Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
19/12/2024, 00:52
General
-
Target
9ee289939d251496071047870dccbc3a3f69ecd75729920db65335d7d7179eed.exe
-
Size
456KB
-
MD5
d17cb72a06af14a37de251fd11a040b7
-
SHA1
b51c640a3e55dbe1d3a7443a10c3c2be60fb6eb1
-
SHA256
9ee289939d251496071047870dccbc3a3f69ecd75729920db65335d7d7179eed
-
SHA512
6eed4447a383766e6f682dbadbca8aaf8ae76362e199b5361246de0234767d66ba398f2ad78c9391c77e9c4b89ca225e56f46c4c4a6b275ff2e23e2b7c6df8d5
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeH:q7Tc2NYHUrAwfMp3CDH
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 47 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9ee289939d251496071047870dccbc3a3f69ecd75729920db65335d7d7179eed.exe"C:\Users\Admin\AppData\Local\Temp\9ee289939d251496071047870dccbc3a3f69ecd75729920db65335d7d7179eed.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vrjhpfb.exec:\vrjhpfb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\brxnbr.exec:\brxnbr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\txvhx.exec:\txvhx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bvbhhx.exec:\bvbhhx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxxdlvh.exec:\pxxdlvh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlnfxr.exec:\xrlnfxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tvxrn.exec:\tvxrn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhfldjx.exec:\bhfldjx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fddnjjl.exec:\fddnjjl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tlptplh.exec:\tlptplh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hftpxxf.exec:\hftpxxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpblbh.exec:\jpblbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljntd.exec:\ljntd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxddnfn.exec:\xxddnfn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jhntvl.exec:\jhntvl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rnjxb.exec:\rnjxb.exe17⤵
- Executes dropped EXE
-
\??\c:\bpnbdlp.exec:\bpnbdlp.exe18⤵
- Executes dropped EXE
-
\??\c:\fnpbh.exec:\fnpbh.exe19⤵
- Executes dropped EXE
-
\??\c:\llnnf.exec:\llnnf.exe20⤵
- Executes dropped EXE
-
\??\c:\dvlpb.exec:\dvlpb.exe21⤵
- Executes dropped EXE
-
\??\c:\xbhlv.exec:\xbhlv.exe22⤵
- Executes dropped EXE
-
\??\c:\jbdddvb.exec:\jbdddvb.exe23⤵
- Executes dropped EXE
-
\??\c:\vfbbhdn.exec:\vfbbhdn.exe24⤵
- Executes dropped EXE
-
\??\c:\rtfln.exec:\rtfln.exe25⤵
- Executes dropped EXE
-
\??\c:\vrxvpl.exec:\vrxvpl.exe26⤵
- Executes dropped EXE
-
\??\c:\pvntlrv.exec:\pvntlrv.exe27⤵
- Executes dropped EXE
-
\??\c:\trfhbxd.exec:\trfhbxd.exe28⤵
- Executes dropped EXE
-
\??\c:\hfrfxth.exec:\hfrfxth.exe29⤵
- Executes dropped EXE
-
\??\c:\rntvv.exec:\rntvv.exe30⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nvhlndh.exec:\nvhlndh.exe31⤵
- Executes dropped EXE
-
\??\c:\rdhxblh.exec:\rdhxblh.exe32⤵
- Executes dropped EXE
-
\??\c:\bdbpb.exec:\bdbpb.exe33⤵
- Executes dropped EXE
-
\??\c:\dnrvvhp.exec:\dnrvvhp.exe34⤵
- Executes dropped EXE
-
\??\c:\hrhrnr.exec:\hrhrnr.exe35⤵
- Executes dropped EXE
-
\??\c:\bnxnv.exec:\bnxnv.exe36⤵
- Executes dropped EXE
-
\??\c:\lnrlvvj.exec:\lnrlvvj.exe37⤵
- Executes dropped EXE
-
\??\c:\blhpbbr.exec:\blhpbbr.exe38⤵
- Executes dropped EXE
-
\??\c:\ttljvn.exec:\ttljvn.exe39⤵
- Executes dropped EXE
-
\??\c:\bpdnftd.exec:\bpdnftd.exe40⤵
- Executes dropped EXE
-
\??\c:\jrptjb.exec:\jrptjb.exe41⤵
- Executes dropped EXE
-
\??\c:\jflrl.exec:\jflrl.exe42⤵
