Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
25/05/2024, 19:40
General
-
Target
245b9a7d6db0293d516aa2b4b5fbe8431a736f209e84b7af13ceca1273b858ed.exe
-
Size
75KB
-
MD5
0382fbb94d4a1ee4e9f47ead7877afbf
-
SHA1
5c995479ff52d5a6136940365ab72f5add3fac49
-
SHA256
245b9a7d6db0293d516aa2b4b5fbe8431a736f209e84b7af13ceca1273b858ed
-
SHA512
41fc372d3cdab91985742a9d50c4c82b022eb1b14b3191e3a254e987f02b6c80c29b1ffc7598aba3ba43be9cf8c5249d78cb00e726aa115d9faa6a7771d29da4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5rINHB:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCuj
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
UPX dump on OEP (original entry point) 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\245b9a7d6db0293d516aa2b4b5fbe8431a736f209e84b7af13ceca1273b858ed.exe"C:\Users\Admin\AppData\Local\Temp\245b9a7d6db0293d516aa2b4b5fbe8431a736f209e84b7af13ceca1273b858ed.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxflll.exec:\5lxflll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrxxrr.exec:\lxrxxrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhhn.exec:\bnhhhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvv.exec:\jjvvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllxxf.exec:\lfllxxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrllxf.exec:\lxrllxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhtt.exec:\nhbhtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjddd.exec:\vjddd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpj.exec:\dvjpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxfxf.exec:\xlxxfxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lfffxl.exec:\1lfffxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtnn.exec:\tnbtnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnnh.exec:\tntnnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpvv.exec:\vjpvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrflx.exec:\rlfrflx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfrfl.exec:\xrxfrfl.exe17⤵
- Executes dropped EXE
-
\??\c:\3thtbb.exec:\3thtbb.exe18⤵
- Executes dropped EXE
-
\??\c:\9ppvv.exec:\9ppvv.exe19⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe20⤵
- Executes dropped EXE
-
\??\c:\fxffxlx.exec:\fxffxlx.exe21⤵
- Executes dropped EXE
-
\??\c:\tnbtbh.exec:\tnbtbh.exe22⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe23⤵
- Executes dropped EXE
-
\??\c:\dpvjp.exec:\dpvjp.exe24⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe25⤵
- Executes dropped EXE
-
\??\c:\fxfxfxl.exec:\fxfxfxl.exe26⤵
- Executes dropped EXE
-
\??\c:\tntntn.exec:\tntntn.exe27⤵
- Executes dropped EXE
-
\??\c:\jvjpp.exec:\jvjpp.exe28⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe29⤵
- Executes dropped EXE
-
\??\c:\rfffllr.exec:\rfffllr.exe30⤵
- Executes dropped EXE
-
\??\c:\lxrflff.exec:\lxrflff.exe31⤵
- Executes dropped EXE
-
\??\c:\hthhnn.exec:\hthhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\jdjpj.exec:\jdjpj.exe33⤵
- Executes dropped EXE
-
\??\c:\xrxrrxf.exec:\xrxrrxf.exe34⤵
- Executes dropped EXE
-
\??\c:\hbtnbb.exec:\hbtnbb.exe35⤵
- Executes dropped EXE
-
\??\c:\nnhnbn.exec:\nnhnbn.exe36⤵
- Executes dropped EXE
-
\??\c:\9pdjj.exec:\9pdjj.exe37⤵
- Executes dropped EXE
-
\??\c:\fxfxfxx.exec:\fxfxfxx.exe38⤵
- Executes dropped EXE
-
\??\c:\fxxrxxf.exec:\fxxrxxf.exe39⤵
- Executes dropped EXE
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe40⤵
- Executes dropped EXE
-
\??\c:\thhhnh.exec:\thhhnh.exe41⤵
- Executes dropped EXE
-
\??\c:\jjpvv.exec:\jjpvv.exe42⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe43⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe44⤵
