Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
09/05/2024, 21:04
General
-
Target
462d1e637a22fe5999b11eeee8a1967ff0b6681f16d5b5e49bfca89502352f93.exe
-
Size
66KB
-
MD5
a55eb07619918ae5d33b80a48e378d92
-
SHA1
1c467a58b76d727113de3f4a13809eceae87cd9b
-
SHA256
462d1e637a22fe5999b11eeee8a1967ff0b6681f16d5b5e49bfca89502352f93
-
SHA512
0628c9186efba7cd11c50c56ae6208c5f197e8a0b55eb1a86e0a5a508483da53576302a25679958783488518242b8e806edd6f83a15b7eecfbf41042977944ee
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIw:ymb3NkkiQ3mdBjFIFdJ8b2
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
UPX dump on OEP (original entry point) 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\462d1e637a22fe5999b11eeee8a1967ff0b6681f16d5b5e49bfca89502352f93.exe"C:\Users\Admin\AppData\Local\Temp\462d1e637a22fe5999b11eeee8a1967ff0b6681f16d5b5e49bfca89502352f93.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvjp.exec:\jvvjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrrrx.exec:\frlrrrx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhtt.exec:\hbhhtt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lffxlr.exec:\7lffxlr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttnt.exec:\nhttnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbtb.exec:\ttnbtb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdd.exec:\dpjdd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrffffr.exec:\lrffffr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbnb.exec:\hbnbnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhnhb.exec:\hbhnhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvv.exec:\dvpvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjj.exec:\vpjjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxffll.exec:\rlxffll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnnt.exec:\thnnnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhnn.exec:\hbhhnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdj.exec:\dvjdj.exe17⤵
- Executes dropped EXE
-
\??\c:\lxfflff.exec:\lxfflff.exe18⤵
- Executes dropped EXE
-
\??\c:\rxxffrf.exec:\rxxffrf.exe19⤵
- Executes dropped EXE
-
\??\c:\nhnnnh.exec:\nhnnnh.exe20⤵
- Executes dropped EXE
-
\??\c:\bntbhh.exec:\bntbhh.exe21⤵
- Executes dropped EXE
-
\??\c:\5vpvd.exec:\5vpvd.exe22⤵
- Executes dropped EXE
-
\??\c:\frfrxxr.exec:\frfrxxr.exe23⤵
- Executes dropped EXE
-
\??\c:\5xfxlxf.exec:\5xfxlxf.exe24⤵
- Executes dropped EXE
-
\??\c:\3ntttb.exec:\3ntttb.exe25⤵
- Executes dropped EXE
-
\??\c:\bttthb.exec:\bttthb.exe26⤵
- Executes dropped EXE
-
\??\c:\dvvdv.exec:\dvvdv.exe27⤵
- Executes dropped EXE
-
\??\c:\fxlfffl.exec:\fxlfffl.exe28⤵
- Executes dropped EXE
-
\??\c:\lxxlfrf.exec:\lxxlfrf.exe29⤵
- Executes dropped EXE
-
\??\c:\bhbbht.exec:\bhbbht.exe30⤵
- Executes dropped EXE
-
\??\c:\thbtnn.exec:\thbtnn.exe31⤵
- Executes dropped EXE
-
\??\c:\jvddp.exec:\jvddp.exe32⤵
- Executes dropped EXE
-
\??\c:\flrffrl.exec:\flrffrl.exe33⤵
- Executes dropped EXE
-
\??\c:\xfrflrf.exec:\xfrflrf.exe34⤵
- Executes dropped EXE
-
\??\c:\ttntnb.exec:\ttntnb.exe35⤵
- Executes dropped EXE
-
\??\c:\bnhhhh.exec:\bnhhhh.exe36⤵
- Executes dropped EXE
-
\??\c:\pjdpv.exec:\pjdpv.exe37⤵
- Executes dropped EXE
-
\??\c:\7vjdd.exec:\7vjdd.exe38⤵
- Executes dropped EXE
-
\??\c:\xlflxlr.exec:\xlflxlr.exe39⤵
- Executes dropped EXE
-
\??\c:\frfxfxx.exec:\frfxfxx.exe40⤵
- Executes dropped EXE
-
\??\c:\ntttbt.exec:\ntttbt.exe41⤵
- Executes dropped EXE
-
\??\c:\1nbhhh.exec:\1nbhhh.exe42⤵
- Executes dropped EXE
-
