Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26/12/2024, 14:26
General
-
Target
203a73351e8256492dfb17a90e9ac5d7eb9003382daf89d8277382f387d0b2b7N.exe
-
Size
453KB
-
MD5
e63f4c3335ed2b30e85943c9d14e59a0
-
SHA1
7614c82578a00b8d2a719268f654cff6a9f2382a
-
SHA256
203a73351e8256492dfb17a90e9ac5d7eb9003382daf89d8277382f387d0b2b7
-
SHA512
031148bf410dc839871db171f261370f31ed087783ac78f9a45574cba1f5f4a82529f8d9663a3a6a4c048f19dfec0571d0b54cd60fc70a4ff091d1ef3a570f5f
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbec:q7Tc2NYHUrAwfMp3CDc
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 49 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 49 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\203a73351e8256492dfb17a90e9ac5d7eb9003382daf89d8277382f387d0b2b7N.exe"C:\Users\Admin\AppData\Local\Temp\203a73351e8256492dfb17a90e9ac5d7eb9003382daf89d8277382f387d0b2b7N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjpdd.exec:\dpjpdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdddlr.exec:\vjdddlr.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\tjddd.exec:\tjddd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dphflp.exec:\dphflp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dhlvtht.exec:\dhlvtht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbrltf.exec:\rbrltf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrxlhn.exec:\hrxlhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fhxntb.exec:\fhxntb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttrtpnj.exec:\ttrtpnj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prdlnbv.exec:\prdlnbv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrdfvr.exec:\hrdfvr.exe12⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\btdxrb.exec:\btdxrb.exe13⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\phvjhpj.exec:\phvjhpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ptldjpx.exec:\ptldjpx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fbljrlt.exec:\fbljrlt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrttfl.exec:\lrttfl.exe17⤵
- Executes dropped EXE
-
\??\c:\fjflfvj.exec:\fjflfvj.exe18⤵
- Executes dropped EXE
-
\??\c:\dxnxr.exec:\dxnxr.exe19⤵
- Executes dropped EXE
-
\??\c:\hbjrh.exec:\hbjrh.exe20⤵
- Executes dropped EXE
-
\??\c:\nrtbx.exec:\nrtbx.exe21⤵
- Executes dropped EXE
-
\??\c:\ltthdtv.exec:\ltthdtv.exe22⤵
- Executes dropped EXE
-
\??\c:\xxrfvdh.exec:\xxrfvdh.exe23⤵
- Executes dropped EXE
-
\??\c:\jrbxh.exec:\jrbxh.exe24⤵
- Executes dropped EXE
-
\??\c:\drflvlf.exec:\drflvlf.exe25⤵
- Executes dropped EXE
-
\??\c:\vfdjvr.exec:\vfdjvr.exe26⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nphrb.exec:\nphrb.exe27⤵
- Executes dropped EXE
-
\??\c:\ptbdjfh.exec:\ptbdjfh.exe28⤵
- Executes dropped EXE
-
\??\c:\tndvrtt.exec:\tndvrtt.exe29⤵
- Executes dropped EXE
-
\??\c:\bhrnjjd.exec:\bhrnjjd.exe30⤵
- Executes dropped EXE
-
\??\c:\xldxn.exec:\xldxn.exe31⤵
- Executes dropped EXE
-
\??\c:\dhltndv.exec:\dhltndv.exe32⤵
- Executes dropped EXE
-
\??\c:\jldth.exec:\jldth.exe33⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hbbtn.exec:\hbbtn.exe34⤵
- Executes dropped EXE
-
\??\c:\xhfjrrh.exec:\xhfjrrh.exe35⤵
- Executes dropped EXE
-
\??\c:\dhrnppd.exec:\dhrnppd.exe36⤵
- Executes dropped EXE
-
\??\c:\pbrrbxb.exec:\pbrrbxb.exe37⤵
- Executes dropped EXE
-
\??\c:\nljljh.exec:\nljljh.exe38⤵
- Executes dropped EXE
-
\??\c:\pphjp.exec:\pphjp.exe39⤵
- Executes dropped EXE
-
\??\c:\rftrrvb.exec:\rftrrvb.exe40⤵
- Executes dropped EXE
-
\??\c:\jfprll.exec:\jfprll.exe41⤵
- Executes dropped EXE
-
\??\c:\vddfpr.exec:\vddfpr.exe42⤵
- Executes dropped EXE
-
\??\c:\vxxdlb.exec:\vxxdlb.exe43⤵
- Executes dropped EXE
