Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
04/04/2024, 18:08
General
-
Target
02848ebce4b029f3e52e9e8970619c0926cc9873c41219b29a4d5b34aa3944ea.exe
-
Size
391KB
-
MD5
4e548f5ac10e46c7bbe23a9f7a866943
-
SHA1
cc2aa4be784acdaf20ffe6d975ca5cf9329b17e5
-
SHA256
02848ebce4b029f3e52e9e8970619c0926cc9873c41219b29a4d5b34aa3944ea
-
SHA512
4fa5c7aa60bdbfdbcc5c23ff5ebdb97653a3eec52666a1c87e48791d187bce7823d4c4044353ad8f47aebcb0032854c334b2fe7a361fb0ed94abe7e853ed862c
-
SSDEEP
6144:Acm7ImGddX5WrXF5lpKGYV0aTk/BO0XJm4UEPOshN/xdKnvP48bmbn:m7TcJWjdpKGATTk/jYIOWN/KnnPqn
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 47 IoCs
-
UPX dump on OEP (original entry point) 33 IoCs
-
Executes dropped EXE 34 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\02848ebce4b029f3e52e9e8970619c0926cc9873c41219b29a4d5b34aa3944ea.exe"C:\Users\Admin\AppData\Local\Temp\02848ebce4b029f3e52e9e8970619c0926cc9873c41219b29a4d5b34aa3944ea.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjp.exec:\vvpjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfllrf.exec:\xrfllrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvv.exec:\pjvvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxrxx.exec:\lxxxrxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbhn.exec:\hhtbhn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrffl.exec:\frxrffl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhtnt.exec:\hbhtnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvdj.exec:\dpvdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxflff.exec:\frxflff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvd.exec:\jvdvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrllfx.exec:\rlrllfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrllff.exec:\flrllff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrlll.exec:\rxfrlll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlfrll.exec:\lxlfrll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbhnn.exec:\bnbhnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3djvv.exec:\3djvv.exe17⤵
- Executes dropped EXE
-
\??\c:\1ffffxx.exec:\1ffffxx.exe18⤵
- Executes dropped EXE
-
\??\c:\3vjvp.exec:\3vjvp.exe19⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe20⤵
- Executes dropped EXE
-
\??\c:\1nbbbb.exec:\1nbbbb.exe21⤵
- Executes dropped EXE
-
\??\c:\jvvpv.exec:\jvvpv.exe22⤵
- Executes dropped EXE
-
\??\c:\3rrllff.exec:\3rrllff.exe23⤵
- Executes dropped EXE
-
\??\c:\tntttn.exec:\tntttn.exe24⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe25⤵
- Executes dropped EXE
-
\??\c:\lrfffxf.exec:\lrfffxf.exe26⤵
- Executes dropped EXE
-
\??\c:\vjjdd.exec:\vjjdd.exe27⤵
- Executes dropped EXE
-
\??\c:\frxrxrr.exec:\frxrxrr.exe28⤵
- Executes dropped EXE
-
\??\c:\thnnhh.exec:\thnnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe30⤵
- Executes dropped EXE
-
\??\c:\rrxxxrx.exec:\rrxxxrx.exe31⤵
- Executes dropped EXE
-
\??\c:\7nthhh.exec:\7nthhh.exe32⤵
- Executes dropped EXE
-
\??\c:\vdjdd.exec:\vdjdd.exe33⤵
- Executes dropped EXE
-
\??\c:\tbhhtn.exec:\tbhhtn.exe34⤵
- Executes dropped EXE
-
\??\c:\vjjpv.exec:\vjjpv.exe35⤵
- Executes dropped EXE
-
\??\c:\thttnn.exec:\thttnn.exe36⤵
-
\??\c:\5xlfxrl.exec:\5xlfxrl.exe37⤵
-
\??\c:\5nnbbt.exec:\5nnbbt.exe38⤵
-
\??\c:\9jvvv.exec:\9jvvv.exe39⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe40⤵
