Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
20/05/2024, 02:52
General
-
Target
cc73d82a1c9a8ebc2ac8abbd0ed393fa688d576cc64668064a7540e13d658fbd.exe
-
Size
57KB
-
MD5
b51bdd5df765e7dcb1055b4d8323ae4c
-
SHA1
e8df4da0bfeb0f4401d1cc4489378192b0be4f0d
-
SHA256
cc73d82a1c9a8ebc2ac8abbd0ed393fa688d576cc64668064a7540e13d658fbd
-
SHA512
e832b20d9325a545338f46b0b1047448386e288978d47329abb7bb3c983e5fa2302cc0bc090738fe3f8c76284666fc2465e2da7067d64137ab582f4f60665c01
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuSwFaEt:ymb3NkkiQ3mdBjFIvIFaEt
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
UPX dump on OEP (original entry point) 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 19 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc73d82a1c9a8ebc2ac8abbd0ed393fa688d576cc64668064a7540e13d658fbd.exe"C:\Users\Admin\AppData\Local\Temp\cc73d82a1c9a8ebc2ac8abbd0ed393fa688d576cc64668064a7540e13d658fbd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5pdjj.exec:\5pdjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lfflrf.exec:\5lfflrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtnnb.exec:\bhtnnb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvpv.exec:\7vvpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxrfr.exec:\xxrxrfr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhnh.exec:\ttnhnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvv.exec:\vvvvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvd.exec:\ddvvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfllrx.exec:\rlfllrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtthn.exec:\nbtthn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhthh.exec:\tnhthh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dpvv.exec:\1dpvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlflrxf.exec:\xlflrxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfrrfl.exec:\flfrrfl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbtb.exec:\nntbtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnbn.exec:\tnhnbn.exe17⤵
- Executes dropped EXE
-
\??\c:\pppdj.exec:\pppdj.exe18⤵
- Executes dropped EXE
-
\??\c:\rrfrffx.exec:\rrfrffx.exe19⤵
- Executes dropped EXE
-
\??\c:\xrllrff.exec:\xrllrff.exe20⤵
- Executes dropped EXE
-
\??\c:\bbnbht.exec:\bbnbht.exe21⤵
- Executes dropped EXE
-
\??\c:\btthnn.exec:\btthnn.exe22⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe23⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe24⤵
- Executes dropped EXE
-
\??\c:\ffflffx.exec:\ffflffx.exe25⤵
- Executes dropped EXE
-
\??\c:\9htnth.exec:\9htnth.exe26⤵
- Executes dropped EXE
-
\??\c:\nhtntb.exec:\nhtntb.exe27⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe28⤵
- Executes dropped EXE
-
\??\c:\llfxlfl.exec:\llfxlfl.exe29⤵
- Executes dropped EXE
-
\??\c:\ffxflrx.exec:\ffxflrx.exe30⤵
- Executes dropped EXE
-
\??\c:\tthhnt.exec:\tthhnt.exe31⤵
- Executes dropped EXE
-
\??\c:\hhnthh.exec:\hhnthh.exe32⤵
- Executes dropped EXE
-
\??\c:\vppvj.exec:\vppvj.exe33⤵
- Executes dropped EXE
-
\??\c:\ppppv.exec:\ppppv.exe34⤵
- Executes dropped EXE
-
\??\c:\7xrrflx.exec:\7xrrflx.exe35⤵
- Executes dropped EXE
-
\??\c:\ttnthn.exec:\ttnthn.exe36⤵
- Executes dropped EXE
-
\??\c:\tnthtb.exec:\tnthtb.exe37⤵
- Executes dropped EXE
-
\??\c:\dvpdj.exec:\dvpdj.exe38⤵
- Executes dropped EXE
-
\??\c:\djvpv.exec:\djvpv.exe39⤵
- Executes dropped EXE
-
\??\c:\ffflrxf.exec:\ffflrxf.exe40⤵
- Executes dropped EXE
-
\??\c:\fxxfllf.exec:\fxxfllf.exe41⤵
- Executes dropped EXE
-
\??\c:\9tttnt.exec:\9tttnt.exe42⤵
- Executes dropped EXE
-
\??\c:\nhbhnt.exec:\nhbhnt.exe43⤵
- Executes dropped EXE
-
