Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
25/12/2024, 23:09
General
-
Target
67b998a04d0a9277eacc0f080e1fd6d5b7a4d2c2d13c8ed2d45994d046789b77.exe
-
Size
453KB
-
MD5
504d2daf4325e92a95a56e3bdd575423
-
SHA1
b7b497b7c316c1f99d9b8d06c39f52cec83df12d
-
SHA256
67b998a04d0a9277eacc0f080e1fd6d5b7a4d2c2d13c8ed2d45994d046789b77
-
SHA512
9a6d801b15244b7b40b2340c546ab64668e4db3ec5f6be7537198dffd4523c144f9c11b557cba297087ab73c6eda63df71abc43c120ece5756ac855c6d19c85d
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbei:q7Tc2NYHUrAwfMp3CDi
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 42 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\67b998a04d0a9277eacc0f080e1fd6d5b7a4d2c2d13c8ed2d45994d046789b77.exe"C:\Users\Admin\AppData\Local\Temp\67b998a04d0a9277eacc0f080e1fd6d5b7a4d2c2d13c8ed2d45994d046789b77.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vvxpphf.exec:\vvxpphf.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\fpnpjjl.exec:\fpnpjjl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tpfnd.exec:\tpfnd.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\dhrrdt.exec:\dhrrdt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bpntnxj.exec:\bpntnxj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\njpfj.exec:\njpfj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fpfvl.exec:\fpfvl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bflvhh.exec:\bflvhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fbdxrn.exec:\fbdxrn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fpxpl.exec:\fpxpl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlbhn.exec:\rlbhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxfvx.exec:\jxfvx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fhbxphj.exec:\fhbxphj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrxlrdn.exec:\vrxlrdn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nfrfvdl.exec:\nfrfvdl.exe16⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\dnnvr.exec:\dnnvr.exe17⤵
- Executes dropped EXE
-
\??\c:\lhtvfbt.exec:\lhtvfbt.exe18⤵
- Executes dropped EXE
-
\??\c:\nrfnh.exec:\nrfnh.exe19⤵
- Executes dropped EXE
-
\??\c:\dldvhj.exec:\dldvhj.exe20⤵
- Executes dropped EXE
-
\??\c:\vjhbltl.exec:\vjhbltl.exe21⤵
- Executes dropped EXE
-
\??\c:\vxjxh.exec:\vxjxh.exe22⤵
- Executes dropped EXE
-
\??\c:\vnhxh.exec:\vnhxh.exe23⤵
- Executes dropped EXE
-
\??\c:\hnfjp.exec:\hnfjp.exe24⤵
- Executes dropped EXE
-
\??\c:\hrljvn.exec:\hrljvn.exe25⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lbbvhf.exec:\lbbvhf.exe26⤵
- Executes dropped EXE
-
\??\c:\vttlpvt.exec:\vttlpvt.exe27⤵
- Executes dropped EXE
-
\??\c:\jvfjr.exec:\jvfjr.exe28⤵
- Executes dropped EXE
-
\??\c:\rjpfhxx.exec:\rjpfhxx.exe29⤵
- Executes dropped EXE
-
\??\c:\htldhd.exec:\htldhd.exe30⤵
- Executes dropped EXE
-
\??\c:\njlrxhd.exec:\njlrxhd.exe31⤵
- Executes dropped EXE
-
\??\c:\ljpjhp.exec:\ljpjhp.exe32⤵
- Executes dropped EXE
-
\??\c:\pvrrpj.exec:\pvrrpj.exe33⤵
- Executes dropped EXE
-
\??\c:\bbtbvrp.exec:\bbtbvrp.exe34⤵
- Executes dropped EXE
-
\??\c:\fdlldp.exec:\fdlldp.exe35⤵
- Executes dropped EXE
-
\??\c:\pjjltf.exec:\pjjltf.exe36⤵
- Executes dropped EXE
-
\??\c:\dpxjlf.exec:\dpxjlf.exe37⤵
- Executes dropped EXE
-
\??\c:\frhpvxr.exec:\frhpvxr.exe38⤵
- Executes dropped EXE
-
\??\c:\xfrpnt.exec:\xfrpnt.exe39⤵
- Executes dropped EXE
-
\??\c:\tlhnjl.exec:\tlhnjl.exe40⤵
- Executes dropped EXE
-
\??\c:\tlhnjjd.exec:\tlhnjjd.exe41⤵
- Executes dropped EXE
-
\??\c:\bltnl.exec:\bltnl.exe42⤵
