Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
25/05/2024, 01:58
General
-
Target
abd35364d342750bfcd6f9b9522723c94dffe088fa5ac48a7d469030d62c6109.exe
-
Size
73KB
-
MD5
1cc97735b4ce3a0152cd4f12224df765
-
SHA1
a2f83b798fc7a58c42371fee7151753a11a8befb
-
SHA256
abd35364d342750bfcd6f9b9522723c94dffe088fa5ac48a7d469030d62c6109
-
SHA512
1ea66915c0daa299229da5f09f64b8ace53f36d5fa18ef4f2be788169ceb52fa2e583dad948d0f2039a1698f7a4ddab4a8865365ea569236694ce0202c5ac31a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfv7+afCD+QsQbKQPV790v:ymb3NkkiQ3mdBjFIfvTfCD+HlQgv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
UPX dump on OEP (original entry point) 36 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\abd35364d342750bfcd6f9b9522723c94dffe088fa5ac48a7d469030d62c6109.exe"C:\Users\Admin\AppData\Local\Temp\abd35364d342750bfcd6f9b9522723c94dffe088fa5ac48a7d469030d62c6109.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hnrnxrd.exec:\hnrnxrd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vlrhltb.exec:\vlrhltb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xhjtrv.exec:\xhjtrv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pbfhf.exec:\pbfhf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhxpj.exec:\hnhxpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrbdh.exec:\lrbdh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nblprtp.exec:\nblprtp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jtdtbjf.exec:\jtdtbjf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrjxp.exec:\lrjxp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dhdxnj.exec:\dhdxnj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhxft.exec:\bhxft.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xjlxdd.exec:\xjlxdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vbtddx.exec:\vbtddx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbpnfv.exec:\bbpnfv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tvphpj.exec:\tvphpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrtjfj.exec:\vrtjfj.exe17⤵
- Executes dropped EXE
-
\??\c:\jhdltv.exec:\jhdltv.exe18⤵
- Executes dropped EXE
-
\??\c:\djrpvl.exec:\djrpvl.exe19⤵
- Executes dropped EXE
-
\??\c:\bjpvlpj.exec:\bjpvlpj.exe20⤵
- Executes dropped EXE
-
\??\c:\nnlfbj.exec:\nnlfbj.exe21⤵
- Executes dropped EXE
-
\??\c:\lxrjjr.exec:\lxrjjr.exe22⤵