-
\??\c:\lfpxjr.exec:\lfpxjr.exe44⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lpthjjx.exec:\lpthjjx.exe45⤵
- Executes dropped EXE
-
\??\c:\xbrdd.exec:\xbrdd.exe46⤵
- Executes dropped EXE
-
\??\c:\tblln.exec:\tblln.exe47⤵
- Executes dropped EXE
-
\??\c:\ldddphx.exec:\ldddphx.exe48⤵
- Executes dropped EXE
-
\??\c:\fdbjt.exec:\fdbjt.exe49⤵
- Executes dropped EXE
-
\??\c:\rvpnnrl.exec:\rvpnnrl.exe50⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bntjn.exec:\bntjn.exe51⤵
- Executes dropped EXE
-
\??\c:\xtfxb.exec:\xtfxb.exe52⤵
- Executes dropped EXE
-
\??\c:\bvphxbx.exec:\bvphxbx.exe53⤵
- Executes dropped EXE
-
\??\c:\xvxhf.exec:\xvxhf.exe54⤵
- Executes dropped EXE
-
\??\c:\llhxh.exec:\llhxh.exe55⤵
- Executes dropped EXE
-
\??\c:\drpbjpf.exec:\drpbjpf.exe56⤵
- Executes dropped EXE
-
\??\c:\hvhjdj.exec:\hvhjdj.exe57⤵
- Executes dropped EXE
-
\??\c:\nfdfdr.exec:\nfdfdr.exe58⤵
- Executes dropped EXE
-
\??\c:\hdnfhv.exec:\hdnfhv.exe59⤵
- Executes dropped EXE
-
\??\c:\tpvbbnv.exec:\tpvbbnv.exe60⤵
- Executes dropped EXE
-
\??\c:\dhtldhb.exec:\dhtldhb.exe61⤵
- Executes dropped EXE
-
\??\c:\djlxdlv.exec:\djlxdlv.exe62⤵
- Executes dropped EXE
-
\??\c:\pjvbh.exec:\pjvbh.exe63⤵
- Executes dropped EXE
-
\??\c:\hxpxtp.exec:\hxpxtp.exe64⤵
- Executes dropped EXE
-
\??\c:\bjflffx.exec:\bjflffx.exe65⤵
- Executes dropped EXE
-
\??\c:\dlbdpt.exec:\dlbdpt.exe66⤵
-
\??\c:\bhjvbfn.exec:\bhjvbfn.exe67⤵
-
\??\c:\xjrjtj.exec:\xjrjtj.exe68⤵
-
\??\c:\vhhvr.exec:\vhhvr.exe69⤵
-
\??\c:\prhvfh.exec:\prhvfh.exe70⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xbrrldh.exec:\xbrrldh.exe71⤵
-
\??\c:\hdfxlh.exec:\hdfxlh.exe72⤵
- System Location Discovery: System Language Discovery
-
\??\c:\djvtjv.exec:\djvtjv.exe73⤵
-
\??\c:\vdvhttv.exec:\vdvhttv.exe74⤵
-
\??\c:\hjrpvx.exec:\hjrpvx.exe75⤵
-
\??\c:\trddxv.exec:\trddxv.exe76⤵
-
\??\c:\xddjbh.exec:\xddjbh.exe77⤵
-
\??\c:\nlntxvd.exec:\nlntxvd.exe78⤵
-
\??\c:\bxlpf.exec:\bxlpf.exe79⤵
-
\??\c:\pdlflt.exec:\pdlflt.exe80⤵
-
\??\c:\dvpfh.exec:\dvpfh.exe81⤵
-
\??\c:\trjxhlv.exec:\trjxhlv.exe82⤵
-
\??\c:\vjpfpxl.exec:\vjpfpxl.exe83⤵
-
\??\c:\nbjtnx.exec:\nbjtnx.exe84⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jtpxfjt.exec:\jtpxfjt.exe85⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tdlntpf.exec:\tdlntpf.exe86⤵
-
\??\c:\fllbf.exec:\fllbf.exe87⤵
-
\??\c:\rfhdhl.exec:\rfhdhl.exe88⤵
-
\??\c:\xhnhx.exec:\xhnhx.exe89⤵
-
\??\c:\rtbnbr.exec:\rtbnbr.exe90⤵
-
\??\c:\bfvpln.exec:\bfvpln.exe91⤵
-
\??\c:\pnpjp.exec:\pnpjp.exe92⤵
-
\??\c:\vflnf.exec:\vflnf.exe93⤵
-
\??\c:\trdbx.exec:\trdbx.exe94⤵
-
\??\c:\drrhllj.exec:\drrhllj.exe95⤵
-
\??\c:\rbdddj.exec:\rbdddj.exe96⤵
-
\??\c:\rjdfbv.exec:\rjdfbv.exe97⤵
-
\??\c:\xvtfhbh.exec:\xvtfhbh.exe98⤵
-
\??\c:\nvntlh.exec:\nvntlh.exe99⤵
-
\??\c:\xftnnf.exec:\xftnnf.exe100⤵
-
\??\c:\fndlh.exec:\fndlh.exe101⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hnrbd.exec:\hnrbd.exe102⤵
-
\??\c:\ndnxnrp.exec:\ndnxnrp.exe103⤵
-
\??\c:\xnjxtd.exec:\xnjxtd.exe104⤵
-
\??\c:\jjrpl.exec:\jjrpl.exe105⤵
-
\??\c:\rjvtn.exec:\rjvtn.exe106⤵
-
\??\c:\jbrnbpx.exec:\jbrnbpx.exe107⤵
-
\??\c:\xxrnx.exec:\xxrnx.exe108⤵
-
\??\c:\pxrfbvt.exec:\pxrfbvt.exe109⤵
-
\??\c:\jhphdr.exec:\jhphdr.exe110⤵
-
\??\c:\jvdhdr.exec:\jvdhdr.exe111⤵
-
\??\c:\rrvblpx.exec:\rrvblpx.exe112⤵
-
\??\c:\bjxhxbt.exec:\bjxhxbt.exe113⤵
-
\??\c:\jxlftjn.exec:\jxlftjn.exe114⤵
-
\??\c:\phlpdxn.exec:\phlpdxn.exe115⤵
-
\??\c:\dvfjd.exec:\dvfjd.exe116⤵
-
\??\c:\xltvppx.exec:\xltvppx.exe117⤵
-
\??\c:\bllxbr.exec:\bllxbr.exe118⤵
-
\??\c:\ddpddvj.exec:\ddpddvj.exe119⤵
-
\??\c:\flxltx.exec:\flxltx.exe120⤵
-
\??\c:\tbfxpb.exec:\tbfxpb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-