Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
18/12/2024, 22:59
General
-
Target
e6c93f896606d3bfe559599550668ac7cff5390e3bc323409873a599750198a3.exe
-
Size
347KB
-
MD5
d39d1a14153143d31d0dbd9acad218e4
-
SHA1
7a4b7e3ca8a43a40ced6601fb98aecd6d742f2af
-
SHA256
e6c93f896606d3bfe559599550668ac7cff5390e3bc323409873a599750198a3
-
SHA512
2127321eef7ce5afcf18231c2a5eb35a87cbe1d70ee839a6af41206d4faa4c13418fa6d0517bef71e923722d748a30dbb6bae2b1d6a88534e2a5bd279c28d7bc
-
SSDEEP
6144:Xcm7ImGddXgYW5fNZWB5hFfci3Add4kGYAu:l7TcbWXZshJX2VGdu
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 46 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 47 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e6c93f896606d3bfe559599550668ac7cff5390e3bc323409873a599750198a3.exe"C:\Users\Admin\AppData\Local\Temp\e6c93f896606d3bfe559599550668ac7cff5390e3bc323409873a599750198a3.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhdhvvp.exec:\bhdhvvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjjv.exec:\dddjjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdjrf.exec:\xdjrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tdppv.exec:\tdppv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\txndt.exec:\txndt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjhpf.exec:\jjjhpf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpndn.exec:\jpndn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dnpbtf.exec:\dnpbtf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjrpnhn.exec:\jjrpnhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvphn.exec:\pjvphn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rvdtll.exec:\rvdtll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdplb.exec:\jpdplb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddjpxv.exec:\vddjpxv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvxlpll.exec:\hvxlpll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bxxnhr.exec:\bxxnhr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rtphbph.exec:\rtphbph.exe17⤵
- Executes dropped EXE
-
\??\c:\phxvfr.exec:\phxvfr.exe18⤵
- Executes dropped EXE
-
\??\c:\xpppb.exec:\xpppb.exe19⤵
- Executes dropped EXE
-
\??\c:\hxpnt.exec:\hxpnt.exe20⤵
- Executes dropped EXE
-
\??\c:\hfhbjvf.exec:\hfhbjvf.exe21⤵
- Executes dropped EXE
-
\??\c:\vtjnbdv.exec:\vtjnbdv.exe22⤵
- Executes dropped EXE
-
\??\c:\hbjtfl.exec:\hbjtfl.exe23⤵
- Executes dropped EXE
-
\??\c:\pljljd.exec:\pljljd.exe24⤵
- Executes dropped EXE
-
\??\c:\ftvdr.exec:\ftvdr.exe25⤵
- Executes dropped EXE
-
\??\c:\xnjdnn.exec:\xnjdnn.exe26⤵
- Executes dropped EXE
-
\??\c:\vlbtd.exec:\vlbtd.exe27⤵
- Executes dropped EXE
-
\??\c:\nntrdhj.exec:\nntrdhj.exe28⤵
- Executes dropped EXE
-
\??\c:\bhjnft.exec:\bhjnft.exe29⤵
- Executes dropped EXE
-
\??\c:\hlnrj.exec:\hlnrj.exe30⤵
- Executes dropped EXE
-
\??\c:\vfrddt.exec:\vfrddt.exe31⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tblbd.exec:\tblbd.exe32⤵
- Executes dropped EXE
-
\??\c:\nvdfpd.exec:\nvdfpd.exe33⤵
- Executes dropped EXE
-
\??\c:\vfpxnlt.exec:\vfpxnlt.exe34⤵
- Executes dropped EXE
-
\??\c:\ltprp.exec:\ltprp.exe35⤵
- Executes dropped EXE
-
\??\c:\npbfv.exec:\npbfv.exe36⤵
- Executes dropped EXE
-
\??\c:\pdfrj.exec:\pdfrj.exe37⤵
- Executes dropped EXE
-
\??\c:\rtbjh.exec:\rtbjh.exe38⤵
- Executes dropped EXE
-
\??\c:\pjxxx.exec:\pjxxx.exe39⤵
- Executes dropped EXE
-
\??\c:\bpbrhr.exec:\bpbrhr.exe40⤵
- Executes dropped EXE
-
\??\c:\pnbpx.exec:\pnbpx.exe41⤵
- Executes dropped EXE
-
\??\c:\txfdbp.exec:\txfdbp.exe42⤵
- Executes dropped EXE
-
\??\c:\tlhdlnd.exec:\tlhdlnd.exe43⤵
- Executes dropped EXE
-
\??\c:\rvbtrx.exec:\rvbtrx.exe44⤵
