Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
27/09/2024, 23:52
General
-
Target
8eb42f4f742964203a185f2f57235885b51c7585539c8cd81250f1c3a2cb48ce.exe
-
Size
70KB
-
MD5
2adf4179e2d501c51cf356be3840681e
-
SHA1
0a6d6f8f33d399288279496bcb1108781d3d56bb
-
SHA256
8eb42f4f742964203a185f2f57235885b51c7585539c8cd81250f1c3a2cb48ce
-
SHA512
07548fb09bba1d946b5580778fd23a7eda1f84b684793d7cea39c0d4cc3670b07a2e947f612af3eb040d1ffaef4ef6a40c56b4e68edb40b08014d539df4ecba0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfUcicP:ymb3NkkiQ3mdBjFI4V4ciU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8eb42f4f742964203a185f2f57235885b51c7585539c8cd81250f1c3a2cb48ce.exe"C:\Users\Admin\AppData\Local\Temp\8eb42f4f742964203a185f2f57235885b51c7585539c8cd81250f1c3a2cb48ce.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lhvbl.exec:\lhvbl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxrtn.exec:\xfxrtn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxtpjnn.exec:\pxtpjnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvdrv.exec:\dddvdrv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pnldlnr.exec:\pnldlnr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlnvx.exec:\rlnvx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxnlb.exec:\hxnlb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dblpdjx.exec:\dblpdjx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrhtrd.exec:\xrhtrd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rnphx.exec:\rnphx.exe11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\tjtvd.exec:\tjtvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvrrr.exec:\jvrrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tfpdhtj.exec:\tfpdhtj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhrrf.exec:\lhrrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdldv.exec:\bdldv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vbdpr.exec:\vbdpr.exe17⤵
- Executes dropped EXE
-
\??\c:\rfrxb.exec:\rfrxb.exe18⤵
- Executes dropped EXE
-
\??\c:\fxhfd.exec:\fxhfd.exe19⤵
- Executes dropped EXE
-
\??\c:\rhbdn.exec:\rhbdn.exe20⤵
- Executes dropped EXE
-
\??\c:\ftnfrvl.exec:\ftnfrvl.exe21⤵
- Executes dropped EXE
-
\??\c:\bflrj.exec:\bflrj.exe22⤵
- Executes dropped EXE
-
\??\c:\tdlrhbd.exec:\tdlrhbd.exe23⤵
- Executes dropped EXE
-
\??\c:\hrxjt.exec:\hrxjt.exe24⤵
- Executes dropped EXE
-
\??\c:\tjhtff.exec:\tjhtff.exe25⤵
- Executes dropped EXE
-
\??\c:\fvnpd.exec:\fvnpd.exe26⤵
- Executes dropped EXE
-
\??\c:\ftvjhv.exec:\ftvjhv.exe27⤵
- Executes dropped EXE
-
\??\c:\bbjrhh.exec:\bbjrhh.exe28⤵
- Executes dropped EXE
-
\??\c:\vpjddh.exec:\vpjddh.exe29⤵
- Executes dropped EXE
-
\??\c:\pfrftpj.exec:\pfrftpj.exe30⤵
- Executes dropped EXE
-
\??\c:\txjrhnj.exec:\txjrhnj.exe31⤵
- Executes dropped EXE
-
\??\c:\dxdht.exec:\dxdht.exe32⤵
- Executes dropped EXE
-
\??\c:\tfjvhf.exec:\tfjvhf.exe33⤵
- Executes dropped EXE
-
\??\c:\jpjpnft.exec:\jpjpnft.exe34⤵
- Executes dropped EXE
-
\??\c:\bjphh.exec:\bjphh.exe35⤵
- Executes dropped EXE
-
\??\c:\jjdtrrf.exec:\jjdtrrf.exe36⤵
- Executes dropped EXE
-
\??\c:\rvxvtd.exec:\rvxvtd.exe37⤵
- Executes dropped EXE
-
\??\c:\drvxjnb.exec:\drvxjnb.exe38⤵
- Executes dropped EXE
-
\??\c:\fvvpx.exec:\fvvpx.exe39⤵
- Executes dropped EXE
-
\??\c:\jrnpdp.exec:\jrnpdp.exe40⤵
- Executes dropped EXE
-
\??\c:\llbfjj.exec:\llbfjj.exe41⤵
- Executes dropped EXE
-
\??\c:\xbpbd.exec:\xbpbd.exe42⤵
- Executes dropped EXE
-
\??\c:\nbxjdn.exec:\nbxjdn.exe43⤵
- Executes dropped EXE
-
\??\c:\tjppbd.exec:\tjppbd.exe44⤵
