Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
09/05/2024, 18:17 UTC
General
-
Target
05789da5965c484a02a5d283552a78287a01ef77a88d98a22b839007c1c2dd5b.exe
-
Size
78KB
-
MD5
239664c882dfbf196dc75cd713388e98
-
SHA1
80b4e49292269a2722ddf6c186137124bc98d271
-
SHA256
05789da5965c484a02a5d283552a78287a01ef77a88d98a22b839007c1c2dd5b
-
SHA512
4411b92b44c5f57c26dcf19e90f89ebfb729bf5736863747000a5ef59759425ea13609f4bdab10ff26e6c6286f0bf867a157e601117dd6a80411add1ddeae1b0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgUVyiAnmUc7kJEsyP:ymb3NkkiQ3mdBjFIgUEXc7kJEFP
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
UPX dump on OEP (original entry point) 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\05789da5965c484a02a5d283552a78287a01ef77a88d98a22b839007c1c2dd5b.exe"C:\Users\Admin\AppData\Local\Temp\05789da5965c484a02a5d283552a78287a01ef77a88d98a22b839007c1c2dd5b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbnbb.exec:\nnbnbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lfrxff.exec:\1lfrxff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbb.exec:\nhttbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxfrxl.exec:\1lxfrxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthth.exec:\hhthth.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbntt.exec:\btbntt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpd.exec:\ppjpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrlxf.exec:\xxrrlxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lfxrff.exec:\7lfxrff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhtbn.exec:\tnhtbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppdd.exec:\1ppdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxflrx.exec:\7lxflrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btbnt.exec:\9btbnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbhtt.exec:\hnbhtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjp.exec:\pppjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrrxxl.exec:\7lrrxxl.exe17⤵
- Executes dropped EXE
-
\??\c:\3hhtnb.exec:\3hhtnb.exe18⤵
- Executes dropped EXE
-
\??\c:\nbbhnt.exec:\nbbhnt.exe19⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe20⤵
- Executes dropped EXE
-
\??\c:\fllffrr.exec:\fllffrr.exe21⤵
- Executes dropped EXE
-
\??\c:\hhhtbh.exec:\hhhtbh.exe22⤵
- Executes dropped EXE
-
\??\c:\nnbnth.exec:\nnbnth.exe23⤵
- Executes dropped EXE
-
\??\c:\9vvvd.exec:\9vvvd.exe24⤵
- Executes dropped EXE
-
\??\c:\xrflrrf.exec:\xrflrrf.exe25⤵
- Executes dropped EXE
-
\??\c:\thbtbb.exec:\thbtbb.exe26⤵
- Executes dropped EXE
-
\??\c:\htthnb.exec:\htthnb.exe27⤵
- Executes dropped EXE
-
\??\c:\dvvdj.exec:\dvvdj.exe28⤵
- Executes dropped EXE
-
\??\c:\lxllxxl.exec:\lxllxxl.exe29⤵
- Executes dropped EXE
-
\??\c:\tbbnhn.exec:\tbbnhn.exe30⤵
- Executes dropped EXE
-
\??\c:\3jpdv.exec:\3jpdv.exe31⤵
- Executes dropped EXE
-
\??\c:\7vdjj.exec:\7vdjj.exe32⤵
- Executes dropped EXE
-
\??\c:\fffxxlf.exec:\fffxxlf.exe33⤵
- Executes dropped EXE
-
\??\c:\nhtthn.exec:\nhtthn.exe34⤵
- Executes dropped EXE
-
\??\c:\1jvjj.exec:\1jvjj.exe35⤵
- Executes dropped EXE
-
\??\c:\dpvdj.exec:\dpvdj.exe36⤵
- Executes dropped EXE
-
\??\c:\5lffxll.exec:\5lffxll.exe37⤵
- Executes dropped EXE
-
\??\c:\bththb.exec:\bththb.exe38⤵
- Executes dropped EXE
-
\??\c:\btnntb.exec:\btnntb.exe39⤵
- Executes dropped EXE
-
\??\c:\hbntnt.exec:\hbntnt.exe40⤵
- Executes dropped EXE
-
\??\c:\ppppv.exec:\ppppv.exe41⤵
- Executes dropped EXE
-
\??\c:\vjpvj.exec:\vjpvj.exe42⤵
- Executes dropped EXE
-
\??\c:\rllxflx.exec:\rllxflx.exe43⤵
- Executes dropped EXE
-
\??\c:\bbnnbn.exec:\bbnnbn.exe44⤵
- Executes dropped EXE