- Executes dropped EXE
-
\??\c:\ntxvrl.exec:\ntxvrl.exe23⤵
- Executes dropped EXE
-
\??\c:\bbpbpj.exec:\bbpbpj.exe24⤵
- Executes dropped EXE
-
\??\c:\blpnvj.exec:\blpnvj.exe25⤵
- Executes dropped EXE
-
\??\c:\hpxff.exec:\hpxff.exe26⤵
- Executes dropped EXE
-
\??\c:\xtjvrv.exec:\xtjvrv.exe27⤵
- Executes dropped EXE
-
\??\c:\rhbvvl.exec:\rhbvvl.exe28⤵
- Executes dropped EXE
-
\??\c:\hdbjnnt.exec:\hdbjnnt.exe29⤵
- Executes dropped EXE
-
\??\c:\jljtrhr.exec:\jljtrhr.exe30⤵
- Executes dropped EXE
-
\??\c:\pvpbvxf.exec:\pvpbvxf.exe31⤵
- Executes dropped EXE
-
\??\c:\pvpxhhf.exec:\pvpxhhf.exe32⤵
- Executes dropped EXE
-
\??\c:\rbtdxx.exec:\rbtdxx.exe33⤵
- Executes dropped EXE
-
\??\c:\rtpflh.exec:\rtpflh.exe34⤵
- Executes dropped EXE
-
\??\c:\vnxrf.exec:\vnxrf.exe35⤵
- Executes dropped EXE
-
\??\c:\dfbtn.exec:\dfbtn.exe36⤵
- Executes dropped EXE
-
\??\c:\htvlhvr.exec:\htvlhvr.exe37⤵
- Executes dropped EXE
-
\??\c:\btbvnnx.exec:\btbvnnx.exe38⤵
- Executes dropped EXE
-
\??\c:\pvjxvnd.exec:\pvjxvnd.exe39⤵
- Executes dropped EXE
-
\??\c:\btbdthn.exec:\btbdthn.exe40⤵
- Executes dropped EXE
-
\??\c:\vbppp.exec:\vbppp.exe41⤵
- Executes dropped EXE
-
\??\c:\thxjv.exec:\thxjv.exe42⤵
- Executes dropped EXE
-
\??\c:\thpfjvx.exec:\thpfjvx.exe43⤵
- Executes dropped EXE
-
\??\c:\xpbbjrh.exec:\xpbbjrh.exe44⤵
- Executes dropped EXE
-
\??\c:\pfhjh.exec:\pfhjh.exe45⤵
- Executes dropped EXE
-
\??\c:\vbrfbfj.exec:\vbrfbfj.exe46⤵
- Executes dropped EXE
-
\??\c:\fpjtjxh.exec:\fpjtjxh.exe47⤵
- Executes dropped EXE
-
\??\c:\jnxrfr.exec:\jnxrfr.exe48⤵
- Executes dropped EXE
-
\??\c:\fbjrdr.exec:\fbjrdr.exe49⤵
- Executes dropped EXE
-
\??\c:\rbjbbnj.exec:\rbjbbnj.exe50⤵
- Executes dropped EXE
-
\??\c:\lrhhdrj.exec:\lrhhdrj.exe51⤵
- Executes dropped EXE
-
\??\c:\jbbnjhb.exec:\jbbnjhb.exe52⤵
- Executes dropped EXE
-
\??\c:\hdxllnx.exec:\hdxllnx.exe53⤵
- Executes dropped EXE
-
\??\c:\nhdtjp.exec:\nhdtjp.exe54⤵
- Executes dropped EXE
-
\??\c:\ljvdhv.exec:\ljvdhv.exe55⤵
- Executes dropped EXE
-
\??\c:\ttjbb.exec:\ttjbb.exe56⤵
- Executes dropped EXE
-
\??\c:\hnxbbhr.exec:\hnxbbhr.exe57⤵
- Executes dropped EXE
-
\??\c:\xxvnlhj.exec:\xxvnlhj.exe58⤵
- Executes dropped EXE
-
\??\c:\tdhdd.exec:\tdhdd.exe59⤵
- Executes dropped EXE
-
\??\c:\fnfhtlp.exec:\fnfhtlp.exe60⤵
- Executes dropped EXE
-
\??\c:\nfnxhp.exec:\nfnxhp.exe61⤵
- Executes dropped EXE
