Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26/12/2024, 18:50
General
-
Target
8f6c38ff8af09b756bcfe6534c627b9d568d0b1b729d47c6965c77162161f2a4.exe
-
Size
453KB
-
MD5
49fcec3b74248fb90a3bafd624b1ce3e
-
SHA1
9b4995b8f2c37ae3f7d92eb8b02e9b18ae7a5b41
-
SHA256
8f6c38ff8af09b756bcfe6534c627b9d568d0b1b729d47c6965c77162161f2a4
-
SHA512
447555d32fd7af15827a6df5ec67a272b16d3e72936ac0b0f62a9ab81de04f5d8aa51cc287df16b7aaab5254cda7783ba276d95c76fceed6e125e249719da078
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbea:q7Tc2NYHUrAwfMp3CDa
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 44 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 43 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8f6c38ff8af09b756bcfe6534c627b9d568d0b1b729d47c6965c77162161f2a4.exe"C:\Users\Admin\AppData\Local\Temp\8f6c38ff8af09b756bcfe6534c627b9d568d0b1b729d47c6965c77162161f2a4.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dbjvj.exec:\dbjvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frnnj.exec:\frnnj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\brfhnft.exec:\brfhnft.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phdfl.exec:\phdfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bjndfn.exec:\bjndfn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vflfxpx.exec:\vflfxpx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflvbx.exec:\fxflvbx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jfvlbn.exec:\jfvlbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lptbfj.exec:\lptbfj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\npjvtfl.exec:\npjvtfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhnxxfr.exec:\rhnxxfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fhpbbn.exec:\fhpbbn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhjrrld.exec:\nhjrrld.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rjfjrpx.exec:\rjfjrpx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fdjxpt.exec:\fdjxpt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prvtt.exec:\prvtt.exe17⤵
- Executes dropped EXE
-
\??\c:\rhllxjr.exec:\rhllxjr.exe18⤵
- Executes dropped EXE
-
\??\c:\bvxxxfx.exec:\bvxxxfx.exe19⤵
- Executes dropped EXE
-
\??\c:\tdprrv.exec:\tdprrv.exe20⤵
- Executes dropped EXE
-
\??\c:\tplhj.exec:\tplhj.exe21⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tnnxjb.exec:\tnnxjb.exe22⤵
- Executes dropped EXE
-
\??\c:\nnnbvh.exec:\nnnbvh.exe23⤵
- Executes dropped EXE
-
\??\c:\ddbfb.exec:\ddbfb.exe24⤵
- Executes dropped EXE
-
\??\c:\xdhjrbb.exec:\xdhjrbb.exe25⤵
- Executes dropped EXE
-
\??\c:\hnllpxr.exec:\hnllpxr.exe26⤵
- Executes dropped EXE
-
\??\c:\dtrdbp.exec:\dtrdbp.exe27⤵
- Executes dropped EXE
-
\??\c:\lpjlfn.exec:\lpjlfn.exe28⤵
- Executes dropped EXE
-
\??\c:\hphphpx.exec:\hphphpx.exe29⤵
- Executes dropped EXE
-
\??\c:\vvrtrr.exec:\vvrtrr.exe30⤵
- Executes dropped EXE
-
\??\c:\xttjrbh.exec:\xttjrbh.exe31⤵
- Executes dropped EXE
-
\??\c:\phdjdbx.exec:\phdjdbx.exe32⤵
- Executes dropped EXE
-
\??\c:\xpbdrt.exec:\xpbdrt.exe33⤵
- Executes dropped EXE
-
\??\c:\jxphb.exec:\jxphb.exe34⤵
- Executes dropped EXE
-
\??\c:\nrhpx.exec:\nrhpx.exe35⤵
- Executes dropped EXE
-
\??\c:\bhnjx.exec:\bhnjx.exe36⤵
- Executes dropped EXE
-
\??\c:\ffjtnx.exec:\ffjtnx.exe37⤵
- Executes dropped EXE
-
\??\c:\rbhdl.exec:\rbhdl.exe38⤵
- Executes dropped EXE
-
\??\c:\btrhh.exec:\btrhh.exe39⤵
- Executes dropped EXE
-
\??\c:\pthhvnb.exec:\pthhvnb.exe40⤵
- Executes dropped EXE
-
\??\c:\fhxlh.exec:\fhxlh.exe41⤵
- Executes dropped EXE
-
\??\c:\dpnhjn.exec:\dpnhjn.exe42⤵