- Executes dropped EXE
-
\??\c:\xbxrlhp.exec:\xbxrlhp.exe45⤵
- Executes dropped EXE
-
\??\c:\dfdjbr.exec:\dfdjbr.exe46⤵
- Executes dropped EXE
-
\??\c:\xljbdj.exec:\xljbdj.exe47⤵
- Executes dropped EXE
-
\??\c:\njlvjlh.exec:\njlvjlh.exe48⤵
- Executes dropped EXE
-
\??\c:\nfhddb.exec:\nfhddb.exe49⤵
- Executes dropped EXE
-
\??\c:\nfxnrnl.exec:\nfxnrnl.exe50⤵
- Executes dropped EXE
-
\??\c:\tfnfpf.exec:\tfnfpf.exe51⤵
- Executes dropped EXE
-
\??\c:\jdfph.exec:\jdfph.exe52⤵
- Executes dropped EXE
-
\??\c:\lpjtlh.exec:\lpjtlh.exe53⤵
- Executes dropped EXE
-
\??\c:\fjhhp.exec:\fjhhp.exe54⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vrjhnvr.exec:\vrjhnvr.exe55⤵
- Executes dropped EXE
-
\??\c:\pbdvnn.exec:\pbdvnn.exe56⤵
- Executes dropped EXE
-
\??\c:\dhtjtfb.exec:\dhtjtfb.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\phltbl.exec:\phltbl.exe58⤵
- Executes dropped EXE
-
\??\c:\drtlfb.exec:\drtlfb.exe59⤵
- Executes dropped EXE
-
\??\c:\hftbt.exec:\hftbt.exe60⤵
- Executes dropped EXE
-
\??\c:\fhhdxth.exec:\fhhdxth.exe61⤵
- Executes dropped EXE
-
\??\c:\jphpfr.exec:\jphpfr.exe62⤵
- Executes dropped EXE
-
\??\c:\plttdbj.exec:\plttdbj.exe63⤵
- Executes dropped EXE
-
\??\c:\bxrxfnl.exec:\bxrxfnl.exe64⤵
- Executes dropped EXE
-
\??\c:\hrrbl.exec:\hrrbl.exe65⤵
- Executes dropped EXE
-
\??\c:\ddvbhn.exec:\ddvbhn.exe66⤵
-
\??\c:\tdxvj.exec:\tdxvj.exe67⤵
-
\??\c:\btvfrn.exec:\btvfrn.exe68⤵
-
\??\c:\fjhdlfb.exec:\fjhdlfb.exe69⤵
-
\??\c:\hvrxxp.exec:\hvrxxp.exe70⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vvrrdp.exec:\vvrrdp.exe71⤵
-
\??\c:\jvfhdv.exec:\jvfhdv.exe72⤵
-
\??\c:\prvbhp.exec:\prvbhp.exe73⤵
-
\??\c:\plnlx.exec:\plnlx.exe74⤵
-
\??\c:\xfrpnxp.exec:\xfrpnxp.exe75⤵
-
\??\c:\xvfljph.exec:\xvfljph.exe76⤵
-
\??\c:\nvpvjb.exec:\nvpvjb.exe77⤵
-
\??\c:\bdbxjh.exec:\bdbxjh.exe78⤵
-
\??\c:\rvjhxjj.exec:\rvjhxjj.exe79⤵
-
\??\c:\fxfprf.exec:\fxfprf.exe80⤵
-
\??\c:\rlhlhbx.exec:\rlhlhbx.exe81⤵
-
\??\c:\jjtvtt.exec:\jjtvtt.exe82⤵
-
\??\c:\rjbfn.exec:\rjbfn.exe83⤵
-
\??\c:\rdplb.exec:\rdplb.exe84⤵
-
\??\c:\ftbdbrl.exec:\ftbdbrl.exe85⤵
-
\??\c:\rxfxntr.exec:\rxfxntr.exe86⤵
-
\??\c:\prxtfp.exec:\prxtfp.exe87⤵
-
\??\c:\htfvtxj.exec:\htfvtxj.exe88⤵
-
\??\c:\ndtpjnb.exec:\ndtpjnb.exe89⤵
-
\??\c:\dnbrnt.exec:\dnbrnt.exe90⤵
-
\??\c:\tnxxl.exec:\tnxxl.exe91⤵
-
\??\c:\jbndbfp.exec:\jbndbfp.exe92⤵
-
\??\c:\bxbjhf.exec:\bxbjhf.exe93⤵
-
\??\c:\jpnffbf.exec:\jpnffbf.exe94⤵
-
\??\c:\ltbblfl.exec:\ltbblfl.exe95⤵
-
\??\c:\dhhpt.exec:\dhhpt.exe96⤵
-
\??\c:\rbbtt.exec:\rbbtt.exe97⤵
-
\??\c:\xfldd.exec:\xfldd.exe98⤵
-
\??\c:\jtbvh.exec:\jtbvh.exe99⤵
-
\??\c:\xpbljvj.exec:\xpbljvj.exe100⤵
-
\??\c:\httnhtt.exec:\httnhtt.exe101⤵
-
\??\c:\vhffbb.exec:\vhffbb.exe102⤵
-
\??\c:\brjjb.exec:\brjjb.exe103⤵
-
\??\c:\lbltx.exec:\lbltx.exe104⤵
-
\??\c:\hdvxl.exec:\hdvxl.exe105⤵
-
\??\c:\vnhjj.exec:\vnhjj.exe106⤵
-
\??\c:\rtvnrfj.exec:\rtvnrfj.exe107⤵
-
\??\c:\dbffxd.exec:\dbffxd.exe108⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xfvbpnt.exec:\xfvbpnt.exe109⤵
-
\??\c:\dtrbbd.exec:\dtrbbd.exe110⤵
-
\??\c:\xlnjn.exec:\xlnjn.exe111⤵
-
\??\c:\hbhlbj.exec:\hbhlbj.exe112⤵
-
\??\c:\xjdpb.exec:\xjdpb.exe113⤵
-
\??\c:\lvnxdxr.exec:\lvnxdxr.exe114⤵
-
\??\c:\fdjjdf.exec:\fdjjdf.exe115⤵
-
\??\c:\xrlbrfn.exec:\xrlbrfn.exe116⤵
-
\??\c:\jfnbpbn.exec:\jfnbpbn.exe117⤵
-
\??\c:\thxrrh.exec:\thxrrh.exe118⤵
-
\??\c:\nvvrrdn.exec:\nvvrrdn.exe119⤵
-
\??\c:\nxhfx.exec:\nxhfx.exe120⤵
-
\??\c:\tjtlbp.exec:\tjtlbp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-