Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
01/10/2024, 00:37
General
-
Target
fb74807dba0e18f5a469ff30266096767623dd5cbced9196ad54814175682ef0N.exe
-
Size
63KB
-
MD5
10e1f626dd3e7530f75c5816a8890950
-
SHA1
029bbb574f7451444a374c3c6e02465a1cb67e94
-
SHA256
fb74807dba0e18f5a469ff30266096767623dd5cbced9196ad54814175682ef0
-
SHA512
89c317b59e31810986a70ff7ea89fc29a7d220f5cf8dbaae5c733a13f52e6123f64bc38e35a4af52fc5ebf068cb689ff3ee105ba01cdb0b9ea0cc39925cc8055
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxi03:ymb3NkkiQ3mdBjF0y7kbD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fb74807dba0e18f5a469ff30266096767623dd5cbced9196ad54814175682ef0N.exe"C:\Users\Admin\AppData\Local\Temp\fb74807dba0e18f5a469ff30266096767623dd5cbced9196ad54814175682ef0N.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\nblxxnt.exec:\nblxxnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pptdttd.exec:\pptdttd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxnjtt.exec:\rxnjtt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvnvv.exec:\xvnvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbpjf.exec:\hbpjf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrxj.exec:\rxrxj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lbnnflp.exec:\lbnnflp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnjpvd.exec:\nnjpvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hfjrdp.exec:\hfjrdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thxlph.exec:\thxlph.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dfpltdx.exec:\dfpltdx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jnndx.exec:\jnndx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjblr.exec:\tjblr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvtbd.exec:\hvtbd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dlhdltd.exec:\dlhdltd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjjjl.exec:\fjjjl.exe17⤵
- Executes dropped EXE
-
\??\c:\vrvfd.exec:\vrvfd.exe18⤵
- Executes dropped EXE
-
\??\c:\rrdlb.exec:\rrdlb.exe19⤵
- Executes dropped EXE
-
\??\c:\nvxttdp.exec:\nvxttdp.exe20⤵
- Executes dropped EXE
-
\??\c:\rndlhvt.exec:\rndlhvt.exe21⤵
- Executes dropped EXE
-
\??\c:\fjfbfd.exec:\fjfbfd.exe22⤵
- Executes dropped EXE
-
\??\c:\bjvvbf.exec:\bjvvbf.exe23⤵
- Executes dropped EXE
-
\??\c:\rthvrfh.exec:\rthvrfh.exe24⤵
- Executes dropped EXE
-
\??\c:\ltvnlvj.exec:\ltvnlvj.exe25⤵
- Executes dropped EXE
-
\??\c:\vtrlnl.exec:\vtrlnl.exe26⤵
- Executes dropped EXE
-
\??\c:\lxvffnt.exec:\lxvffnt.exe27⤵
- Executes dropped EXE
-
\??\c:\htnph.exec:\htnph.exe28⤵
- Executes dropped EXE
-
\??\c:\vtftvd.exec:\vtftvd.exe29⤵
- Executes dropped EXE
-
\??\c:\pjhfb.exec:\pjhfb.exe30⤵
- Executes dropped EXE
-
\??\c:\lttxh.exec:\lttxh.exe31⤵
- Executes dropped EXE
-
\??\c:\xfhpvjp.exec:\xfhpvjp.exe32⤵
- Executes dropped EXE
-
\??\c:\xdlpppp.exec:\xdlpppp.exe33⤵
- Executes dropped EXE
-
\??\c:\vtrblf.exec:\vtrblf.exe34⤵
- Executes dropped EXE
-
\??\c:\ftjbllf.exec:\ftjbllf.exe35⤵
- Executes dropped EXE
-
\??\c:\trvfvld.exec:\trvfvld.exe36⤵
- Executes dropped EXE
-
\??\c:\dnltpl.exec:\dnltpl.exe37⤵
- Executes dropped EXE
-
\??\c:\dbtbppn.exec:\dbtbppn.exe38⤵
- Executes dropped EXE
-
\??\c:\nttbxp.exec:\nttbxp.exe39⤵
- Executes dropped EXE
-
\??\c:\vdbdtp.exec:\vdbdtp.exe40⤵
- Executes dropped EXE
-
\??\c:\xhjfdr.exec:\xhjfdr.exe41⤵
- Executes dropped EXE
-
\??\c:\prpxrdl.exec:\prpxrdl.exe42⤵
- Executes dropped EXE
-
\??\c:\lrvjh.exec:\lrvjh.exe43⤵