- Executes dropped EXE
-
\??\c:\ptltfxn.exec:\ptltfxn.exe43⤵
- Executes dropped EXE
-
\??\c:\brbpt.exec:\brbpt.exe44⤵
- Executes dropped EXE
-
\??\c:\pvbrph.exec:\pvbrph.exe45⤵
- Executes dropped EXE
-
\??\c:\dhfpt.exec:\dhfpt.exe46⤵
- Executes dropped EXE
-
\??\c:\xfrfhx.exec:\xfrfhx.exe47⤵
- Executes dropped EXE
-
\??\c:\tdblb.exec:\tdblb.exe48⤵
- Executes dropped EXE
-
\??\c:\llddxnl.exec:\llddxnl.exe49⤵
- Executes dropped EXE
-
\??\c:\xtlxp.exec:\xtlxp.exe50⤵
- Executes dropped EXE
-
\??\c:\rfrntnr.exec:\rfrntnr.exe51⤵
- Executes dropped EXE
-
\??\c:\dpljjx.exec:\dpljjx.exe52⤵
- Executes dropped EXE
-
\??\c:\dlnpl.exec:\dlnpl.exe53⤵
- Executes dropped EXE
-
\??\c:\lprrp.exec:\lprrp.exe54⤵
- Executes dropped EXE
-
\??\c:\rnxbvf.exec:\rnxbvf.exe55⤵
- Executes dropped EXE
-
\??\c:\pftppp.exec:\pftppp.exe56⤵
- Executes dropped EXE
-
\??\c:\tbbntb.exec:\tbbntb.exe57⤵
- Executes dropped EXE
-
\??\c:\rdhfh.exec:\rdhfh.exe58⤵
- Executes dropped EXE
-
\??\c:\hfdvpb.exec:\hfdvpb.exe59⤵
- Executes dropped EXE
-
\??\c:\hjtbxt.exec:\hjtbxt.exe60⤵
- Executes dropped EXE
-
\??\c:\bprxp.exec:\bprxp.exe61⤵
- Executes dropped EXE
-
\??\c:\ntbhftt.exec:\ntbhftt.exe62⤵
- Executes dropped EXE
-
\??\c:\vfffxf.exec:\vfffxf.exe63⤵
- Executes dropped EXE
-
\??\c:\vjdbd.exec:\vjdbd.exe64⤵
- Executes dropped EXE
-
\??\c:\jvlrvvp.exec:\jvlrvvp.exe65⤵
- Executes dropped EXE
-
\??\c:\pjldtbh.exec:\pjldtbh.exe66⤵
-
\??\c:\xhfhnt.exec:\xhfhnt.exe67⤵
-
\??\c:\hbblpfp.exec:\hbblpfp.exe68⤵
-
\??\c:\xrphrn.exec:\xrphrn.exe69⤵
-
\??\c:\fjbtbx.exec:\fjbtbx.exe70⤵
-
\??\c:\prhdlx.exec:\prhdlx.exe71⤵
-
\??\c:\rrxnhp.exec:\rrxnhp.exe72⤵
-
\??\c:\hbrjdn.exec:\hbrjdn.exe73⤵
-
\??\c:\fvdnj.exec:\fvdnj.exe74⤵
-
\??\c:\xhnhhr.exec:\xhnhhr.exe75⤵
-
\??\c:\bpbhbx.exec:\bpbhbx.exe76⤵
-
\??\c:\blbjx.exec:\blbjx.exe77⤵
-
\??\c:\vxplpnl.exec:\vxplpnl.exe78⤵
-
\??\c:\nlptvff.exec:\nlptvff.exe79⤵
-
\??\c:\rndvxhj.exec:\rndvxhj.exe80⤵
-
\??\c:\dblpxjr.exec:\dblpxjr.exe81⤵
-
\??\c:\njljvfx.exec:\njljvfx.exe82⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jxrpxp.exec:\jxrpxp.exe83⤵
-
\??\c:\xhldnj.exec:\xhldnj.exe84⤵
-
\??\c:\jpnpt.exec:\jpnpt.exe85⤵
-
\??\c:\bpfffjv.exec:\bpfffjv.exe86⤵
-
\??\c:\txnxn.exec:\txnxn.exe87⤵
-
\??\c:\ltxxrdx.exec:\ltxxrdx.exe88⤵
-
\??\c:\rrjhn.exec:\rrjhn.exe89⤵
-
\??\c:\dfdlhl.exec:\dfdlhl.exe90⤵
-
\??\c:\lbfhhtt.exec:\lbfhhtt.exe91⤵
-
\??\c:\hnnnx.exec:\hnnnx.exe92⤵
-
\??\c:\nprpr.exec:\nprpr.exe93⤵
-
\??\c:\tdttbdd.exec:\tdttbdd.exe94⤵
-
\??\c:\vhrxv.exec:\vhrxv.exe95⤵
-
\??\c:\dbpdfj.exec:\dbpdfj.exe96⤵
-
\??\c:\hvbhj.exec:\hvbhj.exe97⤵
-
\??\c:\jxntbjv.exec:\jxntbjv.exe98⤵
-
\??\c:\fnhjjnr.exec:\fnhjjnr.exe99⤵
-
\??\c:\hrftv.exec:\hrftv.exe100⤵
-
\??\c:\jfnfnnp.exec:\jfnfnnp.exe101⤵
-
\??\c:\vbtnj.exec:\vbtnj.exe102⤵
-
\??\c:\trtfljn.exec:\trtfljn.exe103⤵
-
\??\c:\jhfxv.exec:\jhfxv.exe104⤵
-
\??\c:\hllbhnf.exec:\hllbhnf.exe105⤵
-
\??\c:\tlfflp.exec:\tlfflp.exe106⤵
-
\??\c:\bhntx.exec:\bhntx.exe107⤵
-
\??\c:\tpbffrh.exec:\tpbffrh.exe108⤵
-
\??\c:\fnrbpf.exec:\fnrbpf.exe109⤵
-
\??\c:\xprvn.exec:\xprvn.exe110⤵
-
\??\c:\nxtrl.exec:\nxtrl.exe111⤵
-
\??\c:\vtfdvn.exec:\vtfdvn.exe112⤵
-
\??\c:\pxvjtx.exec:\pxvjtx.exe113⤵
-
\??\c:\hpfblfh.exec:\hpfblfh.exe114⤵
-
\??\c:\fhvdfpd.exec:\fhvdfpd.exe115⤵
-
\??\c:\pvnvn.exec:\pvnvn.exe116⤵
-
\??\c:\trtrfd.exec:\trtrfd.exe117⤵
-
\??\c:\vpbldb.exec:\vpbldb.exe118⤵
-
\??\c:\dbpppd.exec:\dbpppd.exe119⤵
-
\??\c:\rdhlr.exec:\rdhlr.exe120⤵
-
\??\c:\rxvrnr.exec:\rxvrnr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-