Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
09/04/2024, 23:11
General
-
Target
c4b7ee6a2163b116d839f72ff38c6c0774ed6e83324664966a371fd416480de8.exe
-
Size
312KB
-
MD5
affbbe9b24f78ab4da6fdb9a52e56667
-
SHA1
9d482d2ccdf1ebb5d23e92f026b1da1994fff423
-
SHA256
c4b7ee6a2163b116d839f72ff38c6c0774ed6e83324664966a371fd416480de8
-
SHA512
e9ce8f7d5785b1527bff05c809ca00a49ca1624ec448d88759cfc2bf6ad7c539fc0e4b3a183a1bd2ee1af77cbfd8e2fac1ad7835c88c8b9c9d27a680c243c5f8
-
SSDEEP
6144:n3C9BRo/AIX2h97aUzpbBj3+b2ziJC39QS8hDJd+Q7ZLbjwu:n3C9uDC97aUFbZ42ziM39QS8hDJd+Q77
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 32 IoCs
-
UPX dump on OEP (original entry point) 62 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 62 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c4b7ee6a2163b116d839f72ff38c6c0774ed6e83324664966a371fd416480de8.exe"C:\Users\Admin\AppData\Local\Temp\c4b7ee6a2163b116d839f72ff38c6c0774ed6e83324664966a371fd416480de8.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1xlxflx.exec:\1xlxflx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdd.exec:\dvvdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbht.exec:\hhtbht.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrxffl.exec:\frrxffl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthnhh.exec:\nthnhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrxfr.exec:\rlxrxfr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httbnn.exec:\httbnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrxfl.exec:\fffrxfl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvvd.exec:\3pvvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbhb.exec:\hbhbhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdv.exec:\ddvdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbntb.exec:\btbntb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxffl.exec:\lfxxffl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthtbb.exec:\hthtbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflxxxx.exec:\xflxxxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjd.exec:\pdpjd.exe17⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe18⤵
- Executes dropped EXE
-
\??\c:\7vppv.exec:\7vppv.exe19⤵
- Executes dropped EXE
-
\??\c:\tthbnn.exec:\tthbnn.exe20⤵
- Executes dropped EXE
-
\??\c:\fffllfx.exec:\fffllfx.exe21⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe22⤵
- Executes dropped EXE
-
\??\c:\thnttt.exec:\thnttt.exe23⤵
- Executes dropped EXE
-
\??\c:\dpvdv.exec:\dpvdv.exe24⤵
- Executes dropped EXE
-
\??\c:\rlxxfff.exec:\rlxxfff.exe25⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe26⤵
- Executes dropped EXE
-
\??\c:\fxlrffr.exec:\fxlrffr.exe27⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe28⤵
- Executes dropped EXE
-
\??\c:\7nbnnb.exec:\7nbnnb.exe29⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe30⤵
- Executes dropped EXE
-
\??\c:\nttntn.exec:\nttntn.exe31⤵
- Executes dropped EXE
-
\??\c:\7jdvv.exec:\7jdvv.exe32⤵
- Executes dropped EXE
-
\??\c:\3nhbtb.exec:\3nhbtb.exe33⤵
- Executes dropped EXE
-
\??\c:\xlllxxl.exec:\xlllxxl.exe34⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe35⤵
- Executes dropped EXE
-
\??\c:\xrxxxxf.exec:\xrxxxxf.exe36⤵
- Executes dropped EXE
-
\??\c:\thbbhh.exec:\thbbhh.exe37⤵
- Executes dropped EXE
-
\??\c:\dvjdv.exec:\dvjdv.exe38⤵
- Executes dropped EXE
-
\??\c:\nhnhnt.exec:\nhnhnt.exe39⤵
- Executes dropped EXE
-
\??\c:\9vpdj.exec:\9vpdj.exe40⤵
- Executes dropped EXE
-
\??\c:\nhtthh.exec:\nhtthh.exe41⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe42⤵
- Executes dropped EXE
-
\??\c:\9hhhtt.exec:\9hhhtt.exe43⤵
- Executes dropped EXE
-
\??\c:\5jppj.exec:\5jppj.exe44⤵
- Executes dropped EXE
-
