Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
17/05/2024, 14:17
General
-
Target
1a0e6cfcfc2f7d4a6b16379bbb9766ff.exe
-
Size
487KB
-
MD5
1a0e6cfcfc2f7d4a6b16379bbb9766ff
-
SHA1
d52c725777497a0cf55e0350b0a5509e5cb436ca
-
SHA256
d36da087aefd30d3caa165a61fd3204168d08a7f55d7afd0b53e177da1940d80
-
SHA512
0ae290c25d8a195026fb32edf2556d7e016bcbe87fa41bb08c179bfcfc21084f4f9bb90ffeaf2b40aeb80936bad5c1e0353c0fd7f2119e8a3afb6f21b0be9c63
-
SSDEEP
6144:n3C9BRo7tvnJ9oH0IRgZvjkUo7tvnJ9oH0IiVByq9CPobNVS:n3C9ytvngQjgtvngSV3CPobNVS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a0e6cfcfc2f7d4a6b16379bbb9766ff.exe"C:\Users\Admin\AppData\Local\Temp\1a0e6cfcfc2f7d4a6b16379bbb9766ff.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pppdp.exec:\pppdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflrfx.exec:\fxflrfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjpj.exec:\jpjpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrrflx.exec:\7lrrflx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvj.exec:\vpjvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlrflx.exec:\rxlrflx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvp.exec:\vvdvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxfxx.exec:\fxfxfxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jddp.exec:\3jddp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhtht.exec:\5nhtht.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrxfr.exec:\ffrrxfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnbt.exec:\nhtnbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvp.exec:\vpdvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htthhh.exec:\htthhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrxfl.exec:\rfxrxfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjj.exec:\vdpjj.exe17⤵
- Executes dropped EXE
-
\??\c:\hnnnhn.exec:\hnnnhn.exe18⤵
- Executes dropped EXE
-
\??\c:\pppdd.exec:\pppdd.exe19⤵
- Executes dropped EXE
-
\??\c:\tbbhth.exec:\tbbhth.exe20⤵
- Executes dropped EXE
-
\??\c:\dddpp.exec:\dddpp.exe21⤵
- Executes dropped EXE
-
\??\c:\fffrlxl.exec:\fffrlxl.exe22⤵
- Executes dropped EXE
-
\??\c:\hbbbht.exec:\hbbbht.exe23⤵
- Executes dropped EXE
-
\??\c:\tnnthh.exec:\tnnthh.exe24⤵
- Executes dropped EXE
-
\??\c:\ddpvv.exec:\ddpvv.exe25⤵
- Executes dropped EXE
-
\??\c:\tbthtn.exec:\tbthtn.exe26⤵
- Executes dropped EXE
-
\??\c:\fxllxxr.exec:\fxllxxr.exe27⤵
- Executes dropped EXE
-
\??\c:\5ttbnt.exec:\5ttbnt.exe28⤵
- Executes dropped EXE
-
\??\c:\dddpd.exec:\dddpd.exe29⤵
- Executes dropped EXE
-
\??\c:\bnntnh.exec:\bnntnh.exe30⤵
- Executes dropped EXE
-
\??\c:\xlxrxfx.exec:\xlxrxfx.exe31⤵
- Executes dropped EXE
-
\??\c:\tttbth.exec:\tttbth.exe32⤵
- Executes dropped EXE
-
\??\c:\7ffrfxx.exec:\7ffrfxx.exe33⤵
- Executes dropped EXE
-
\??\c:\1vvpj.exec:\1vvpj.exe34⤵
- Executes dropped EXE
-
\??\c:\flllxfl.exec:\flllxfl.exe35⤵
- Executes dropped EXE
-
\??\c:\hnnthn.exec:\hnnthn.exe36⤵
- Executes dropped EXE
-
\??\c:\nnbhth.exec:\nnbhth.exe37⤵
- Executes dropped EXE
-
\??\c:\9pjvv.exec:\9pjvv.exe38⤵
- Executes dropped EXE
-
\??\c:\frflxfl.exec:\frflxfl.exe39⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe40⤵
- Executes dropped EXE
-
\??\c:\hbttnt.exec:\hbttnt.exe41⤵
- Executes dropped EXE
-
\??\c:\dpdjv.exec:\dpdjv.exe42⤵
- Executes dropped EXE
-
\??\c:\1rrxxff.exec:\1rrxxff.exe43⤵
- Executes dropped EXE
-
\??\c:\nhbbhn.exec:\nhbbhn.exe44⤵
- Executes dropped EXE
-
\??\c:\ntbhbh.exec:\ntbhbh.exe45⤵
- Executes dropped EXE
-
\??\c:\9vvdj.exec:\9vvdj.exe46⤵
