Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
19/12/2024, 10:51
General
-
Target
b025947833ea07e51b37b20cb909f8bea25c680a09cebe89fcc69bb8ea34c9efN.exe
-
Size
453KB
-
MD5
4857419cbae4840067ea9949bdeee290
-
SHA1
a78a1070e6d923b451daecdc8b1558c463f1930d
-
SHA256
b025947833ea07e51b37b20cb909f8bea25c680a09cebe89fcc69bb8ea34c9ef
-
SHA512
4a4dc9bf7b2e77e5eff606e6c96dae02191e288409bd9613f955abe8ddbe9af5757ca71e6c79ed4c5292c9d26cd8547baa851ffcca8fd2df115368fee0d87cb4
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeY:q7Tc2NYHUrAwfMp3CDY
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 47 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b025947833ea07e51b37b20cb909f8bea25c680a09cebe89fcc69bb8ea34c9efN.exe"C:\Users\Admin\AppData\Local\Temp\b025947833ea07e51b37b20cb909f8bea25c680a09cebe89fcc69bb8ea34c9efN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hvbvd.exec:\hvbvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ndfdfb.exec:\ndfdfb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tpntd.exec:\tpntd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhpvffp.exec:\rhpvffp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fnfvhxn.exec:\fnfvhxn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxpfvlj.exec:\vxpfvlj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrhpv.exec:\vrhpv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fvhfrfl.exec:\fvhfrfl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bfxjxbf.exec:\bfxjxbf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfxtfl.exec:\pfxtfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\njrbd.exec:\njrbd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbbd.exec:\ttbbbd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhlllv.exec:\tbhlllv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdfnlpv.exec:\pdfnlpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjrnbfn.exec:\vjrnbfn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpltdp.exec:\vpltdp.exe17⤵
- Executes dropped EXE
-
\??\c:\thrbr.exec:\thrbr.exe18⤵
- Executes dropped EXE
-
\??\c:\tlnvvbp.exec:\tlnvvbp.exe19⤵
- Executes dropped EXE
-
\??\c:\hpxhbrl.exec:\hpxhbrl.exe20⤵
- Executes dropped EXE
-
\??\c:\pdvnx.exec:\pdvnx.exe21⤵
- Executes dropped EXE
-
\??\c:\jhlnnpx.exec:\jhlnnpx.exe22⤵
- Executes dropped EXE
-
\??\c:\xhljjf.exec:\xhljjf.exe23⤵
- Executes dropped EXE
-
\??\c:\jttlfbr.exec:\jttlfbr.exe24⤵
- Executes dropped EXE
-
\??\c:\vjlvdp.exec:\vjlvdp.exe25⤵
- Executes dropped EXE
-
\??\c:\vdbvhl.exec:\vdbvhl.exe26⤵
- Executes dropped EXE
-
\??\c:\xpnpp.exec:\xpnpp.exe27⤵
- Executes dropped EXE
-
\??\c:\nfdldpb.exec:\nfdldpb.exe28⤵
- Executes dropped EXE
-
\??\c:\btlhvv.exec:\btlhvv.exe29⤵
- Executes dropped EXE
-
\??\c:\fdxpb.exec:\fdxpb.exe30⤵
- Executes dropped EXE
-
\??\c:\fhlnxhl.exec:\fhlnxhl.exe31⤵
- Executes dropped EXE
-
\??\c:\vtvvntv.exec:\vtvvntv.exe32⤵
- Executes dropped EXE
-
\??\c:\jnvfj.exec:\jnvfj.exe33⤵
- Executes dropped EXE
-
\??\c:\fbblhh.exec:\fbblhh.exe34⤵
- Executes dropped EXE
-
\??\c:\hpndh.exec:\hpndh.exe35⤵
- Executes dropped EXE
-
\??\c:\dxjdr.exec:\dxjdr.exe36⤵
- Executes dropped EXE
-
\??\c:\dvdthvn.exec:\dvdthvn.exe37⤵
- Executes dropped EXE
-
\??\c:\jhrldrd.exec:\jhrldrd.exe38⤵
- Executes dropped EXE
-
\??\c:\rhndh.exec:\rhndh.exe39⤵
- Executes dropped EXE
-
\??\c:\djnvf.exec:\djnvf.exe40⤵
- Executes dropped EXE
-
\??\c:\drtvvhj.exec:\drtvvhj.exe41⤵
- Executes dropped EXE
-
\??\c:\ntbffvn.exec:\ntbffvn.exe42⤵
- Executes dropped EXE
-
\??\c:\hdfjfbn.exec:\hdfjfbn.exe43⤵
- Executes dropped EXE
-