-
\??\c:\flrllfl.exec:\flrllfl.exe41⤵
-
\??\c:\xrfxrrl.exec:\xrfxrrl.exe42⤵
-
\??\c:\dpjvd.exec:\dpjvd.exe43⤵
-
\??\c:\xlxrxrx.exec:\xlxrxrx.exe44⤵
-
\??\c:\hbhbbt.exec:\hbhbbt.exe45⤵
-
\??\c:\hthhnn.exec:\hthhnn.exe46⤵
-
\??\c:\lrffllr.exec:\lrffllr.exe47⤵
-
\??\c:\1frrrlr.exec:\1frrrlr.exe48⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe49⤵
-
\??\c:\lxlxrll.exec:\lxlxrll.exe50⤵
-
\??\c:\htbttn.exec:\htbttn.exe51⤵
-
\??\c:\djdjj.exec:\djdjj.exe52⤵
-
\??\c:\9ffxxfx.exec:\9ffxxfx.exe53⤵
-
\??\c:\bthnnh.exec:\bthnnh.exe54⤵
-
\??\c:\lfrlxrr.exec:\lfrlxrr.exe55⤵
-
\??\c:\1ntttt.exec:\1ntttt.exe56⤵
-
\??\c:\1rlllxx.exec:\1rlllxx.exe57⤵
-
\??\c:\bbtthb.exec:\bbtthb.exe58⤵
-
\??\c:\llrlllr.exec:\llrlllr.exe59⤵
-
\??\c:\htnnnn.exec:\htnnnn.exe60⤵
-
\??\c:\jjppj.exec:\jjppj.exe61⤵
-
\??\c:\rflllll.exec:\rflllll.exe62⤵
-
\??\c:\1ttnth.exec:\1ttnth.exe63⤵
-
\??\c:\9vjjp.exec:\9vjjp.exe64⤵
-
\??\c:\9lffffr.exec:\9lffffr.exe65⤵
-
\??\c:\nbhhth.exec:\nbhhth.exe66⤵
-
\??\c:\lxrrrll.exec:\lxrrrll.exe67⤵
-
\??\c:\thbttt.exec:\thbttt.exe68⤵
-
\??\c:\vjjpv.exec:\vjjpv.exe69⤵
-
\??\c:\thnnbt.exec:\thnnbt.exe70⤵
-
\??\c:\jdppj.exec:\jdppj.exe71⤵
-
\??\c:\lxlffrx.exec:\lxlffrx.exe72⤵
-
\??\c:\hnhnbn.exec:\hnhnbn.exe73⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe74⤵
-
\??\c:\lxlxfff.exec:\lxlxfff.exe75⤵
-
\??\c:\bnnnbt.exec:\bnnnbt.exe76⤵
-
\??\c:\tbnbbb.exec:\tbnbbb.exe77⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe78⤵
-
\??\c:\lxfffff.exec:\lxfffff.exe79⤵
-
\??\c:\thttbt.exec:\thttbt.exe80⤵
-
\??\c:\5pdvd.exec:\5pdvd.exe81⤵
-
\??\c:\hntttn.exec:\hntttn.exe82⤵
-
\??\c:\9tbtth.exec:\9tbtth.exe83⤵
-
\??\c:\bhnbbt.exec:\bhnbbt.exe84⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe85⤵
-
\??\c:\frlffxx.exec:\frlffxx.exe86⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe87⤵
-
\??\c:\xllfxxf.exec:\xllfxxf.exe88⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe89⤵
-
\??\c:\7lxlrxx.exec:\7lxlrxx.exe90⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe91⤵
-
\??\c:\5nnnhb.exec:\5nnnhb.exe92⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe93⤵
-
\??\c:\5tnhhh.exec:\5tnhhh.exe94⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe95⤵
-
\??\c:\1thnhb.exec:\1thnhb.exe96⤵
-
\??\c:\frxrrll.exec:\frxrrll.exe97⤵
-
\??\c:\5hhhhb.exec:\5hhhhb.exe98⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe99⤵
-
\??\c:\9xxrllr.exec:\9xxrllr.exe100⤵
-
\??\c:\9bbntt.exec:\9bbntt.exe101⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe102⤵
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe103⤵
-
\??\c:\9nnhtt.exec:\9nnhtt.exe104⤵
-
\??\c:\djvjd.exec:\djvjd.exe105⤵
-
\??\c:\5llfxrl.exec:\5llfxrl.exe106⤵
-
\??\c:\1tnbtn.exec:\1tnbtn.exe107⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe108⤵
-
\??\c:\3ffrxrr.exec:\3ffrxrr.exe109⤵
-
\??\c:\htnhnh.exec:\htnhnh.exe110⤵
-
\??\c:\frllfxr.exec:\frllfxr.exe111⤵
-
\??\c:\hnnnnh.exec:\hnnnnh.exe112⤵
-
\??\c:\jppdv.exec:\jppdv.exe113⤵
-
\??\c:\5bhtnn.exec:\5bhtnn.exe114⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe115⤵
-
\??\c:\7lrlrlf.exec:\7lrlrlf.exe116⤵
-
\??\c:\7hhbbt.exec:\7hhbbt.exe117⤵
-
\??\c:\pjppv.exec:\pjppv.exe118⤵
-
\??\c:\frxxfrr.exec:\frxxfrr.exe119⤵
-
\??\c:\nbnnnh.exec:\nbnnnh.exe120⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-