Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26/12/2024, 08:47
General
-
Target
e368571d0422c1902114f0fa8b37c1f6670ec68c7ea6fefb22e72748c620e269N.exe
-
Size
453KB
-
MD5
59160f133f69f78c6b675451e88d3c20
-
SHA1
bfe6d5a405d1a621b3a4a32b254e12959335a2c5
-
SHA256
e368571d0422c1902114f0fa8b37c1f6670ec68c7ea6fefb22e72748c620e269
-
SHA512
b1f08b8bc68ee7f71f0deaba15d361121474d018f694e96f786484fcf377013c4f806be9609ea2acb326507423c1ed3827dcdf0f5b20cd99cb3152ca84ce7f3c
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbe/:q7Tc2NYHUrAwfMp3CD/
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 47 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e368571d0422c1902114f0fa8b37c1f6670ec68c7ea6fefb22e72748c620e269N.exe"C:\Users\Admin\AppData\Local\Temp\e368571d0422c1902114f0fa8b37c1f6670ec68c7ea6fefb22e72748c620e269N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tlbxvx.exec:\tlbxvx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhpthrd.exec:\rhpthrd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xjhbddv.exec:\xjhbddv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pbpvnr.exec:\pbpvnr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jtrhnlh.exec:\jtrhnlh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\txtbv.exec:\txtbv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrvtxf.exec:\rrvtxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tfhdltj.exec:\tfhdltj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fdvfj.exec:\fdvfj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lpjdrr.exec:\lpjdrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvntvl.exec:\jvntvl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\trtjjhx.exec:\trtjjhx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lbpfxn.exec:\lbpfxn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxpj.exec:\rrlxpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxvjdrr.exec:\xxvjdrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxxdn.exec:\vxxdn.exe17⤵
- Executes dropped EXE
-
\??\c:\jvbvpt.exec:\jvbvpt.exe18⤵
- Executes dropped EXE
-
\??\c:\xdhlxll.exec:\xdhlxll.exe19⤵
- Executes dropped EXE
-
\??\c:\tfxrvjf.exec:\tfxrvjf.exe20⤵
- Executes dropped EXE
-
\??\c:\rpdjlp.exec:\rpdjlp.exe21⤵
- Executes dropped EXE
-
\??\c:\nvxpp.exec:\nvxpp.exe22⤵
- Executes dropped EXE
-
\??\c:\jrhrn.exec:\jrhrn.exe23⤵
- Executes dropped EXE
-
\??\c:\tfvpjdt.exec:\tfvpjdt.exe24⤵
- Executes dropped EXE
-
\??\c:\dppjxlv.exec:\dppjxlv.exe25⤵
- Executes dropped EXE
-
\??\c:\ljdbp.exec:\ljdbp.exe26⤵
- Executes dropped EXE
-
\??\c:\dxtlt.exec:\dxtlt.exe27⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rhhdpdv.exec:\rhhdpdv.exe28⤵
- Executes dropped EXE
-
\??\c:\fnfldh.exec:\fnfldh.exe29⤵
- Executes dropped EXE
-
\??\c:\txftxft.exec:\txftxft.exe30⤵
- Executes dropped EXE
-
\??\c:\pvpxprh.exec:\pvpxprh.exe31⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vtjvd.exec:\vtjvd.exe32⤵
- Executes dropped EXE
-
\??\c:\pbjxbf.exec:\pbjxbf.exe33⤵
- Executes dropped EXE
-
\??\c:\bdtlphx.exec:\bdtlphx.exe34⤵
- Executes dropped EXE
-
\??\c:\rhvfnjp.exec:\rhvfnjp.exe35⤵
- Executes dropped EXE
-
\??\c:\vbnbr.exec:\vbnbr.exe36⤵
- Executes dropped EXE
-
\??\c:\nnlhjb.exec:\nnlhjb.exe37⤵
- Executes dropped EXE
-
\??\c:\rblpprr.exec:\rblpprr.exe38⤵
- Executes dropped EXE
-
\??\c:\jtttrxx.exec:\jtttrxx.exe39⤵
- Executes dropped EXE
-
\??\c:\hhrtpj.exec:\hhrtpj.exe40⤵
- Executes dropped EXE
-
\??\c:\fnpjbf.exec:\fnpjbf.exe41⤵
- Executes dropped EXE
-
\??\c:\llntvlt.exec:\llntvlt.exe42⤵
- Executes dropped EXE
-
\??\c:\nbfpp.exec:\nbfpp.exe43⤵
