Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
13/05/2024, 18:07
General
-
Target
019c23e895fb69020ea6e5589a91d052e76a2c03c77ce9c838ec75e7846f8f31.exe
-
Size
335KB
-
MD5
b765d95bee1ac2a7b853cadfcbca8518
-
SHA1
edeede86753f5a2d33360281c9d10ced1b8ed163
-
SHA256
019c23e895fb69020ea6e5589a91d052e76a2c03c77ce9c838ec75e7846f8f31
-
SHA512
4e8686faf4fef7605e52b8ebe6a55ac7799fc6244a0b78f61e7571717805da3ebd639d9bb6f625b2112a98b17f612954ab0e283e4509a28cf7fe0f9daf4a2cb6
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LCgnilBxBqwZK2q6sYTsmZDSFdBE0rXE4eftYDH8:n3C9BRo/CEilXBG2qZSlSFdBXExtYDH8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
UPX dump on OEP (original entry point) 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\019c23e895fb69020ea6e5589a91d052e76a2c03c77ce9c838ec75e7846f8f31.exe"C:\Users\Admin\AppData\Local\Temp\019c23e895fb69020ea6e5589a91d052e76a2c03c77ce9c838ec75e7846f8f31.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frllxfl.exec:\frllxfl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjv.exec:\jvjjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxrxl.exec:\xxxxrxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhtt.exec:\bbbhtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvd.exec:\dvpvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3btnbh.exec:\3btnbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjpd.exec:\jpjpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrxfr.exec:\xlfrxfr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhtbt.exec:\tnhtbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjjp.exec:\3vjjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnntb.exec:\btnntb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvdj.exec:\vjvdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxffr.exec:\xlxxffr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thttbh.exec:\thttbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjjj.exec:\7vjjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbhbh.exec:\1hbhbh.exe17⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe18⤵
- Executes dropped EXE
-
\??\c:\1lffrrx.exec:\1lffrrx.exe19⤵
- Executes dropped EXE
-
\??\c:\hbttbb.exec:\hbttbb.exe20⤵
- Executes dropped EXE
-
\??\c:\pjpvp.exec:\pjpvp.exe21⤵
- Executes dropped EXE
-
\??\c:\fxlfffl.exec:\fxlfffl.exe22⤵
- Executes dropped EXE
-
\??\c:\btnhhb.exec:\btnhhb.exe23⤵
- Executes dropped EXE
-
\??\c:\rlffrxf.exec:\rlffrxf.exe24⤵
- Executes dropped EXE
-
\??\c:\xflrxxx.exec:\xflrxxx.exe25⤵
- Executes dropped EXE
-
\??\c:\vjjjp.exec:\vjjjp.exe26⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe27⤵
- Executes dropped EXE
-
\??\c:\7nbbnn.exec:\7nbbnn.exe28⤵
- Executes dropped EXE
-
\??\c:\pjdpv.exec:\pjdpv.exe29⤵
- Executes dropped EXE
-
\??\c:\xlffrrf.exec:\xlffrrf.exe30⤵
- Executes dropped EXE
-
\??\c:\tthhtt.exec:\tthhtt.exe31⤵
- Executes dropped EXE
-
\??\c:\fxflrrf.exec:\fxflrrf.exe32⤵
- Executes dropped EXE
-
\??\c:\hbhhtb.exec:\hbhhtb.exe33⤵
- Executes dropped EXE
-
\??\c:\dvvvj.exec:\dvvvj.exe34⤵
- Executes dropped EXE
-
\??\c:\frllrrf.exec:\frllrrf.exe35⤵
- Executes dropped EXE
-
\??\c:\3lxlrrf.exec:\3lxlrrf.exe36⤵
- Executes dropped EXE
-
\??\c:\nhntbb.exec:\nhntbb.exe37⤵
- Executes dropped EXE
-
\??\c:\7jppv.exec:\7jppv.exe38⤵
- Executes dropped EXE
-
\??\c:\rfrxfxf.exec:\rfrxfxf.exe39⤵
- Executes dropped EXE
-
\??\c:\rxrrxxl.exec:\rxrrxxl.exe40⤵
- Executes dropped EXE
-
\??\c:\9tntnn.exec:\9tntnn.exe41⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe42⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe43⤵
- Executes dropped EXE
-
