Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
01/05/2024, 00:52
General
-
Target
93487076b45f16fa3ddaa2a81793b0c1d85bcacb7a0d3b70d55555e7fba466f9.exe
-
Size
94KB
-
MD5
70b43b60e16400939b9b137c7cfb09b5
-
SHA1
80b1ebfb7a31e460001e3db91cfc8aa925ff015a
-
SHA256
93487076b45f16fa3ddaa2a81793b0c1d85bcacb7a0d3b70d55555e7fba466f9
-
SHA512
f94af7c94d4b2ba1c5d98445d3b17af7a5b6a7bee28a33f132ba3fb95c89bdd1a8f08baf3c409c6ca494235f775abf137979e54eb104ba767f854b64cac72344
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JxJAg8dtQ:ymb3NkkiQ3mdBjFIWeFGyAsJAg2Q
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\93487076b45f16fa3ddaa2a81793b0c1d85bcacb7a0d3b70d55555e7fba466f9.exe"C:\Users\Admin\AppData\Local\Temp\93487076b45f16fa3ddaa2a81793b0c1d85bcacb7a0d3b70d55555e7fba466f9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxtxxdh.exec:\lxtxxdh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btddrrh.exec:\btddrrh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vhbtf.exec:\vhbtf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prpxvp.exec:\prpxvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rpxvhp.exec:\rpxvhp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vlhhd.exec:\vlhhd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vfrxn.exec:\vfrxn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvrjj.exec:\pvrjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rpvpf.exec:\rpvpf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tfbhj.exec:\tfbhj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhpljxb.exec:\nhpljxb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hfhhrd.exec:\hfhhrd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pplnr.exec:\pplnr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vlhhh.exec:\vlhhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdpfhx.exec:\bdpfhx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxpdxhd.exec:\pxpdxhd.exe17⤵
- Executes dropped EXE
-
\??\c:\rdrpf.exec:\rdrpf.exe18⤵
- Executes dropped EXE
-
\??\c:\hfvtlfj.exec:\hfvtlfj.exe19⤵
- Executes dropped EXE
-
\??\c:\ntrfx.exec:\ntrfx.exe20⤵
- Executes dropped EXE
-
\??\c:\vhlhhh.exec:\vhlhhh.exe21⤵
- Executes dropped EXE
-
\??\c:\dbpxhdp.exec:\dbpxhdp.exe22⤵
- Executes dropped EXE
-
\??\c:\dxpnh.exec:\dxpnh.exe23⤵
- Executes dropped EXE
-
\??\c:\lxtldhv.exec:\lxtldhv.exe24⤵
- Executes dropped EXE
-
\??\c:\pnnlhb.exec:\pnnlhb.exe25⤵
- Executes dropped EXE
-
\??\c:\rdpvd.exec:\rdpvd.exe26⤵
- Executes dropped EXE
-
\??\c:\bvvxx.exec:\bvvxx.exe27⤵
- Executes dropped EXE
-
\??\c:\jnbvbr.exec:\jnbvbr.exe28⤵
- Executes dropped EXE
-
\??\c:\pdhrbj.exec:\pdhrbj.exe29⤵
- Executes dropped EXE
-
\??\c:\fbhvb.exec:\fbhvb.exe30⤵
- Executes dropped EXE
-
\??\c:\njllh.exec:\njllh.exe31⤵
- Executes dropped EXE
-
\??\c:\tnbbnrt.exec:\tnbbnrt.exe32⤵
- Executes dropped EXE
-
\??\c:\vtjxxd.exec:\vtjxxd.exe33⤵
- Executes dropped EXE
-
\??\c:\nthrvx.exec:\nthrvx.exe34⤵
- Executes dropped EXE
-
\??\c:\blntbx.exec:\blntbx.exe35⤵
- Executes dropped EXE
-
\??\c:\tpxhl.exec:\tpxhl.exe36⤵
- Executes dropped EXE
-
\??\c:\vbjvd.exec:\vbjvd.exe37⤵
- Executes dropped EXE
-
\??\c:\pvjdx.exec:\pvjdx.exe38⤵
- Executes dropped EXE
-
\??\c:\xpxnxl.exec:\xpxnxl.exe39⤵
- Executes dropped EXE
-
\??\c:\jfptf.exec:\jfptf.exe40⤵
- Executes dropped EXE
-
\??\c:\vthjdtf.exec:\vthjdtf.exe41⤵
- Executes dropped EXE
-
\??\c:\btrnhv.exec:\btrnhv.exe42⤵
- Executes dropped EXE
-
\??\c:\bbpdlhb.exec:\bbpdlhb.exe43⤵
