Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
11/01/2025, 06:47
General
-
Target
3ba94b9ddc1c3c688b9b0143f7871ef26678f34b5fac72965da63dcb28b0369aN.exe
-
Size
54KB
-
MD5
61301f67b5b57197dd53e55360de5c20
-
SHA1
6a233d2a5657e010637d60dd8fc0d9428bb4eee7
-
SHA256
3ba94b9ddc1c3c688b9b0143f7871ef26678f34b5fac72965da63dcb28b0369a
-
SHA512
5936015718734b7d68f56695704b23f29a1f95bdb3281c79235aefb33e3130aa899cba54927548cae6f69cacbc02529a434093d25af2068e8cfba229b067cb75
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5IKvlNJM:0cdpeeBSHHMHLf9RyIEK
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 54 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3ba94b9ddc1c3c688b9b0143f7871ef26678f34b5fac72965da63dcb28b0369aN.exe"C:\Users\Admin\AppData\Local\Temp\3ba94b9ddc1c3c688b9b0143f7871ef26678f34b5fac72965da63dcb28b0369aN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrnbj.exec:\rrnbj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xhhprn.exec:\xhhprn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dfvbfx.exec:\dfvbfx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhvjdjn.exec:\nhvjdjn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjpdpxf.exec:\fjpdpxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rnxnlnl.exec:\rnxnlnl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nfjfb.exec:\nfjfb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ftrttjf.exec:\ftrttjf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhlxldx.exec:\hhlxldx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrjdt.exec:\rrjdt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nljdbf.exec:\nljdbf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vhtjn.exec:\vhtjn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lltprl.exec:\lltprl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tlptd.exec:\tlptd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rftvlnd.exec:\rftvlnd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hllplv.exec:\hllplv.exe17⤵
- Executes dropped EXE
-
\??\c:\hhjfxtj.exec:\hhjfxtj.exe18⤵
- Executes dropped EXE
-
\??\c:\lldrxx.exec:\lldrxx.exe19⤵
- Executes dropped EXE
-
\??\c:\jrdfjjr.exec:\jrdfjjr.exe20⤵
- Executes dropped EXE
-
\??\c:\njfttnx.exec:\njfttnx.exe21⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tjhrvfx.exec:\tjhrvfx.exe22⤵
- Executes dropped EXE
-
\??\c:\nnrjjff.exec:\nnrjjff.exe23⤵
- Executes dropped EXE
-
\??\c:\dvhvnf.exec:\dvhvnf.exe24⤵
- Executes dropped EXE
-
\??\c:\jhlft.exec:\jhlft.exe25⤵
- Executes dropped EXE
-
\??\c:\xvpttxv.exec:\xvpttxv.exe26⤵
- Executes dropped EXE
-
\??\c:\dfvfjt.exec:\dfvfjt.exe27⤵
- Executes dropped EXE
-
\??\c:\nttdlh.exec:\nttdlh.exe28⤵
- Executes dropped EXE
-
\??\c:\bjlllnt.exec:\bjlllnt.exe29⤵
- Executes dropped EXE
-
\??\c:\ltxprbj.exec:\ltxprbj.exe30⤵
- Executes dropped EXE
-
\??\c:\jvjrj.exec:\jvjrj.exe31⤵
- Executes dropped EXE
-
\??\c:\btfxxhr.exec:\btfxxhr.exe32⤵
- Executes dropped EXE
-
\??\c:\rxpjxl.exec:\rxpjxl.exe33⤵
- Executes dropped EXE
-
\??\c:\hrrvj.exec:\hrrvj.exe34⤵
- Executes dropped EXE
-
\??\c:\ffvlbbn.exec:\ffvlbbn.exe35⤵
- Executes dropped EXE
-
\??\c:\rffhnpl.exec:\rffhnpl.exe36⤵
- Executes dropped EXE
-
\??\c:\pvthjnp.exec:\pvthjnp.exe37⤵
- Executes dropped EXE
-
\??\c:\rbnrlhf.exec:\rbnrlhf.exe38⤵
- Executes dropped EXE
-
\??\c:\fvvxd.exec:\fvvxd.exe39⤵
- Executes dropped EXE
-
\??\c:\thttjdj.exec:\thttjdj.exe40⤵
- Executes dropped EXE
-
\??\c:\bdfdr.exec:\bdfdr.exe41⤵
- Executes dropped EXE
-
\??\c:\ndffdf.exec:\ndffdf.exe42⤵
- Executes dropped EXE
-
\??\c:\dxddhnl.exec:\dxddhnl.exe43⤵
