Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
23/05/2024, 20:15
General
-
Target
3596387e5aca4ea3bc72292c420b26790d06df160759555fb2361d29245fa2bb.exe
-
Size
394KB
-
MD5
c9891e97727fe1108e57ef10e65ae58c
-
SHA1
c73c15d9de6ff81e2a0115ef0eb9a651f9509d49
-
SHA256
3596387e5aca4ea3bc72292c420b26790d06df160759555fb2361d29245fa2bb
-
SHA512
e016af180d1e3f2d92758ad2a74fe741a769c290248bc7120f8c650391d5642ce3d38825a8a7baca484ead070771919bc444a395bdc084f5dc1967e06ffeaf3a
-
SSDEEP
6144:n3C9BRo7tvnJ9oH0IRgZvjkobjcSbcY+CaQdaFOY4iGFYtRdu/n:n3C9ytvngQjZbz+xt4vFBv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
UPX dump on OEP (original entry point) 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3596387e5aca4ea3bc72292c420b26790d06df160759555fb2361d29245fa2bb.exe"C:\Users\Admin\AppData\Local\Temp\3596387e5aca4ea3bc72292c420b26790d06df160759555fb2361d29245fa2bb.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrfrf.exec:\xrrrfrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthtb.exec:\btthtb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxxrlf.exec:\lrxxrlf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtthn.exec:\nbtthn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfllr.exec:\rlxfllr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbhn.exec:\nnhbhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxlfl.exec:\xxfxlfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhthh.exec:\tnhthh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvvd.exec:\9dvvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrfrfx.exec:\rxrfrfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpv.exec:\pdvpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrrffl.exec:\5rrrffl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhnn.exec:\nnhhnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjvj.exec:\jpjvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttbh.exec:\hbttbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvp.exec:\pdvvp.exe17⤵
- Executes dropped EXE
-
\??\c:\1rrlrxf.exec:\1rrlrxf.exe18⤵
- Executes dropped EXE
-
\??\c:\btnthn.exec:\btnthn.exe19⤵
- Executes dropped EXE
-
\??\c:\llfrflx.exec:\llfrflx.exe20⤵
- Executes dropped EXE
-
\??\c:\nthnbb.exec:\nthnbb.exe21⤵
- Executes dropped EXE
-
\??\c:\rxrxlrl.exec:\rxrxlrl.exe22⤵
- Executes dropped EXE
-
\??\c:\rlxlrxr.exec:\rlxlrxr.exe23⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe24⤵
- Executes dropped EXE
-
\??\c:\vdvjv.exec:\vdvjv.exe25⤵
- Executes dropped EXE
-
\??\c:\hhhnbn.exec:\hhhnbn.exe26⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe27⤵
- Executes dropped EXE
-
\??\c:\hbttbh.exec:\hbttbh.exe28⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe29⤵
- Executes dropped EXE
-
\??\c:\flffllr.exec:\flffllr.exe30⤵
- Executes dropped EXE
-
\??\c:\vjjpv.exec:\vjjpv.exe31⤵
- Executes dropped EXE
-
\??\c:\1xllrxf.exec:\1xllrxf.exe32⤵
- Executes dropped EXE
-
\??\c:\nhnnbb.exec:\nhnnbb.exe33⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe34⤵
- Executes dropped EXE
-
\??\c:\xrllxxf.exec:\xrllxxf.exe35⤵
- Executes dropped EXE
-
\??\c:\nhbntb.exec:\nhbntb.exe36⤵
- Executes dropped EXE
-
\??\c:\nhbnbh.exec:\nhbnbh.exe37⤵
- Executes dropped EXE
-
\??\c:\3vjjd.exec:\3vjjd.exe38⤵
- Executes dropped EXE
-
\??\c:\3lffffl.exec:\3lffffl.exe39⤵
- Executes dropped EXE
-
\??\c:\bbtbtb.exec:\bbtbtb.exe40⤵
- Executes dropped EXE
-
\??\c:\3nnthn.exec:\3nnthn.exe41⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe42⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe43⤵
- Executes dropped EXE
-
\??\c:\rlflxfr.exec:\rlflxfr.exe44⤵