\??\c:\fxrrffl.exec:\fxrrffl.exe45⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe46⤵
- Executes dropped EXE
-
\??\c:\9lffllx.exec:\9lffllx.exe47⤵
- Executes dropped EXE
-
\??\c:\pjdpp.exec:\pjdpp.exe48⤵
- Executes dropped EXE
-
\??\c:\9bntnn.exec:\9bntnn.exe49⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe50⤵
- Executes dropped EXE
-
\??\c:\7httth.exec:\7httth.exe51⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe52⤵
- Executes dropped EXE
-
\??\c:\htnbbn.exec:\htnbbn.exe53⤵
- Executes dropped EXE
-
\??\c:\btnbhh.exec:\btnbhh.exe54⤵
- Executes dropped EXE
-
\??\c:\7fxxxxx.exec:\7fxxxxx.exe55⤵
- Executes dropped EXE
-
\??\c:\hhtbhh.exec:\hhtbhh.exe56⤵
- Executes dropped EXE
-
\??\c:\lxlfllx.exec:\lxlfllx.exe57⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe58⤵
- Executes dropped EXE
-
\??\c:\7vdvv.exec:\7vdvv.exe59⤵
- Executes dropped EXE
-
\??\c:\xrfflll.exec:\xrfflll.exe60⤵
- Executes dropped EXE
-
\??\c:\5tbbnb.exec:\5tbbnb.exe61⤵
- Executes dropped EXE
-
\??\c:\vvpdv.exec:\vvpdv.exe62⤵
- Executes dropped EXE
-
\??\c:\nbhnbb.exec:\nbhnbb.exe63⤵
- Executes dropped EXE
-
\??\c:\jdvpv.exec:\jdvpv.exe64⤵
- Executes dropped EXE
-
\??\c:\1tbttt.exec:\1tbttt.exe65⤵
- Executes dropped EXE
-
\??\c:\xrlxflf.exec:\xrlxflf.exe66⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe67⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe68⤵
-
\??\c:\1nbhnt.exec:\1nbhnt.exe69⤵
-
\??\c:\7ppvj.exec:\7ppvj.exe70⤵
-
\??\c:\5fffllr.exec:\5fffllr.exe71⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe72⤵
-
\??\c:\xrffffr.exec:\xrffffr.exe73⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe74⤵
-
\??\c:\9bnhnt.exec:\9bnhnt.exe75⤵
-
\??\c:\frlfllr.exec:\frlfllr.exe76⤵
-
\??\c:\3pddp.exec:\3pddp.exe77⤵
-
\??\c:\xxlrrxr.exec:\xxlrrxr.exe78⤵
-
\??\c:\dpddp.exec:\dpddp.exe79⤵
-
\??\c:\rfrrfxl.exec:\rfrrfxl.exe80⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe81⤵
-
\??\c:\9frxffl.exec:\9frxffl.exe82⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe83⤵
-
\??\c:\3lffxxl.exec:\3lffxxl.exe84⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe85⤵
-
\??\c:\xrllfrx.exec:\xrllfrx.exe86⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe87⤵
-
\??\c:\frflffl.exec:\frflffl.exe88⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe89⤵
-
\??\c:\5xlxxrr.exec:\5xlxxrr.exe90⤵
-
\??\c:\bnbhnt.exec:\bnbhnt.exe91⤵
-
\??\c:\1lxfllr.exec:\1lxfllr.exe92⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe93⤵
-
\??\c:\1pvdd.exec:\1pvdd.exe94⤵
-
\??\c:\hbbhbh.exec:\hbbhbh.exe95⤵
-
\??\c:\5jdvv.exec:\5jdvv.exe96⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe97⤵
-
\??\c:\xrlrxrx.exec:\xrlrxrx.exe98⤵
-
\??\c:\bbttbh.exec:\bbttbh.exe99⤵
-
\??\c:\5rlfffl.exec:\5rlfffl.exe100⤵
-
\??\c:\hhthtb.exec:\hhthtb.exe101⤵
-
\??\c:\3xrlllr.exec:\3xrlllr.exe102⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe103⤵
-
\??\c:\7jdjj.exec:\7jdjj.exe104⤵
-
\??\c:\3httht.exec:\3httht.exe105⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe106⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe107⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe108⤵
-
\??\c:\5thhtt.exec:\5thhtt.exe109⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe110⤵
-
\??\c:\7htnnt.exec:\7htnnt.exe111⤵
-
\??\c:\jvpvd.exec:\jvpvd.exe112⤵
-
\??\c:\hhtthh.exec:\hhtthh.exe113⤵
-
\??\c:\3dddj.exec:\3dddj.exe114⤵
-
\??\c:\5nnttn.exec:\5nnttn.exe115⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe116⤵
-
\??\c:\rlrrrrf.exec:\rlrrrrf.exe117⤵
-
\??\c:\hththh.exec:\hththh.exe118⤵
-
\??\c:\1lrrrrr.exec:\1lrrrrr.exe119⤵
-
\??\c:\1hthtt.exec:\1hthtt.exe120⤵
-
\??\c:\9vvdv.exec:\9vvdv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-