Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
18/12/2024, 23:36
General
-
Target
892cabcf2f712dbd6d20073858c3090fc34596eb03fa9d9d2143d1c0c9549d7e.exe
-
Size
454KB
-
MD5
32c503734c19314ee45dd6faee045a7e
-
SHA1
7e30ff9341d3c82ebe21fa4b68dc8bcaca8809a3
-
SHA256
892cabcf2f712dbd6d20073858c3090fc34596eb03fa9d9d2143d1c0c9549d7e
-
SHA512
69e660f4d669c3451cf05f8fe1b7bde9afdc9603d6010ea27d67c694215f1dec3bb74bb0412d6b84206dc10e5cbe80beb55b9544047745add4fbfdd1171d666b
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbecMt:q7Tc2NYHUrAwfMp3CDpt
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 43 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 46 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\892cabcf2f712dbd6d20073858c3090fc34596eb03fa9d9d2143d1c0c9549d7e.exe"C:\Users\Admin\AppData\Local\Temp\892cabcf2f712dbd6d20073858c3090fc34596eb03fa9d9d2143d1c0c9549d7e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vptdtrb.exec:\vptdtrb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dlvlr.exec:\dlvlr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbjll.exec:\tbjll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jbphpd.exec:\jbphpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnfdl.exec:\tnfdl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ltptjpt.exec:\ltptjpt.exe7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\nvnnfv.exec:\nvnnfv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jhlnrt.exec:\jhlnrt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\brnrb.exec:\brnrb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rtxbr.exec:\rtxbr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dxxrp.exec:\dxxrp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rjtlp.exec:\rjtlp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pnxlfvt.exec:\pnxlfvt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dlrlbnh.exec:\dlrlbnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tvrtnhf.exec:\tvrtnhf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hdjrv.exec:\hdjrv.exe17⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fjbpxrb.exec:\fjbpxrb.exe18⤵
- Executes dropped EXE
-
\??\c:\rltrrl.exec:\rltrrl.exe19⤵
- Executes dropped EXE
-
\??\c:\drfdv.exec:\drfdv.exe20⤵
- Executes dropped EXE
-
\??\c:\prpphdl.exec:\prpphdl.exe21⤵
- Executes dropped EXE
-
\??\c:\bjbnp.exec:\bjbnp.exe22⤵
- Executes dropped EXE
-
\??\c:\hhfrdb.exec:\hhfrdb.exe23⤵
- Executes dropped EXE
-
\??\c:\lhbppvn.exec:\lhbppvn.exe24⤵
- Executes dropped EXE
-
\??\c:\ttvjldv.exec:\ttvjldv.exe25⤵
- Executes dropped EXE
-
\??\c:\vptlrf.exec:\vptlrf.exe26⤵
- Executes dropped EXE
-
\??\c:\rfpjdxb.exec:\rfpjdxb.exe27⤵
- Executes dropped EXE
-
\??\c:\lddfr.exec:\lddfr.exe28⤵
- Executes dropped EXE
-
\??\c:\dvtblbn.exec:\dvtblbn.exe29⤵
- Executes dropped EXE
-
\??\c:\vpjxr.exec:\vpjxr.exe30⤵
- Executes dropped EXE
-
\??\c:\hxpvnpj.exec:\hxpvnpj.exe31⤵
- Executes dropped EXE
-
\??\c:\pbhnntr.exec:\pbhnntr.exe32⤵
- Executes dropped EXE
-
\??\c:\pfxlvn.exec:\pfxlvn.exe33⤵
- Executes dropped EXE
-
\??\c:\ldnlbvp.exec:\ldnlbvp.exe34⤵
- Executes dropped EXE
-
\??\c:\dbfnvbh.exec:\dbfnvbh.exe35⤵
- Executes dropped EXE
-
\??\c:\tfpnb.exec:\tfpnb.exe36⤵
- Executes dropped EXE
-
\??\c:\nxhtj.exec:\nxhtj.exe37⤵
- Executes dropped EXE
-
\??\c:\pfbnr.exec:\pfbnr.exe38⤵
- Executes dropped EXE
-
\??\c:\jtrllfx.exec:\jtrllfx.exe39⤵
- Executes dropped EXE
-
\??\c:\fvhhx.exec:\fvhhx.exe40⤵
- Executes dropped EXE
-
\??\c:\rtptlv.exec:\rtptlv.exe41⤵
- Executes dropped EXE
-
\??\c:\fxnnn.exec:\fxnnn.exe42⤵