-
\??\c:\xndvlhf.exec:\xndvlhf.exe62⤵
- Executes dropped EXE
-
\??\c:\jnrrn.exec:\jnrrn.exe63⤵
- Executes dropped EXE
-
\??\c:\thprrlx.exec:\thprrlx.exe64⤵
- Executes dropped EXE
-
\??\c:\fvvrbj.exec:\fvvrbj.exe65⤵
- Executes dropped EXE
-
\??\c:\nvjprjj.exec:\nvjprjj.exe66⤵
-
\??\c:\ddjtj.exec:\ddjtj.exe67⤵
-
\??\c:\vlldrfx.exec:\vlldrfx.exe68⤵
-
\??\c:\nbtrbnr.exec:\nbtrbnr.exe69⤵
-
\??\c:\bvfbbx.exec:\bvfbbx.exe70⤵
-
\??\c:\pnhxrxb.exec:\pnhxrxb.exe71⤵
-
\??\c:\rrbbrr.exec:\rrbbrr.exe72⤵
-
\??\c:\nvbxp.exec:\nvbxp.exe73⤵
-
\??\c:\ljhdpfl.exec:\ljhdpfl.exe74⤵
-
\??\c:\xffrx.exec:\xffrx.exe75⤵
-
\??\c:\rjnbbv.exec:\rjnbbv.exe76⤵
-
\??\c:\ldfrf.exec:\ldfrf.exe77⤵
-
\??\c:\frdxvfr.exec:\frdxvfr.exe78⤵
-
\??\c:\rdjxbbr.exec:\rdjxbbr.exe79⤵
-
\??\c:\xvvbn.exec:\xvvbn.exe80⤵
-
\??\c:\bpvlbl.exec:\bpvlbl.exe81⤵
-
\??\c:\ndrvj.exec:\ndrvj.exe82⤵
-
\??\c:\thrbhxj.exec:\thrbhxj.exe83⤵
-
\??\c:\nnlfnjd.exec:\nnlfnjd.exe84⤵
-
\??\c:\ptxdfh.exec:\ptxdfh.exe85⤵
-
\??\c:\xbffn.exec:\xbffn.exe86⤵
-
\??\c:\vhbnh.exec:\vhbnh.exe87⤵
-
\??\c:\bfbfp.exec:\bfbfp.exe88⤵
-
\??\c:\tpljxph.exec:\tpljxph.exe89⤵
-
\??\c:\tjfrvpx.exec:\tjfrvpx.exe90⤵
-
\??\c:\jxtnh.exec:\jxtnh.exe91⤵
-
\??\c:\lxvjj.exec:\lxvjj.exe92⤵
-
\??\c:\bfthbdp.exec:\bfthbdp.exe93⤵
-
\??\c:\ltjfbvb.exec:\ltjfbvb.exe94⤵
-
\??\c:\jxntpjl.exec:\jxntpjl.exe95⤵
-
\??\c:\pphndpv.exec:\pphndpv.exe96⤵
-
\??\c:\rjlfhjh.exec:\rjlfhjh.exe97⤵
-
\??\c:\phlfflp.exec:\phlfflp.exe98⤵
-
\??\c:\bffxj.exec:\bffxj.exe99⤵
-
\??\c:\dphhnl.exec:\dphhnl.exe100⤵
-
\??\c:\lhlvndb.exec:\lhlvndb.exe101⤵
-
\??\c:\vjtptjr.exec:\vjtptjr.exe102⤵
-
\??\c:\xfllfn.exec:\xfllfn.exe103⤵
-
\??\c:\rxvhxtb.exec:\rxvhxtb.exe104⤵
-
\??\c:\xhhlfv.exec:\xhhlfv.exe105⤵
-
\??\c:\pxvfhj.exec:\pxvfhj.exe106⤵
-
\??\c:\vvxdh.exec:\vvxdh.exe107⤵
-
\??\c:\bhnnfhp.exec:\bhnnfhp.exe108⤵
-
\??\c:\brtxv.exec:\brtxv.exe109⤵
-
\??\c:\lbvnxv.exec:\lbvnxv.exe110⤵
-
\??\c:\jlntr.exec:\jlntr.exe111⤵
-
\??\c:\pxnvf.exec:\pxnvf.exe112⤵
-
\??\c:\jxxtn.exec:\jxxtn.exe113⤵
-
\??\c:\fhxddv.exec:\fhxddv.exe114⤵
-
\??\c:\npjjthd.exec:\npjjthd.exe115⤵
-
\??\c:\pfbhh.exec:\pfbhh.exe116⤵
-
\??\c:\xnvvl.exec:\xnvvl.exe117⤵
-
\??\c:\pjnpfbp.exec:\pjnpfbp.exe118⤵
-
\??\c:\jjltt.exec:\jjltt.exe119⤵
-
\??\c:\nxddd.exec:\nxddd.exe120⤵
-
\??\c:\jpnjpx.exec:\jpnjpx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-