Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26/12/2024, 13:08
General
-
Target
baf23d7ef9a539733a9e14c70d4c659c859442591312f55f88c8b901c6ade7a1.exe
-
Size
454KB
-
MD5
d7aab856e4bd64936a1088a688dcfed6
-
SHA1
6a09edc8f6675ef7d5e1b82b58cda6d7e99c2165
-
SHA256
baf23d7ef9a539733a9e14c70d4c659c859442591312f55f88c8b901c6ade7a1
-
SHA512
99171a60807dd13d63065dd0e488cc2da5b92f8e17a2e8822189f1654a89983b596042683dc452b0ab9ec8642a34effb0a776e1d84edec277d5f54875de8b4df
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeZ:q7Tc2NYHUrAwfMp3CDZ
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 46 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\baf23d7ef9a539733a9e14c70d4c659c859442591312f55f88c8b901c6ade7a1.exe"C:\Users\Admin\AppData\Local\Temp\baf23d7ef9a539733a9e14c70d4c659c859442591312f55f88c8b901c6ade7a1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhppv.exec:\hnhppv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thjdvvd.exec:\thjdvvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thdndjv.exec:\thdndjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrnpvb.exec:\xxrnpvb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jphvxb.exec:\jphvxb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvhxpxp.exec:\hvhxpxp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ldjnj.exec:\ldjnj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djxfhn.exec:\djxfhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxjxdh.exec:\nxjxdh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bppvlh.exec:\bppvlh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nlpxn.exec:\nlpxn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbblxj.exec:\rbblxj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nprnvn.exec:\nprnvn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nddpnd.exec:\nddpnd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prvtv.exec:\prvtv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tvnxldd.exec:\tvnxldd.exe17⤵
- Executes dropped EXE
-
\??\c:\lbfbxf.exec:\lbfbxf.exe18⤵
- Executes dropped EXE
-
\??\c:\bhxvlh.exec:\bhxvlh.exe19⤵
- Executes dropped EXE
-
\??\c:\jtxpr.exec:\jtxpr.exe20⤵
- Executes dropped EXE
-
\??\c:\ffdnx.exec:\ffdnx.exe21⤵
- Executes dropped EXE
-
\??\c:\ttpttpl.exec:\ttpttpl.exe22⤵
- Executes dropped EXE
-
\??\c:\drfjfl.exec:\drfjfl.exe23⤵
- Executes dropped EXE
-
\??\c:\prvvvvb.exec:\prvvvvb.exe24⤵
- Executes dropped EXE
-
\??\c:\ttvrt.exec:\ttvrt.exe25⤵
- Executes dropped EXE
-
\??\c:\dbtjlrh.exec:\dbtjlrh.exe26⤵
- Executes dropped EXE
-
\??\c:\hnlhb.exec:\hnlhb.exe27⤵
- Executes dropped EXE
-
\??\c:\hndbnt.exec:\hndbnt.exe28⤵
- Executes dropped EXE
-
\??\c:\ptpdh.exec:\ptpdh.exe29⤵
- Executes dropped EXE
-
\??\c:\jfrlp.exec:\jfrlp.exe30⤵
- Executes dropped EXE
-
\??\c:\xtxff.exec:\xtxff.exe31⤵
- Executes dropped EXE
-
\??\c:\bnlfxfd.exec:\bnlfxfd.exe32⤵
- Executes dropped EXE
-
\??\c:\ljnvtxj.exec:\ljnvtxj.exe33⤵
- Executes dropped EXE
-
\??\c:\vdnhn.exec:\vdnhn.exe34⤵
- Executes dropped EXE
-
\??\c:\rhnpn.exec:\rhnpn.exe35⤵
-
\??\c:\xlljfrb.exec:\xlljfrb.exe36⤵
- Executes dropped EXE
-
\??\c:\jdldxf.exec:\jdldxf.exe37⤵
- Executes dropped EXE
-
\??\c:\jnnhvft.exec:\jnnhvft.exe38⤵
- Executes dropped EXE
-
\??\c:\rbxrp.exec:\rbxrp.exe39⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rlndp.exec:\rlndp.exe40⤵
- Executes dropped EXE
-
\??\c:\hbftj.exec:\hbftj.exe41⤵
- Executes dropped EXE
-
\??\c:\tpppp.exec:\tpppp.exe42⤵
- Executes dropped EXE
-