\??\c:\tljrtlp.exec:\tljrtlp.exe44⤵
- Executes dropped EXE
-
\??\c:\pfhpv.exec:\pfhpv.exe45⤵
- Executes dropped EXE
-
\??\c:\nrrlfl.exec:\nrrlfl.exe46⤵
- Executes dropped EXE
-
\??\c:\xhtxdnh.exec:\xhtxdnh.exe47⤵
- Executes dropped EXE
-
\??\c:\xxdjtv.exec:\xxdjtv.exe48⤵
- Executes dropped EXE
-
\??\c:\tvrhhf.exec:\tvrhhf.exe49⤵
- Executes dropped EXE
-
\??\c:\rpvjlhr.exec:\rpvjlhr.exe50⤵
- Executes dropped EXE
-
\??\c:\tjvvv.exec:\tjvvv.exe51⤵
- Executes dropped EXE
-
\??\c:\rntxv.exec:\rntxv.exe52⤵
- Executes dropped EXE
-
\??\c:\lrdhvt.exec:\lrdhvt.exe53⤵
- Executes dropped EXE
-
\??\c:\tdhddvh.exec:\tdhddvh.exe54⤵
- Executes dropped EXE
-
\??\c:\jbftf.exec:\jbftf.exe55⤵
- Executes dropped EXE
-
\??\c:\dpbjth.exec:\dpbjth.exe56⤵
- Executes dropped EXE
-
\??\c:\ddlnx.exec:\ddlnx.exe57⤵
- Executes dropped EXE
-
\??\c:\hnpfbnl.exec:\hnpfbnl.exe58⤵
- Executes dropped EXE
-
\??\c:\jpljnth.exec:\jpljnth.exe59⤵
- Executes dropped EXE
-
\??\c:\rlvtpv.exec:\rlvtpv.exe60⤵
- Executes dropped EXE
-
\??\c:\dhjlf.exec:\dhjlf.exe61⤵
- Executes dropped EXE
-
\??\c:\jnlxlnj.exec:\jnlxlnj.exe62⤵
- Executes dropped EXE
-
\??\c:\bxpbtbd.exec:\bxpbtbd.exe63⤵
- Executes dropped EXE
-
\??\c:\drxfhvl.exec:\drxfhvl.exe64⤵
- Executes dropped EXE
-
\??\c:\ldntjdj.exec:\ldntjdj.exe65⤵
- Executes dropped EXE
-
\??\c:\rdxntxj.exec:\rdxntxj.exe66⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dvvlrvr.exec:\dvvlrvr.exe67⤵
-
\??\c:\djjnbfh.exec:\djjnbfh.exe68⤵
-
\??\c:\nxlfnj.exec:\nxlfnj.exe69⤵
-
\??\c:\nrvptj.exec:\nrvptj.exe70⤵
-
\??\c:\ljhxb.exec:\ljhxb.exe71⤵
-
\??\c:\xvjddh.exec:\xvjddh.exe72⤵
-
\??\c:\hjdndf.exec:\hjdndf.exe73⤵
-
\??\c:\pllhv.exec:\pllhv.exe74⤵
-
\??\c:\pfpppxf.exec:\pfpppxf.exe75⤵
-
\??\c:\dplvdp.exec:\dplvdp.exe76⤵
-
\??\c:\pnvtxxr.exec:\pnvtxxr.exe77⤵
-
\??\c:\bpxrtx.exec:\bpxrtx.exe78⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pprfxtd.exec:\pprfxtd.exe79⤵
-
\??\c:\njjfdt.exec:\njjfdt.exe80⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nrvvvj.exec:\nrvvvj.exe81⤵
-
\??\c:\pjvpnv.exec:\pjvpnv.exe82⤵
-
\??\c:\xrrrjnb.exec:\xrrrjnb.exe83⤵
-
\??\c:\hdbtdh.exec:\hdbtdh.exe84⤵
-
\??\c:\vbrfptt.exec:\vbrfptt.exe85⤵
-
\??\c:\lxbpv.exec:\lxbpv.exe86⤵
-
\??\c:\vlflnnp.exec:\vlflnnp.exe87⤵
-
\??\c:\pxxxlr.exec:\pxxxlr.exe88⤵
-
\??\c:\lnxrj.exec:\lnxrj.exe89⤵
-
\??\c:\rtprxdp.exec:\rtprxdp.exe90⤵
-
\??\c:\bjhtj.exec:\bjhtj.exe91⤵
-
\??\c:\fjrtlr.exec:\fjrtlr.exe92⤵
-
\??\c:\ndnbvh.exec:\ndnbvh.exe93⤵
-
\??\c:\xhvfr.exec:\xhvfr.exe94⤵
-
\??\c:\prfndpl.exec:\prfndpl.exe95⤵
-
\??\c:\dfjfflf.exec:\dfjfflf.exe96⤵
-
\??\c:\bbvnx.exec:\bbvnx.exe97⤵
-
\??\c:\nvphxxd.exec:\nvphxxd.exe98⤵
-
\??\c:\vhhxt.exec:\vhhxt.exe99⤵
-
\??\c:\vpprr.exec:\vpprr.exe100⤵
-
\??\c:\ltxbtff.exec:\ltxbtff.exe101⤵
-
\??\c:\vjnjxp.exec:\vjnjxp.exe102⤵
-
\??\c:\dprtb.exec:\dprtb.exe103⤵
-
\??\c:\fblrp.exec:\fblrp.exe104⤵
-
\??\c:\xthbl.exec:\xthbl.exe105⤵
-
\??\c:\tdxxjd.exec:\tdxxjd.exe106⤵
-
\??\c:\vhjvdx.exec:\vhjvdx.exe107⤵
-
\??\c:\jnnrv.exec:\jnnrv.exe108⤵
-
\??\c:\tbvpbfh.exec:\tbvpbfh.exe109⤵
-
\??\c:\dffbvp.exec:\dffbvp.exe110⤵
-
\??\c:\nppdnh.exec:\nppdnh.exe111⤵
-
\??\c:\dnhvx.exec:\dnhvx.exe112⤵
-
\??\c:\tjjtpnf.exec:\tjjtpnf.exe113⤵
-
\??\c:\tlrhr.exec:\tlrhr.exe114⤵
-
\??\c:\xbbrljb.exec:\xbbrljb.exe115⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nhlxbnb.exec:\nhlxbnb.exe116⤵
-
\??\c:\vtxrdj.exec:\vtxrdj.exe117⤵
-
\??\c:\hxplh.exec:\hxplh.exe118⤵
-
\??\c:\hlttvtn.exec:\hlttvtn.exe119⤵
-
\??\c:\lnxrdh.exec:\lnxrdh.exe120⤵
-
\??\c:\dxjjbhd.exec:\dxjjbhd.exe121⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-