Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
55s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
14/03/2024, 22:53
General
-
Target
b836001a2f5c37c12c6704fe0024d536e99f4bd57e932a40ab567bf312adb8ee.exe
-
Size
303KB
-
MD5
c0fdbd33fde9dcabe183c82e712d339b
-
SHA1
55d5193de622d96fc4f76d0e0bf1f8d2d9e16119
-
SHA256
b836001a2f5c37c12c6704fe0024d536e99f4bd57e932a40ab567bf312adb8ee
-
SHA512
1e53dff5d988eb816133100f82523c9e8e03c7086a45ff58f0a647c2ff1d35a3a45c6c1fc9fb5978bf9d9f4d2c443dedb71bfbe02aed32c8c407f41d08a4ba01
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LAIRUohDLS0k+sLiiBVS0ILlMcGGW7sRCl9g:n3C9BRo/AIuunS3+sOiBVSXxMxTsm9g
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
UPX dump on OEP (original entry point) 62 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 62 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b836001a2f5c37c12c6704fe0024d536e99f4bd57e932a40ab567bf312adb8ee.exe"C:\Users\Admin\AppData\Local\Temp\b836001a2f5c37c12c6704fe0024d536e99f4bd57e932a40ab567bf312adb8ee.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllxxf.exec:\fxllxxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvjv.exec:\pdvjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhntb.exec:\9nhntb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpv.exec:\ppjpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhhh.exec:\tnbhhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hnhbh.exec:\3hnhbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppv.exec:\jvppv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntth.exec:\nhntth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllllr.exec:\xrllllr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvd.exec:\dvpvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frllllr.exec:\frllllr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddd.exec:\vpddd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bbhtb.exec:\3bbhtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvpv.exec:\5pvpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhthn.exec:\nhhthn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lffxrf.exec:\9lffxrf.exe17⤵
- Executes dropped EXE
-
\??\c:\7tnnhh.exec:\7tnnhh.exe18⤵
- Executes dropped EXE
-
\??\c:\lfxrffl.exec:\lfxrffl.exe19⤵
- Executes dropped EXE
-
\??\c:\pvjpv.exec:\pvjpv.exe20⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe21⤵
- Executes dropped EXE
-
\??\c:\1xffflf.exec:\1xffflf.exe22⤵
- Executes dropped EXE
-
\??\c:\bbnnbb.exec:\bbnnbb.exe23⤵
- Executes dropped EXE
-
\??\c:\lxlfllr.exec:\lxlfllr.exe24⤵
- Executes dropped EXE
-
\??\c:\1dvdp.exec:\1dvdp.exe25⤵
- Executes dropped EXE
-
\??\c:\9lfrffl.exec:\9lfrffl.exe26⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe27⤵
- Executes dropped EXE
-
\??\c:\tthnnn.exec:\tthnnn.exe28⤵
- Executes dropped EXE
-
\??\c:\fxxfllx.exec:\fxxfllx.exe29⤵
- Executes dropped EXE
-
\??\c:\dvjvp.exec:\dvjvp.exe30⤵
- Executes dropped EXE
-
\??\c:\rlfflrx.exec:\rlfflrx.exe31⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe32⤵
- Executes dropped EXE
-
\??\c:\nhhbhb.exec:\nhhbhb.exe33⤵
- Executes dropped EXE
-
\??\c:\rlxxffl.exec:\rlxxffl.exe34⤵
- Executes dropped EXE
-
\??\c:\9nhntb.exec:\9nhntb.exe35⤵
- Executes dropped EXE
-
\??\c:\ffllrlr.exec:\ffllrlr.exe36⤵
- Executes dropped EXE
-
\??\c:\bbtthn.exec:\bbtthn.exe37⤵
- Executes dropped EXE
-
\??\c:\lxrlrxx.exec:\lxrlrxx.exe38⤵
- Executes dropped EXE
-
\??\c:\9nbnbb.exec:\9nbnbb.exe39⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe40⤵
- Executes dropped EXE
-
\??\c:\3thnnt.exec:\3thnnt.exe41⤵
- Executes dropped EXE
-
\??\c:\5pjpv.exec:\5pjpv.exe42⤵
- Executes dropped EXE
-
\??\c:\7btbbb.exec:\7btbbb.exe43⤵