\??\c:\fhblrt.exec:\fhblrt.exe43⤵
- Executes dropped EXE
-
\??\c:\bjbjhf.exec:\bjbjhf.exe44⤵
- Executes dropped EXE
-
\??\c:\ftflb.exec:\ftflb.exe45⤵
- Executes dropped EXE
-
\??\c:\jrthlvx.exec:\jrthlvx.exe46⤵
- Executes dropped EXE
-
\??\c:\ndndjvb.exec:\ndndjvb.exe47⤵
- Executes dropped EXE
-
\??\c:\pxjlp.exec:\pxjlp.exe48⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dprtl.exec:\dprtl.exe49⤵
- Executes dropped EXE
-
\??\c:\drhbdd.exec:\drhbdd.exe50⤵
- Executes dropped EXE
-
\??\c:\trvjl.exec:\trvjl.exe51⤵
- Executes dropped EXE
-
\??\c:\npvxj.exec:\npvxj.exe52⤵
- Executes dropped EXE
-
\??\c:\rldvffr.exec:\rldvffr.exe53⤵
- Executes dropped EXE
-
\??\c:\xrxjxd.exec:\xrxjxd.exe54⤵
- Executes dropped EXE
-
\??\c:\jnjph.exec:\jnjph.exe55⤵
- Executes dropped EXE
-
\??\c:\tpptpd.exec:\tpptpd.exe56⤵
- Executes dropped EXE
-
\??\c:\dfxjlf.exec:\dfxjlf.exe57⤵
- Executes dropped EXE
-
\??\c:\nttrrfv.exec:\nttrrfv.exe58⤵
- Executes dropped EXE
-
\??\c:\bbxtp.exec:\bbxtp.exe59⤵
- Executes dropped EXE
-
\??\c:\ldbpvrb.exec:\ldbpvrb.exe60⤵
- Executes dropped EXE
-
\??\c:\phnxlr.exec:\phnxlr.exe61⤵
- Executes dropped EXE
-
\??\c:\rnxfjb.exec:\rnxfjb.exe62⤵
- Executes dropped EXE
-
\??\c:\ltvxj.exec:\ltvxj.exe63⤵
- Executes dropped EXE
-
\??\c:\rhnphnl.exec:\rhnphnl.exe64⤵
- Executes dropped EXE
-
\??\c:\pnhnlp.exec:\pnhnlp.exe65⤵
- Executes dropped EXE
-
\??\c:\xddjdf.exec:\xddjdf.exe66⤵
- Executes dropped EXE
-
\??\c:\bnrrlpd.exec:\bnrrlpd.exe67⤵
-
\??\c:\fxdjlnp.exec:\fxdjlnp.exe68⤵
-
\??\c:\xxxrx.exec:\xxxrx.exe69⤵
-
\??\c:\vhdlfl.exec:\vhdlfl.exe70⤵
-
\??\c:\fjfnf.exec:\fjfnf.exe71⤵
-
\??\c:\lxnfxv.exec:\lxnfxv.exe72⤵
-
\??\c:\plpvfh.exec:\plpvfh.exe73⤵
-
\??\c:\fbnfhnx.exec:\fbnfhnx.exe74⤵
-
\??\c:\thvfv.exec:\thvfv.exe75⤵
-
\??\c:\htpdj.exec:\htpdj.exe76⤵
-
\??\c:\llfbp.exec:\llfbp.exe77⤵
-
\??\c:\hpplf.exec:\hpplf.exe78⤵
-
\??\c:\fdjlbjl.exec:\fdjlbjl.exe79⤵
-
\??\c:\ljpdfpj.exec:\ljpdfpj.exe80⤵
-
\??\c:\vhhxh.exec:\vhhxh.exe81⤵
-
\??\c:\hnldv.exec:\hnldv.exe82⤵
-
\??\c:\lrfnnpf.exec:\lrfnnpf.exe83⤵
-
\??\c:\ppfnpr.exec:\ppfnpr.exe84⤵
-
\??\c:\nfxxdv.exec:\nfxxdv.exe85⤵
-
\??\c:\ljbfn.exec:\ljbfn.exe86⤵
-
\??\c:\pnhbr.exec:\pnhbr.exe87⤵
-
\??\c:\bbpdnhn.exec:\bbpdnhn.exe88⤵
-
\??\c:\rhtntbn.exec:\rhtntbn.exe89⤵
-
\??\c:\jjxbbpn.exec:\jjxbbpn.exe90⤵
-
\??\c:\xxjhfxd.exec:\xxjhfxd.exe91⤵
-
\??\c:\rhrdlvn.exec:\rhrdlvn.exe92⤵
-
\??\c:\vlvxdnr.exec:\vlvxdnr.exe93⤵
-
\??\c:\lltdv.exec:\lltdv.exe94⤵
-
\??\c:\pddxbhd.exec:\pddxbhd.exe95⤵
-
\??\c:\xjnlh.exec:\xjnlh.exe96⤵
-
\??\c:\frxxlt.exec:\frxxlt.exe97⤵
-
\??\c:\dlbxplt.exec:\dlbxplt.exe98⤵
-
\??\c:\jhxlnjd.exec:\jhxlnjd.exe99⤵
-
\??\c:\nhnbptn.exec:\nhnbptn.exe100⤵
-
\??\c:\lnftfl.exec:\lnftfl.exe101⤵
-
\??\c:\bhbjnj.exec:\bhbjnj.exe102⤵
-
\??\c:\rtpvfx.exec:\rtpvfx.exe103⤵
-
\??\c:\phljv.exec:\phljv.exe104⤵
-
\??\c:\nnrndnf.exec:\nnrndnf.exe105⤵
-
\??\c:\lfvnhnv.exec:\lfvnhnv.exe106⤵
-
\??\c:\rtxhpr.exec:\rtxhpr.exe107⤵
-
\??\c:\tbdxjlf.exec:\tbdxjlf.exe108⤵
-
\??\c:\lrvpv.exec:\lrvpv.exe109⤵
-
\??\c:\vvpfnhd.exec:\vvpfnhd.exe110⤵
-
\??\c:\xhvjdbp.exec:\xhvjdbp.exe111⤵
-
\??\c:\dljxb.exec:\dljxb.exe112⤵
-
\??\c:\tbdxxrh.exec:\tbdxxrh.exe113⤵
-
\??\c:\lpfvppl.exec:\lpfvppl.exe114⤵
-
\??\c:\txdnj.exec:\txdnj.exe115⤵
-
\??\c:\fxfjr.exec:\fxfjr.exe116⤵
-
\??\c:\nvvhtj.exec:\nvvhtj.exe117⤵
-
\??\c:\btrpjbr.exec:\btrpjbr.exe118⤵
-
\??\c:\tvjbnl.exec:\tvjbnl.exe119⤵
-
\??\c:\nvhxf.exec:\nvhxf.exe120⤵
-
\??\c:\jlvhfj.exec:\jlvhfj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-