Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
25/03/2025, 11:22
General
-
Target
bd2f8780c1968f9070d0a2ef71d8924e1b1792492b90804fcd95fa22e6f5f387.exe
-
Size
457KB
-
MD5
5d4abf117033436a48a3834cf4fac176
-
SHA1
05124be2c9adf5931f5215212f6dc27dc9e1f2b1
-
SHA256
bd2f8780c1968f9070d0a2ef71d8924e1b1792492b90804fcd95fa22e6f5f387
-
SHA512
0a2160d829a6233756d356348bad29fe21c9eb2706fa05e4ea58e9f5bb5c00f8974aa75bac843fdbfaa0400329d080fb87cf55cbb75a991ddf4e16fc10e1cac2
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeSHy:q7Tc2NYHUrAwfMp3CDz
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 43 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 39 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd2f8780c1968f9070d0a2ef71d8924e1b1792492b90804fcd95fa22e6f5f387.exe"C:\Users\Admin\AppData\Local\Temp\bd2f8780c1968f9070d0a2ef71d8924e1b1792492b90804fcd95fa22e6f5f387.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rffdbnx.exec:\rffdbnx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjvhd.exec:\fjvhd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httjf.exec:\httjf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxnppv.exec:\jxnppv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbxnlx.exec:\ttbxnlx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lbprtnb.exec:\lbprtnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lnlphnp.exec:\lnlphnp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbfbvdt.exec:\tbfbvdt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlhrdl.exec:\frlhrdl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hlvbfpb.exec:\hlvbfpb.exe11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\nbfdf.exec:\nbfdf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vfxvdnf.exec:\vfxvdnf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjvhxdn.exec:\hjvhxdn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dtxhhl.exec:\dtxhhl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdhnbl.exec:\dpdhnbl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pnpjhj.exec:\pnpjhj.exe17⤵
- Executes dropped EXE
-
\??\c:\nnhbhpn.exec:\nnhbhpn.exe18⤵
- Executes dropped EXE
-
\??\c:\jxvnr.exec:\jxvnr.exe19⤵
- Executes dropped EXE
-
\??\c:\xrbvbjp.exec:\xrbvbjp.exe20⤵
- Executes dropped EXE
-
\??\c:\fbdpdh.exec:\fbdpdh.exe21⤵
- Executes dropped EXE
-
\??\c:\vjdbxpr.exec:\vjdbxpr.exe22⤵
- Executes dropped EXE
-
\??\c:\fdhlv.exec:\fdhlv.exe23⤵
- Executes dropped EXE
-
\??\c:\vtltjxx.exec:\vtltjxx.exe24⤵
- Executes dropped EXE
-
\??\c:\pltdj.exec:\pltdj.exe25⤵
- Executes dropped EXE
-
\??\c:\ljfdhjf.exec:\ljfdhjf.exe26⤵
- Executes dropped EXE
-
\??\c:\bldvv.exec:\bldvv.exe27⤵
- Executes dropped EXE
-
\??\c:\hrprff.exec:\hrprff.exe28⤵
- Executes dropped EXE
-
\??\c:\lnlfl.exec:\lnlfl.exe29⤵
- Executes dropped EXE
-
\??\c:\nbtnfvv.exec:\nbtnfvv.exe30⤵
- Executes dropped EXE
-
\??\c:\xfrpttl.exec:\xfrpttl.exe31⤵
- Executes dropped EXE
-
\??\c:\ntjnj.exec:\ntjnj.exe32⤵
- Executes dropped EXE
-
\??\c:\bbfvfdd.exec:\bbfvfdd.exe33⤵
- Executes dropped EXE
-
\??\c:\txxfvp.exec:\txxfvp.exe34⤵
- Executes dropped EXE
-
\??\c:\jrvnvv.exec:\jrvnvv.exe35⤵
- Executes dropped EXE
-
\??\c:\rtphf.exec:\rtphf.exe36⤵
- Executes dropped EXE
-
\??\c:\hbpvj.exec:\hbpvj.exe37⤵
- Executes dropped EXE
-
\??\c:\xlbhrd.exec:\xlbhrd.exe38⤵
- Executes dropped EXE
-
\??\c:\jvjnnl.exec:\jvjnnl.exe39⤵
- Executes dropped EXE
-
\??\c:\jlvdfl.exec:\jlvdfl.exe40⤵
- Executes dropped EXE
-
\??\c:\bhvdddv.exec:\bhvdddv.exe41⤵
- Executes dropped EXE
-
\??\c:\nnnffp.exec:\nnnffp.exe42⤵