- Executes dropped EXE
-
\??\c:\lxfxrv.exec:\lxfxrv.exe44⤵
- Executes dropped EXE
-
\??\c:\ftxrhr.exec:\ftxrhr.exe45⤵
- Executes dropped EXE
-
\??\c:\pfxfnrj.exec:\pfxfnrj.exe46⤵
- Executes dropped EXE
-
\??\c:\rllvtbl.exec:\rllvtbl.exe47⤵
- Executes dropped EXE
-
\??\c:\rhvnd.exec:\rhvnd.exe48⤵
- Executes dropped EXE
-
\??\c:\pbrjpf.exec:\pbrjpf.exe49⤵
- Executes dropped EXE
-
\??\c:\trpfprv.exec:\trpfprv.exe50⤵
- Executes dropped EXE
-
\??\c:\pltfvft.exec:\pltfvft.exe51⤵
- Executes dropped EXE
-
\??\c:\xbtndj.exec:\xbtndj.exe52⤵
- Executes dropped EXE
-
\??\c:\fbtthln.exec:\fbtthln.exe53⤵
- Executes dropped EXE
-
\??\c:\nbdvv.exec:\nbdvv.exe54⤵
- Executes dropped EXE
-
\??\c:\pvnpdx.exec:\pvnpdx.exe55⤵
- Executes dropped EXE
-
\??\c:\bvjvdr.exec:\bvjvdr.exe56⤵
- Executes dropped EXE
-
\??\c:\nvhnt.exec:\nvhnt.exe57⤵
- Executes dropped EXE
-
\??\c:\fpnptph.exec:\fpnptph.exe58⤵
- Executes dropped EXE
-
\??\c:\nxndbn.exec:\nxndbn.exe59⤵
- Executes dropped EXE
-
\??\c:\tlpbxd.exec:\tlpbxd.exe60⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xlpnvv.exec:\xlpnvv.exe61⤵
- Executes dropped EXE
-
\??\c:\fvhfldb.exec:\fvhfldb.exe62⤵
- Executes dropped EXE
-
\??\c:\fthvt.exec:\fthvt.exe63⤵
- Executes dropped EXE
-
\??\c:\jhltx.exec:\jhltx.exe64⤵
- Executes dropped EXE
-
\??\c:\rvnnjnt.exec:\rvnnjnt.exe65⤵
- Executes dropped EXE
-
\??\c:\rtjdpx.exec:\rtjdpx.exe66⤵
-
\??\c:\tlnvbll.exec:\tlnvbll.exe67⤵
-
\??\c:\pttlpj.exec:\pttlpj.exe68⤵
-
\??\c:\hnjpdxr.exec:\hnjpdxr.exe69⤵
-
\??\c:\pphjxjj.exec:\pphjxjj.exe70⤵
-
\??\c:\hllhn.exec:\hllhn.exe71⤵
-
\??\c:\dxjphf.exec:\dxjphf.exe72⤵
-
\??\c:\jrvlf.exec:\jrvlf.exe73⤵
-
\??\c:\nvllb.exec:\nvllb.exe74⤵
-
\??\c:\pxpnnf.exec:\pxpnnf.exe75⤵
-
\??\c:\btplxf.exec:\btplxf.exe76⤵
-
\??\c:\jxbvf.exec:\jxbvf.exe77⤵
-
\??\c:\jpprf.exec:\jpprf.exe78⤵
-
\??\c:\dhpxxd.exec:\dhpxxd.exe79⤵
-
\??\c:\pdpfptv.exec:\pdpfptv.exe80⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dbfptjx.exec:\dbfptjx.exe81⤵
-
\??\c:\dfdnbpf.exec:\dfdnbpf.exe82⤵
-
\??\c:\ltrtfl.exec:\ltrtfl.exe83⤵
-
\??\c:\bpxph.exec:\bpxph.exe84⤵
-
\??\c:\ntlrth.exec:\ntlrth.exe85⤵
-
\??\c:\vjrhj.exec:\vjrhj.exe86⤵
-
\??\c:\vdxvxj.exec:\vdxvxj.exe87⤵
-
\??\c:\nxjxf.exec:\nxjxf.exe88⤵
-
\??\c:\pxxbnrv.exec:\pxxbnrv.exe89⤵
-
\??\c:\ppbfnjb.exec:\ppbfnjb.exe90⤵
-
\??\c:\lbffxrl.exec:\lbffxrl.exe91⤵
- System Location Discovery: System Language Discovery
-
\??\c:\phdjrr.exec:\phdjrr.exe92⤵
-
\??\c:\ffxjfhh.exec:\ffxjfhh.exe93⤵
-
\??\c:\lvlfj.exec:\lvlfj.exe94⤵
-
\??\c:\ddftjx.exec:\ddftjx.exe95⤵
-
\??\c:\jbpdvl.exec:\jbpdvl.exe96⤵
-
\??\c:\frdnxjn.exec:\frdnxjn.exe97⤵
-
\??\c:\vpnrf.exec:\vpnrf.exe98⤵
-
\??\c:\xlpxrj.exec:\xlpxrj.exe99⤵
-
\??\c:\vlljnnt.exec:\vlljnnt.exe100⤵
-
\??\c:\rfppxh.exec:\rfppxh.exe101⤵
-
\??\c:\dldvlv.exec:\dldvlv.exe102⤵
-
\??\c:\jhltt.exec:\jhltt.exe103⤵
-
\??\c:\rdvjn.exec:\rdvjn.exe104⤵
-
\??\c:\txtrjvh.exec:\txtrjvh.exe105⤵
-
\??\c:\vlnbvrr.exec:\vlnbvrr.exe106⤵
-
\??\c:\dftdtd.exec:\dftdtd.exe107⤵
-
\??\c:\flnlxh.exec:\flnlxh.exe108⤵
-
\??\c:\tdltdd.exec:\tdltdd.exe109⤵
-
\??\c:\jntfprf.exec:\jntfprf.exe110⤵
-
\??\c:\fxplh.exec:\fxplh.exe111⤵
-
\??\c:\vfnjbnv.exec:\vfnjbnv.exe112⤵
-
\??\c:\hhlnhtf.exec:\hhlnhtf.exe113⤵
-
\??\c:\dlhfrvr.exec:\dlhfrvr.exe114⤵
-
\??\c:\xjvdn.exec:\xjvdn.exe115⤵
-
\??\c:\ntfpx.exec:\ntfpx.exe116⤵
-
\??\c:\ffdtdb.exec:\ffdtdb.exe117⤵
-
\??\c:\rflbb.exec:\rflbb.exe118⤵
-
\??\c:\jrdhxr.exec:\jrdhxr.exe119⤵
-
\??\c:\dhdxn.exec:\dhdxn.exe120⤵
-
\??\c:\vrpllb.exec:\vrpllb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-