\??\c:\nbtnnh.exec:\nbtnnh.exe43⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe44⤵
- Executes dropped EXE
-
\??\c:\9pvpj.exec:\9pvpj.exe45⤵
- Executes dropped EXE
-
\??\c:\rflxxrx.exec:\rflxxrx.exe46⤵
- Executes dropped EXE
-
\??\c:\9flrxll.exec:\9flrxll.exe47⤵
- Executes dropped EXE
-
\??\c:\3htnbn.exec:\3htnbn.exe48⤵
- Executes dropped EXE
-
\??\c:\htbttb.exec:\htbttb.exe49⤵
- Executes dropped EXE
-
\??\c:\7vjjp.exec:\7vjjp.exe50⤵
- Executes dropped EXE
-
\??\c:\3jppv.exec:\3jppv.exe51⤵
- Executes dropped EXE
-
\??\c:\5xrrrrr.exec:\5xrrrrr.exe52⤵
- Executes dropped EXE
-
\??\c:\lrlflrl.exec:\lrlflrl.exe53⤵
- Executes dropped EXE
-
\??\c:\bbbnnt.exec:\bbbnnt.exe54⤵
- Executes dropped EXE
-
\??\c:\htbhbb.exec:\htbhbb.exe55⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe56⤵
- Executes dropped EXE
-
\??\c:\9pvpp.exec:\9pvpp.exe57⤵
- Executes dropped EXE
-
\??\c:\lffxxlx.exec:\lffxxlx.exe58⤵
- Executes dropped EXE
-
\??\c:\rffxlrx.exec:\rffxlrx.exe59⤵
- Executes dropped EXE
-
\??\c:\9rxllfx.exec:\9rxllfx.exe60⤵
- Executes dropped EXE
-
\??\c:\bnttbb.exec:\bnttbb.exe61⤵
- Executes dropped EXE
-
\??\c:\ththbb.exec:\ththbb.exe62⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe63⤵
- Executes dropped EXE
-
\??\c:\9pvvp.exec:\9pvvp.exe64⤵
- Executes dropped EXE
-
\??\c:\tbnhhb.exec:\tbnhhb.exe65⤵
- Executes dropped EXE
-
\??\c:\tnthbt.exec:\tnthbt.exe66⤵
-
\??\c:\5jdpp.exec:\5jdpp.exe67⤵
-
\??\c:\7jvdd.exec:\7jvdd.exe68⤵
-
\??\c:\7lxllfx.exec:\7lxllfx.exe69⤵
-
\??\c:\rlxflxf.exec:\rlxflxf.exe70⤵
-
\??\c:\tnhbhb.exec:\tnhbhb.exe71⤵
-
\??\c:\9hnbbb.exec:\9hnbbb.exe72⤵
-
\??\c:\jvddd.exec:\jvddd.exe73⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe74⤵
-
\??\c:\9lrlfll.exec:\9lrlfll.exe75⤵
-
\??\c:\3xlxfxf.exec:\3xlxfxf.exe76⤵
-
\??\c:\nnthtb.exec:\nnthtb.exe77⤵
-
\??\c:\5nhtbb.exec:\5nhtbb.exe78⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe79⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe80⤵
-
\??\c:\fxfllff.exec:\fxfllff.exe81⤵
-
\??\c:\lxlflll.exec:\lxlflll.exe82⤵
-
\??\c:\tbbbnb.exec:\tbbbnb.exe83⤵
-
\??\c:\9tnnhb.exec:\9tnnhb.exe84⤵
-
\??\c:\1tbbtt.exec:\1tbbtt.exe85⤵
-
\??\c:\dpppv.exec:\dpppv.exe86⤵
-
\??\c:\pdvdd.exec:\pdvdd.exe87⤵
-
\??\c:\9fxflrl.exec:\9fxflrl.exe88⤵
-
\??\c:\xrfffff.exec:\xrfffff.exe89⤵
-
\??\c:\1hbtnt.exec:\1hbtnt.exe90⤵
-
\??\c:\5ntbtt.exec:\5ntbtt.exe91⤵
-
\??\c:\7pjjp.exec:\7pjjp.exe92⤵
-
\??\c:\dvppj.exec:\dvppj.exe93⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe94⤵
-
\??\c:\fxrfllr.exec:\fxrfllr.exe95⤵
-
\??\c:\xxrxrxl.exec:\xxrxrxl.exe96⤵
-
\??\c:\bnhnnt.exec:\bnhnnt.exe97⤵
-
\??\c:\7nbnbh.exec:\7nbnbh.exe98⤵
-
\??\c:\djppv.exec:\djppv.exe99⤵
-
\??\c:\3dvdj.exec:\3dvdj.exe100⤵
-
\??\c:\7xfxlxf.exec:\7xfxlxf.exe101⤵
-
\??\c:\5fxfrxr.exec:\5fxfrxr.exe102⤵
-
\??\c:\7lxxfff.exec:\7lxxfff.exe103⤵
-
\??\c:\hhttbn.exec:\hhttbn.exe104⤵
-
\??\c:\nbbbbb.exec:\nbbbbb.exe105⤵
-
\??\c:\dppvv.exec:\dppvv.exe106⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe107⤵
-
\??\c:\rflffxl.exec:\rflffxl.exe108⤵
-
\??\c:\rfrxxll.exec:\rfrxxll.exe109⤵
-
\??\c:\1frxfff.exec:\1frxfff.exe110⤵
-
\??\c:\nbntnh.exec:\nbntnh.exe111⤵
-
\??\c:\hthntn.exec:\hthntn.exe112⤵
-
\??\c:\thhtnt.exec:\thhtnt.exe113⤵
-
\??\c:\djppp.exec:\djppp.exe114⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe115⤵
-
\??\c:\5rrllfr.exec:\5rrllfr.exe116⤵
-
\??\c:\fxflrxl.exec:\fxflrxl.exe117⤵
-
\??\c:\hthbbt.exec:\hthbbt.exe118⤵
-
\??\c:\tntbhb.exec:\tntbhb.exe119⤵
-
\??\c:\1nttnt.exec:\1nttnt.exe120⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-