- Executes dropped EXE
-
\??\c:\jpdvvjb.exec:\jpdvvjb.exe43⤵
- Executes dropped EXE
-
\??\c:\brlnt.exec:\brlnt.exe44⤵
- Executes dropped EXE
-
\??\c:\vxxbjr.exec:\vxxbjr.exe45⤵
- Executes dropped EXE
-
\??\c:\rrplltl.exec:\rrplltl.exe46⤵
- Executes dropped EXE
-
\??\c:\bdfpjnv.exec:\bdfpjnv.exe47⤵
- Executes dropped EXE
-
\??\c:\flxnp.exec:\flxnp.exe48⤵
- Executes dropped EXE
-
\??\c:\lnbtbd.exec:\lnbtbd.exe49⤵
- Executes dropped EXE
-
\??\c:\nvbrvf.exec:\nvbrvf.exe50⤵
- Executes dropped EXE
-
\??\c:\rxhbt.exec:\rxhbt.exe51⤵
- Executes dropped EXE
-
\??\c:\hrnlf.exec:\hrnlf.exe52⤵
- Executes dropped EXE
-
\??\c:\vftlxp.exec:\vftlxp.exe53⤵
- Executes dropped EXE
-
\??\c:\jxvdxxr.exec:\jxvdxxr.exe54⤵
- Executes dropped EXE
-
\??\c:\njjhxf.exec:\njjhxf.exe55⤵
- Executes dropped EXE
-
\??\c:\bttflt.exec:\bttflt.exe56⤵
- Executes dropped EXE
-
\??\c:\fjdjpbj.exec:\fjdjpbj.exe57⤵
- Executes dropped EXE
-
\??\c:\nvvpdh.exec:\nvvpdh.exe58⤵
- Executes dropped EXE
-
\??\c:\vpjbx.exec:\vpjbx.exe59⤵
- Executes dropped EXE
-
\??\c:\fflxjrr.exec:\fflxjrr.exe60⤵
- Executes dropped EXE
-
\??\c:\fxrtrbd.exec:\fxrtrbd.exe61⤵
- Executes dropped EXE
-
\??\c:\bfvvrvj.exec:\bfvvrvj.exe62⤵
- Executes dropped EXE
-
\??\c:\ndtbrd.exec:\ndtbrd.exe63⤵
- Executes dropped EXE
-
\??\c:\vjvltft.exec:\vjvltft.exe64⤵
- Executes dropped EXE
-
\??\c:\vvxvrb.exec:\vvxvrb.exe65⤵
- Executes dropped EXE
-
\??\c:\btpph.exec:\btpph.exe66⤵
-
\??\c:\tvjpn.exec:\tvjpn.exe67⤵
-
\??\c:\lhndxbb.exec:\lhndxbb.exe68⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lrxnr.exec:\lrxnr.exe69⤵
-
\??\c:\lvhtjxd.exec:\lvhtjxd.exe70⤵
-
\??\c:\ddhdtl.exec:\ddhdtl.exe71⤵
-
\??\c:\jtrhnnx.exec:\jtrhnnx.exe72⤵
-
\??\c:\nvllp.exec:\nvllp.exe73⤵
-
\??\c:\htjjnn.exec:\htjjnn.exe74⤵
-
\??\c:\bjxln.exec:\bjxln.exe75⤵
-
\??\c:\xxntt.exec:\xxntt.exe76⤵
-
\??\c:\jpjdprj.exec:\jpjdprj.exe77⤵
-
\??\c:\bvbnp.exec:\bvbnp.exe78⤵
-
\??\c:\tvpvrx.exec:\tvpvrx.exe79⤵
-
\??\c:\xnpbll.exec:\xnpbll.exe80⤵
-
\??\c:\hhjtxbb.exec:\hhjtxbb.exe81⤵
-
\??\c:\xbtxp.exec:\xbtxp.exe82⤵
-
\??\c:\ndplltf.exec:\ndplltf.exe83⤵
-
\??\c:\pvdnv.exec:\pvdnv.exe84⤵
-
\??\c:\bljdr.exec:\bljdr.exe85⤵
-
\??\c:\hljbj.exec:\hljbj.exe86⤵
-
\??\c:\lndrfbj.exec:\lndrfbj.exe87⤵
-
\??\c:\tnppj.exec:\tnppj.exe88⤵
-
\??\c:\rvbxp.exec:\rvbxp.exe89⤵
-
\??\c:\jjdlft.exec:\jjdlft.exe90⤵
-
\??\c:\ljvhxr.exec:\ljvhxr.exe91⤵
-
\??\c:\btlhl.exec:\btlhl.exe92⤵
-
\??\c:\tfvlpbp.exec:\tfvlpbp.exe93⤵
-
\??\c:\bxxdx.exec:\bxxdx.exe94⤵
-
\??\c:\bbxfbbb.exec:\bbxfbbb.exe95⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xdhjrf.exec:\xdhjrf.exe96⤵
-
\??\c:\djtxj.exec:\djtxj.exe97⤵
-
\??\c:\xjrlvp.exec:\xjrlvp.exe98⤵
-
\??\c:\xrvlrl.exec:\xrvlrl.exe99⤵
-
\??\c:\plnntv.exec:\plnntv.exe100⤵
-
\??\c:\dbdnn.exec:\dbdnn.exe101⤵
-
\??\c:\hrppd.exec:\hrppd.exe102⤵
-
\??\c:\vtbvvbj.exec:\vtbvvbj.exe103⤵
-
\??\c:\fftbjj.exec:\fftbjj.exe104⤵
-
\??\c:\pdnpddt.exec:\pdnpddt.exe105⤵
-
\??\c:\xnxln.exec:\xnxln.exe106⤵
-
\??\c:\bhjnbjx.exec:\bhjnbjx.exe107⤵
-
\??\c:\dhnvbr.exec:\dhnvbr.exe108⤵
-
\??\c:\bppdx.exec:\bppdx.exe109⤵
-
\??\c:\lhlvd.exec:\lhlvd.exe110⤵
-
\??\c:\ljjllfx.exec:\ljjllfx.exe111⤵
-
\??\c:\nnfbj.exec:\nnfbj.exe112⤵
-
\??\c:\vtdrh.exec:\vtdrh.exe113⤵
-
\??\c:\dnlbpxp.exec:\dnlbpxp.exe114⤵
-
\??\c:\vtvfj.exec:\vtvfj.exe115⤵
-
\??\c:\fxvfd.exec:\fxvfd.exe116⤵
-
\??\c:\hhbnjf.exec:\hhbnjf.exe117⤵
-
\??\c:\fnbnt.exec:\fnbnt.exe118⤵
-
\??\c:\xllrn.exec:\xllrn.exe119⤵
-
\??\c:\nhlvbj.exec:\nhlvbj.exe120⤵
-
\??\c:\hrhnrhr.exec:\hrhnrhr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-