Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
20/04/2024, 02:36
General
-
Target
c511d0c0425c42a45d929c45b38a37ece992986e6430db5fe98fe84743e23604.exe
-
Size
160KB
-
MD5
2d49d18f94b46100e57d82a5eda63d78
-
SHA1
d79faf8efc36d2249241a58138f9c9e142684cd9
-
SHA256
c511d0c0425c42a45d929c45b38a37ece992986e6430db5fe98fe84743e23604
-
SHA512
dc35adc61de1e0ea6e352ceae8564cf18894bccd77a483b1a5d0a894ffc6ccb81459becbe4c93498ea02980e9f8ab3c3006db1f289c91c0929ef8b208fffba71
-
SSDEEP
3072:xhOmTsF93UYfwC6GIout0fmCiiiXAQ5lpBoGYwNNhu0CzhKPDNuBZ:xcm4FmowdHoSgWrXF5lpKGYV0wh6Dk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c511d0c0425c42a45d929c45b38a37ece992986e6430db5fe98fe84743e23604.exe"C:\Users\Admin\AppData\Local\Temp\c511d0c0425c42a45d929c45b38a37ece992986e6430db5fe98fe84743e23604.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdp.exec:\pjvdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxlrxf.exec:\lxxlrxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhbhb.exec:\5hhbhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vppj.exec:\9vppj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpd.exec:\jdvpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rffffr.exec:\3rffffr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnbh.exec:\hbbnbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhhh.exec:\tnhhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhnt.exec:\nhbhnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthbh.exec:\hbthbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjp.exec:\ddvjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrxxl.exec:\frlrxxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbht.exec:\hbtbht.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bnnbb.exec:\5bnnbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdjp.exec:\jvdjp.exe17⤵
- Executes dropped EXE
-
\??\c:\frxfllr.exec:\frxfllr.exe18⤵
- Executes dropped EXE
-
\??\c:\lfrlxfl.exec:\lfrlxfl.exe19⤵
- Executes dropped EXE
-
\??\c:\9tbhtb.exec:\9tbhtb.exe20⤵
- Executes dropped EXE
-
\??\c:\5vjpp.exec:\5vjpp.exe21⤵
- Executes dropped EXE
-
\??\c:\rllfxrr.exec:\rllfxrr.exe22⤵
- Executes dropped EXE
-
\??\c:\rlfrffr.exec:\rlfrffr.exe23⤵
- Executes dropped EXE
-
\??\c:\dpdjd.exec:\dpdjd.exe24⤵
- Executes dropped EXE
-
\??\c:\jvppv.exec:\jvppv.exe25⤵
- Executes dropped EXE
-
\??\c:\hbnnhh.exec:\hbnnhh.exe26⤵
- Executes dropped EXE
-
\??\c:\nhntnt.exec:\nhntnt.exe27⤵
- Executes dropped EXE
-
\??\c:\vjpdd.exec:\vjpdd.exe28⤵
- Executes dropped EXE
-
\??\c:\rlllxlf.exec:\rlllxlf.exe29⤵
- Executes dropped EXE
-
\??\c:\dpvjv.exec:\dpvjv.exe30⤵
- Executes dropped EXE
-
\??\c:\3rxxxxf.exec:\3rxxxxf.exe31⤵
- Executes dropped EXE
-
\??\c:\3btbhb.exec:\3btbhb.exe32⤵
- Executes dropped EXE
-
\??\c:\vjddd.exec:\vjddd.exe33⤵
- Executes dropped EXE
-
\??\c:\vpvdp.exec:\vpvdp.exe34⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe35⤵
- Executes dropped EXE
-
\??\c:\hhhthh.exec:\hhhthh.exe36⤵
- Executes dropped EXE
-
\??\c:\3jvjj.exec:\3jvjj.exe37⤵
- Executes dropped EXE
-
\??\c:\7dpvv.exec:\7dpvv.exe38⤵
- Executes dropped EXE
-
\??\c:\rllfflr.exec:\rllfflr.exe39⤵
- Executes dropped EXE
-
\??\c:\rlxfrrr.exec:\rlxfrrr.exe40⤵
-
\??\c:\ththtt.exec:\ththtt.exe41⤵
- Executes dropped EXE
-
\??\c:\vjpvj.exec:\vjpvj.exe42⤵
- Executes dropped EXE
-
\??\c:\frfflrx.exec:\frfflrx.exe43⤵
- Executes dropped EXE
-
\??\c:\llfxxfl.exec:\llfxxfl.exe44⤵
- Executes dropped EXE
-
\??\c:\nhntbb.exec:\nhntbb.exe45⤵
- Executes dropped EXE
-
\??\c:\5vddd.exec:\5vddd.exe46⤵
