Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26/12/2024, 08:57
General
-
Target
6afddd7fd533b2b6d7f7d21d42b326d94a3f53508010b0058d613ddadcf3f1a0.exe
-
Size
454KB
-
MD5
43c1c7cb96a737ca40e8b50b17804728
-
SHA1
f84413491b80f000495ed48944238c0eaabd9aff
-
SHA256
6afddd7fd533b2b6d7f7d21d42b326d94a3f53508010b0058d613ddadcf3f1a0
-
SHA512
04e4c15dc5fcad53b218b1561e2e261bd05f32a48baab99462a9b6263b938b096b693408c162d012b384c8c7b12bf5571f9a191d68e4cf477b96c1c3b56c7451
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbe3:q7Tc2NYHUrAwfMp3CD3
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 44 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6afddd7fd533b2b6d7f7d21d42b326d94a3f53508010b0058d613ddadcf3f1a0.exe"C:\Users\Admin\AppData\Local\Temp\6afddd7fd533b2b6d7f7d21d42b326d94a3f53508010b0058d613ddadcf3f1a0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\htjfbf.exec:\htjfbf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjhbd.exec:\fjhbd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vbrll.exec:\vbrll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrhbjlr.exec:\lrhbjlr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffdxl.exec:\ffdxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffjnp.exec:\ffjnp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xnlhbrr.exec:\xnlhbrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfxnhr.exec:\pfxnhr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dfxpf.exec:\dfxpf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljtfhrv.exec:\ljtfhrv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjxb.exec:\vdjxb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvrflrt.exec:\hvrflrt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tltbfr.exec:\tltbfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tdxff.exec:\tdxff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jtbffh.exec:\jtbffh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nfdhd.exec:\nfdhd.exe17⤵
- Executes dropped EXE
-
\??\c:\hrrrd.exec:\hrrrd.exe18⤵
- Executes dropped EXE
-
\??\c:\dxvrtpt.exec:\dxvrtpt.exe19⤵
- Executes dropped EXE
-
\??\c:\xlfjh.exec:\xlfjh.exe20⤵
- Executes dropped EXE
-
\??\c:\ppxttj.exec:\ppxttj.exe21⤵
- Executes dropped EXE
-
\??\c:\vjxjrx.exec:\vjxjrx.exe22⤵
- Executes dropped EXE
-
\??\c:\httpl.exec:\httpl.exe23⤵
- Executes dropped EXE
-
\??\c:\lplxr.exec:\lplxr.exe24⤵
- Executes dropped EXE
-
\??\c:\tvxdvvx.exec:\tvxdvvx.exe25⤵
- Executes dropped EXE
-
\??\c:\tfnrp.exec:\tfnrp.exe26⤵
- Executes dropped EXE
-
\??\c:\ttdrlp.exec:\ttdrlp.exe27⤵
- Executes dropped EXE
-
\??\c:\nfbpppx.exec:\nfbpppx.exe28⤵
- Executes dropped EXE
-
\??\c:\dffnjbv.exec:\dffnjbv.exe29⤵
- Executes dropped EXE
-
\??\c:\pfnxlh.exec:\pfnxlh.exe30⤵
- Executes dropped EXE
-
\??\c:\ppfhbdf.exec:\ppfhbdf.exe31⤵
- Executes dropped EXE
-
\??\c:\tvfdnh.exec:\tvfdnh.exe32⤵
- Executes dropped EXE
-
\??\c:\nnjdn.exec:\nnjdn.exe33⤵
- Executes dropped EXE
-
\??\c:\tndrxtt.exec:\tndrxtt.exe34⤵
- Executes dropped EXE
-
\??\c:\bdhrvv.exec:\bdhrvv.exe35⤵
- Executes dropped EXE
-
\??\c:\fpblxd.exec:\fpblxd.exe36⤵
- Executes dropped EXE
-
\??\c:\rdrpjr.exec:\rdrpjr.exe37⤵
- Executes dropped EXE
-
\??\c:\pjntr.exec:\pjntr.exe38⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\pphxdt.exec:\pphxdt.exe39⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ddbtpf.exec:\ddbtpf.exe40⤵
- Executes dropped EXE
-
\??\c:\dpvxdvt.exec:\dpvxdvt.exe41⤵
- Executes dropped EXE
-
\??\c:\tfxhd.exec:\tfxhd.exe42⤵
- Executes dropped EXE
-
\??\c:\txhfptl.exec:\txhfptl.exe43⤵
- Executes dropped EXE
