Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
15/05/2024, 22:02
General
-
Target
5240072ee48d874369bfa590ac3a209e05fa3149fcce689c220c942dcc0a8c77.exe
-
Size
90KB
-
MD5
b8ab20732cfc88ac7196951f445329ed
-
SHA1
c4e7102f99daa17a707beb4b16b7ffd5d9bdbe0c
-
SHA256
5240072ee48d874369bfa590ac3a209e05fa3149fcce689c220c942dcc0a8c77
-
SHA512
177e0c8ca7b9f987bc7faf1b93865bca4ec0aa17ce6d681b9d322de49417f171181ce62480e4799f281aef9a1ace4c6b134e8a6eec1847cb45958eeb2fcd5e3e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIQIDyviFxx2hCtgIMLP9rBZaRBb:ymb3NkkiQ3mdBjFIVLd2hWZGreRCYBn
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5240072ee48d874369bfa590ac3a209e05fa3149fcce689c220c942dcc0a8c77.exe"C:\Users\Admin\AppData\Local\Temp\5240072ee48d874369bfa590ac3a209e05fa3149fcce689c220c942dcc0a8c77.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlrfx.exec:\rxrlrfx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nnntb.exec:\7nnntb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlflff.exec:\fxlflff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnttb.exec:\7hnttb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvj.exec:\vpvvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llrlrr.exec:\3llrlrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5djvv.exec:\5djvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddp.exec:\ppddp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bntht.exec:\5bntht.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbbn.exec:\nnnbbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjd.exec:\jjvjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xflrxx.exec:\7xflrxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbtb.exec:\bttbtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvvd.exec:\5dvvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlxrrx.exec:\xxlxrrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7flxxxf.exec:\7flxxxf.exe17⤵
- Executes dropped EXE
-
\??\c:\5ntnnb.exec:\5ntnnb.exe18⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe19⤵
- Executes dropped EXE
-
\??\c:\xrflflx.exec:\xrflflx.exe20⤵
- Executes dropped EXE
-
\??\c:\3rlrffx.exec:\3rlrffx.exe21⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe22⤵
- Executes dropped EXE
-
\??\c:\jjvjp.exec:\jjvjp.exe23⤵
- Executes dropped EXE
-
\??\c:\3xrrflx.exec:\3xrrflx.exe24⤵
- Executes dropped EXE
-
\??\c:\fxfxrfr.exec:\fxfxrfr.exe25⤵
- Executes dropped EXE
-
\??\c:\tbnnnb.exec:\tbnnnb.exe26⤵
- Executes dropped EXE
-
\??\c:\ppvjj.exec:\ppvjj.exe27⤵
- Executes dropped EXE
-
\??\c:\ffrflxr.exec:\ffrflxr.exe28⤵
- Executes dropped EXE
-
\??\c:\thntbh.exec:\thntbh.exe29⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe30⤵
- Executes dropped EXE
-
\??\c:\9jpjp.exec:\9jpjp.exe31⤵
- Executes dropped EXE
-
\??\c:\lfrfxlf.exec:\lfrfxlf.exe32⤵
- Executes dropped EXE
-
\??\c:\tttnbt.exec:\tttnbt.exe33⤵
- Executes dropped EXE
-
\??\c:\vppvd.exec:\vppvd.exe34⤵
- Executes dropped EXE
-
\??\c:\lxffrrx.exec:\lxffrrx.exe35⤵
- Executes dropped EXE
-
\??\c:\fffxrxr.exec:\fffxrxr.exe36⤵
- Executes dropped EXE
-
\??\c:\hbntnb.exec:\hbntnb.exe37⤵
- Executes dropped EXE
-
\??\c:\vpjjj.exec:\vpjjj.exe38⤵
- Executes dropped EXE
-
\??\c:\pdvdp.exec:\pdvdp.exe39⤵
- Executes dropped EXE
-
\??\c:\rrfrxfl.exec:\rrfrxfl.exe40⤵
- Executes dropped EXE
-
\??\c:\fflffll.exec:\fflffll.exe41⤵
- Executes dropped EXE
-
\??\c:\hbbnhh.exec:\hbbnhh.exe42⤵
- Executes dropped EXE
-
\??\c:\ppdjd.exec:\ppdjd.exe43⤵
- Executes dropped EXE
-
\??\c:\dvdjj.exec:\dvdjj.exe44⤵
- Executes dropped EXE
-