\??\c:\ddppd.exec:\ddppd.exe44⤵
- Executes dropped EXE
-
\??\c:\vvjpv.exec:\vvjpv.exe45⤵
- Executes dropped EXE
-
\??\c:\9fxrxrx.exec:\9fxrxrx.exe46⤵
- Executes dropped EXE
-
\??\c:\lxfrrxf.exec:\lxfrrxf.exe47⤵
- Executes dropped EXE
-
\??\c:\fflxlrx.exec:\fflxlrx.exe48⤵
- Executes dropped EXE
-
\??\c:\nhthnb.exec:\nhthnb.exe49⤵
- Executes dropped EXE
-
\??\c:\tthntt.exec:\tthntt.exe50⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe51⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe52⤵
- Executes dropped EXE
-
\??\c:\llrfrrf.exec:\llrfrrf.exe53⤵
- Executes dropped EXE
-
\??\c:\1rllrrx.exec:\1rllrrx.exe54⤵
- Executes dropped EXE
-
\??\c:\btnttb.exec:\btnttb.exe55⤵
- Executes dropped EXE
-
\??\c:\ttbnnb.exec:\ttbnnb.exe56⤵
- Executes dropped EXE
-
\??\c:\pjjpd.exec:\pjjpd.exe57⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe58⤵
- Executes dropped EXE
-
\??\c:\frrlflx.exec:\frrlflx.exe59⤵
- Executes dropped EXE
-
\??\c:\7rfrrxf.exec:\7rfrrxf.exe60⤵
- Executes dropped EXE
-
\??\c:\lxrxflx.exec:\lxrxflx.exe61⤵
- Executes dropped EXE
-
\??\c:\nnbntb.exec:\nnbntb.exe62⤵
- Executes dropped EXE
-
\??\c:\tntbhn.exec:\tntbhn.exe63⤵
- Executes dropped EXE
-
\??\c:\jjpdd.exec:\jjpdd.exe64⤵
- Executes dropped EXE
-
\??\c:\rlxxffl.exec:\rlxxffl.exe65⤵
- Executes dropped EXE
-
\??\c:\tnbbhn.exec:\tnbbhn.exe66⤵
-
\??\c:\bhttbt.exec:\bhttbt.exe67⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe68⤵
-
\??\c:\7jddd.exec:\7jddd.exe69⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe70⤵
-
\??\c:\7xfrxxl.exec:\7xfrxxl.exe71⤵
-
\??\c:\fllrlfr.exec:\fllrlfr.exe72⤵
-
\??\c:\1ththh.exec:\1ththh.exe73⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe74⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe75⤵
-
\??\c:\9jjpv.exec:\9jjpv.exe76⤵
-
\??\c:\rlxfllx.exec:\rlxfllx.exe77⤵
-
\??\c:\frlrxfl.exec:\frlrxfl.exe78⤵
-
\??\c:\3nhbnn.exec:\3nhbnn.exe79⤵
-
\??\c:\nnthtt.exec:\nnthtt.exe80⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe81⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe82⤵
-
\??\c:\7rrrffr.exec:\7rrrffr.exe83⤵
-
\??\c:\rrlxlxl.exec:\rrlxlxl.exe84⤵
-
\??\c:\bnnnbb.exec:\bnnnbb.exe85⤵
-
\??\c:\bbbhbn.exec:\bbbhbn.exe86⤵
-
\??\c:\ppddp.exec:\ppddp.exe87⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe88⤵
-
\??\c:\7rlxrlf.exec:\7rlxrlf.exe89⤵
-
\??\c:\llrflrx.exec:\llrflrx.exe90⤵
-
\??\c:\btbhnt.exec:\btbhnt.exe91⤵
-
\??\c:\tnbthh.exec:\tnbthh.exe92⤵
-
\??\c:\pppvd.exec:\pppvd.exe93⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe94⤵
-
\??\c:\dddvd.exec:\dddvd.exe95⤵
-
\??\c:\rlllrxr.exec:\rlllrxr.exe96⤵
-
\??\c:\5rffffr.exec:\5rffffr.exe97⤵
-
\??\c:\nhtnhb.exec:\nhtnhb.exe98⤵
-
\??\c:\bnbnbn.exec:\bnbnbn.exe99⤵
-
\??\c:\9jjjp.exec:\9jjjp.exe100⤵
-
\??\c:\1vpvd.exec:\1vpvd.exe101⤵
-
\??\c:\llfrflx.exec:\llfrflx.exe102⤵
-
\??\c:\rlrfllx.exec:\rlrfllx.exe103⤵
-
\??\c:\btbhhh.exec:\btbhhh.exe104⤵
-
\??\c:\3btbnb.exec:\3btbnb.exe105⤵
-
\??\c:\1vpvj.exec:\1vpvj.exe106⤵
-
\??\c:\9jdvd.exec:\9jdvd.exe107⤵
-
\??\c:\rrlfxfx.exec:\rrlfxfx.exe108⤵
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe109⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe110⤵
-
\??\c:\bnhtbb.exec:\bnhtbb.exe111⤵
-
\??\c:\hhbhnt.exec:\hhbhnt.exe112⤵
-
\??\c:\7pvdj.exec:\7pvdj.exe113⤵
-
\??\c:\1vjjp.exec:\1vjjp.exe114⤵
-
\??\c:\xxfxxlf.exec:\xxfxxlf.exe115⤵
-
\??\c:\lfxflll.exec:\lfxflll.exe116⤵
-
\??\c:\bthntb.exec:\bthntb.exe117⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe118⤵
-
\??\c:\vvpdd.exec:\vvpdd.exe119⤵
-
\??\c:\vpppv.exec:\vpppv.exe120⤵
-
\??\c:\rxxllfr.exec:\rxxllfr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-