Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
25/12/2024, 22:22
General
-
Target
b98ab1d4238c550c514e0def72b1e6369d50e50fe1409a0a3426424251070d98N.exe
-
Size
454KB
-
MD5
97fe22811e61d158a12dbde8d518e4e0
-
SHA1
86234426778fc04d0f99f27676022699c3fbae63
-
SHA256
b98ab1d4238c550c514e0def72b1e6369d50e50fe1409a0a3426424251070d98
-
SHA512
50b6c2cfa4d988ca838a7895486d692e11aea47643bffc71747605b7481fe49755866448fdc20dbaa09ae278f3567009680eae32440f7c84013fe966943e0b62
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbei:q7Tc2NYHUrAwfMp3CDi
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 47 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b98ab1d4238c550c514e0def72b1e6369d50e50fe1409a0a3426424251070d98N.exe"C:\Users\Admin\AppData\Local\Temp\b98ab1d4238c550c514e0def72b1e6369d50e50fe1409a0a3426424251070d98N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbvft.exec:\hbvft.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrvpr.exec:\hrvpr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vfptdf.exec:\vfptdf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tpphhrn.exec:\tpphhrn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tpxrpx.exec:\tpxrpx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfv.exec:\rllfv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpbrxlr.exec:\vpbrxlr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxtxd.exec:\jxtxd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffjffd.exec:\ffjffd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxnrp.exec:\hxnrp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rvdxfvv.exec:\rvdxfvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbxfv.exec:\tbxfv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntxpjj.exec:\ntxpjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vnhvtn.exec:\vnhvtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdbh.exec:\pjdbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fhpbbl.exec:\fhpbbl.exe17⤵
- Executes dropped EXE
-
\??\c:\ppdtntr.exec:\ppdtntr.exe18⤵
- Executes dropped EXE
-
\??\c:\bfffp.exec:\bfffp.exe19⤵
- Executes dropped EXE
-
\??\c:\xttffx.exec:\xttffx.exe20⤵
- Executes dropped EXE
-
\??\c:\rxtpjx.exec:\rxtpjx.exe21⤵
- Executes dropped EXE
-
\??\c:\jxhlxhn.exec:\jxhlxhn.exe22⤵
- Executes dropped EXE
-
\??\c:\rfhpxr.exec:\rfhpxr.exe23⤵
- Executes dropped EXE
-
\??\c:\dpvvj.exec:\dpvvj.exe24⤵
- Executes dropped EXE
-
\??\c:\bfpnvf.exec:\bfpnvf.exe25⤵
- Executes dropped EXE
-
\??\c:\ldddxlt.exec:\ldddxlt.exe26⤵
- Executes dropped EXE
-
\??\c:\ttxbhv.exec:\ttxbhv.exe27⤵
- Executes dropped EXE
-
\??\c:\bpplxf.exec:\bpplxf.exe28⤵
- Executes dropped EXE
-
\??\c:\djjnrfj.exec:\djjnrfj.exe29⤵
- Executes dropped EXE
-
\??\c:\bhvtt.exec:\bhvtt.exe30⤵
- Executes dropped EXE
-
\??\c:\fdrtl.exec:\fdrtl.exe31⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nvtppbf.exec:\nvtppbf.exe32⤵
- Executes dropped EXE
-
\??\c:\jbtxht.exec:\jbtxht.exe33⤵
- Executes dropped EXE
-
\??\c:\lnplvf.exec:\lnplvf.exe34⤵
- Executes dropped EXE
-
\??\c:\frrtrbn.exec:\frrtrbn.exe35⤵
- Executes dropped EXE
-
\??\c:\hhddjh.exec:\hhddjh.exe36⤵
- Executes dropped EXE
-
\??\c:\drbjhp.exec:\drbjhp.exe37⤵
- Executes dropped EXE
-
\??\c:\nvlnbhh.exec:\nvlnbhh.exe38⤵
- Executes dropped EXE
-
\??\c:\xdddr.exec:\xdddr.exe39⤵
- Executes dropped EXE
-
\??\c:\pdbdn.exec:\pdbdn.exe40⤵
- Executes dropped EXE
-
\??\c:\fndtf.exec:\fndtf.exe41⤵
- Executes dropped EXE
-
\??\c:\bjxjpfp.exec:\bjxjpfp.exe42⤵
- Executes dropped EXE
-
\??\c:\vrjrhn.exec:\vrjrhn.exe43⤵