- Executes dropped EXE
-
\??\c:\pxttn.exec:\pxttn.exe45⤵
- Executes dropped EXE
-
\??\c:\drljv.exec:\drljv.exe46⤵
- Executes dropped EXE
-
\??\c:\hjlfnfn.exec:\hjlfnfn.exe47⤵
- Executes dropped EXE
-
\??\c:\vbphvt.exec:\vbphvt.exe48⤵
- Executes dropped EXE
-
\??\c:\lfnbr.exec:\lfnbr.exe49⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xfdpb.exec:\xfdpb.exe50⤵
- Executes dropped EXE
-
\??\c:\dpdrr.exec:\dpdrr.exe51⤵
- Executes dropped EXE
-
\??\c:\tfhfljv.exec:\tfhfljv.exe52⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tptrr.exec:\tptrr.exe53⤵
- Executes dropped EXE
-
\??\c:\rffhln.exec:\rffhln.exe54⤵
- Executes dropped EXE
-
\??\c:\xbhnxx.exec:\xbhnxx.exe55⤵
- Executes dropped EXE
-
\??\c:\hvvlntv.exec:\hvvlntv.exe56⤵
- Executes dropped EXE
-
\??\c:\fpdvrn.exec:\fpdvrn.exe57⤵
- Executes dropped EXE
-
\??\c:\rpvpnbn.exec:\rpvpnbn.exe58⤵
- Executes dropped EXE
-
\??\c:\hpvbttp.exec:\hpvbttp.exe59⤵
- Executes dropped EXE
-
\??\c:\hdrlpvb.exec:\hdrlpvb.exe60⤵
- Executes dropped EXE
-
\??\c:\tpfbhvn.exec:\tpfbhvn.exe61⤵
- Executes dropped EXE
-
\??\c:\drjhrh.exec:\drjhrh.exe62⤵
- Executes dropped EXE
-
\??\c:\pvdjl.exec:\pvdjl.exe63⤵
- Executes dropped EXE
-
\??\c:\xhpht.exec:\xhpht.exe64⤵
- Executes dropped EXE
-
\??\c:\fftnnt.exec:\fftnnt.exe65⤵
- Executes dropped EXE
-
\??\c:\hdlrx.exec:\hdlrx.exe66⤵
-
\??\c:\lfhhttr.exec:\lfhhttr.exe67⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hlxpxf.exec:\hlxpxf.exe68⤵
-
\??\c:\bbjltv.exec:\bbjltv.exe69⤵
-
\??\c:\pbfnnn.exec:\pbfnnn.exe70⤵
-
\??\c:\tnhtfhp.exec:\tnhtfhp.exe71⤵
-
\??\c:\rnxxp.exec:\rnxxp.exe72⤵
-
\??\c:\pljvj.exec:\pljvj.exe73⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hlppj.exec:\hlppj.exe74⤵
-
\??\c:\dhvrjpv.exec:\dhvrjpv.exe75⤵
-
\??\c:\lpbjr.exec:\lpbjr.exe76⤵
-
\??\c:\ljfnjxh.exec:\ljfnjxh.exe77⤵
-
\??\c:\vdtblr.exec:\vdtblr.exe78⤵
-
\??\c:\vrxbdh.exec:\vrxbdh.exe79⤵
-
\??\c:\pvdltft.exec:\pvdltft.exe80⤵
-
\??\c:\pxfblrl.exec:\pxfblrl.exe81⤵
-
\??\c:\fnvrh.exec:\fnvrh.exe82⤵
-
\??\c:\btprv.exec:\btprv.exe83⤵
-
\??\c:\lttlthl.exec:\lttlthl.exe84⤵
-
\??\c:\lfndv.exec:\lfndv.exe85⤵
-
\??\c:\ltvhlr.exec:\ltvhlr.exe86⤵
-
\??\c:\hrdnbh.exec:\hrdnbh.exe87⤵
-
\??\c:\npdhnhj.exec:\npdhnhj.exe88⤵
-
\??\c:\ntddbjh.exec:\ntddbjh.exe89⤵
-
\??\c:\dpdjnn.exec:\dpdjnn.exe90⤵
-
\??\c:\rpvlp.exec:\rpvlp.exe91⤵
- System Location Discovery: System Language Discovery
-
\??\c:\phldbrf.exec:\phldbrf.exe92⤵
-
\??\c:\ljvnlv.exec:\ljvnlv.exe93⤵
-
\??\c:\hjxdx.exec:\hjxdx.exe94⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dvntt.exec:\dvntt.exe95⤵
-
\??\c:\vrfpbx.exec:\vrfpbx.exe96⤵
-
\??\c:\dhhtt.exec:\dhhtt.exe97⤵
-
\??\c:\xlrbjtd.exec:\xlrbjtd.exe98⤵
-
\??\c:\dhnfvpf.exec:\dhnfvpf.exe99⤵
-
\??\c:\jthpr.exec:\jthpr.exe100⤵
-
\??\c:\hvvdxbd.exec:\hvvdxbd.exe101⤵
-
\??\c:\vfvhjp.exec:\vfvhjp.exe102⤵
-
\??\c:\xnnhnr.exec:\xnnhnr.exe103⤵
-
\??\c:\phlrvd.exec:\phlrvd.exe104⤵
-
\??\c:\xttprn.exec:\xttprn.exe105⤵
-
\??\c:\fpxljpv.exec:\fpxljpv.exe106⤵
-
\??\c:\txlrht.exec:\txlrht.exe107⤵
-
\??\c:\vfjbpj.exec:\vfjbpj.exe108⤵
-
\??\c:\hxxlr.exec:\hxxlr.exe109⤵
-
\??\c:\hlbxl.exec:\hlbxl.exe110⤵
-
\??\c:\xjnrdvh.exec:\xjnrdvh.exe111⤵
-
\??\c:\trlxl.exec:\trlxl.exe112⤵
-
\??\c:\vxrbhtd.exec:\vxrbhtd.exe113⤵
- System Location Discovery: System Language Discovery
-
\??\c:\llthjvx.exec:\llthjvx.exe114⤵
-
\??\c:\dtpbl.exec:\dtpbl.exe115⤵
-
\??\c:\trxlbtd.exec:\trxlbtd.exe116⤵
-
\??\c:\lbdhrt.exec:\lbdhrt.exe117⤵
-
\??\c:\fdhdnjt.exec:\fdhdnjt.exe118⤵
-
\??\c:\bbbhlvv.exec:\bbbhlvv.exe119⤵
-
\??\c:\hhbprx.exec:\hhbprx.exe120⤵
-
\??\c:\hltdtlp.exec:\hltdtlp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-