Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
03/05/2024, 20:24
General
-
Target
354d0cd3f3749e6fbac1bc0d1bf58a8588e73d6bfb34670cea714284fda3f973.exe
-
Size
58KB
-
MD5
6d7b7eaf67d4b8f294d18165bc1036ad
-
SHA1
697c1e3ccbf398651e8964907b9aebeed3c0c873
-
SHA256
354d0cd3f3749e6fbac1bc0d1bf58a8588e73d6bfb34670cea714284fda3f973
-
SHA512
1e7df61febd0a52c141af462909c468744197ea9064581a9af52eaaf4ee36503d5687e6d958fc03505c3e36d9b4db1c35c2f9b69d1206a6e72c99e66fc3c25df
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L5:ymb3NkkiQ3mdBjFI99
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\354d0cd3f3749e6fbac1bc0d1bf58a8588e73d6bfb34670cea714284fda3f973.exe"C:\Users\Admin\AppData\Local\Temp\354d0cd3f3749e6fbac1bc0d1bf58a8588e73d6bfb34670cea714284fda3f973.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tththb.exec:\tththb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjj.exec:\dvjjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jddj.exec:\5jddj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxlfl.exec:\lfrxlfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbtt.exec:\hbnbtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvv.exec:\ppjvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvd.exec:\pjjvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxxffl.exec:\5lxxffl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhtnb.exec:\hnhtnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnnt.exec:\ttnnnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdpj.exec:\3jdpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddd.exec:\dvddd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrrrf.exec:\xxlrrrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrxfrf.exec:\7rrxfrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnthh.exec:\hbnthh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhbnt.exec:\1nhbnt.exe17⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe18⤵
- Executes dropped EXE
-
\??\c:\lfrlxfl.exec:\lfrlxfl.exe19⤵
- Executes dropped EXE
-
\??\c:\rfxxrxf.exec:\rfxxrxf.exe20⤵
- Executes dropped EXE
-
\??\c:\bbtbhn.exec:\bbtbhn.exe21⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe22⤵
- Executes dropped EXE
-
\??\c:\5pjpp.exec:\5pjpp.exe23⤵
- Executes dropped EXE
-
\??\c:\1rflrfl.exec:\1rflrfl.exe24⤵
- Executes dropped EXE
-
\??\c:\xrffrll.exec:\xrffrll.exe25⤵
- Executes dropped EXE
-
\??\c:\bthhtn.exec:\bthhtn.exe26⤵
- Executes dropped EXE
-
\??\c:\hthbnt.exec:\hthbnt.exe27⤵
- Executes dropped EXE
-
\??\c:\9ppdj.exec:\9ppdj.exe28⤵
- Executes dropped EXE
-
\??\c:\dvdvj.exec:\dvdvj.exe29⤵
- Executes dropped EXE
-
\??\c:\fxllxfr.exec:\fxllxfr.exe30⤵
- Executes dropped EXE
-
\??\c:\nhbthn.exec:\nhbthn.exe31⤵
- Executes dropped EXE
-
\??\c:\3tnnbh.exec:\3tnnbh.exe32⤵
- Executes dropped EXE
-
\??\c:\1vvjj.exec:\1vvjj.exe33⤵
- Executes dropped EXE
-
\??\c:\5frlrrx.exec:\5frlrrx.exe34⤵
- Executes dropped EXE
-
\??\c:\xfrxrxx.exec:\xfrxrxx.exe35⤵
- Executes dropped EXE
-
\??\c:\hbtbnn.exec:\hbtbnn.exe36⤵
- Executes dropped EXE
-
\??\c:\3hbbnn.exec:\3hbbnn.exe37⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe38⤵
- Executes dropped EXE
-
\??\c:\jjvdv.exec:\jjvdv.exe39⤵
- Executes dropped EXE
-
\??\c:\rfffrfr.exec:\rfffrfr.exe40⤵
- Executes dropped EXE
-
\??\c:\frfxflr.exec:\frfxflr.exe41⤵
- Executes dropped EXE
-
\??\c:\7lfrfrl.exec:\7lfrfrl.exe42⤵
- Executes dropped EXE
-
\??\c:\htnhnn.exec:\htnhnn.exe43⤵
- Executes dropped EXE
-
\??\c:\7pjvj.exec:\7pjvj.exe44⤵
- Executes dropped EXE
-
\??\c:\rffxlfl.exec:\rffxlfl.exe45⤵
