Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26/12/2024, 12:09
General
-
Target
850fe874201a706d6196307256f768e37c4026fe43cb4875a95824c9debab0cb.exe
-
Size
298KB
-
MD5
c48150ae1df943cec9e198000905216a
-
SHA1
5291d5b56a928717af19a756cdacde64cd9c0fdd
-
SHA256
850fe874201a706d6196307256f768e37c4026fe43cb4875a95824c9debab0cb
-
SHA512
565c590c3a124b9016ee1fb2d0f3686146c0d1511f90c8825f1f3d83d5291b42b11a4f40e1d70444f5bd179688cf6b31b96557a5a4146ac48ff73cd5db1be379
-
SSDEEP
6144:n3C9BRo/AIuuOthLmH403Pyr6UWO6jUl7sPgvU:n3C9uDVOXLmHBKWyn+PgvU
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\850fe874201a706d6196307256f768e37c4026fe43cb4875a95824c9debab0cb.exe"C:\Users\Admin\AppData\Local\Temp\850fe874201a706d6196307256f768e37c4026fe43cb4875a95824c9debab0cb.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hpthtv.exec:\hpthtv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvhrpx.exec:\ppvhrpx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxnnn.exec:\xxnnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vbdxt.exec:\vbdxt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhjxth.exec:\hhhjxth.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhpnjr.exec:\hhpnjr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfdjx.exec:\rfdjx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrlxj.exec:\hrlxj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjfxptr.exec:\fjfxptr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jbphfr.exec:\jbphfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tfndnpj.exec:\tfndnpj.exe12⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\hhvhr.exec:\hhvhr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pffpt.exec:\pffpt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bxppx.exec:\bxppx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvbxbn.exec:\vvbxbn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lvhphx.exec:\lvhphx.exe17⤵
- Executes dropped EXE
-
\??\c:\ppvrjl.exec:\ppvrjl.exe18⤵
- Executes dropped EXE
-
\??\c:\lvnjrtf.exec:\lvnjrtf.exe19⤵
- Executes dropped EXE
-
\??\c:\tfbtf.exec:\tfbtf.exe20⤵
- Executes dropped EXE
-
\??\c:\rxbtjf.exec:\rxbtjf.exe21⤵
- Executes dropped EXE
-
\??\c:\pprbnth.exec:\pprbnth.exe22⤵
- Executes dropped EXE
-
\??\c:\trfhptp.exec:\trfhptp.exe23⤵
- Executes dropped EXE
-
\??\c:\bbvjhbj.exec:\bbvjhbj.exe24⤵
- Executes dropped EXE
-
\??\c:\rrjdn.exec:\rrjdn.exe25⤵
- Executes dropped EXE
-
\??\c:\rprjh.exec:\rprjh.exe26⤵
- Executes dropped EXE
-
\??\c:\jnjhp.exec:\jnjhp.exe27⤵
- Executes dropped EXE
-
\??\c:\vdrdb.exec:\vdrdb.exe28⤵
- Executes dropped EXE
-
\??\c:\tfxbrh.exec:\tfxbrh.exe29⤵
- Executes dropped EXE
-
\??\c:\bfhbfrj.exec:\bfhbfrj.exe30⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\blvth.exec:\blvth.exe31⤵
- Executes dropped EXE
-
\??\c:\pbbpjh.exec:\pbbpjh.exe32⤵
- Executes dropped EXE
-
\??\c:\vrbff.exec:\vrbff.exe33⤵
- Executes dropped EXE
-
\??\c:\ftptxvl.exec:\ftptxvl.exe34⤵
- Executes dropped EXE
-
\??\c:\tfbvh.exec:\tfbvh.exe35⤵
- Executes dropped EXE
-
\??\c:\hdxptrl.exec:\hdxptrl.exe36⤵
- Executes dropped EXE
-
\??\c:\nvvjv.exec:\nvvjv.exe37⤵
- Executes dropped EXE
-
\??\c:\fvbpbx.exec:\fvbpbx.exe38⤵
- Executes dropped EXE
-
\??\c:\bvntrv.exec:\bvntrv.exe39⤵
- Executes dropped EXE
-
\??\c:\ljjth.exec:\ljjth.exe40⤵
- Executes dropped EXE
-
\??\c:\lrvthj.exec:\lrvthj.exe41⤵
- Executes dropped EXE
-
\??\c:\xvtbrf.exec:\xvtbrf.exe42⤵
- Executes dropped EXE
-
\??\c:\lnprv.exec:\lnprv.exe43⤵
