Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
14/05/2024, 00:10
General
-
Target
9968319a7cb0f4dcfd5999327af7391845e986aa47ffbcece3a1a442d32d8197.exe
-
Size
84KB
-
MD5
423959f9dda91641b41a383a97b05993
-
SHA1
090e84b0bcdbb763418b5e221fc3828626d6a957
-
SHA256
9968319a7cb0f4dcfd5999327af7391845e986aa47ffbcece3a1a442d32d8197
-
SHA512
7fd1351e380f9aca6a967800269b5548309a3e530154d435ba4038e7ef5d5b681cb861112e86e13d932551877cfc12c0893292fe4158b91f2567723ff4ee6d5a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73t6MlYqn+jMp99zx/K0Xt:ymb3NkkiQ3mdBjFo73tvn+Yp99zx
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
UPX dump on OEP (original entry point) 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9968319a7cb0f4dcfd5999327af7391845e986aa47ffbcece3a1a442d32d8197.exe"C:\Users\Admin\AppData\Local\Temp\9968319a7cb0f4dcfd5999327af7391845e986aa47ffbcece3a1a442d32d8197.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxrlr.exec:\xffxrlr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfrxf.exec:\fxrfrxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbttt.exec:\ttbttt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlxxx.exec:\lrrlxxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ddjd.exec:\3ddjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrflrf.exec:\5rrflrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjj.exec:\dvvjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjp.exec:\pppjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddd.exec:\ddddd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrrxll.exec:\3lrrxll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbtht.exec:\ntbtht.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffffx.exec:\llffffx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbbn.exec:\bnbbbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpvj.exec:\9vpvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnthhb.exec:\bnthhb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjv.exec:\ddpjv.exe17⤵
- Executes dropped EXE
-
\??\c:\rxxffrf.exec:\rxxffrf.exe18⤵
- Executes dropped EXE
-
\??\c:\tntthh.exec:\tntthh.exe19⤵
- Executes dropped EXE
-
\??\c:\5dddd.exec:\5dddd.exe20⤵
- Executes dropped EXE
-
\??\c:\1xfflxr.exec:\1xfflxr.exe21⤵
- Executes dropped EXE
-
\??\c:\3pjvj.exec:\3pjvj.exe22⤵
- Executes dropped EXE
-
\??\c:\rxlrffl.exec:\rxlrffl.exe23⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe24⤵
- Executes dropped EXE
-
\??\c:\fllrrrf.exec:\fllrrrf.exe25⤵
- Executes dropped EXE
-
\??\c:\bhtntn.exec:\bhtntn.exe26⤵
- Executes dropped EXE
-
\??\c:\rlfxlxx.exec:\rlfxlxx.exe27⤵
- Executes dropped EXE
-
\??\c:\1djpj.exec:\1djpj.exe28⤵
- Executes dropped EXE
-
\??\c:\3lxrlxf.exec:\3lxrlxf.exe29⤵
- Executes dropped EXE
-
\??\c:\thbtth.exec:\thbtth.exe30⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe31⤵
- Executes dropped EXE
-
\??\c:\lrrlfxr.exec:\lrrlfxr.exe32⤵
- Executes dropped EXE
-
\??\c:\ntbbtn.exec:\ntbbtn.exe33⤵
- Executes dropped EXE
-
\??\c:\xfxrxrr.exec:\xfxrxrr.exe34⤵
-
\??\c:\ttttth.exec:\ttttth.exe35⤵
- Executes dropped EXE
-
\??\c:\1dpjp.exec:\1dpjp.exe36⤵
- Executes dropped EXE
-
\??\c:\rfrrxrx.exec:\rfrrxrx.exe37⤵
- Executes dropped EXE
-
\??\c:\btbtbn.exec:\btbtbn.exe38⤵
- Executes dropped EXE
-
\??\c:\jjvvj.exec:\jjvvj.exe39⤵
- Executes dropped EXE
-
\??\c:\rrrffxf.exec:\rrrffxf.exe40⤵
- Executes dropped EXE
-
\??\c:\hhtbtb.exec:\hhtbtb.exe41⤵
- Executes dropped EXE
-
\??\c:\pjdpd.exec:\pjdpd.exe42⤵
- Executes dropped EXE
-
\??\c:\7xlrxrx.exec:\7xlrxrx.exe43⤵
- Executes dropped EXE
-
\??\c:\bbbhnt.exec:\bbbhnt.exe44⤵