\??\c:\rlfxrfx.exec:\rlfxrfx.exe45⤵
- Executes dropped EXE
-
\??\c:\rlfrxlx.exec:\rlfrxlx.exe46⤵
- Executes dropped EXE
-
\??\c:\nhhbht.exec:\nhhbht.exe47⤵
- Executes dropped EXE
-
\??\c:\tnnhbt.exec:\tnnhbt.exe48⤵
- Executes dropped EXE
-
\??\c:\ppdvv.exec:\ppdvv.exe49⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe50⤵
- Executes dropped EXE
-
\??\c:\xxrxffr.exec:\xxrxffr.exe51⤵
- Executes dropped EXE
-
\??\c:\tnhnbh.exec:\tnhnbh.exe52⤵
- Executes dropped EXE
-
\??\c:\7tnntt.exec:\7tnntt.exe53⤵
- Executes dropped EXE
-
\??\c:\dddjv.exec:\dddjv.exe54⤵
- Executes dropped EXE
-
\??\c:\9pjjd.exec:\9pjjd.exe55⤵
- Executes dropped EXE
-
\??\c:\lfxfrfr.exec:\lfxfrfr.exe56⤵
- Executes dropped EXE
-
\??\c:\xrlflxx.exec:\xrlflxx.exe57⤵
- Executes dropped EXE
-
\??\c:\nbbtth.exec:\nbbtth.exe58⤵
- Executes dropped EXE
-
\??\c:\tnbhnn.exec:\tnbhnn.exe59⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe60⤵
- Executes dropped EXE
-
\??\c:\pjjdj.exec:\pjjdj.exe61⤵
- Executes dropped EXE
-
\??\c:\xrxxlrl.exec:\xrxxlrl.exe62⤵
- Executes dropped EXE
-
\??\c:\rxllrxr.exec:\rxllrxr.exe63⤵
- Executes dropped EXE
-
\??\c:\7bhntt.exec:\7bhntt.exe64⤵
- Executes dropped EXE
-
\??\c:\1jdjp.exec:\1jdjp.exe65⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe66⤵
-
\??\c:\rrllrrl.exec:\rrllrrl.exe67⤵
-
\??\c:\3tnbnh.exec:\3tnbnh.exe68⤵
-
\??\c:\tthtnt.exec:\tthtnt.exe69⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe70⤵
-
\??\c:\lfrrxxl.exec:\lfrrxxl.exe71⤵
-
\??\c:\5rffxxx.exec:\5rffxxx.exe72⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe73⤵
-
\??\c:\7hbhhb.exec:\7hbhhb.exe74⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe75⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe76⤵
-
\??\c:\rlrlrxl.exec:\rlrlrxl.exe77⤵
-
\??\c:\9rrlrxf.exec:\9rrlrxf.exe78⤵
-
\??\c:\3bhhtt.exec:\3bhhtt.exe79⤵
-
\??\c:\thnbbh.exec:\thnbbh.exe80⤵
-
\??\c:\djvpp.exec:\djvpp.exe81⤵
-
\??\c:\3rrlllx.exec:\3rrlllx.exe82⤵
-
\??\c:\xrllrxr.exec:\xrllrxr.exe83⤵
-
\??\c:\nnbnbb.exec:\nnbnbb.exe84⤵
-
\??\c:\bthntb.exec:\bthntb.exe85⤵
-
\??\c:\dpjpj.exec:\dpjpj.exe86⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe87⤵
-
\??\c:\1fflxfx.exec:\1fflxfx.exe88⤵
-
\??\c:\ffrxxxr.exec:\ffrxxxr.exe89⤵
-
\??\c:\1bbnth.exec:\1bbnth.exe90⤵
-
\??\c:\tnthnh.exec:\tnthnh.exe91⤵
-
\??\c:\3jdpp.exec:\3jdpp.exe92⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe93⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe94⤵
-
\??\c:\fxllllr.exec:\fxllllr.exe95⤵
-
\??\c:\nhthtt.exec:\nhthtt.exe96⤵
-
\??\c:\hhnhth.exec:\hhnhth.exe97⤵
-
\??\c:\hbbhtb.exec:\hbbhtb.exe98⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe99⤵
-
\??\c:\1rrxffr.exec:\1rrxffr.exe100⤵
-
\??\c:\fxrxfrf.exec:\fxrxfrf.exe101⤵
-
\??\c:\fxlxrlx.exec:\fxlxrlx.exe102⤵
-
\??\c:\3nbbnh.exec:\3nbbnh.exe103⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe104⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe105⤵
-
\??\c:\xffxrlf.exec:\xffxrlf.exe106⤵
-
\??\c:\1xxxrfl.exec:\1xxxrfl.exe107⤵
-
\??\c:\ttntbb.exec:\ttntbb.exe108⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe109⤵
-
\??\c:\1jddd.exec:\1jddd.exe110⤵
-
\??\c:\lfxlllf.exec:\lfxlllf.exe111⤵
-
\??\c:\rrlrffr.exec:\rrlrffr.exe112⤵
-
\??\c:\ttnbht.exec:\ttnbht.exe113⤵
-
\??\c:\hbtttb.exec:\hbtttb.exe114⤵
-
\??\c:\tththn.exec:\tththn.exe115⤵
-
\??\c:\3jvjv.exec:\3jvjv.exe116⤵
-
\??\c:\5jdjj.exec:\5jdjj.exe117⤵
-
\??\c:\xrlxffr.exec:\xrlxffr.exe118⤵
-
\??\c:\3xrrfrf.exec:\3xrrfrf.exe119⤵
-
\??\c:\1thnnn.exec:\1thnnn.exe120⤵
-
\??\c:\1ththb.exec:\1ththb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-