- Executes dropped EXE
-
\??\c:\nrtfv.exec:\nrtfv.exe44⤵
- Executes dropped EXE
-
\??\c:\lvppd.exec:\lvppd.exe45⤵
- Executes dropped EXE
-
\??\c:\hprbndh.exec:\hprbndh.exe46⤵
- Executes dropped EXE
-
\??\c:\dxplv.exec:\dxplv.exe47⤵
- Executes dropped EXE
-
\??\c:\ltppbbj.exec:\ltppbbj.exe48⤵
- Executes dropped EXE
-
\??\c:\bdjvxvv.exec:\bdjvxvv.exe49⤵
- Executes dropped EXE
-
\??\c:\dvpjfx.exec:\dvpjfx.exe50⤵
- Executes dropped EXE
-
\??\c:\prntdb.exec:\prntdb.exe51⤵
- Executes dropped EXE
-
\??\c:\rtvrp.exec:\rtvrp.exe52⤵
- Executes dropped EXE
-
\??\c:\rblpvrj.exec:\rblpvrj.exe53⤵
- Executes dropped EXE
-
\??\c:\rbpbhr.exec:\rbpbhr.exe54⤵
- Executes dropped EXE
-
\??\c:\pvhxnxn.exec:\pvhxnxn.exe55⤵
- Executes dropped EXE
-
\??\c:\rjvjprd.exec:\rjvjprd.exe56⤵
- Executes dropped EXE
-
\??\c:\bxjlbhx.exec:\bxjlbhx.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tpvtdjx.exec:\tpvtdjx.exe58⤵
- Executes dropped EXE
-
\??\c:\jphhddd.exec:\jphhddd.exe59⤵
- Executes dropped EXE
-
\??\c:\jjprfh.exec:\jjprfh.exe60⤵
- Executes dropped EXE
-
\??\c:\nthtpbf.exec:\nthtpbf.exe61⤵
- Executes dropped EXE
-
\??\c:\xhndhr.exec:\xhndhr.exe62⤵
- Executes dropped EXE
-
\??\c:\njbblp.exec:\njbblp.exe63⤵
- Executes dropped EXE
-
\??\c:\fxrpxdx.exec:\fxrpxdx.exe64⤵
- Executes dropped EXE
-
\??\c:\rpdntn.exec:\rpdntn.exe65⤵
- Executes dropped EXE
-
\??\c:\hbdnp.exec:\hbdnp.exe66⤵
-
\??\c:\xblhv.exec:\xblhv.exe67⤵
-
\??\c:\hvltnhx.exec:\hvltnhx.exe68⤵
-
\??\c:\lttlvh.exec:\lttlvh.exe69⤵
-
\??\c:\tpfprn.exec:\tpfprn.exe70⤵
-
\??\c:\jpnrd.exec:\jpnrd.exe71⤵
-
\??\c:\xnfvdh.exec:\xnfvdh.exe72⤵
-
\??\c:\jhfnpv.exec:\jhfnpv.exe73⤵
-
\??\c:\xjnvjpl.exec:\xjnvjpl.exe74⤵
-
\??\c:\pvthd.exec:\pvthd.exe75⤵
-
\??\c:\fdvbj.exec:\fdvbj.exe76⤵
-
\??\c:\fhpxrj.exec:\fhpxrj.exe77⤵
-
\??\c:\pvhrv.exec:\pvhrv.exe78⤵
-
\??\c:\xlbpn.exec:\xlbpn.exe79⤵
-
\??\c:\jtdpn.exec:\jtdpn.exe80⤵
-
\??\c:\xtrdf.exec:\xtrdf.exe81⤵
-
\??\c:\dnhtvrj.exec:\dnhtvrj.exe82⤵
-
\??\c:\htnffxr.exec:\htnffxr.exe83⤵
-
\??\c:\pjbvjt.exec:\pjbvjt.exe84⤵
-
\??\c:\lhxfxl.exec:\lhxfxl.exe85⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pxvhx.exec:\pxvhx.exe86⤵
-
\??\c:\tntdxf.exec:\tntdxf.exe87⤵
-
\??\c:\nprxrl.exec:\nprxrl.exe88⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xlnjtl.exec:\xlnjtl.exe89⤵
-
\??\c:\ntflnnx.exec:\ntflnnx.exe90⤵
-
\??\c:\pblvh.exec:\pblvh.exe91⤵
-
\??\c:\vlfvpfb.exec:\vlfvpfb.exe92⤵
-
\??\c:\htlxrvx.exec:\htlxrvx.exe93⤵
-
\??\c:\hxxjrdx.exec:\hxxjrdx.exe94⤵
-
\??\c:\vhtrpr.exec:\vhtrpr.exe95⤵
-
\??\c:\nrxpvr.exec:\nrxpvr.exe96⤵
-
\??\c:\tbxdnv.exec:\tbxdnv.exe97⤵
-
\??\c:\pnphr.exec:\pnphr.exe98⤵
-
\??\c:\rphjlh.exec:\rphjlh.exe99⤵
-
\??\c:\bnfltbt.exec:\bnfltbt.exe100⤵
-
\??\c:\rldvhx.exec:\rldvhx.exe101⤵
-
\??\c:\npvvfpx.exec:\npvvfpx.exe102⤵
-
\??\c:\xhnlv.exec:\xhnlv.exe103⤵
-
\??\c:\fxpnp.exec:\fxpnp.exe104⤵
-
\??\c:\brfln.exec:\brfln.exe105⤵
-
\??\c:\tdftrbr.exec:\tdftrbr.exe106⤵
-
\??\c:\dfhdnp.exec:\dfhdnp.exe107⤵
-
\??\c:\fjtbpn.exec:\fjtbpn.exe108⤵
-
\??\c:\llhvx.exec:\llhvx.exe109⤵
-
\??\c:\vhhblj.exec:\vhhblj.exe110⤵
-
\??\c:\vlfbnlh.exec:\vlfbnlh.exe111⤵
-
\??\c:\xxdhvb.exec:\xxdhvb.exe112⤵
-
\??\c:\ntpjbb.exec:\ntpjbb.exe113⤵
-
\??\c:\rbbllv.exec:\rbbllv.exe114⤵
-
\??\c:\dhfddp.exec:\dhfddp.exe115⤵
-
\??\c:\hvnrvh.exec:\hvnrvh.exe116⤵
-
\??\c:\fndxpt.exec:\fndxpt.exe117⤵
-
\??\c:\xdrtd.exec:\xdrtd.exe118⤵
-
\??\c:\lbjdhft.exec:\lbjdhft.exe119⤵
-
\??\c:\vhxphx.exec:\vhxphx.exe120⤵
-
\??\c:\rrphdd.exec:\rrphdd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-