- Executes dropped EXE
-
\??\c:\fjjhd.exec:\fjjhd.exe44⤵
- Executes dropped EXE
-
\??\c:\ddhlt.exec:\ddhlt.exe45⤵
- Executes dropped EXE
-
\??\c:\xdxnvn.exec:\xdxnvn.exe46⤵
- Executes dropped EXE
-
\??\c:\hjbtnt.exec:\hjbtnt.exe47⤵
- Executes dropped EXE
-
\??\c:\bdxbxl.exec:\bdxbxl.exe48⤵
- Executes dropped EXE
-
\??\c:\xvtdtr.exec:\xvtdtr.exe49⤵
- Executes dropped EXE
-
\??\c:\xblpbxr.exec:\xblpbxr.exe50⤵
- Executes dropped EXE
-
\??\c:\jdxfjn.exec:\jdxfjn.exe51⤵
- Executes dropped EXE
-
\??\c:\pdftrlv.exec:\pdftrlv.exe52⤵
- Executes dropped EXE
-
\??\c:\xrptb.exec:\xrptb.exe53⤵
- Executes dropped EXE
-
\??\c:\dtvjdl.exec:\dtvjdl.exe54⤵
- Executes dropped EXE
-
\??\c:\vlxxpv.exec:\vlxxpv.exe55⤵
- Executes dropped EXE
-
\??\c:\trvpbx.exec:\trvpbx.exe56⤵
- Executes dropped EXE
-
\??\c:\lhrdtt.exec:\lhrdtt.exe57⤵
- Executes dropped EXE
-
\??\c:\pptnp.exec:\pptnp.exe58⤵
- Executes dropped EXE
-
\??\c:\dpnrdbn.exec:\dpnrdbn.exe59⤵
- Executes dropped EXE
-
\??\c:\lxvnthp.exec:\lxvnthp.exe60⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vfvtjpp.exec:\vfvtjpp.exe61⤵
- Executes dropped EXE
-
\??\c:\hlddt.exec:\hlddt.exe62⤵
- Executes dropped EXE
-
\??\c:\xvhfl.exec:\xvhfl.exe63⤵
- Executes dropped EXE
-
\??\c:\pxlxvlj.exec:\pxlxvlj.exe64⤵
- Executes dropped EXE
-
\??\c:\lxnrpl.exec:\lxnrpl.exe65⤵
- Executes dropped EXE
-
\??\c:\xtfvhtj.exec:\xtfvhtj.exe66⤵
-
\??\c:\brjphnr.exec:\brjphnr.exe67⤵
-
\??\c:\ptpxxdl.exec:\ptpxxdl.exe68⤵
-
\??\c:\jfddfnr.exec:\jfddfnr.exe69⤵
-
\??\c:\vjnfx.exec:\vjnfx.exe70⤵
-
\??\c:\djdhxlb.exec:\djdhxlb.exe71⤵
-
\??\c:\ldfdxx.exec:\ldfdxx.exe72⤵
-
\??\c:\vjjjx.exec:\vjjjx.exe73⤵
-
\??\c:\lfdntpj.exec:\lfdntpj.exe74⤵
-
\??\c:\bxbtjb.exec:\bxbtjb.exe75⤵
-
\??\c:\vfpttd.exec:\vfpttd.exe76⤵
-
\??\c:\jtnvl.exec:\jtnvl.exe77⤵
-
\??\c:\pjrhtxl.exec:\pjrhtxl.exe78⤵
-
\??\c:\pvhdln.exec:\pvhdln.exe79⤵
-
\??\c:\tvbhpbd.exec:\tvbhpbd.exe80⤵
-
\??\c:\hbdrxh.exec:\hbdrxh.exe81⤵
-
\??\c:\jxlhbnf.exec:\jxlhbnf.exe82⤵
-
\??\c:\nnntbpp.exec:\nnntbpp.exe83⤵
-
\??\c:\lrxtj.exec:\lrxtj.exe84⤵
-
\??\c:\xlttlp.exec:\xlttlp.exe85⤵
-
\??\c:\htbrn.exec:\htbrn.exe86⤵
-
\??\c:\bxhlb.exec:\bxhlb.exe87⤵
-
\??\c:\rxppp.exec:\rxppp.exe88⤵
-
\??\c:\jrxrb.exec:\jrxrb.exe89⤵
-
\??\c:\hdhhr.exec:\hdhhr.exe90⤵
-
\??\c:\jlrxpr.exec:\jlrxpr.exe91⤵
-
\??\c:\jdlfjh.exec:\jdlfjh.exe92⤵
-
\??\c:\bbjhjnf.exec:\bbjhjnf.exe93⤵
-
\??\c:\rhxfnt.exec:\rhxfnt.exe94⤵
-
\??\c:\dhdnr.exec:\dhdnr.exe95⤵
-
\??\c:\tnpvf.exec:\tnpvf.exe96⤵
-
\??\c:\hpvxff.exec:\hpvxff.exe97⤵
-
\??\c:\ltdplv.exec:\ltdplv.exe98⤵
-
\??\c:\dlppt.exec:\dlppt.exe99⤵
-
\??\c:\lbjxxfj.exec:\lbjxxfj.exe100⤵
-
\??\c:\plxnpvd.exec:\plxnpvd.exe101⤵
-
\??\c:\xnjjnr.exec:\xnjjnr.exe102⤵
-
\??\c:\vvtjn.exec:\vvtjn.exe103⤵
-
\??\c:\rrxhxh.exec:\rrxhxh.exe104⤵
-
\??\c:\lrlnvr.exec:\lrlnvr.exe105⤵
-
\??\c:\ldhtj.exec:\ldhtj.exe106⤵
-
\??\c:\rfvvt.exec:\rfvvt.exe107⤵
-
\??\c:\hltflp.exec:\hltflp.exe108⤵
-
\??\c:\hpxtrbv.exec:\hpxtrbv.exe109⤵
-
\??\c:\bbhlxrx.exec:\bbhlxrx.exe110⤵
-
\??\c:\nftpvdp.exec:\nftpvdp.exe111⤵
-
\??\c:\bbplvrb.exec:\bbplvrb.exe112⤵
-
\??\c:\brbnfbp.exec:\brbnfbp.exe113⤵
-
\??\c:\fxvrfff.exec:\fxvrfff.exe114⤵
-
\??\c:\pvldrnr.exec:\pvldrnr.exe115⤵
-
\??\c:\tnllp.exec:\tnllp.exe116⤵
-
\??\c:\vfhhl.exec:\vfhhl.exe117⤵
-
\??\c:\tvbhtvr.exec:\tvbhtvr.exe118⤵
-
\??\c:\xhttn.exec:\xhttn.exe119⤵
-
\??\c:\ftnpdrl.exec:\ftnpdrl.exe120⤵
-
\??\c:\plpvlp.exec:\plpvlp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-