- Executes dropped EXE
-
\??\c:\bxxbnt.exec:\bxxbnt.exe43⤵
- Executes dropped EXE
-
\??\c:\fljxr.exec:\fljxr.exe44⤵
- Executes dropped EXE
-
\??\c:\tfjtfdb.exec:\tfjtfdb.exe45⤵
- Executes dropped EXE
-
\??\c:\hlxjlbh.exec:\hlxjlbh.exe46⤵
- Executes dropped EXE
-
\??\c:\trdnv.exec:\trdnv.exe47⤵
- Executes dropped EXE
-
\??\c:\lxdfx.exec:\lxdfx.exe48⤵
- Executes dropped EXE
-
\??\c:\djrvll.exec:\djrvll.exe49⤵
- Executes dropped EXE
-
\??\c:\fjvhp.exec:\fjvhp.exe50⤵
- Executes dropped EXE
-
\??\c:\ndjnxh.exec:\ndjnxh.exe51⤵
- Executes dropped EXE
-
\??\c:\hlnptlt.exec:\hlnptlt.exe52⤵
- Executes dropped EXE
-
\??\c:\dbtpjvj.exec:\dbtpjvj.exe53⤵
- Executes dropped EXE
-
\??\c:\jnntj.exec:\jnntj.exe54⤵
- Executes dropped EXE
-
\??\c:\plhlb.exec:\plhlb.exe55⤵
- Executes dropped EXE
-
\??\c:\fxtjr.exec:\fxtjr.exe56⤵
- Executes dropped EXE
-
\??\c:\trfdr.exec:\trfdr.exe57⤵
- Executes dropped EXE
-
\??\c:\vlvbrfj.exec:\vlvbrfj.exe58⤵
- Executes dropped EXE
-
\??\c:\hvpntxj.exec:\hvpntxj.exe59⤵
- Executes dropped EXE
-
\??\c:\dnttbh.exec:\dnttbh.exe60⤵
- Executes dropped EXE
-
\??\c:\rxfpjvj.exec:\rxfpjvj.exe61⤵
- Executes dropped EXE
-
\??\c:\rjjnhll.exec:\rjjnhll.exe62⤵
- Executes dropped EXE
-
\??\c:\pfljlt.exec:\pfljlt.exe63⤵
- Executes dropped EXE
-
\??\c:\xpnrf.exec:\xpnrf.exe64⤵
- Executes dropped EXE
-
\??\c:\xxnhvv.exec:\xxnhvv.exe65⤵
- Executes dropped EXE
-
\??\c:\ffbpprx.exec:\ffbpprx.exe66⤵
-
\??\c:\ndllt.exec:\ndllt.exe67⤵
-
\??\c:\tdfhdh.exec:\tdfhdh.exe68⤵
-
\??\c:\xtbxjpn.exec:\xtbxjpn.exe69⤵
-
\??\c:\ljdfj.exec:\ljdfj.exe70⤵
-
\??\c:\ftlltx.exec:\ftlltx.exe71⤵
-
\??\c:\nxvlnl.exec:\nxvlnl.exe72⤵
-
\??\c:\flrfv.exec:\flrfv.exe73⤵
-
\??\c:\vpdlxjx.exec:\vpdlxjx.exe74⤵
-
\??\c:\jrrdjvd.exec:\jrrdjvd.exe75⤵
-
\??\c:\rdjtjxd.exec:\rdjtjxd.exe76⤵
-
\??\c:\vfvlnf.exec:\vfvlnf.exe77⤵
-
\??\c:\blrdrxj.exec:\blrdrxj.exe78⤵
-
\??\c:\ffjrf.exec:\ffjrf.exe79⤵
-
\??\c:\hhjhv.exec:\hhjhv.exe80⤵
-
\??\c:\dvjhlld.exec:\dvjhlld.exe81⤵
-
\??\c:\rxfxjr.exec:\rxfxjr.exe82⤵
-
\??\c:\xhvnln.exec:\xhvnln.exe83⤵
-
\??\c:\tdtdv.exec:\tdtdv.exe84⤵
-
\??\c:\nbjdrxl.exec:\nbjdrxl.exe85⤵
-
\??\c:\hddhl.exec:\hddhl.exe86⤵
-
\??\c:\jbxtdvn.exec:\jbxtdvn.exe87⤵
-
\??\c:\hlldb.exec:\hlldb.exe88⤵
-
\??\c:\lhphj.exec:\lhphj.exe89⤵
-
\??\c:\dxttjd.exec:\dxttjd.exe90⤵
-
\??\c:\hrtljxb.exec:\hrtljxb.exe91⤵
-
\??\c:\vtjfrb.exec:\vtjfrb.exe92⤵
-
\??\c:\xljtpff.exec:\xljtpff.exe93⤵
-
\??\c:\bllrhdr.exec:\bllrhdr.exe94⤵
-
\??\c:\vplxd.exec:\vplxd.exe95⤵
-
\??\c:\xnlvfbv.exec:\xnlvfbv.exe96⤵
-
\??\c:\lxdnfp.exec:\lxdnfp.exe97⤵
-
\??\c:\jrpbn.exec:\jrpbn.exe98⤵
-
\??\c:\blvnh.exec:\blvnh.exe99⤵
-
\??\c:\tbphbdr.exec:\tbphbdr.exe100⤵
-
\??\c:\nrxnpjx.exec:\nrxnpjx.exe101⤵
-
\??\c:\tnbpfdv.exec:\tnbpfdv.exe102⤵
-
\??\c:\fnjxxjv.exec:\fnjxxjv.exe103⤵
-
\??\c:\lfpfp.exec:\lfpfp.exe104⤵
-
\??\c:\bltjtrj.exec:\bltjtrj.exe105⤵
-
\??\c:\vnjlp.exec:\vnjlp.exe106⤵
-
\??\c:\hvxtb.exec:\hvxtb.exe107⤵
-
\??\c:\rrrdnv.exec:\rrrdnv.exe108⤵
-
\??\c:\pfxhf.exec:\pfxhf.exe109⤵
-
\??\c:\jtlvfn.exec:\jtlvfn.exe110⤵
-
\??\c:\hrfbbxh.exec:\hrfbbxh.exe111⤵
-
\??\c:\pbxlj.exec:\pbxlj.exe112⤵
-
\??\c:\ttvblj.exec:\ttvblj.exe113⤵
- System Location Discovery: System Language Discovery
-
\??\c:\htpvjnv.exec:\htpvjnv.exe114⤵
-
\??\c:\vhddxt.exec:\vhddxt.exe115⤵
-
\??\c:\dtxdfb.exec:\dtxdfb.exe116⤵
-
\??\c:\tjjlr.exec:\tjjlr.exe117⤵
-
\??\c:\vprlp.exec:\vprlp.exe118⤵
-
\??\c:\bvfhx.exec:\bvfhx.exe119⤵
-
\??\c:\rpnjdrl.exec:\rpnjdrl.exe120⤵
-
\??\c:\jljbv.exec:\jljbv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-