- Executes dropped EXE
-
\??\c:\rldlf.exec:\rldlf.exe44⤵
- Executes dropped EXE
-
\??\c:\lntjddn.exec:\lntjddn.exe45⤵
- Executes dropped EXE
-
\??\c:\ddpntrn.exec:\ddpntrn.exe46⤵
- Executes dropped EXE
-
\??\c:\vrbvdrj.exec:\vrbvdrj.exe47⤵
- Executes dropped EXE
-
\??\c:\hpnfddf.exec:\hpnfddf.exe48⤵
- Executes dropped EXE
-
\??\c:\fbdxxv.exec:\fbdxxv.exe49⤵
- Executes dropped EXE
-
\??\c:\fptbp.exec:\fptbp.exe50⤵
- Executes dropped EXE
-
\??\c:\pfppljl.exec:\pfppljl.exe51⤵
- Executes dropped EXE
-
\??\c:\hnndnvd.exec:\hnndnvd.exe52⤵
- Executes dropped EXE
-
\??\c:\tdtdthb.exec:\tdtdthb.exe53⤵
- Executes dropped EXE
-
\??\c:\blptnpp.exec:\blptnpp.exe54⤵
- Executes dropped EXE
-
\??\c:\vxxljf.exec:\vxxljf.exe55⤵
- Executes dropped EXE
-
\??\c:\rjnjdl.exec:\rjnjdl.exe56⤵
- Executes dropped EXE
-
\??\c:\pfvxxpl.exec:\pfvxxpl.exe57⤵
- Executes dropped EXE
-
\??\c:\vbxtbf.exec:\vbxtbf.exe58⤵
- Executes dropped EXE
-
\??\c:\frjrjn.exec:\frjrjn.exe59⤵
- Executes dropped EXE
-
\??\c:\bptbf.exec:\bptbf.exe60⤵
- Executes dropped EXE
-
\??\c:\rpxtn.exec:\rpxtn.exe61⤵
- Executes dropped EXE
-
\??\c:\pfdvbvh.exec:\pfdvbvh.exe62⤵
- Executes dropped EXE
-
\??\c:\lvxtl.exec:\lvxtl.exe63⤵
- Executes dropped EXE
-
\??\c:\pbpvjn.exec:\pbpvjn.exe64⤵
- Executes dropped EXE
-
\??\c:\frvldjf.exec:\frvldjf.exe65⤵
- Executes dropped EXE
-
\??\c:\xpbhx.exec:\xpbhx.exe66⤵
-
\??\c:\rdlnhh.exec:\rdlnhh.exe67⤵
-
\??\c:\jrxbhnp.exec:\jrxbhnp.exe68⤵
-
\??\c:\bdjpf.exec:\bdjpf.exe69⤵
-
\??\c:\dtjpr.exec:\dtjpr.exe70⤵
-
\??\c:\jpphp.exec:\jpphp.exe71⤵
-
\??\c:\ljrfj.exec:\ljrfj.exe72⤵
-
\??\c:\fnxlh.exec:\fnxlh.exe73⤵
-
\??\c:\tfptl.exec:\tfptl.exe74⤵
-
\??\c:\ltxvh.exec:\ltxvh.exe75⤵
-
\??\c:\ldhxpxv.exec:\ldhxpxv.exe76⤵
-
\??\c:\hphhjpl.exec:\hphhjpl.exe77⤵
-
\??\c:\trbfdv.exec:\trbfdv.exe78⤵
-
\??\c:\hbjrbll.exec:\hbjrbll.exe79⤵
-
\??\c:\xlxxr.exec:\xlxxr.exe80⤵
-
\??\c:\bbdfj.exec:\bbdfj.exe81⤵
-
\??\c:\rfpvv.exec:\rfpvv.exe82⤵
-
\??\c:\brrnrdt.exec:\brrnrdt.exe83⤵
-
\??\c:\xhdjh.exec:\xhdjh.exe84⤵
-
\??\c:\vdbvhf.exec:\vdbvhf.exe85⤵
-
\??\c:\tdhrfp.exec:\tdhrfp.exe86⤵
-
\??\c:\lvxlf.exec:\lvxlf.exe87⤵
-
\??\c:\tjhtjhv.exec:\tjhtjhv.exe88⤵
-
\??\c:\jlrfx.exec:\jlrfx.exe89⤵
-
\??\c:\xrlxlth.exec:\xrlxlth.exe90⤵
-
\??\c:\jfhlxv.exec:\jfhlxv.exe91⤵
-
\??\c:\hvbtvfb.exec:\hvbtvfb.exe92⤵
-
\??\c:\rfbjlp.exec:\rfbjlp.exe93⤵
-
\??\c:\vtrtrl.exec:\vtrtrl.exe94⤵
-
\??\c:\jthrxnj.exec:\jthrxnj.exe95⤵
-
\??\c:\xxxjxrd.exec:\xxxjxrd.exe96⤵
-
\??\c:\hlxlxlp.exec:\hlxlxlp.exe97⤵
-
\??\c:\pjrhrbl.exec:\pjrhrbl.exe98⤵
-
\??\c:\tjrhxnj.exec:\tjrhxnj.exe99⤵
-
\??\c:\xxlfx.exec:\xxlfx.exe100⤵
-
\??\c:\rxprx.exec:\rxprx.exe101⤵
-
\??\c:\fpvjrbt.exec:\fpvjrbt.exe102⤵
-
\??\c:\ddtbbh.exec:\ddtbbh.exe103⤵
-
\??\c:\htdpl.exec:\htdpl.exe104⤵
-
\??\c:\vvdxr.exec:\vvdxr.exe105⤵
-
\??\c:\xxfdnf.exec:\xxfdnf.exe106⤵
-
\??\c:\vlbbvht.exec:\vlbbvht.exe107⤵
-
\??\c:\vxdrd.exec:\vxdrd.exe108⤵
-
\??\c:\hjpjflx.exec:\hjpjflx.exe109⤵
-
\??\c:\fjtnrvh.exec:\fjtnrvh.exe110⤵
-
\??\c:\dddpj.exec:\dddpj.exe111⤵
-
\??\c:\nlnhxv.exec:\nlnhxv.exe112⤵
-
\??\c:\ddtldph.exec:\ddtldph.exe113⤵
-
\??\c:\xndrh.exec:\xndrh.exe114⤵
-
\??\c:\dpfbhhf.exec:\dpfbhhf.exe115⤵
-
\??\c:\rnvpd.exec:\rnvpd.exe116⤵
-
\??\c:\pvxfrh.exec:\pvxfrh.exe117⤵
-
\??\c:\xdplvxj.exec:\xdplvxj.exe118⤵
-
\??\c:\xhpbptp.exec:\xhpbptp.exe119⤵
-
\??\c:\rhdbjpp.exec:\rhdbjpp.exe120⤵
-
\??\c:\tddlpfp.exec:\tddlpfp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-