- Executes dropped EXE
-
\??\c:\xlfllll.exec:\xlfllll.exe47⤵
- Executes dropped EXE
-
\??\c:\hbthtt.exec:\hbthtt.exe48⤵
- Executes dropped EXE
-
\??\c:\7vvdp.exec:\7vvdp.exe49⤵
- Executes dropped EXE
-
\??\c:\rrxlfrl.exec:\rrxlfrl.exe50⤵
- Executes dropped EXE
-
\??\c:\5hbhnb.exec:\5hbhnb.exe51⤵
- Executes dropped EXE
-
\??\c:\9jjdj.exec:\9jjdj.exe52⤵
- Executes dropped EXE
-
\??\c:\xfxxllx.exec:\xfxxllx.exe53⤵
- Executes dropped EXE
-
\??\c:\hbtbtt.exec:\hbtbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\dpdjj.exec:\dpdjj.exe55⤵
- Executes dropped EXE
-
\??\c:\rxrllfl.exec:\rxrllfl.exe56⤵
- Executes dropped EXE
-
\??\c:\bbbnht.exec:\bbbnht.exe57⤵
- Executes dropped EXE
-
\??\c:\1ddjp.exec:\1ddjp.exe58⤵
- Executes dropped EXE
-
\??\c:\1jpdp.exec:\1jpdp.exe59⤵
- Executes dropped EXE
-
\??\c:\xfxrlxr.exec:\xfxrlxr.exe60⤵
- Executes dropped EXE
-
\??\c:\hhhnbn.exec:\hhhnbn.exe61⤵
- Executes dropped EXE
-
\??\c:\vjjdj.exec:\vjjdj.exe62⤵
- Executes dropped EXE
-
\??\c:\1fxlrfx.exec:\1fxlrfx.exe63⤵
- Executes dropped EXE
-
\??\c:\thbnhb.exec:\thbnhb.exe64⤵
- Executes dropped EXE
-
\??\c:\ppjpp.exec:\ppjpp.exe65⤵
- Executes dropped EXE
-
\??\c:\xxrxfrr.exec:\xxrxfrr.exe66⤵
-
\??\c:\hnnbnt.exec:\hnnbnt.exe67⤵
-
\??\c:\vddpd.exec:\vddpd.exe68⤵
-
\??\c:\9rrfrxl.exec:\9rrfrxl.exe69⤵
-
\??\c:\tnhttb.exec:\tnhttb.exe70⤵
-
\??\c:\nnhnbh.exec:\nnhnbh.exe71⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe72⤵
-
\??\c:\lllrxxr.exec:\lllrxxr.exe73⤵
-
\??\c:\hhhnhh.exec:\hhhnhh.exe74⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe75⤵
-
\??\c:\rlxxlrf.exec:\rlxxlrf.exe76⤵
-
\??\c:\flllxfr.exec:\flllxfr.exe77⤵
-
\??\c:\bhhnnt.exec:\bhhnnt.exe78⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe79⤵
-
\??\c:\lfxxffr.exec:\lfxxffr.exe80⤵
-
\??\c:\bbbnbh.exec:\bbbnbh.exe81⤵
-
\??\c:\9vvjd.exec:\9vvjd.exe82⤵
-
\??\c:\lxfxfrl.exec:\lxfxfrl.exe83⤵
-
\??\c:\fllxrxr.exec:\fllxrxr.exe84⤵
-
\??\c:\nnnbnb.exec:\nnnbnb.exe85⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe86⤵
-
\??\c:\3rlxrxr.exec:\3rlxrxr.exe87⤵
-
\??\c:\tbthtb.exec:\tbthtb.exe88⤵
-
\??\c:\7pdpv.exec:\7pdpv.exe89⤵
-
\??\c:\lrfrlfr.exec:\lrfrlfr.exe90⤵
-
\??\c:\thnhnb.exec:\thnhnb.exe91⤵
-
\??\c:\djpdp.exec:\djpdp.exe92⤵
-
\??\c:\7fxxffr.exec:\7fxxffr.exe93⤵
-
\??\c:\fffrxff.exec:\fffrxff.exe94⤵
-
\??\c:\3nbnnb.exec:\3nbnnb.exe95⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe96⤵
-
\??\c:\bbbtnb.exec:\bbbtnb.exe97⤵
-
\??\c:\1hbbtb.exec:\1hbbtb.exe98⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe99⤵
-
\??\c:\flfxrfr.exec:\flfxrfr.exe100⤵
-
\??\c:\flxflfx.exec:\flxflfx.exe101⤵
-
\??\c:\7thttn.exec:\7thttn.exe102⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe103⤵
-
\??\c:\llllrxl.exec:\llllrxl.exe104⤵
-
\??\c:\rllxlxl.exec:\rllxlxl.exe105⤵
-
\??\c:\hnnbbh.exec:\hnnbbh.exe106⤵
-
\??\c:\jppjv.exec:\jppjv.exe107⤵
-
\??\c:\lflfxll.exec:\lflfxll.exe108⤵
-
\??\c:\1tbbhb.exec:\1tbbhb.exe109⤵
-
\??\c:\nnhtnb.exec:\nnhtnb.exe110⤵
-
\??\c:\djjdp.exec:\djjdp.exe111⤵
-
\??\c:\flxrxlr.exec:\flxrxlr.exe112⤵
-
\??\c:\nnhhtb.exec:\nnhhtb.exe113⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe114⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe115⤵
-
\??\c:\5xrlxlf.exec:\5xrlxlf.exe116⤵
-
\??\c:\3bbhtb.exec:\3bbhtb.exe117⤵
-
\??\c:\9pjvj.exec:\9pjvj.exe118⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe119⤵
-
\??\c:\xfrfrfr.exec:\xfrfrfr.exe120⤵
-
\??\c:\5btnbn.exec:\5btnbn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-