- Executes dropped EXE
-
\??\c:\1pjvj.exec:\1pjvj.exe45⤵
- Executes dropped EXE
-
\??\c:\fxrrfff.exec:\fxrrfff.exe46⤵
- Executes dropped EXE
-
\??\c:\nbbhnn.exec:\nbbhnn.exe47⤵
- Executes dropped EXE
-
\??\c:\dvvdd.exec:\dvvdd.exe48⤵
- Executes dropped EXE
-
\??\c:\lrlfxrl.exec:\lrlfxrl.exe49⤵
- Executes dropped EXE
-
\??\c:\bbnbbn.exec:\bbnbbn.exe50⤵
- Executes dropped EXE
-
\??\c:\jpjjp.exec:\jpjjp.exe51⤵
- Executes dropped EXE
-
\??\c:\rrfflrf.exec:\rrfflrf.exe52⤵
- Executes dropped EXE
-
\??\c:\rrrlxlf.exec:\rrrlxlf.exe53⤵
- Executes dropped EXE
-
\??\c:\9bhbbb.exec:\9bhbbb.exe54⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe55⤵
- Executes dropped EXE
-
\??\c:\lrlfflf.exec:\lrlfflf.exe56⤵
- Executes dropped EXE
-
\??\c:\nnhtnt.exec:\nnhtnt.exe57⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe58⤵
- Executes dropped EXE
-
\??\c:\xrfflxf.exec:\xrfflxf.exe59⤵
- Executes dropped EXE
-
\??\c:\5thbtb.exec:\5thbtb.exe60⤵
- Executes dropped EXE
-
\??\c:\pddpj.exec:\pddpj.exe61⤵
- Executes dropped EXE
-
\??\c:\lxlfllr.exec:\lxlfllr.exe62⤵
- Executes dropped EXE
-
\??\c:\bhnbbt.exec:\bhnbbt.exe63⤵
- Executes dropped EXE
-
\??\c:\pvddj.exec:\pvddj.exe64⤵
- Executes dropped EXE
-
\??\c:\lxlllrf.exec:\lxlllrf.exe65⤵
- Executes dropped EXE
-
\??\c:\llxfrxl.exec:\llxfrxl.exe66⤵
- Executes dropped EXE
-
\??\c:\tbhnnn.exec:\tbhnnn.exe67⤵
-
\??\c:\llrlfrl.exec:\llrlfrl.exe68⤵
-
\??\c:\ttbtbn.exec:\ttbtbn.exe69⤵
-
\??\c:\1tnnbn.exec:\1tnnbn.exe70⤵
-
\??\c:\1pjjj.exec:\1pjjj.exe71⤵
-
\??\c:\lfxxflx.exec:\lfxxflx.exe72⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe73⤵
-
\??\c:\1jdvj.exec:\1jdvj.exe74⤵
-
\??\c:\3rrrfrf.exec:\3rrrfrf.exe75⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe76⤵
-
\??\c:\tnhbhh.exec:\tnhbhh.exe77⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe78⤵
-
\??\c:\fxfxxff.exec:\fxfxxff.exe79⤵
-
\??\c:\hthhbh.exec:\hthhbh.exe80⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe81⤵
-
\??\c:\3xfxlxx.exec:\3xfxlxx.exe82⤵
-
\??\c:\bthntb.exec:\bthntb.exe83⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe84⤵
-
\??\c:\xrxxxfx.exec:\xrxxxfx.exe85⤵
-
\??\c:\bnttbb.exec:\bnttbb.exe86⤵
-
\??\c:\vvdjp.exec:\vvdjp.exe87⤵
-
\??\c:\5lxffll.exec:\5lxffll.exe88⤵
-
\??\c:\3xlrfrr.exec:\3xlrfrr.exe89⤵
-
\??\c:\btthhh.exec:\btthhh.exe90⤵
-
\??\c:\vdddd.exec:\vdddd.exe91⤵
-
\??\c:\1fxfrfx.exec:\1fxfrfx.exe92⤵
-
\??\c:\hhhhbh.exec:\hhhhbh.exe93⤵
-
\??\c:\7jdvp.exec:\7jdvp.exe94⤵
-
\??\c:\dpjvj.exec:\dpjvj.exe95⤵
-
\??\c:\xrxxfxf.exec:\xrxxfxf.exe96⤵
-
\??\c:\nthntt.exec:\nthntt.exe97⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe98⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe99⤵
-
\??\c:\bnnhnh.exec:\bnnhnh.exe100⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe101⤵
-
\??\c:\llflflf.exec:\llflflf.exe102⤵
-
\??\c:\pvvjj.exec:\pvvjj.exe103⤵
-
\??\c:\xrlfxxf.exec:\xrlfxxf.exe104⤵
-
\??\c:\httbhb.exec:\httbhb.exe105⤵
-
\??\c:\ppppd.exec:\ppppd.exe106⤵
-
\??\c:\lrfrfxr.exec:\lrfrfxr.exe107⤵
-
\??\c:\nbtbnt.exec:\nbtbnt.exe108⤵
-
\??\c:\vdvpv.exec:\vdvpv.exe109⤵
-
\??\c:\rfrlrfx.exec:\rfrlrfx.exe110⤵
-
\??\c:\1lxxffx.exec:\1lxxffx.exe111⤵
-
\??\c:\9ppvj.exec:\9ppvj.exe112⤵
-
\??\c:\djvvd.exec:\djvvd.exe113⤵
-
\??\c:\lllfrxf.exec:\lllfrxf.exe114⤵
-
\??\c:\btnbhn.exec:\btnbhn.exe115⤵
-
\??\c:\djpjp.exec:\djpjp.exe116⤵
-
\??\c:\flrlxff.exec:\flrlxff.exe117⤵
-
\??\c:\9nnbnt.exec:\9nnbnt.exe118⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe119⤵
-
\??\c:\xflrllf.exec:\xflrllf.exe120⤵
-
\??\c:\xfrrlff.exec:\xfrrlff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-