Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
04/02/2025, 20:51
General
-
Target
45dc4adaeb252578100e93b538dd0b79e1517aae97b02cd638fb12053d89ee3e.exe
-
Size
457KB
-
MD5
1fa6d07912974090dc03334ebeeb538a
-
SHA1
55bcca7f286f1a8c4d2a774f89cffcb96f2b2d8d
-
SHA256
45dc4adaeb252578100e93b538dd0b79e1517aae97b02cd638fb12053d89ee3e
-
SHA512
96d831ed6e50d64cd87a65d67196ed43261774c591e467cad008eba58671e5aac0a0b93bf960c563c54d546414e43ed7e415d6d124246e87645b1eb883008b8d
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeRII:q7Tc2NYHUrAwfMp3CDRII
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 45 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\45dc4adaeb252578100e93b538dd0b79e1517aae97b02cd638fb12053d89ee3e.exe"C:\Users\Admin\AppData\Local\Temp\45dc4adaeb252578100e93b538dd0b79e1517aae97b02cd638fb12053d89ee3e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fpthljd.exec:\fpthljd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nlffb.exec:\nlffb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbdrvl.exec:\tbdrvl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bxdxhbx.exec:\bxdxhbx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtljr.exec:\nhtljr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flpfljh.exec:\flpfljh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lvrprb.exec:\lvrprb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xtvjh.exec:\xtvjh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bvbfdf.exec:\bvbfdf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjxtrd.exec:\djjxtrd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\txbprxn.exec:\txbprxn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrpxjx.exec:\hrpxjx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjnth.exec:\tjnth.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfrxnh.exec:\pfrxnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnpnn.exec:\hnpnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjlhxx.exec:\jjlhxx.exe17⤵
- Executes dropped EXE
-
\??\c:\pbxntjl.exec:\pbxntjl.exe18⤵
- Executes dropped EXE
-
\??\c:\xjhrt.exec:\xjhrt.exe19⤵
- Executes dropped EXE
-
\??\c:\nfntp.exec:\nfntp.exe20⤵
- Executes dropped EXE
-
\??\c:\dpvddxr.exec:\dpvddxr.exe21⤵
- Executes dropped EXE
-
\??\c:\hpjnxhp.exec:\hpjnxhp.exe22⤵
- Executes dropped EXE
-
\??\c:\xljtbl.exec:\xljtbl.exe23⤵
- Executes dropped EXE
-
\??\c:\jrvtbj.exec:\jrvtbj.exe24⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dlvjp.exec:\dlvjp.exe25⤵
- Executes dropped EXE
-
\??\c:\bbjndf.exec:\bbjndf.exe26⤵
- Executes dropped EXE
-
\??\c:\ftvlvd.exec:\ftvlvd.exe27⤵
- Executes dropped EXE
-
\??\c:\pjftf.exec:\pjftf.exe28⤵
- Executes dropped EXE
-
\??\c:\tbdhljt.exec:\tbdhljt.exe29⤵
- Executes dropped EXE
-
\??\c:\ppxnh.exec:\ppxnh.exe30⤵
- Executes dropped EXE
-
\??\c:\fvxfh.exec:\fvxfh.exe31⤵
- Executes dropped EXE
-
\??\c:\rhjvbf.exec:\rhjvbf.exe32⤵
- Executes dropped EXE
-
\??\c:\phtpdvn.exec:\phtpdvn.exe33⤵
- Executes dropped EXE
-
\??\c:\hfdbjdt.exec:\hfdbjdt.exe34⤵
- Executes dropped EXE
-
\??\c:\rrxvjxj.exec:\rrxvjxj.exe35⤵
- Executes dropped EXE
-
\??\c:\rxxfv.exec:\rxxfv.exe36⤵
- Executes dropped EXE
-
\??\c:\pdjprn.exec:\pdjprn.exe37⤵
- Executes dropped EXE
-
\??\c:\fvrjb.exec:\fvrjb.exe38⤵
- Executes dropped EXE
-
\??\c:\vjjpjpt.exec:\vjjpjpt.exe39⤵
- Executes dropped EXE
-
\??\c:\hnrhxb.exec:\hnrhxb.exe40⤵
- Executes dropped EXE
-
\??\c:\lrjrbld.exec:\lrjrbld.exe41⤵
- Executes dropped EXE
-
\??\c:\pvfnbp.exec:\pvfnbp.exe42⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fxflv.exec:\fxflv.exe43⤵