- Executes dropped EXE
-
\??\c:\nnbbnn.exec:\nnbbnn.exe45⤵
- Executes dropped EXE
-
\??\c:\hthhnn.exec:\hthhnn.exe46⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe47⤵
- Executes dropped EXE
-
\??\c:\7rlffxx.exec:\7rlffxx.exe48⤵
- Executes dropped EXE
-
\??\c:\fxlrxfl.exec:\fxlrxfl.exe49⤵
- Executes dropped EXE
-
\??\c:\tnhtbn.exec:\tnhtbn.exe50⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe51⤵
- Executes dropped EXE
-
\??\c:\3jvvd.exec:\3jvvd.exe52⤵
- Executes dropped EXE
-
\??\c:\5rlxffl.exec:\5rlxffl.exe53⤵
- Executes dropped EXE
-
\??\c:\9xxrxxl.exec:\9xxrxxl.exe54⤵
- Executes dropped EXE
-
\??\c:\bthhtt.exec:\bthhtt.exe55⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe56⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe57⤵
- Executes dropped EXE
-
\??\c:\lflrrxr.exec:\lflrrxr.exe58⤵
- Executes dropped EXE
-
\??\c:\rlfrxfr.exec:\rlfrxfr.exe59⤵
- Executes dropped EXE
-
\??\c:\nnntbn.exec:\nnntbn.exe60⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe61⤵
- Executes dropped EXE
-
\??\c:\pjdjd.exec:\pjdjd.exe62⤵
- Executes dropped EXE
-
\??\c:\fxffrlr.exec:\fxffrlr.exe63⤵
- Executes dropped EXE
-
\??\c:\hbtbtb.exec:\hbtbtb.exe64⤵
- Executes dropped EXE
-
\??\c:\hnhnbh.exec:\hnhnbh.exe65⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe66⤵
-
\??\c:\flxfxrr.exec:\flxfxrr.exe67⤵
-
\??\c:\1fxxxxf.exec:\1fxxxxf.exe68⤵
-
\??\c:\bnnnbn.exec:\bnnnbn.exe69⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe70⤵
-
\??\c:\5pjpd.exec:\5pjpd.exe71⤵
-
\??\c:\5xrrrxl.exec:\5xrrrxl.exe72⤵
-
\??\c:\9rflrxl.exec:\9rflrxl.exe73⤵
-
\??\c:\htnbht.exec:\htnbht.exe74⤵
-
\??\c:\jjjpv.exec:\jjjpv.exe75⤵
-
\??\c:\7vpjp.exec:\7vpjp.exe76⤵
-
\??\c:\9lfxffl.exec:\9lfxffl.exe77⤵
-
\??\c:\bbthth.exec:\bbthth.exe78⤵
-
\??\c:\1tnbhn.exec:\1tnbhn.exe79⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe80⤵
-
\??\c:\rllrxfl.exec:\rllrxfl.exe81⤵
-
\??\c:\xfllxlr.exec:\xfllxlr.exe82⤵
-
\??\c:\htnthh.exec:\htnthh.exe83⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe84⤵
-
\??\c:\llrfrxl.exec:\llrfrxl.exe85⤵
-
\??\c:\xrrflrl.exec:\xrrflrl.exe86⤵
-
\??\c:\ttnhtt.exec:\ttnhtt.exe87⤵
-
\??\c:\5vvdp.exec:\5vvdp.exe88⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe89⤵
-
\??\c:\lxrfrxf.exec:\lxrfrxf.exe90⤵
-
\??\c:\9nhhtb.exec:\9nhhtb.exe91⤵
-
\??\c:\9btbtb.exec:\9btbtb.exe92⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe93⤵
-
\??\c:\lfffllx.exec:\lfffllx.exe94⤵
-
\??\c:\hbbhtb.exec:\hbbhtb.exe95⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe96⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe97⤵
-
\??\c:\xrlrflr.exec:\xrlrflr.exe98⤵
-
\??\c:\nnbhnb.exec:\nnbhnb.exe99⤵
-
\??\c:\bhbhtb.exec:\bhbhtb.exe100⤵
-
\??\c:\jddvj.exec:\jddvj.exe101⤵
-
\??\c:\1rlllxl.exec:\1rlllxl.exe102⤵
-
\??\c:\lrlrrlx.exec:\lrlrrlx.exe103⤵
-
\??\c:\tnbntb.exec:\tnbntb.exe104⤵
-
\??\c:\ttthnt.exec:\ttthnt.exe105⤵
-
\??\c:\vpppd.exec:\vpppd.exe106⤵
-
\??\c:\xrrxlrf.exec:\xrrxlrf.exe107⤵
-
\??\c:\1rfxflx.exec:\1rfxflx.exe108⤵
-
\??\c:\thtbhn.exec:\thtbhn.exe109⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe110⤵
-
\??\c:\xxxlxlx.exec:\xxxlxlx.exe111⤵
-
\??\c:\bbnthn.exec:\bbnthn.exe112⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe113⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe114⤵
-
\??\c:\llffllx.exec:\llffllx.exe115⤵
-
\??\c:\7frxlrl.exec:\7frxlrl.exe116⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe117⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe118⤵
-
\??\c:\jvddp.exec:\jvddp.exe119⤵
-
\??\c:\7xfrlxx.exec:\7xfrlxx.exe120⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-