- Executes dropped EXE
-
\??\c:\ndnftxb.exec:\ndnftxb.exe43⤵
- Executes dropped EXE
-
\??\c:\jjppj.exec:\jjppj.exe44⤵
- Executes dropped EXE
-
\??\c:\dprbt.exec:\dprbt.exe45⤵
- Executes dropped EXE
-
\??\c:\fbtlfnx.exec:\fbtlfnx.exe46⤵
- Executes dropped EXE
-
\??\c:\lltnrdx.exec:\lltnrdx.exe47⤵
- Executes dropped EXE
-
\??\c:\pptdhnn.exec:\pptdhnn.exe48⤵
- Executes dropped EXE
-
\??\c:\xbtnhxd.exec:\xbtnhxd.exe49⤵
- Executes dropped EXE
-
\??\c:\htvvnjn.exec:\htvvnjn.exe50⤵
- Executes dropped EXE
-
\??\c:\bjnfdbx.exec:\bjnfdbx.exe51⤵
- Executes dropped EXE
-
\??\c:\hjrdpdr.exec:\hjrdpdr.exe52⤵
- Executes dropped EXE
-
\??\c:\vxxxll.exec:\vxxxll.exe53⤵
- Executes dropped EXE
-
\??\c:\hpvvx.exec:\hpvvx.exe54⤵
- Executes dropped EXE
-
\??\c:\jjlhvb.exec:\jjlhvb.exe55⤵
- Executes dropped EXE
-
\??\c:\lpxrr.exec:\lpxrr.exe56⤵
- Executes dropped EXE
-
\??\c:\fdvplx.exec:\fdvplx.exe57⤵
- Executes dropped EXE
-
\??\c:\dhvrrtt.exec:\dhvrrtt.exe58⤵
- Executes dropped EXE
-
\??\c:\pfhbvj.exec:\pfhbvj.exe59⤵
- Executes dropped EXE
-
\??\c:\hhbpxp.exec:\hhbpxp.exe60⤵
- Executes dropped EXE
-
\??\c:\fjnrd.exec:\fjnrd.exe61⤵
- Executes dropped EXE
-
\??\c:\rfddfp.exec:\rfddfp.exe62⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lxhtnp.exec:\lxhtnp.exe63⤵
- Executes dropped EXE
-
\??\c:\pjpll.exec:\pjpll.exe64⤵
- Executes dropped EXE
-
\??\c:\jlpnf.exec:\jlpnf.exe65⤵
- Executes dropped EXE
-
\??\c:\bjlvv.exec:\bjlvv.exe66⤵
-
\??\c:\lfftxtj.exec:\lfftxtj.exe67⤵
-
\??\c:\bnxrbvh.exec:\bnxrbvh.exe68⤵
-
\??\c:\lbhdhr.exec:\lbhdhr.exe69⤵
-
\??\c:\hpbtlj.exec:\hpbtlj.exe70⤵
-
\??\c:\hntpht.exec:\hntpht.exe71⤵
-
\??\c:\tfnvfbb.exec:\tfnvfbb.exe72⤵
-
\??\c:\pxrxl.exec:\pxrxl.exe73⤵
-
\??\c:\jfhtp.exec:\jfhtp.exe74⤵
-
\??\c:\rdhll.exec:\rdhll.exe75⤵
-
\??\c:\trrnr.exec:\trrnr.exe76⤵
-
\??\c:\vlrjxft.exec:\vlrjxft.exe77⤵
-
\??\c:\vvnbf.exec:\vvnbf.exe78⤵
-
\??\c:\vbhtlb.exec:\vbhtlb.exe79⤵
-
\??\c:\lvlxf.exec:\lvlxf.exe80⤵
-
\??\c:\hxdbhn.exec:\hxdbhn.exe81⤵
-
\??\c:\dffhtfx.exec:\dffhtfx.exe82⤵
-
\??\c:\rdblhrj.exec:\rdblhrj.exe83⤵
-
\??\c:\bddbjj.exec:\bddbjj.exe84⤵
-
\??\c:\hnrfbf.exec:\hnrfbf.exe85⤵
-
\??\c:\pndnhx.exec:\pndnhx.exe86⤵
-
\??\c:\vbxfb.exec:\vbxfb.exe87⤵
-
\??\c:\tpdvhxn.exec:\tpdvhxn.exe88⤵
-
\??\c:\xprtppp.exec:\xprtppp.exe89⤵
-
\??\c:\dptbpb.exec:\dptbpb.exe90⤵
-
\??\c:\vfdbrj.exec:\vfdbrj.exe91⤵
-
\??\c:\nvjfjf.exec:\nvjfjf.exe92⤵
-
\??\c:\lbxjlr.exec:\lbxjlr.exe93⤵
-
\??\c:\htfxjxn.exec:\htfxjxn.exe94⤵
-
\??\c:\xpnhdfr.exec:\xpnhdfr.exe95⤵
-
\??\c:\pnlbh.exec:\pnlbh.exe96⤵
-
\??\c:\jvfxbrd.exec:\jvfxbrd.exe97⤵
-
\??\c:\dfdpt.exec:\dfdpt.exe98⤵
-
\??\c:\xvvrf.exec:\xvvrf.exe99⤵
-
\??\c:\xtxjlfn.exec:\xtxjlfn.exe100⤵
-
\??\c:\frrpljh.exec:\frrpljh.exe101⤵
-
\??\c:\rnbvbr.exec:\rnbvbr.exe102⤵
-
\??\c:\rpbntl.exec:\rpbntl.exe103⤵
-
\??\c:\pdlpvpn.exec:\pdlpvpn.exe104⤵
-
\??\c:\xrprf.exec:\xrprf.exe105⤵
-
\??\c:\jrpbv.exec:\jrpbv.exe106⤵
-
\??\c:\bhrpp.exec:\bhrpp.exe107⤵
-
\??\c:\hpvhp.exec:\hpvhp.exe108⤵
-
\??\c:\pxvrnvd.exec:\pxvrnvd.exe109⤵
-
\??\c:\hdfndtb.exec:\hdfndtb.exe110⤵
-
\??\c:\fhnpxph.exec:\fhnpxph.exe111⤵
-
\??\c:\xbnprr.exec:\xbnprr.exe112⤵
-
\??\c:\jfhxr.exec:\jfhxr.exe113⤵
-
\??\c:\bdtfjl.exec:\bdtfjl.exe114⤵
-
\??\c:\phnxd.exec:\phnxd.exe115⤵
-
\??\c:\vlrvdp.exec:\vlrvdp.exe116⤵
-
\??\c:\phrtfjb.exec:\phrtfjb.exe117⤵
-
\??\c:\xfjvbrf.exec:\xfjvbrf.exe118⤵
-
\??\c:\nfvlx.exec:\nfvlx.exe119⤵
-
\??\c:\tfrxx.exec:\tfrxx.exe120⤵
-
\??\c:\dnfftx.exec:\dnfftx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-