Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
35s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28/03/2024, 18:57
General
-
Target
30b29aeee76428a87d880ca97a330f626d35b9640fab9c0b5e291311d7604fc9.exe
-
Size
70KB
-
MD5
3f61e232e98fef2ecd373a417e4ced9e
-
SHA1
a3889a600f362cea47e91a7f3c23b6e908f111a3
-
SHA256
30b29aeee76428a87d880ca97a330f626d35b9640fab9c0b5e291311d7604fc9
-
SHA512
4842336a4424b5083c853e64cb1bb9c2ae2579c842da200db34ae1251aead0849c9af60c702781d7df35f0dcecb84c30d501a41fe85021824642cd5adb101b56
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60LbB:ymb3NkkiQ3mdBjFIIp9LV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 32 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 51 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\30b29aeee76428a87d880ca97a330f626d35b9640fab9c0b5e291311d7604fc9.exe"C:\Users\Admin\AppData\Local\Temp\30b29aeee76428a87d880ca97a330f626d35b9640fab9c0b5e291311d7604fc9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllrxf.exec:\rfllrxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lflfxl.exec:\1lflfxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhtb.exec:\hhbhtb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthntt.exec:\bthntt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jvdd.exec:\7jvdd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjpj.exec:\pdjpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvj.exec:\dvdvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdv.exec:\ddvdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvd.exec:\pjvvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvdp.exec:\vjvdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbhnn.exec:\thbhnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxflfr.exec:\fxxflfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rflxfr.exec:\1rflxfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hhthb.exec:\7hhthb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbbh.exec:\hbtbbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hbntb.exec:\5hbntb.exe17⤵
- Executes dropped EXE
-
\??\c:\7frxflr.exec:\7frxflr.exe18⤵
- Executes dropped EXE
-
\??\c:\pvvjj.exec:\pvvjj.exe19⤵
- Executes dropped EXE
-
\??\c:\tnhbnt.exec:\tnhbnt.exe20⤵
- Executes dropped EXE
-
\??\c:\nbnhhn.exec:\nbnhhn.exe21⤵
- Executes dropped EXE
-
\??\c:\1ppvd.exec:\1ppvd.exe22⤵
- Executes dropped EXE
-
\??\c:\1xllxxf.exec:\1xllxxf.exe23⤵
- Executes dropped EXE
-
\??\c:\htbntt.exec:\htbntt.exe24⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe25⤵
- Executes dropped EXE
-
\??\c:\ffrrflr.exec:\ffrrflr.exe26⤵
- Executes dropped EXE
-
\??\c:\1jdjp.exec:\1jdjp.exe27⤵
- Executes dropped EXE
-
\??\c:\xrflflr.exec:\xrflflr.exe28⤵
- Executes dropped EXE
-
\??\c:\xrxlrxl.exec:\xrxlrxl.exe29⤵
- Executes dropped EXE
-
\??\c:\xrxflll.exec:\xrxflll.exe30⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe31⤵
- Executes dropped EXE
-
\??\c:\httbhb.exec:\httbhb.exe32⤵
- Executes dropped EXE
-
\??\c:\bnbnnn.exec:\bnbnnn.exe33⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe34⤵
- Executes dropped EXE
-
\??\c:\bthntb.exec:\bthntb.exe35⤵
- Executes dropped EXE
-
\??\c:\7xrrrxf.exec:\7xrrrxf.exe36⤵
- Executes dropped EXE
-
\??\c:\flxxffr.exec:\flxxffr.exe37⤵
- Executes dropped EXE
-
\??\c:\rrrxxxx.exec:\rrrxxxx.exe38⤵
- Executes dropped EXE
-
\??\c:\hthhhh.exec:\hthhhh.exe39⤵
- Executes dropped EXE
-
\??\c:\bnbbhn.exec:\bnbbhn.exe40⤵
- Executes dropped EXE
-
\??\c:\pvjdp.exec:\pvjdp.exe41⤵
- Executes dropped EXE
-
\??\c:\nhbhhn.exec:\nhbhhn.exe42⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe43⤵
- Executes dropped EXE
-
\??\c:\3dppv.exec:\3dppv.exe44⤵