-
\??\c:\bjhddx.exec:\bjhddx.exe44⤵
- Executes dropped EXE
-
\??\c:\pdvffdt.exec:\pdvffdt.exe45⤵
- Executes dropped EXE
-
\??\c:\ptbxxp.exec:\ptbxxp.exe46⤵
- Executes dropped EXE
-
\??\c:\pnrtnpv.exec:\pnrtnpv.exe47⤵
- Executes dropped EXE
-
\??\c:\pbthlb.exec:\pbthlb.exe48⤵
- Executes dropped EXE
-
\??\c:\lhtjp.exec:\lhtjp.exe49⤵
- Executes dropped EXE
-
\??\c:\vrjfl.exec:\vrjfl.exe50⤵
- Executes dropped EXE
-
\??\c:\xdfhnxx.exec:\xdfhnxx.exe51⤵
- Executes dropped EXE
-
\??\c:\npjlj.exec:\npjlj.exe52⤵
- Executes dropped EXE
-
\??\c:\tprdndd.exec:\tprdndd.exe53⤵
- Executes dropped EXE
-
\??\c:\rhdjbv.exec:\rhdjbv.exe54⤵
- Executes dropped EXE
-
\??\c:\ddbtt.exec:\ddbtt.exe55⤵
- Executes dropped EXE
-
\??\c:\rpdhnnt.exec:\rpdhnnt.exe56⤵
- Executes dropped EXE
-
\??\c:\vprvptf.exec:\vprvptf.exe57⤵
- Executes dropped EXE
-
\??\c:\plxxtpr.exec:\plxxtpr.exe58⤵
- Executes dropped EXE
-
\??\c:\pvpjbdv.exec:\pvpjbdv.exe59⤵
- Executes dropped EXE
-
\??\c:\jxxxv.exec:\jxxxv.exe60⤵
- Executes dropped EXE
-
\??\c:\rnbjjr.exec:\rnbjjr.exe61⤵
- Executes dropped EXE
-
\??\c:\pbhxdl.exec:\pbhxdl.exe62⤵
- Executes dropped EXE
-
\??\c:\hxrphvf.exec:\hxrphvf.exe63⤵
- Executes dropped EXE
-
\??\c:\jbbhr.exec:\jbbhr.exe64⤵
- Executes dropped EXE
-
\??\c:\ldxpxp.exec:\ldxpxp.exe65⤵
- Executes dropped EXE
-
\??\c:\rbntphn.exec:\rbntphn.exe66⤵
-
\??\c:\jrhnhtr.exec:\jrhnhtr.exe67⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bvrbf.exec:\bvrbf.exe68⤵
-
\??\c:\pnvdd.exec:\pnvdd.exe69⤵
-
\??\c:\vlrhvvr.exec:\vlrhvvr.exe70⤵
-
\??\c:\vpjpvr.exec:\vpjpvr.exe71⤵
-
\??\c:\xpdlvh.exec:\xpdlvh.exe72⤵
-
\??\c:\lbblb.exec:\lbblb.exe73⤵
-
\??\c:\vhfdhln.exec:\vhfdhln.exe74⤵
-
\??\c:\hfxhjx.exec:\hfxhjx.exe75⤵
-
\??\c:\rltvhhb.exec:\rltvhhb.exe76⤵
-
\??\c:\vdpfjx.exec:\vdpfjx.exe77⤵
-
\??\c:\tbtbd.exec:\tbtbd.exe78⤵
-
\??\c:\blnpdxj.exec:\blnpdxj.exe79⤵
-
\??\c:\hbnxld.exec:\hbnxld.exe80⤵
-
\??\c:\hnxtx.exec:\hnxtx.exe81⤵
-
\??\c:\jjvbht.exec:\jjvbht.exe82⤵
-
\??\c:\jvbhbn.exec:\jvbhbn.exe83⤵
-
\??\c:\vnvrtln.exec:\vnvrtln.exe84⤵
-
\??\c:\lhrvvp.exec:\lhrvvp.exe85⤵
-
\??\c:\plvjfnh.exec:\plvjfnh.exe86⤵
-
\??\c:\ldfdlp.exec:\ldfdlp.exe87⤵
-
\??\c:\llnpbr.exec:\llnpbr.exe88⤵
-
\??\c:\xljhllx.exec:\xljhllx.exe89⤵
-
\??\c:\hvnfv.exec:\hvnfv.exe90⤵
-
\??\c:\xplhjt.exec:\xplhjt.exe91⤵
-
\??\c:\rrvpl.exec:\rrvpl.exe92⤵
-
\??\c:\pxrrbrx.exec:\pxrrbrx.exe93⤵
-
\??\c:\fnxnb.exec:\fnxnb.exe94⤵
- System Location Discovery: System Language Discovery
-
\??\c:\llnnt.exec:\llnnt.exe95⤵
-
\??\c:\thpjd.exec:\thpjd.exe96⤵
-
\??\c:\xfhptp.exec:\xfhptp.exe97⤵
- System Location Discovery: System Language Discovery
-
\??\c:\prnpnhj.exec:\prnpnhj.exe98⤵
-
\??\c:\tnrfld.exec:\tnrfld.exe99⤵
-
\??\c:\pvnfhl.exec:\pvnfhl.exe100⤵
-
\??\c:\pxtxvl.exec:\pxtxvl.exe101⤵
-
\??\c:\bndtfrd.exec:\bndtfrd.exe102⤵
-
\??\c:\tjfff.exec:\tjfff.exe103⤵
-
\??\c:\nfjjd.exec:\nfjjd.exe104⤵
-
\??\c:\ddxfrj.exec:\ddxfrj.exe105⤵
-
\??\c:\vrnfnfl.exec:\vrnfnfl.exe106⤵
-
\??\c:\bfhjxvr.exec:\bfhjxvr.exe107⤵
-
\??\c:\dbldl.exec:\dbldl.exe108⤵
-
\??\c:\btdntnl.exec:\btdntnl.exe109⤵
-
\??\c:\nxvff.exec:\nxvff.exe110⤵
-
\??\c:\rvtlvpn.exec:\rvtlvpn.exe111⤵
-
\??\c:\ftrvb.exec:\ftrvb.exe112⤵
-
\??\c:\bbnpr.exec:\bbnpr.exe113⤵
-
\??\c:\fvhttfd.exec:\fvhttfd.exe114⤵
-
\??\c:\hxtnbxf.exec:\hxtnbxf.exe115⤵
-
\??\c:\pxvvt.exec:\pxvvt.exe116⤵
-
\??\c:\jrfxhxh.exec:\jrfxhxh.exe117⤵
-
\??\c:\jhblhvh.exec:\jhblhvh.exe118⤵
-
\??\c:\fhpvd.exec:\fhpvd.exe119⤵
-
\??\c:\pnhxbxp.exec:\pnhxbxp.exe120⤵
-
\??\c:\dbdxjhd.exec:\dbdxjhd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-