- Executes dropped EXE
-
\??\c:\rlxlllr.exec:\rlxlllr.exe47⤵
- Executes dropped EXE
-
\??\c:\lrxxfff.exec:\lrxxfff.exe48⤵
- Executes dropped EXE
-
\??\c:\btnntn.exec:\btnntn.exe49⤵
- Executes dropped EXE
-
\??\c:\3jddp.exec:\3jddp.exe50⤵
- Executes dropped EXE
-
\??\c:\frflflx.exec:\frflflx.exe51⤵
- Executes dropped EXE
-
\??\c:\rfrrxrr.exec:\rfrrxrr.exe52⤵
- Executes dropped EXE
-
\??\c:\9htbhh.exec:\9htbhh.exe53⤵
- Executes dropped EXE
-
\??\c:\1vvjj.exec:\1vvjj.exe54⤵
- Executes dropped EXE
-
\??\c:\9rffrrr.exec:\9rffrrr.exe55⤵
- Executes dropped EXE
-
\??\c:\rfrxxrr.exec:\rfrxxrr.exe56⤵
- Executes dropped EXE
-
\??\c:\nbnbhn.exec:\nbnbhn.exe57⤵
- Executes dropped EXE
-
\??\c:\1nbntb.exec:\1nbntb.exe58⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe59⤵
- Executes dropped EXE
-
\??\c:\xlrxxff.exec:\xlrxxff.exe60⤵
- Executes dropped EXE
-
\??\c:\btnthb.exec:\btnthb.exe61⤵
- Executes dropped EXE
-
\??\c:\3jvpv.exec:\3jvpv.exe62⤵
- Executes dropped EXE
-
\??\c:\lfrlxlx.exec:\lfrlxlx.exe63⤵
- Executes dropped EXE
-
\??\c:\rrflrlr.exec:\rrflrlr.exe64⤵
- Executes dropped EXE
-
\??\c:\xrfrllr.exec:\xrfrllr.exe65⤵
- Executes dropped EXE
-
\??\c:\bnttbb.exec:\bnttbb.exe66⤵
- Executes dropped EXE
-
\??\c:\jjjjv.exec:\jjjjv.exe67⤵
-
\??\c:\lxffrrx.exec:\lxffrrx.exe68⤵
-
\??\c:\5ffrffl.exec:\5ffrffl.exe69⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe70⤵
-
\??\c:\rlrfrfl.exec:\rlrfrfl.exe71⤵
-
\??\c:\5hbnbb.exec:\5hbnbb.exe72⤵
-
\??\c:\1vvdj.exec:\1vvdj.exe73⤵
-
\??\c:\rlflfrl.exec:\rlflfrl.exe74⤵
-
\??\c:\nhntbn.exec:\nhntbn.exe75⤵
-
\??\c:\thnntb.exec:\thnntb.exe76⤵
-
\??\c:\vjppv.exec:\vjppv.exe77⤵
-
\??\c:\btnbhb.exec:\btnbhb.exe78⤵
-
\??\c:\jdppd.exec:\jdppd.exe79⤵
-
\??\c:\xrffrrx.exec:\xrffrrx.exe80⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe81⤵
-
\??\c:\5djjp.exec:\5djjp.exe82⤵
-
\??\c:\1rxrxfr.exec:\1rxrxfr.exe83⤵
-
\??\c:\hthtbb.exec:\hthtbb.exe84⤵
-
\??\c:\jdppd.exec:\jdppd.exe85⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe86⤵
-
\??\c:\fxflrrf.exec:\fxflrrf.exe87⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe88⤵
-
\??\c:\lfllxfl.exec:\lfllxfl.exe89⤵
-
\??\c:\7rxlrfl.exec:\7rxlrfl.exe90⤵
-
\??\c:\tthhnt.exec:\tthhnt.exe91⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe92⤵
-
\??\c:\vpddp.exec:\vpddp.exe93⤵
-
\??\c:\3rlxffr.exec:\3rlxffr.exe94⤵
-
\??\c:\7frxlrf.exec:\7frxlrf.exe95⤵
-
\??\c:\tntthn.exec:\tntthn.exe96⤵
-
\??\c:\nhbntn.exec:\nhbntn.exe97⤵
-
\??\c:\1jvdj.exec:\1jvdj.exe98⤵
-
\??\c:\xxxrxlf.exec:\xxxrxlf.exe99⤵
-
\??\c:\lflxrrx.exec:\lflxrrx.exe100⤵
-
\??\c:\7dpvj.exec:\7dpvj.exe101⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe102⤵
-
\??\c:\7rxlxrl.exec:\7rxlxrl.exe103⤵
-
\??\c:\frfrrrx.exec:\frfrrrx.exe104⤵
-
\??\c:\thbhtb.exec:\thbhtb.exe105⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe106⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe107⤵
-
\??\c:\lfxxffr.exec:\lfxxffr.exe108⤵
-
\??\c:\xrffllr.exec:\xrffllr.exe109⤵
-
\??\c:\fxlflrx.exec:\fxlflrx.exe110⤵
-
\??\c:\thtthn.exec:\thtthn.exe111⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe112⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe113⤵
-
\??\c:\fxffrlx.exec:\fxffrlx.exe114⤵
-
\??\c:\5thnbh.exec:\5thnbh.exe115⤵
-
\??\c:\5pjvd.exec:\5pjvd.exe116⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe117⤵
-
\??\c:\lffffrx.exec:\lffffrx.exe118⤵
-
\??\c:\nhhbhh.exec:\nhhbhh.exe119⤵
-
\??\c:\bntbtb.exec:\bntbtb.exe120⤵
-
\??\c:\rllffxl.exec:\rllffxl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-