Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
02/05/2024, 05:26
General
-
Target
f3396a7dfafb31e88a07dd13faae1b79c77fc5da38db766dbb013428160cb0ca.exe
-
Size
89KB
-
MD5
a874678270622ba291252aeed79ea092
-
SHA1
b8ecd50fcde5ef481682d7ce2a0848868815e254
-
SHA256
f3396a7dfafb31e88a07dd13faae1b79c77fc5da38db766dbb013428160cb0ca
-
SHA512
4e0e7a5ae2a1f130ecfe2a2e4597b0eb3f8a6b86e0fbf3dcf6dc90b37664a0cab4e22d7feebda64ebe58275b21f7101a741ba7717cae417491239f4f49c14ec6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1grORPfr0k890CDVxU:ymb3NkkiQ3mdBjFoLk8Pk890CDVa
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
UPX dump on OEP (original entry point) 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f3396a7dfafb31e88a07dd13faae1b79c77fc5da38db766dbb013428160cb0ca.exe"C:\Users\Admin\AppData\Local\Temp\f3396a7dfafb31e88a07dd13faae1b79c77fc5da38db766dbb013428160cb0ca.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpj.exec:\ppvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjj.exec:\jpjjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnntt.exec:\nhnntt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjd.exec:\vdpjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxlrr.exec:\lffxlrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7frxlrr.exec:\7frxlrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhhh.exec:\nbhhhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9thhbt.exec:\9thhbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjj.exec:\jjjjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vddd.exec:\5vddd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflflrf.exec:\lflflrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnntt.exec:\thnntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnnt.exec:\thnnnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdv.exec:\pjvdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrflx.exec:\rrrrflx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7frrflr.exec:\7frrflr.exe17⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe18⤵
- Executes dropped EXE
-
\??\c:\nhnthn.exec:\nhnthn.exe19⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe20⤵
- Executes dropped EXE
-
\??\c:\7pddj.exec:\7pddj.exe21⤵
- Executes dropped EXE
-
\??\c:\rflllrf.exec:\rflllrf.exe22⤵
- Executes dropped EXE
-
\??\c:\xrxfrrf.exec:\xrxfrrf.exe23⤵
- Executes dropped EXE
-
\??\c:\tnnnbb.exec:\tnnnbb.exe24⤵
- Executes dropped EXE
-
\??\c:\tnhhhh.exec:\tnhhhh.exe25⤵
- Executes dropped EXE
-
\??\c:\dvjvv.exec:\dvjvv.exe26⤵
- Executes dropped EXE
-
\??\c:\3frxlll.exec:\3frxlll.exe27⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe28⤵
- Executes dropped EXE
-
\??\c:\jpdvj.exec:\jpdvj.exe29⤵
- Executes dropped EXE
-
\??\c:\1jpjp.exec:\1jpjp.exe30⤵
- Executes dropped EXE
-
\??\c:\rflllll.exec:\rflllll.exe31⤵
- Executes dropped EXE
-
\??\c:\hthttn.exec:\hthttn.exe32⤵
- Executes dropped EXE
-
\??\c:\bnbbhh.exec:\bnbbhh.exe33⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe34⤵
- Executes dropped EXE
-
\??\c:\jvpjj.exec:\jvpjj.exe35⤵
- Executes dropped EXE
-
\??\c:\xflrlll.exec:\xflrlll.exe36⤵
- Executes dropped EXE
-
\??\c:\rfllxxx.exec:\rfllxxx.exe37⤵
- Executes dropped EXE
-
\??\c:\htbbbb.exec:\htbbbb.exe38⤵
- Executes dropped EXE
-
\??\c:\1jjjd.exec:\1jjjd.exe39⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe40⤵
- Executes dropped EXE
-
\??\c:\frlflfl.exec:\frlflfl.exe41⤵
- Executes dropped EXE
-
\??\c:\nbtbnh.exec:\nbtbnh.exe42⤵
- Executes dropped EXE
-
\??\c:\5jdpv.exec:\5jdpv.exe43⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe44⤵