- Executes dropped EXE
-
\??\c:\3htbht.exec:\3htbht.exe45⤵
- Executes dropped EXE
-
\??\c:\tnnhtb.exec:\tnnhtb.exe46⤵
- Executes dropped EXE
-
\??\c:\btnttt.exec:\btnttt.exe47⤵
- Executes dropped EXE
-
\??\c:\fxrxxxf.exec:\fxrxxxf.exe48⤵
- Executes dropped EXE
-
\??\c:\9tnnbb.exec:\9tnnbb.exe49⤵
- Executes dropped EXE
-
\??\c:\xlxrxrf.exec:\xlxrxrf.exe50⤵
- Executes dropped EXE
-
\??\c:\btbbhh.exec:\btbbhh.exe51⤵
- Executes dropped EXE
-
\??\c:\hbttbt.exec:\hbttbt.exe52⤵
- Executes dropped EXE
-
\??\c:\llxfllr.exec:\llxfllr.exe53⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe54⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe55⤵
- Executes dropped EXE
-
\??\c:\rlrlxxl.exec:\rlrlxxl.exe56⤵
- Executes dropped EXE
-
\??\c:\3xlfllr.exec:\3xlfllr.exe57⤵
- Executes dropped EXE
-
\??\c:\nbnhhn.exec:\nbnhhn.exe58⤵
- Executes dropped EXE
-
\??\c:\lxfxrff.exec:\lxfxrff.exe59⤵
- Executes dropped EXE
-
\??\c:\1bhhht.exec:\1bhhht.exe60⤵
- Executes dropped EXE
-
\??\c:\hbnbnt.exec:\hbnbnt.exe61⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe62⤵
- Executes dropped EXE
-
\??\c:\3htbhh.exec:\3htbhh.exe63⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe64⤵
- Executes dropped EXE
-
\??\c:\htbhnt.exec:\htbhnt.exe65⤵
- Executes dropped EXE
-
\??\c:\lxxxffl.exec:\lxxxffl.exe66⤵
-
\??\c:\1lffrrf.exec:\1lffrrf.exe67⤵
-
\??\c:\thttbh.exec:\thttbh.exe68⤵
-
\??\c:\hbtbnn.exec:\hbtbnn.exe69⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe70⤵
-
\??\c:\nbnntt.exec:\nbnntt.exe71⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe72⤵
-
\??\c:\hbnttt.exec:\hbnttt.exe73⤵
-
\??\c:\3ffxxlx.exec:\3ffxxlx.exe74⤵
-
\??\c:\bnbbhb.exec:\bnbbhb.exe75⤵
-
\??\c:\hbbhhn.exec:\hbbhhn.exe76⤵
-
\??\c:\htntnn.exec:\htntnn.exe77⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe78⤵
-
\??\c:\pjddj.exec:\pjddj.exe79⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe80⤵
-
\??\c:\3pddd.exec:\3pddd.exe81⤵
-
\??\c:\htnntt.exec:\htnntt.exe82⤵
-
\??\c:\1vpvj.exec:\1vpvj.exe83⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe84⤵
-
\??\c:\jdppj.exec:\jdppj.exe85⤵
-
\??\c:\1djdd.exec:\1djdd.exe86⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe87⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe88⤵
-
\??\c:\llxflxl.exec:\llxflxl.exe89⤵
-
\??\c:\rlfrrrl.exec:\rlfrrrl.exe90⤵
-
\??\c:\9rlrxxl.exec:\9rlrxxl.exe91⤵
-
\??\c:\flrlrff.exec:\flrlrff.exe92⤵
-
\??\c:\nhntnn.exec:\nhntnn.exe93⤵
-
\??\c:\rxxxlff.exec:\rxxxlff.exe94⤵
-
\??\c:\rlllrxf.exec:\rlllrxf.exe95⤵
-
\??\c:\lxxxlfx.exec:\lxxxlfx.exe96⤵
-
\??\c:\lfrxxfl.exec:\lfrxxfl.exe97⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe98⤵
-
\??\c:\vjdjd.exec:\vjdjd.exe99⤵
-
\??\c:\tnbbnt.exec:\tnbbnt.exe100⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe101⤵
-
\??\c:\xlrrrrr.exec:\xlrrrrr.exe102⤵
-
\??\c:\frfrffl.exec:\frfrffl.exe103⤵
-
\??\c:\3vpdp.exec:\3vpdp.exe104⤵
-
\??\c:\9vvvd.exec:\9vvvd.exe105⤵
-
\??\c:\5htntb.exec:\5htntb.exe106⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe107⤵
-
\??\c:\nnbthh.exec:\nnbthh.exe108⤵
-
\??\c:\7vpjv.exec:\7vpjv.exe109⤵
-
\??\c:\7vjpv.exec:\7vjpv.exe110⤵
-
\??\c:\frxffll.exec:\frxffll.exe111⤵
-
\??\c:\rfflrxr.exec:\rfflrxr.exe112⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe113⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe114⤵
-
\??\c:\3lxxffl.exec:\3lxxffl.exe115⤵
-
\??\c:\lrfxxlf.exec:\lrfxxlf.exe116⤵
-
\??\c:\7pdjp.exec:\7pdjp.exe117⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe118⤵
-
\??\c:\9djjj.exec:\9djjj.exe119⤵
-
\??\c:\htbhtb.exec:\htbhtb.exe120⤵
-
\??\c:\thbhhn.exec:\thbhhn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-