- Executes dropped EXE
-
\??\c:\9rrlffr.exec:\9rrlffr.exe44⤵
- Executes dropped EXE
-
\??\c:\hbtthn.exec:\hbtthn.exe45⤵
- Executes dropped EXE
-
\??\c:\9xlffxx.exec:\9xlffxx.exe46⤵
- Executes dropped EXE
-
\??\c:\hbtthn.exec:\hbtthn.exe47⤵
- Executes dropped EXE
-
\??\c:\rlflxfl.exec:\rlflxfl.exe48⤵
- Executes dropped EXE
-
\??\c:\hbnthn.exec:\hbnthn.exe49⤵
- Executes dropped EXE
-
\??\c:\rlxrxfl.exec:\rlxrxfl.exe50⤵
- Executes dropped EXE
-
\??\c:\ttnhbb.exec:\ttnhbb.exe51⤵
- Executes dropped EXE
-
\??\c:\3rrrllf.exec:\3rrrllf.exe52⤵
- Executes dropped EXE
-
\??\c:\dddjj.exec:\dddjj.exe53⤵
- Executes dropped EXE
-
\??\c:\ffxfxfl.exec:\ffxfxfl.exe54⤵
- Executes dropped EXE
-
\??\c:\btbhnt.exec:\btbhnt.exe55⤵
- Executes dropped EXE
-
\??\c:\3jpdp.exec:\3jpdp.exe56⤵
- Executes dropped EXE
-
\??\c:\9hbhhn.exec:\9hbhhn.exe57⤵
- Executes dropped EXE
-
\??\c:\9pvdd.exec:\9pvdd.exe58⤵
- Executes dropped EXE
-
\??\c:\5xrxfrx.exec:\5xrxfrx.exe59⤵
- Executes dropped EXE
-
\??\c:\tnbntt.exec:\tnbntt.exe60⤵
- Executes dropped EXE
-
\??\c:\xxlflfl.exec:\xxlflfl.exe61⤵
- Executes dropped EXE
-
\??\c:\jjddj.exec:\jjddj.exe62⤵
- Executes dropped EXE
-
\??\c:\lflrrxl.exec:\lflrrxl.exe63⤵
- Executes dropped EXE
-
\??\c:\3nbhnn.exec:\3nbhnn.exe64⤵
- Executes dropped EXE
-
\??\c:\ffrxfrf.exec:\ffrxfrf.exe65⤵
- Executes dropped EXE
-
\??\c:\nnhthn.exec:\nnhthn.exe66⤵
-
\??\c:\llxflxl.exec:\llxflxl.exe67⤵
-
\??\c:\nhbhbb.exec:\nhbhbb.exe68⤵
-
\??\c:\llflflx.exec:\llflflx.exe69⤵
-
\??\c:\vpddp.exec:\vpddp.exe70⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe71⤵
-
\??\c:\5flfffl.exec:\5flfffl.exe72⤵
-
\??\c:\nbnthh.exec:\nbnthh.exe73⤵
-
\??\c:\5dvdd.exec:\5dvdd.exe74⤵
-
\??\c:\rrflffl.exec:\rrflffl.exe75⤵
-
\??\c:\3jdpd.exec:\3jdpd.exe76⤵
-
\??\c:\xrllrrx.exec:\xrllrrx.exe77⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe78⤵
-
\??\c:\xlrllrf.exec:\xlrllrf.exe79⤵
-
\??\c:\5jvjv.exec:\5jvjv.exe80⤵
-
\??\c:\lfrflrx.exec:\lfrflrx.exe81⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe82⤵
-
\??\c:\rlflxfr.exec:\rlflxfr.exe83⤵
-
\??\c:\nttnhb.exec:\nttnhb.exe84⤵
-
\??\c:\rxrxlfr.exec:\rxrxlfr.exe85⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe86⤵
-
\??\c:\llfrxfr.exec:\llfrxfr.exe87⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe88⤵
-
\??\c:\rrllrrf.exec:\rrllrrf.exe89⤵
-
\??\c:\7bnhnn.exec:\7bnhnn.exe90⤵
-
\??\c:\7jpdj.exec:\7jpdj.exe91⤵
-
\??\c:\nbhbbh.exec:\nbhbbh.exe92⤵
-
\??\c:\3btbnh.exec:\3btbnh.exe93⤵
-
\??\c:\llfxlxr.exec:\llfxlxr.exe94⤵
-
\??\c:\jjppp.exec:\jjppp.exe95⤵
-
\??\c:\ffffrrx.exec:\ffffrrx.exe96⤵
-
\??\c:\btbhnh.exec:\btbhnh.exe97⤵
-
\??\c:\lrffflr.exec:\lrffflr.exe98⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe99⤵
-
\??\c:\rlxllfl.exec:\rlxllfl.exe100⤵
-
\??\c:\jjppp.exec:\jjppp.exe101⤵
-
\??\c:\fxrrxxr.exec:\fxrrxxr.exe102⤵
-
\??\c:\htnntt.exec:\htnntt.exe103⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe104⤵
-
\??\c:\bbnntn.exec:\bbnntn.exe105⤵
-
\??\c:\9dpvd.exec:\9dpvd.exe106⤵
-
\??\c:\3hbhnn.exec:\3hbhnn.exe107⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe108⤵
-
\??\c:\1bnhhb.exec:\1bnhhb.exe109⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe110⤵
-
\??\c:\thbbbb.exec:\thbbbb.exe111⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe112⤵
-
\??\c:\tthtbb.exec:\tthtbb.exe113⤵
-
\??\c:\3pddd.exec:\3pddd.exe114⤵
-
\??\c:\3nbbbn.exec:\3nbbbn.exe115⤵
-
\??\c:\7xlffxx.exec:\7xlffxx.exe116⤵
-
\??\c:\htnntt.exec:\htnntt.exe117⤵
-
\??\c:\xrxflrf.exec:\xrxflrf.exe118⤵
-
\??\c:\9nbbhb.exec:\9nbbhb.exe119⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe120⤵
-
\??\c:\btnnnh.exec:\btnnnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-