- Executes dropped EXE
-
\??\c:\vbtxx.exec:\vbtxx.exe44⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bbllhvr.exec:\bbllhvr.exe45⤵
- Executes dropped EXE
-
\??\c:\hhrppn.exec:\hhrppn.exe46⤵
- Executes dropped EXE
-
\??\c:\jtblflr.exec:\jtblflr.exe47⤵
- Executes dropped EXE
-
\??\c:\nrnbvpd.exec:\nrnbvpd.exe48⤵
- Executes dropped EXE
-
\??\c:\rvrdt.exec:\rvrdt.exe49⤵
- Executes dropped EXE
-
\??\c:\hjtdp.exec:\hjtdp.exe50⤵
- Executes dropped EXE
-
\??\c:\trrhxfd.exec:\trrhxfd.exe51⤵
- Executes dropped EXE
-
\??\c:\hrtjxh.exec:\hrtjxh.exe52⤵
- Executes dropped EXE
-
\??\c:\rlhvxr.exec:\rlhvxr.exe53⤵
- Executes dropped EXE
-
\??\c:\hdnjb.exec:\hdnjb.exe54⤵
- Executes dropped EXE
-
\??\c:\bbxvll.exec:\bbxvll.exe55⤵
- Executes dropped EXE
-
\??\c:\vjjrrp.exec:\vjjrrp.exe56⤵
- Executes dropped EXE
-
\??\c:\pbhbvt.exec:\pbhbvt.exe57⤵
- Executes dropped EXE
-
\??\c:\jhnnxxd.exec:\jhnnxxd.exe58⤵
- Executes dropped EXE
-
\??\c:\lljxx.exec:\lljxx.exe59⤵
- Executes dropped EXE
-
\??\c:\tdhdll.exec:\tdhdll.exe60⤵
- Executes dropped EXE
-
\??\c:\vjpnr.exec:\vjpnr.exe61⤵
- Executes dropped EXE
-
\??\c:\bdbtpj.exec:\bdbtpj.exe62⤵
- Executes dropped EXE
-
\??\c:\brtnb.exec:\brtnb.exe63⤵
- Executes dropped EXE
-
\??\c:\jxdvnlv.exec:\jxdvnlv.exe64⤵
- Executes dropped EXE
-
\??\c:\pltbbbt.exec:\pltbbbt.exe65⤵
- Executes dropped EXE
-
\??\c:\xlrnr.exec:\xlrnr.exe66⤵
-
\??\c:\jrhxrht.exec:\jrhxrht.exe67⤵
-
\??\c:\xnjjrl.exec:\xnjjrl.exe68⤵
-
\??\c:\xvrdnx.exec:\xvrdnx.exe69⤵
-
\??\c:\nxnvv.exec:\nxnvv.exe70⤵
-
\??\c:\tpvhfjj.exec:\tpvhfjj.exe71⤵
-
\??\c:\lxpxl.exec:\lxpxl.exe72⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jbxvt.exec:\jbxvt.exe73⤵
-
\??\c:\bllrv.exec:\bllrv.exe74⤵
-
\??\c:\rrrdj.exec:\rrrdj.exe75⤵
-
\??\c:\lxlpf.exec:\lxlpf.exe76⤵
-
\??\c:\bbndnh.exec:\bbndnh.exe77⤵
-
\??\c:\lnjbjp.exec:\lnjbjp.exe78⤵
-
\??\c:\pjjhbbr.exec:\pjjhbbr.exe79⤵
-
\??\c:\xdvxnf.exec:\xdvxnf.exe80⤵
-
\??\c:\phjtv.exec:\phjtv.exe81⤵
-
\??\c:\prrtvb.exec:\prrtvb.exe82⤵
-
\??\c:\ntldr.exec:\ntldr.exe83⤵
-
\??\c:\dnxpd.exec:\dnxpd.exe84⤵
-
\??\c:\phxfxpx.exec:\phxfxpx.exe85⤵
-
\??\c:\vrvrd.exec:\vrvrd.exe86⤵
-
\??\c:\fxbhhj.exec:\fxbhhj.exe87⤵
-
\??\c:\xjflj.exec:\xjflj.exe88⤵
-
\??\c:\nprpfjx.exec:\nprpfjx.exe89⤵
-
\??\c:\xjbhdt.exec:\xjbhdt.exe90⤵
-
\??\c:\pvjtt.exec:\pvjtt.exe91⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nxtpn.exec:\nxtpn.exe92⤵
-
\??\c:\vxvnl.exec:\vxvnl.exe93⤵
-
\??\c:\lprrnlx.exec:\lprrnlx.exe94⤵
-
\??\c:\vjfbhrp.exec:\vjfbhrp.exe95⤵
-
\??\c:\drdfff.exec:\drdfff.exe96⤵
-
\??\c:\rblvhf.exec:\rblvhf.exe97⤵
-
\??\c:\thptbfh.exec:\thptbfh.exe98⤵
-
\??\c:\rfpthlf.exec:\rfpthlf.exe99⤵
-
\??\c:\tthtlt.exec:\tthtlt.exe100⤵
-
\??\c:\htrld.exec:\htrld.exe101⤵
-
\??\c:\bhljfdr.exec:\bhljfdr.exe102⤵
-
\??\c:\txrvxp.exec:\txrvxp.exe103⤵
- System Location Discovery: System Language Discovery
-
\??\c:\prnthbf.exec:\prnthbf.exe104⤵
-
\??\c:\lhbtl.exec:\lhbtl.exe105⤵
-
\??\c:\tftfp.exec:\tftfp.exe106⤵
-
\??\c:\fjpjd.exec:\fjpjd.exe107⤵
-
\??\c:\flfpfp.exec:\flfpfp.exe108⤵
-
\??\c:\pvrrlf.exec:\pvrrlf.exe109⤵
-
\??\c:\tdfjd.exec:\tdfjd.exe110⤵
-
\??\c:\dvnht.exec:\dvnht.exe111⤵
-
\??\c:\hvbvtnf.exec:\hvbvtnf.exe112⤵
-
\??\c:\ptpjjvh.exec:\ptpjjvh.exe113⤵
-
\??\c:\pdxhp.exec:\pdxhp.exe114⤵
-
\??\c:\fhrxtr.exec:\fhrxtr.exe115⤵
-
\??\c:\ttvfh.exec:\ttvfh.exe116⤵
-
\??\c:\bjbnrxj.exec:\bjbnrxj.exe117⤵
-
\??\c:\rhxbv.exec:\rhxbv.exe118⤵
-
\??\c:\xfxrtpr.exec:\xfxrtpr.exe119⤵
-
\??\c:\tpbbn.exec:\tpbbn.exe120⤵
-
\??\c:\ppnpt.exec:\ppnpt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-