- Executes dropped EXE
-
\??\c:\jbdvp.exec:\jbdvp.exe44⤵
- Executes dropped EXE
-
\??\c:\fpjlnl.exec:\fpjlnl.exe45⤵
- Executes dropped EXE
-
\??\c:\pvjpj.exec:\pvjpj.exe46⤵
- Executes dropped EXE
-
\??\c:\xdrdj.exec:\xdrdj.exe47⤵
- Executes dropped EXE
-
\??\c:\vdvpflh.exec:\vdvpflh.exe48⤵
- Executes dropped EXE
-
\??\c:\vbvpjv.exec:\vbvpjv.exe49⤵
- Executes dropped EXE
-
\??\c:\xvvbxn.exec:\xvvbxn.exe50⤵
- Executes dropped EXE
-
\??\c:\jtxjdjt.exec:\jtxjdjt.exe51⤵
- Executes dropped EXE
-
\??\c:\bnvjvrh.exec:\bnvjvrh.exe52⤵
- Executes dropped EXE
-
\??\c:\htvtpxl.exec:\htvtpxl.exe53⤵
- Executes dropped EXE
-
\??\c:\tntdnh.exec:\tntdnh.exe54⤵
- Executes dropped EXE
-
\??\c:\hxltd.exec:\hxltd.exe55⤵
- Executes dropped EXE
-
\??\c:\njhnbr.exec:\njhnbr.exe56⤵
- Executes dropped EXE
-
\??\c:\fhlfj.exec:\fhlfj.exe57⤵
- Executes dropped EXE
-
\??\c:\tfvldx.exec:\tfvldx.exe58⤵
- Executes dropped EXE
-
\??\c:\vfbjxb.exec:\vfbjxb.exe59⤵
- Executes dropped EXE
-
\??\c:\lblndlt.exec:\lblndlt.exe60⤵
- Executes dropped EXE
-
\??\c:\rhrjptl.exec:\rhrjptl.exe61⤵
- Executes dropped EXE
-
\??\c:\lpfdx.exec:\lpfdx.exe62⤵
- Executes dropped EXE
-
\??\c:\tnnfnv.exec:\tnnfnv.exe63⤵
- Executes dropped EXE
-
\??\c:\pdfbhdv.exec:\pdfbhdv.exe64⤵
- Executes dropped EXE
-
\??\c:\vdbpljp.exec:\vdbpljp.exe65⤵
- Executes dropped EXE
-
\??\c:\lntjfx.exec:\lntjfx.exe66⤵
-
\??\c:\tbbrdbt.exec:\tbbrdbt.exe67⤵
-
\??\c:\rdvfpb.exec:\rdvfpb.exe68⤵
-
\??\c:\ddrdtpd.exec:\ddrdtpd.exe69⤵
-
\??\c:\ndrhndn.exec:\ndrhndn.exe70⤵
-
\??\c:\txrdxfd.exec:\txrdxfd.exe71⤵
-
\??\c:\tbbvb.exec:\tbbvb.exe72⤵
-
\??\c:\ntfnxt.exec:\ntfnxt.exe73⤵
-
\??\c:\pnbbpxj.exec:\pnbbpxj.exe74⤵
-
\??\c:\bljtn.exec:\bljtn.exe75⤵
-
\??\c:\ftlln.exec:\ftlln.exe76⤵
-
\??\c:\fppvnpb.exec:\fppvnpb.exe77⤵
-
\??\c:\dflfblr.exec:\dflfblr.exe78⤵
-
\??\c:\rbndxh.exec:\rbndxh.exe79⤵
-
\??\c:\hbpfd.exec:\hbpfd.exe80⤵
- System Location Discovery: System Language Discovery
-
\??\c:\brrdrn.exec:\brrdrn.exe81⤵
-
\??\c:\pblrn.exec:\pblrn.exe82⤵
-
\??\c:\jvdfnvt.exec:\jvdfnvt.exe83⤵
-
\??\c:\fjbxf.exec:\fjbxf.exe84⤵
-
\??\c:\rptjpdx.exec:\rptjpdx.exe85⤵
-
\??\c:\jtbrp.exec:\jtbrp.exe86⤵
-
\??\c:\lvvnr.exec:\lvvnr.exe87⤵
-
\??\c:\vfvtffd.exec:\vfvtffd.exe88⤵
-
\??\c:\dhtnbl.exec:\dhtnbl.exe89⤵
-
\??\c:\rfrpn.exec:\rfrpn.exe90⤵
-
\??\c:\flvdj.exec:\flvdj.exe91⤵
-
\??\c:\nttpl.exec:\nttpl.exe92⤵
-
\??\c:\thrbvh.exec:\thrbvh.exe93⤵
-
\??\c:\jlphb.exec:\jlphb.exe94⤵
-
\??\c:\tbdnjf.exec:\tbdnjf.exe95⤵
-
\??\c:\plbfd.exec:\plbfd.exe96⤵
-
\??\c:\pblfn.exec:\pblfn.exe97⤵
-
\??\c:\lvlrvn.exec:\lvlrvn.exe98⤵
-
\??\c:\dvtltt.exec:\dvtltt.exe99⤵
-
\??\c:\blbbd.exec:\blbbd.exe100⤵
-
\??\c:\pbnbr.exec:\pbnbr.exe101⤵
-
\??\c:\dxpntrf.exec:\dxpntrf.exe102⤵
- System Location Discovery: System Language Discovery
-
\??\c:\djfxhnd.exec:\djfxhnd.exe103⤵
-
\??\c:\btvbnb.exec:\btvbnb.exe104⤵
-
\??\c:\jdfjbl.exec:\jdfjbl.exe105⤵
-
\??\c:\vhtnr.exec:\vhtnr.exe106⤵
-
\??\c:\vvrftjx.exec:\vvrftjx.exe107⤵
-
\??\c:\jvljn.exec:\jvljn.exe108⤵
-
\??\c:\lvtxt.exec:\lvtxt.exe109⤵
-
\??\c:\hfxfxn.exec:\hfxfxn.exe110⤵
-
\??\c:\bnnfvbt.exec:\bnnfvbt.exe111⤵
-
\??\c:\jtjfxxd.exec:\jtjfxxd.exe112⤵
-
\??\c:\pbpplxt.exec:\pbpplxt.exe113⤵
-
\??\c:\fllxvr.exec:\fllxvr.exe114⤵
-
\??\c:\xjfbpl.exec:\xjfbpl.exe115⤵
-
\??\c:\hrnldvv.exec:\hrnldvv.exe116⤵
-
\??\c:\rxxphd.exec:\rxxphd.exe117⤵
-
\??\c:\bhxtp.exec:\bhxtp.exe118⤵
-
\??\c:\fjhfxjt.exec:\fjhfxjt.exe119⤵
-
\??\c:\ntprn.exec:\ntprn.exe120⤵
-
\??\c:\rvpdhx.exec:\rvpdhx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-