-
\??\c:\nhttnn.exec:\nhttnn.exe45⤵
- Executes dropped EXE
-
\??\c:\ppjpd.exec:\ppjpd.exe46⤵
- Executes dropped EXE
-
\??\c:\pvpvd.exec:\pvpvd.exe47⤵
- Executes dropped EXE
-
\??\c:\fflflrr.exec:\fflflrr.exe48⤵
- Executes dropped EXE
-
\??\c:\xrxfxxf.exec:\xrxfxxf.exe49⤵
- Executes dropped EXE
-
\??\c:\9nnttn.exec:\9nnttn.exe50⤵
- Executes dropped EXE
-
\??\c:\ntbttb.exec:\ntbttb.exe51⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe52⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe53⤵
- Executes dropped EXE
-
\??\c:\rlrrffx.exec:\rlrrffx.exe54⤵
- Executes dropped EXE
-
\??\c:\fxrrxxl.exec:\fxrrxxl.exe55⤵
- Executes dropped EXE
-
\??\c:\thbbhn.exec:\thbbhn.exe56⤵
- Executes dropped EXE
-
\??\c:\bnnbtt.exec:\bnnbtt.exe57⤵
- Executes dropped EXE
-
\??\c:\5pjjv.exec:\5pjjv.exe58⤵
- Executes dropped EXE
-
\??\c:\jvpvp.exec:\jvpvp.exe59⤵
- Executes dropped EXE
-
\??\c:\xlxrrlf.exec:\xlxrrlf.exe60⤵
- Executes dropped EXE
-
\??\c:\lxfflll.exec:\lxfflll.exe61⤵
- Executes dropped EXE
-
\??\c:\tnhhhb.exec:\tnhhhb.exe62⤵
- Executes dropped EXE
-
\??\c:\dpjpv.exec:\dpjpv.exe63⤵
- Executes dropped EXE
-
\??\c:\dvjvp.exec:\dvjvp.exe64⤵
- Executes dropped EXE
-
\??\c:\lrlrxxx.exec:\lrlrxxx.exe65⤵
- Executes dropped EXE
-
\??\c:\lrfxxrx.exec:\lrfxxrx.exe66⤵
-
\??\c:\tnhbnb.exec:\tnhbnb.exe67⤵
-
\??\c:\9ttnnn.exec:\9ttnnn.exe68⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe69⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe70⤵
-
\??\c:\ffxfrxf.exec:\ffxfrxf.exe71⤵
-
\??\c:\btttbn.exec:\btttbn.exe72⤵
-
\??\c:\nnnhht.exec:\nnnhht.exe73⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe74⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe75⤵
-
\??\c:\lrrrfxl.exec:\lrrrfxl.exe76⤵
-
\??\c:\7tnbbn.exec:\7tnbbn.exe77⤵
-
\??\c:\nnhtbn.exec:\nnhtbn.exe78⤵
-
\??\c:\ppppj.exec:\ppppj.exe79⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe80⤵
-
\??\c:\3fxlxfl.exec:\3fxlxfl.exe81⤵
-
\??\c:\fxxrxfx.exec:\fxxrxfx.exe82⤵
-
\??\c:\5thbnb.exec:\5thbnb.exe83⤵
-
\??\c:\bbthth.exec:\bbthth.exe84⤵
-
\??\c:\5dpdd.exec:\5dpdd.exe85⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe86⤵
-
\??\c:\3xxrffr.exec:\3xxrffr.exe87⤵
-
\??\c:\7tbnnb.exec:\7tbnnb.exe88⤵
-
\??\c:\bnthbh.exec:\bnthbh.exe89⤵
-
\??\c:\1pvjd.exec:\1pvjd.exe90⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe91⤵
-
\??\c:\lrrxrfx.exec:\lrrxrfx.exe92⤵
-
\??\c:\flrffrf.exec:\flrffrf.exe93⤵
-
\??\c:\bthnbb.exec:\bthnbb.exe94⤵
-
\??\c:\ntthhn.exec:\ntthhn.exe95⤵
-
\??\c:\ddppd.exec:\ddppd.exe96⤵
-
\??\c:\7dvvd.exec:\7dvvd.exe97⤵
-
\??\c:\1fxlflr.exec:\1fxlflr.exe98⤵
-
\??\c:\fxllxfr.exec:\fxllxfr.exe99⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe100⤵
-
\??\c:\1tbbhn.exec:\1tbbhn.exe101⤵
-
\??\c:\3jpvd.exec:\3jpvd.exe102⤵
-
\??\c:\5jdjd.exec:\5jdjd.exe103⤵
-
\??\c:\xlllfxr.exec:\xlllfxr.exe104⤵
-
\??\c:\5rrlrrl.exec:\5rrlrrl.exe105⤵
-
\??\c:\3nhhnn.exec:\3nhhnn.exe106⤵
-
\??\c:\ddjvj.exec:\ddjvj.exe107⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe108⤵
-
\??\c:\flrllxf.exec:\flrllxf.exe109⤵
-
\??\c:\nnhnnt.exec:\nnhnnt.exe110⤵
-
\??\c:\bthntt.exec:\bthntt.exe111⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe112⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe113⤵
-
\??\c:\fxrrxfx.exec:\fxrrxfx.exe114⤵
-
\??\c:\5tthbb.exec:\5tthbb.exe115⤵
-
\??\c:\3nnbnt.exec:\3nnbnt.exe116⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe117⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe118⤵
-
\??\c:\xrfrxrx.exec:\xrfrxrx.exe119⤵
-
\??\c:\rlxfrrf.exec:\rlxfrrf.exe120⤵
-
\??\c:\hhbnbh.exec:\hhbnbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-