- Executes dropped EXE
-
\??\c:\xnbvj.exec:\xnbvj.exe44⤵
- Executes dropped EXE
-
\??\c:\bjjpbl.exec:\bjjpbl.exe45⤵
- Executes dropped EXE
-
\??\c:\httnjlr.exec:\httnjlr.exe46⤵
- Executes dropped EXE
-
\??\c:\jtvhpx.exec:\jtvhpx.exe47⤵
- Executes dropped EXE
-
\??\c:\pbjpr.exec:\pbjpr.exe48⤵
- Executes dropped EXE
-
\??\c:\xxxfpt.exec:\xxxfpt.exe49⤵
- Executes dropped EXE
-
\??\c:\rxpxd.exec:\rxpxd.exe50⤵
- Executes dropped EXE
-
\??\c:\pnjnv.exec:\pnjnv.exe51⤵
- Executes dropped EXE
-
\??\c:\brvjv.exec:\brvjv.exe52⤵
- Executes dropped EXE
-
\??\c:\vxxpdj.exec:\vxxpdj.exe53⤵
- Executes dropped EXE
-
\??\c:\pjjvlr.exec:\pjjvlr.exe54⤵
- Executes dropped EXE
-
\??\c:\lpljfxt.exec:\lpljfxt.exe55⤵
- Executes dropped EXE
-
\??\c:\nphtf.exec:\nphtf.exe56⤵
- Executes dropped EXE
-
\??\c:\vnlnpvj.exec:\vnlnpvj.exe57⤵
- Executes dropped EXE
-
\??\c:\djftvp.exec:\djftvp.exe58⤵
- Executes dropped EXE
-
\??\c:\rbtvn.exec:\rbtvn.exe59⤵
- Executes dropped EXE
-
\??\c:\bnfdbjp.exec:\bnfdbjp.exe60⤵
- Executes dropped EXE
-
\??\c:\brrvp.exec:\brrvp.exe61⤵
- Executes dropped EXE
-
\??\c:\ttrlpdh.exec:\ttrlpdh.exe62⤵
- Executes dropped EXE
-
\??\c:\rfhpvl.exec:\rfhpvl.exe63⤵
- Executes dropped EXE
-
\??\c:\rjtlp.exec:\rjtlp.exe64⤵
- Executes dropped EXE
-
\??\c:\xdffl.exec:\xdffl.exe65⤵
- Executes dropped EXE
-
\??\c:\dvvjprv.exec:\dvvjprv.exe66⤵
-
\??\c:\jtrpnn.exec:\jtrpnn.exe67⤵
-
\??\c:\tdflpjd.exec:\tdflpjd.exe68⤵
-
\??\c:\lptvr.exec:\lptvr.exe69⤵
-
\??\c:\tlrfj.exec:\tlrfj.exe70⤵
-
\??\c:\bxptvh.exec:\bxptvh.exe71⤵
-
\??\c:\rljnn.exec:\rljnn.exe72⤵
-
\??\c:\ftxjn.exec:\ftxjn.exe73⤵
-
\??\c:\rdnfbxr.exec:\rdnfbxr.exe74⤵
-
\??\c:\lrbfpv.exec:\lrbfpv.exe75⤵
-
\??\c:\djhnp.exec:\djhnp.exe76⤵
-
\??\c:\hphttdj.exec:\hphttdj.exe77⤵
-
\??\c:\njlvfj.exec:\njlvfj.exe78⤵
-
\??\c:\tttvhpp.exec:\tttvhpp.exe79⤵
-
\??\c:\vfbnhhx.exec:\vfbnhhx.exe80⤵
-
\??\c:\lrxxn.exec:\lrxxn.exe81⤵
-
\??\c:\lfndppj.exec:\lfndppj.exe82⤵
-
\??\c:\xrdtfr.exec:\xrdtfr.exe83⤵
-
\??\c:\pxbbbn.exec:\pxbbbn.exe84⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hnnjj.exec:\hnnjj.exe85⤵
-
\??\c:\lrjfdl.exec:\lrjfdl.exe86⤵
-
\??\c:\lnnjd.exec:\lnnjd.exe87⤵
-
\??\c:\ttnbhbh.exec:\ttnbhbh.exe88⤵
-
\??\c:\hdjdtnv.exec:\hdjdtnv.exe89⤵
-
\??\c:\rfhjt.exec:\rfhjt.exe90⤵
-
\??\c:\hbxvxf.exec:\hbxvxf.exe91⤵
-
\??\c:\pdrlpx.exec:\pdrlpx.exe92⤵
-
\??\c:\nnlrrj.exec:\nnlrrj.exe93⤵
-
\??\c:\vlndnx.exec:\vlndnx.exe94⤵
-
\??\c:\tlfdf.exec:\tlfdf.exe95⤵
-
\??\c:\bhfnxf.exec:\bhfnxf.exe96⤵
-
\??\c:\rhlrb.exec:\rhlrb.exe97⤵
-
\??\c:\pnlbh.exec:\pnlbh.exe98⤵
-
\??\c:\hfdfdtr.exec:\hfdfdtr.exe99⤵
-
\??\c:\rhnhjnx.exec:\rhnhjnx.exe100⤵
-
\??\c:\vlnxjlr.exec:\vlnxjlr.exe101⤵
-
\??\c:\vdbdfnd.exec:\vdbdfnd.exe102⤵
-
\??\c:\llbtrnj.exec:\llbtrnj.exe103⤵
-
\??\c:\tjlbx.exec:\tjlbx.exe104⤵
-
\??\c:\pjxdbd.exec:\pjxdbd.exe105⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jrplf.exec:\jrplf.exe106⤵
-
\??\c:\tnndxfn.exec:\tnndxfn.exe107⤵
-
\??\c:\fvfvp.exec:\fvfvp.exe108⤵
-
\??\c:\ppvbrbb.exec:\ppvbrbb.exe109⤵
-
\??\c:\tlhpxr.exec:\tlhpxr.exe110⤵
-
\??\c:\xhpjp.exec:\xhpjp.exe111⤵
-
\??\c:\hjxvjx.exec:\hjxvjx.exe112⤵
-
\??\c:\llxrrl.exec:\llxrrl.exe113⤵
-
\??\c:\lpttnt.exec:\lpttnt.exe114⤵
-
\??\c:\phdvrh.exec:\phdvrh.exe115⤵
-
\??\c:\hhxpr.exec:\hhxpr.exe116⤵
-
\??\c:\rfbdvxv.exec:\rfbdvxv.exe117⤵
-
\??\c:\lvjtlxb.exec:\lvjtlxb.exe118⤵
-
\??\c:\bxvpfrt.exec:\bxvpfrt.exe119⤵
-
\??\c:\jxhhxn.exec:\jxhhxn.exe120⤵
-
\??\c:\rxvjt.exec:\rxvjt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-