- Executes dropped EXE
-
\??\c:\flrxfxf.exec:\flrxfxf.exe45⤵
- Executes dropped EXE
-
\??\c:\7bbtbn.exec:\7bbtbn.exe46⤵
- Executes dropped EXE
-
\??\c:\5nhhnn.exec:\5nhhnn.exe47⤵
- Executes dropped EXE
-
\??\c:\5vpdd.exec:\5vpdd.exe48⤵
- Executes dropped EXE
-
\??\c:\fxflrxr.exec:\fxflrxr.exe49⤵
- Executes dropped EXE
-
\??\c:\fxfflrx.exec:\fxfflrx.exe50⤵
- Executes dropped EXE
-
\??\c:\bthhhh.exec:\bthhhh.exe51⤵
- Executes dropped EXE
-
\??\c:\1vvdj.exec:\1vvdj.exe52⤵
- Executes dropped EXE
-
\??\c:\jdvvv.exec:\jdvvv.exe53⤵
- Executes dropped EXE
-
\??\c:\fxfrlfl.exec:\fxfrlfl.exe54⤵
- Executes dropped EXE
-
\??\c:\9rrrxxl.exec:\9rrrxxl.exe55⤵
- Executes dropped EXE
-
\??\c:\bbtthh.exec:\bbtthh.exe56⤵
- Executes dropped EXE
-
\??\c:\1bhhnn.exec:\1bhhnn.exe57⤵
- Executes dropped EXE
-
\??\c:\jdjvj.exec:\jdjvj.exe58⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe59⤵
- Executes dropped EXE
-
\??\c:\9rflflr.exec:\9rflflr.exe60⤵
- Executes dropped EXE
-
\??\c:\7nbhnn.exec:\7nbhnn.exe61⤵
- Executes dropped EXE
-
\??\c:\tnnnhb.exec:\tnnnhb.exe62⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe63⤵
- Executes dropped EXE
-
\??\c:\3djjj.exec:\3djjj.exe64⤵
- Executes dropped EXE
-
\??\c:\1rfxffl.exec:\1rfxffl.exe65⤵
- Executes dropped EXE
-
\??\c:\ttbhtb.exec:\ttbhtb.exe66⤵
-
\??\c:\thtntb.exec:\thtntb.exe67⤵
-
\??\c:\pddjd.exec:\pddjd.exe68⤵
-
\??\c:\5rlfxfl.exec:\5rlfxfl.exe69⤵
-
\??\c:\nhhbht.exec:\nhhbht.exe70⤵
-
\??\c:\hbtbtt.exec:\hbtbtt.exe71⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe72⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe73⤵
-
\??\c:\rrlrflx.exec:\rrlrflx.exe74⤵
-
\??\c:\lrlffxx.exec:\lrlffxx.exe75⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe76⤵
-
\??\c:\bbhhhh.exec:\bbhhhh.exe77⤵
-
\??\c:\jppjj.exec:\jppjj.exe78⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe79⤵
-
\??\c:\7xxrxfl.exec:\7xxrxfl.exe80⤵
-
\??\c:\xrfllrf.exec:\xrfllrf.exe81⤵
-
\??\c:\9btntb.exec:\9btntb.exe82⤵
-
\??\c:\9ntttt.exec:\9ntttt.exe83⤵
-
\??\c:\hnbhnh.exec:\hnbhnh.exe84⤵
-
\??\c:\1vppv.exec:\1vppv.exe85⤵
-
\??\c:\7llxffl.exec:\7llxffl.exe86⤵
-
\??\c:\lflxffr.exec:\lflxffr.exe87⤵
-
\??\c:\7nhhtb.exec:\7nhhtb.exe88⤵
-
\??\c:\tbbtnt.exec:\tbbtnt.exe89⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe90⤵
-
\??\c:\rflflfr.exec:\rflflfr.exe91⤵
-
\??\c:\ffxlrxl.exec:\ffxlrxl.exe92⤵
-
\??\c:\xfllfxx.exec:\xfllfxx.exe93⤵
-
\??\c:\nhtbht.exec:\nhtbht.exe94⤵
-
\??\c:\tbtbnt.exec:\tbtbnt.exe95⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe96⤵
-
\??\c:\vjppv.exec:\vjppv.exe97⤵
-
\??\c:\3xllrfl.exec:\3xllrfl.exe98⤵
-
\??\c:\3ffrllx.exec:\3ffrllx.exe99⤵
-
\??\c:\llffrrf.exec:\llffrrf.exe100⤵
-
\??\c:\hhbhtn.exec:\hhbhtn.exe101⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe102⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe103⤵
-
\??\c:\rlflxlx.exec:\rlflxlx.exe104⤵
-
\??\c:\ffxfrlr.exec:\ffxfrlr.exe105⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe106⤵
-
\??\c:\thnntt.exec:\thnntt.exe107⤵
-
\??\c:\3pjpj.exec:\3pjpj.exe108⤵
-
\??\c:\3vpvv.exec:\3vpvv.exe109⤵
-
\??\c:\3rlrxfl.exec:\3rlrxfl.exe110⤵
-
\??\c:\fxflrrf.exec:\fxflrrf.exe111⤵
-
\??\c:\1nhhtt.exec:\1nhhtt.exe112⤵
-
\??\c:\hbnhbh.exec:\hbnhbh.exe113⤵
-
\??\c:\7vpvj.exec:\7vpvj.exe114⤵
-
\??\c:\djvdd.exec:\djvdd.exe115⤵
-
\??\c:\lxfxffl.exec:\lxfxffl.exe116⤵
-
\??\c:\5rllfxl.exec:\5rllfxl.exe117⤵
-
\??\c:\nnhnbh.exec:\nnhnbh.exe118⤵
-
\??\c:\7nntbt.exec:\7nntbt.exe119⤵
-
\??\c:\3pdjp.exec:\3pdjp.exe120⤵
-
\??\c:\pdpdp.exec:\pdpdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-