
\??\c:\ppbht.exec:\ppbht.exe101⤵
-
\??\c:\xvfxdl.exec:\xvfxdl.exe102⤵
-
\??\c:\xtxxxhj.exec:\xtxxxhj.exe103⤵
-
\??\c:\nttlxj.exec:\nttlxj.exe104⤵
-
\??\c:\pxrlrdt.exec:\pxrlrdt.exe105⤵
-
\??\c:\hrpxb.exec:\hrpxb.exe106⤵
-
\??\c:\lrvlx.exec:\lrvlx.exe107⤵
-
\??\c:\xhtvfpl.exec:\xhtvfpl.exe108⤵
-
\??\c:\bpjfh.exec:\bpjfh.exe109⤵
-
\??\c:\ndnrpjt.exec:\ndnrpjt.exe110⤵
-
\??\c:\dnblxfb.exec:\dnblxfb.exe111⤵
-
\??\c:\lntbbrv.exec:\lntbbrv.exe112⤵
-
\??\c:\pljblx.exec:\pljblx.exe113⤵
-
\??\c:\rfrld.exec:\rfrld.exe114⤵
-
\??\c:\bnbxhb.exec:\bnbxhb.exe115⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lrjhldh.exec:\lrjhldh.exe116⤵
-
\??\c:\bfdbp.exec:\bfdbp.exe117⤵
-
\??\c:\pnrpjrf.exec:\pnrpjrf.exe118⤵
-
\??\c:\jrnjnl.exec:\jrnjnl.exe119⤵
-
\??\c:\lxbrlpp.exec:\lxbrlpp.exe120⤵
-
\??\c:\tvhjnhn.exec:\tvhjnhn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-