\??\c:\xfxlxlr.exec:\xfxlxlr.exe44⤵
- Executes dropped EXE
-
\??\c:\9bbbnh.exec:\9bbbnh.exe45⤵
- Executes dropped EXE
-
\??\c:\1hbbbb.exec:\1hbbbb.exe46⤵
- Executes dropped EXE
-
\??\c:\jvjpp.exec:\jvjpp.exe47⤵
- Executes dropped EXE
-
\??\c:\xlxfxxl.exec:\xlxfxxl.exe48⤵
- Executes dropped EXE
-
\??\c:\frffllx.exec:\frffllx.exe49⤵
- Executes dropped EXE
-
\??\c:\tnthhh.exec:\tnthhh.exe50⤵
- Executes dropped EXE
-
\??\c:\bnbnbh.exec:\bnbnbh.exe51⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe52⤵
- Executes dropped EXE
-
\??\c:\1pvvp.exec:\1pvvp.exe53⤵
- Executes dropped EXE
-
\??\c:\rfxrrrf.exec:\rfxrrrf.exe54⤵
- Executes dropped EXE
-
\??\c:\bnbbhh.exec:\bnbbhh.exe55⤵
- Executes dropped EXE
-
\??\c:\3bbbtt.exec:\3bbbtt.exe56⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe57⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe58⤵
- Executes dropped EXE
-
\??\c:\fxflrlx.exec:\fxflrlx.exe59⤵
- Executes dropped EXE
-
\??\c:\nnbhtb.exec:\nnbhtb.exe60⤵
- Executes dropped EXE
-
\??\c:\3nbbtt.exec:\3nbbtt.exe61⤵
- Executes dropped EXE
-
\??\c:\1vjjj.exec:\1vjjj.exe62⤵
- Executes dropped EXE
-
\??\c:\9jddj.exec:\9jddj.exe63⤵
- Executes dropped EXE
-
\??\c:\fxrrxrf.exec:\fxrrxrf.exe64⤵
- Executes dropped EXE
-
\??\c:\btthnn.exec:\btthnn.exe65⤵
- Executes dropped EXE
-
\??\c:\nnbhbb.exec:\nnbhbb.exe66⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe67⤵
-
\??\c:\7lrrrlx.exec:\7lrrrlx.exe68⤵
-
\??\c:\7xrrxxf.exec:\7xrrxxf.exe69⤵
-
\??\c:\btnntb.exec:\btnntb.exe70⤵
-
\??\c:\7jpjv.exec:\7jpjv.exe71⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe72⤵
-
\??\c:\3fxfllr.exec:\3fxfllr.exe73⤵
-
\??\c:\xxxfllr.exec:\xxxfllr.exe74⤵
-
\??\c:\hhtbhh.exec:\hhtbhh.exe75⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe76⤵
-
\??\c:\1pdjp.exec:\1pdjp.exe77⤵
-
\??\c:\9frxfxf.exec:\9frxfxf.exe78⤵
-
\??\c:\frfflfr.exec:\frfflfr.exe79⤵
-
\??\c:\3bbnhh.exec:\3bbnhh.exe80⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe81⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe82⤵
-
\??\c:\fxffrrf.exec:\fxffrrf.exe83⤵
-
\??\c:\rlrlfff.exec:\rlrlfff.exe84⤵
-
\??\c:\bhbbbb.exec:\bhbbbb.exe85⤵
-
\??\c:\hthhnn.exec:\hthhnn.exe86⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe87⤵
-
\??\c:\xxrxlfr.exec:\xxrxlfr.exe88⤵
-
\??\c:\fxllrrx.exec:\fxllrrx.exe89⤵
-
\??\c:\bhbbhn.exec:\bhbbhn.exe90⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe91⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe92⤵
-
\??\c:\xrxxffx.exec:\xrxxffx.exe93⤵
-
\??\c:\lxxfxfr.exec:\lxxfxfr.exe94⤵
-
\??\c:\ttnbnt.exec:\ttnbnt.exe95⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe96⤵
-
\??\c:\3pdjv.exec:\3pdjv.exe97⤵
-
\??\c:\xrffxlx.exec:\xrffxlx.exe98⤵
-
\??\c:\rrlrrxl.exec:\rrlrrxl.exe99⤵
-
\??\c:\nnbhnt.exec:\nnbhnt.exe100⤵
-
\??\c:\5dpdj.exec:\5dpdj.exe101⤵
-
\??\c:\3vdjp.exec:\3vdjp.exe102⤵
-
\??\c:\xlxfrrx.exec:\xlxfrrx.exe103⤵
-
\??\c:\rllrlrx.exec:\rllrlrx.exe104⤵
-
\??\c:\tbnnbh.exec:\tbnnbh.exe105⤵
-
\??\c:\3jjvd.exec:\3jjvd.exe106⤵
-
\??\c:\5vpdd.exec:\5vpdd.exe107⤵
-
\??\c:\7rflrrf.exec:\7rflrrf.exe108⤵
-
\??\c:\xrfflrx.exec:\xrfflrx.exe109⤵
-
\??\c:\hnhntt.exec:\hnhntt.exe110⤵
-
\??\c:\dpddp.exec:\dpddp.exe111⤵
-
\??\c:\ddppv.exec:\ddppv.exe112⤵
-
\??\c:\frflrrx.exec:\frflrrx.exe113⤵
-
\??\c:\btttbb.exec:\btttbb.exe114⤵
-
\??\c:\hbnbtb.exec:\hbnbtb.exe115⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe116⤵
-
\??\c:\jddpv.exec:\jddpv.exe117⤵
-
\??\c:\9ffxxfr.exec:\9ffxxfr.exe118⤵
-
\??\c:\rfllllf.exec:\rfllllf.exe119⤵
-
\??\c:\hbtbnt.exec:\hbtbnt.exe120⤵
-
\??\c:\dvddj.exec:\dvddj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-