- Executes dropped EXE
-
\??\c:\xprvl.exec:\xprvl.exe43⤵
- Executes dropped EXE
-
\??\c:\dnhdhtn.exec:\dnhdhtn.exe44⤵
- Executes dropped EXE
-
\??\c:\jpntpnd.exec:\jpntpnd.exe45⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jfvjbdp.exec:\jfvjbdp.exe46⤵
- Executes dropped EXE
-
\??\c:\vffnd.exec:\vffnd.exe47⤵
- Executes dropped EXE
-
\??\c:\ppjtpn.exec:\ppjtpn.exe48⤵
- Executes dropped EXE
-
\??\c:\jnbfllj.exec:\jnbfllj.exe49⤵
- Executes dropped EXE
-
\??\c:\dhrdx.exec:\dhrdx.exe50⤵
- Executes dropped EXE
-
\??\c:\hxdtb.exec:\hxdtb.exe51⤵
- Executes dropped EXE
-
\??\c:\xnjtdxd.exec:\xnjtdxd.exe52⤵
- Executes dropped EXE
-
\??\c:\pvvrp.exec:\pvvrp.exe53⤵
- Executes dropped EXE
-
\??\c:\rbtblp.exec:\rbtblp.exe54⤵
- Executes dropped EXE
-
\??\c:\dxbjb.exec:\dxbjb.exe55⤵
- Executes dropped EXE
-
\??\c:\ntpjn.exec:\ntpjn.exe56⤵
- Executes dropped EXE
-
\??\c:\xvhbppp.exec:\xvhbppp.exe57⤵
- Executes dropped EXE
-
\??\c:\trhbv.exec:\trhbv.exe58⤵
- Executes dropped EXE
-
\??\c:\vlhbn.exec:\vlhbn.exe59⤵
- Executes dropped EXE
-
\??\c:\vntvlpf.exec:\vntvlpf.exe60⤵
- Executes dropped EXE
-
\??\c:\dtnrxp.exec:\dtnrxp.exe61⤵
- Executes dropped EXE
-
\??\c:\dfrtl.exec:\dfrtl.exe62⤵
- Executes dropped EXE
-
\??\c:\dtphbd.exec:\dtphbd.exe63⤵
- Executes dropped EXE
-
\??\c:\vxjfjbt.exec:\vxjfjbt.exe64⤵
- Executes dropped EXE
-
\??\c:\rvvrpr.exec:\rvvrpr.exe65⤵
- Executes dropped EXE
-
\??\c:\dfdrxd.exec:\dfdrxd.exe66⤵
-
\??\c:\brxhhpv.exec:\brxhhpv.exe67⤵
-
\??\c:\rxdnl.exec:\rxdnl.exe68⤵
-
\??\c:\dljpvv.exec:\dljpvv.exe69⤵
-
\??\c:\xlhnx.exec:\xlhnx.exe70⤵
-
\??\c:\tljpd.exec:\tljpd.exe71⤵
-
\??\c:\tdnjxv.exec:\tdnjxv.exe72⤵
-
\??\c:\xddjxdb.exec:\xddjxdb.exe73⤵
-
\??\c:\fxdxhj.exec:\fxdxhj.exe74⤵
-
\??\c:\jbjbrhl.exec:\jbjbrhl.exe75⤵
-
\??\c:\rvhjnjd.exec:\rvhjnjd.exe76⤵
-
\??\c:\lbhrd.exec:\lbhrd.exe77⤵
-
\??\c:\vdlfrrt.exec:\vdlfrrt.exe78⤵
-
\??\c:\jdhjv.exec:\jdhjv.exe79⤵
-
\??\c:\vbjdjhp.exec:\vbjdjhp.exe80⤵
-
\??\c:\tjpxfv.exec:\tjpxfv.exe81⤵
-
\??\c:\nvjvb.exec:\nvjvb.exe82⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vdftlx.exec:\vdftlx.exe83⤵
-
\??\c:\pnldv.exec:\pnldv.exe84⤵
-
\??\c:\dldlxp.exec:\dldlxp.exe85⤵
-
\??\c:\dvtdjbb.exec:\dvtdjbb.exe86⤵
-
\??\c:\tvvbj.exec:\tvvbj.exe87⤵
-
\??\c:\fxvfjh.exec:\fxvfjh.exe88⤵
-
\??\c:\drdhbxn.exec:\drdhbxn.exe89⤵
-
\??\c:\bpvtpbb.exec:\bpvtpbb.exe90⤵
-
\??\c:\rnrnlr.exec:\rnrnlr.exe91⤵
-
\??\c:\fplnjx.exec:\fplnjx.exe92⤵
-
\??\c:\vtrjrb.exec:\vtrjrb.exe93⤵
-
\??\c:\vbfpxbl.exec:\vbfpxbl.exe94⤵
-
\??\c:\pxvnl.exec:\pxvnl.exe95⤵
-
\??\c:\jffnlvl.exec:\jffnlvl.exe96⤵
-
\??\c:\tdxvp.exec:\tdxvp.exe97⤵
-
\??\c:\dlxbxlr.exec:\dlxbxlr.exe98⤵
-
\??\c:\lxppnh.exec:\lxppnh.exe99⤵
-
\??\c:\rflxd.exec:\rflxd.exe100⤵
-
\??\c:\ppvpr.exec:\ppvpr.exe101⤵
-
\??\c:\brttx.exec:\brttx.exe102⤵
-
\??\c:\jjvrx.exec:\jjvrx.exe103⤵
-
\??\c:\rdlpp.exec:\rdlpp.exe104⤵
-
\??\c:\rthdn.exec:\rthdn.exe105⤵
-
\??\c:\hvjvfj.exec:\hvjvfj.exe106⤵
-
\??\c:\plxrxr.exec:\plxrxr.exe107⤵
-
\??\c:\vlrdtf.exec:\vlrdtf.exe108⤵
-
\??\c:\bnvjfdj.exec:\bnvjfdj.exe109⤵
-
\??\c:\njjpnbr.exec:\njjpnbr.exe110⤵
-
\??\c:\jdxtfb.exec:\jdxtfb.exe111⤵
-
\??\c:\pdfjhbb.exec:\pdfjhbb.exe112⤵
-
\??\c:\bfdhb.exec:\bfdhb.exe113⤵
-
\??\c:\dvrpvr.exec:\dvrpvr.exe114⤵
-
\??\c:\dlbnhdf.exec:\dlbnhdf.exe115⤵
-
\??\c:\njvrtn.exec:\njvrtn.exe116⤵
-
\??\c:\hlttx.exec:\hlttx.exe117⤵
-
\??\c:\jrbtfjx.exec:\jrbtfjx.exe118⤵
-
\??\c:\ttrtd.exec:\ttrtd.exe119⤵
-
\??\c:\lvrtb.exec:\lvrtb.exe120⤵
-
\??\c:\jtxjl.exec:\jtxjl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-