- Executes dropped EXE
-
\??\c:\ffxrxxf.exec:\ffxrxxf.exe45⤵
- Executes dropped EXE
-
\??\c:\fxlrflr.exec:\fxlrflr.exe46⤵
- Executes dropped EXE
-
\??\c:\bthbnb.exec:\bthbnb.exe47⤵
- Executes dropped EXE
-
\??\c:\hntntt.exec:\hntntt.exe48⤵
- Executes dropped EXE
-
\??\c:\3ddjp.exec:\3ddjp.exe49⤵
- Executes dropped EXE
-
\??\c:\5fxlrxf.exec:\5fxlrxf.exe50⤵
- Executes dropped EXE
-
\??\c:\rrflffr.exec:\rrflffr.exe51⤵
- Executes dropped EXE
-
\??\c:\frrrlff.exec:\frrrlff.exe52⤵
- Executes dropped EXE
-
\??\c:\bththh.exec:\bththh.exe53⤵
- Executes dropped EXE
-
\??\c:\bnbttt.exec:\bnbttt.exe54⤵
- Executes dropped EXE
-
\??\c:\vpdpv.exec:\vpdpv.exe55⤵
- Executes dropped EXE
-
\??\c:\5jdvp.exec:\5jdvp.exe56⤵
- Executes dropped EXE
-
\??\c:\xxfrxrl.exec:\xxfrxrl.exe57⤵
- Executes dropped EXE
-
\??\c:\tbhnnh.exec:\tbhnnh.exe58⤵
- Executes dropped EXE
-
\??\c:\7nhthn.exec:\7nhthn.exe59⤵
- Executes dropped EXE
-
\??\c:\9nbhhh.exec:\9nbhhh.exe60⤵
- Executes dropped EXE
-
\??\c:\jjjdj.exec:\jjjdj.exe61⤵
- Executes dropped EXE
-
\??\c:\pdpdv.exec:\pdpdv.exe62⤵
- Executes dropped EXE
-
\??\c:\rlxfrrf.exec:\rlxfrrf.exe63⤵
- Executes dropped EXE
-
\??\c:\1fxfrfr.exec:\1fxfrfr.exe64⤵
- Executes dropped EXE
-
\??\c:\nhhhhb.exec:\nhhhhb.exe65⤵
- Executes dropped EXE
-
\??\c:\7nbhnn.exec:\7nbhnn.exe66⤵
-
\??\c:\3vvpd.exec:\3vvpd.exe67⤵
-
\??\c:\dpddv.exec:\dpddv.exe68⤵
-
\??\c:\5jppd.exec:\5jppd.exe69⤵
-
\??\c:\3fxlrlr.exec:\3fxlrlr.exe70⤵
-
\??\c:\frfrxfl.exec:\frfrxfl.exe71⤵
-
\??\c:\3ttttt.exec:\3ttttt.exe72⤵
-
\??\c:\bhtthh.exec:\bhtthh.exe73⤵
-
\??\c:\1htbbh.exec:\1htbbh.exe74⤵
-
\??\c:\3ddjj.exec:\3ddjj.exe75⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe76⤵
-
\??\c:\xlrlrlr.exec:\xlrlrlr.exe77⤵
-
\??\c:\xxxlrrr.exec:\xxxlrrr.exe78⤵
-
\??\c:\bttttt.exec:\bttttt.exe79⤵
-
\??\c:\9hbbbt.exec:\9hbbbt.exe80⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe81⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe82⤵
-
\??\c:\1rrfrfl.exec:\1rrfrfl.exe83⤵
-
\??\c:\flrrlfl.exec:\flrrlfl.exe84⤵
-
\??\c:\bbnhhh.exec:\bbnhhh.exe85⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe86⤵
-
\??\c:\3hntbb.exec:\3hntbb.exe87⤵
-
\??\c:\pvjvd.exec:\pvjvd.exe88⤵
-
\??\c:\dpddp.exec:\dpddp.exe89⤵
-
\??\c:\lrxrffr.exec:\lrxrffr.exe90⤵
-
\??\c:\7lfrxfx.exec:\7lfrxfx.exe91⤵
-
\??\c:\5nhntt.exec:\5nhntt.exe92⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe93⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe94⤵
-
\??\c:\vjppd.exec:\vjppd.exe95⤵
-
\??\c:\dppjv.exec:\dppjv.exe96⤵
-
\??\c:\5rxrlff.exec:\5rxrlff.exe97⤵
-
\??\c:\3llrxrf.exec:\3llrxrf.exe98⤵
-
\??\c:\hbnbnt.exec:\hbnbnt.exe99⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe100⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe101⤵
-
\??\c:\7pjpd.exec:\7pjpd.exe102⤵
-
\??\c:\llxxrxf.exec:\llxxrxf.exe103⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe104⤵
-
\??\c:\hbnnth.exec:\hbnnth.exe105⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe106⤵
-
\??\c:\vjppp.exec:\vjppp.exe107⤵
-
\??\c:\htttnn.exec:\htttnn.exe108⤵
-
\??\c:\5tbnbh.exec:\5tbnbh.exe109⤵
-
\??\c:\djdpd.exec:\djdpd.exe110⤵
-
\??\c:\7pppd.exec:\7pppd.exe111⤵
-
\??\c:\fxlllxf.exec:\fxlllxf.exe112⤵
-
\??\c:\9xrrflr.exec:\9xrrflr.exe113⤵
-
\??\c:\httttt.exec:\httttt.exe114⤵
-
\??\c:\bttbnn.exec:\bttbnn.exe115⤵
-
\??\c:\pppdv.exec:\pppdv.exe116⤵
-
\??\c:\vdddd.exec:\vdddd.exe117⤵
-
\??\c:\3flrffl.exec:\3flrffl.exe118⤵
-
\??\c:\xxxflff.exec:\xxxflff.exe119⤵
-
\??\c:\ntnbhb.exec:\ntnbhb.exe120⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-