- Executes dropped EXE
-
\??\c:\lflrflx.exec:\lflrflx.exe46⤵
- Executes dropped EXE
-
\??\c:\7nnnbb.exec:\7nnnbb.exe47⤵
- Executes dropped EXE
-
\??\c:\bbhnhn.exec:\bbhnhn.exe48⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe49⤵
- Executes dropped EXE
-
\??\c:\5jdjp.exec:\5jdjp.exe50⤵
- Executes dropped EXE
-
\??\c:\1lrrxxf.exec:\1lrrxxf.exe51⤵
- Executes dropped EXE
-
\??\c:\xrxrfxl.exec:\xrxrfxl.exe52⤵
- Executes dropped EXE
-
\??\c:\3hbhhh.exec:\3hbhhh.exe53⤵
- Executes dropped EXE
-
\??\c:\bhtttb.exec:\bhtttb.exe54⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe55⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe56⤵
- Executes dropped EXE
-
\??\c:\9lfrrrx.exec:\9lfrrrx.exe57⤵
- Executes dropped EXE
-
\??\c:\fxrxflr.exec:\fxrxflr.exe58⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe59⤵
- Executes dropped EXE
-
\??\c:\nnbtbb.exec:\nnbtbb.exe60⤵
- Executes dropped EXE
-
\??\c:\ddvjj.exec:\ddvjj.exe61⤵
- Executes dropped EXE
-
\??\c:\jpdvd.exec:\jpdvd.exe62⤵
- Executes dropped EXE
-
\??\c:\rfrlrxf.exec:\rfrlrxf.exe63⤵
- Executes dropped EXE
-
\??\c:\fxfxxlx.exec:\fxfxxlx.exe64⤵
- Executes dropped EXE
-
\??\c:\hbhbbb.exec:\hbhbbb.exe65⤵
- Executes dropped EXE
-
\??\c:\tnnthh.exec:\tnnthh.exe66⤵
-
\??\c:\1btbbh.exec:\1btbbh.exe67⤵
-
\??\c:\pdppv.exec:\pdppv.exe68⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe69⤵
-
\??\c:\3xlrlfl.exec:\3xlrlfl.exe70⤵
-
\??\c:\lrlllfr.exec:\lrlllfr.exe71⤵
-
\??\c:\7thttb.exec:\7thttb.exe72⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe73⤵
-
\??\c:\9pdjj.exec:\9pdjj.exe74⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe75⤵
-
\??\c:\xxllrrx.exec:\xxllrrx.exe76⤵
-
\??\c:\fxlrxxx.exec:\fxlrxxx.exe77⤵
-
\??\c:\nbhhnn.exec:\nbhhnn.exe78⤵
-
\??\c:\hthhhn.exec:\hthhhn.exe79⤵
-
\??\c:\vpddp.exec:\vpddp.exe80⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe81⤵
-
\??\c:\5lflrxx.exec:\5lflrxx.exe82⤵
-
\??\c:\5lxfffl.exec:\5lxfffl.exe83⤵
-
\??\c:\tnthtn.exec:\tnthtn.exe84⤵
-
\??\c:\bbtbnn.exec:\bbtbnn.exe85⤵
-
\??\c:\dpppj.exec:\dpppj.exe86⤵
-
\??\c:\vppvd.exec:\vppvd.exe87⤵
-
\??\c:\3jvpv.exec:\3jvpv.exe88⤵
-
\??\c:\lxflxxr.exec:\lxflxxr.exe89⤵
-
\??\c:\lflxlll.exec:\lflxlll.exe90⤵
-
\??\c:\hbnbhn.exec:\hbnbhn.exe91⤵
-
\??\c:\tnbhhh.exec:\tnbhhh.exe92⤵
-
\??\c:\1pdjj.exec:\1pdjj.exe93⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe94⤵
-
\??\c:\7fffxxx.exec:\7fffxxx.exe95⤵
-
\??\c:\fflrfxf.exec:\fflrfxf.exe96⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe97⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe98⤵
-
\??\c:\tnbtbt.exec:\tnbtbt.exe99⤵
-
\??\c:\jdppp.exec:\jdppp.exe100⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe101⤵
-
\??\c:\xlrxffr.exec:\xlrxffr.exe102⤵
-
\??\c:\fxrxlrx.exec:\fxrxlrx.exe103⤵
-
\??\c:\tbbbhb.exec:\tbbbhb.exe104⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe105⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe106⤵
-
\??\c:\1pvvd.exec:\1pvvd.exe107⤵
-
\??\c:\djvvv.exec:\djvvv.exe108⤵
-
\??\c:\fxflrrf.exec:\fxflrrf.exe109⤵
-
\??\c:\xfllrxx.exec:\xfllrxx.exe110⤵
-
\??\c:\thhhnt.exec:\thhhnt.exe111⤵
-
\??\c:\htbhhn.exec:\htbhhn.exe112⤵
-
\??\c:\hhnttt.exec:\hhnttt.exe113⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe114⤵
-
\??\c:\dvddp.exec:\dvddp.exe115⤵
-
\??\c:\xxrrrxx.exec:\xxrrrxx.exe116⤵
-
\??\c:\3fxxffr.exec:\3fxxffr.exe117⤵
-
\??\c:\frrrxxx.exec:\frrrxxx.exe118⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe119⤵
-
\??\c:\btbhtt.exec:\btbhtt.exe120⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-