Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
28/05/2024, 13:44
General
-
Target
feddd86c5516e10ffa7c76158734f4a809cb3e67c42e7a737d1c0e72c8fceb3c.exe
-
Size
94KB
-
MD5
8d8b90c4e3754ad32505fc40989faaaf
-
SHA1
a95db69036b984a8e9be3a6a9d157228d2c14943
-
SHA256
feddd86c5516e10ffa7c76158734f4a809cb3e67c42e7a737d1c0e72c8fceb3c
-
SHA512
cc96e0b5743026521f49300302ee7e582e1e3034fefc709f69a3330ef3c98c815ec179e0f57e68e56c1d005b19ee891c4df19d356409b488aea42ef621180d34
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLuePjDYlR3hnjKXIQSe9oEq:ymb3NkkiQ3mdBjFoLucjDilOZhoP
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
UPX dump on OEP (original entry point) 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\feddd86c5516e10ffa7c76158734f4a809cb3e67c42e7a737d1c0e72c8fceb3c.exe"C:\Users\Admin\AppData\Local\Temp\feddd86c5516e10ffa7c76158734f4a809cb3e67c42e7a737d1c0e72c8fceb3c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtthn.exec:\hbtthn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjd.exec:\jjvjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfrflr.exec:\flfrflr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfxfr.exec:\xrxfxfr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntbb.exec:\bbntbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jjjp.exec:\3jjjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxrrx.exec:\rlxxrrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbhn.exec:\hbtbhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhnh.exec:\nbhhnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvd.exec:\vjdvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrllr.exec:\rfrrllr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlflx.exec:\rlxlflx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntbb.exec:\nhntbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpvj.exec:\9jpvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvj.exec:\vpjvj.exe17⤵
- Executes dropped EXE
-
\??\c:\fxlrffr.exec:\fxlrffr.exe18⤵
- Executes dropped EXE
-
\??\c:\xrlrfxl.exec:\xrlrfxl.exe19⤵
- Executes dropped EXE
-
\??\c:\tnbbnt.exec:\tnbbnt.exe20⤵
- Executes dropped EXE
-
\??\c:\nbhtnb.exec:\nbhtnb.exe21⤵
- Executes dropped EXE
-
\??\c:\jjpvd.exec:\jjpvd.exe22⤵
- Executes dropped EXE
-
\??\c:\xrlxxlr.exec:\xrlxxlr.exe23⤵
- Executes dropped EXE
-
\??\c:\lfrxfrx.exec:\lfrxfrx.exe24⤵
- Executes dropped EXE
-
\??\c:\9hbntb.exec:\9hbntb.exe25⤵
- Executes dropped EXE
-
\??\c:\bnhbnt.exec:\bnhbnt.exe26⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe27⤵
- Executes dropped EXE
-
\??\c:\rfllllr.exec:\rfllllr.exe28⤵
- Executes dropped EXE
-
\??\c:\fxrfrlx.exec:\fxrfrlx.exe29⤵
- Executes dropped EXE
-
\??\c:\3bhntt.exec:\3bhntt.exe30⤵
- Executes dropped EXE
-
\??\c:\vdpvv.exec:\vdpvv.exe31⤵
- Executes dropped EXE
-
\??\c:\ddppd.exec:\ddppd.exe32⤵
- Executes dropped EXE
-
\??\c:\9xxfrrr.exec:\9xxfrrr.exe33⤵
- Executes dropped EXE
-
\??\c:\nhhnnt.exec:\nhhnnt.exe34⤵
- Executes dropped EXE
-
\??\c:\ddpvd.exec:\ddpvd.exe35⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe36⤵
- Executes dropped EXE
-
\??\c:\rlfflrf.exec:\rlfflrf.exe37⤵
- Executes dropped EXE
-
\??\c:\xffrxfr.exec:\xffrxfr.exe38⤵
- Executes dropped EXE
-
\??\c:\hhbhnn.exec:\hhbhnn.exe39⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe40⤵
- Executes dropped EXE
-
\??\c:\vvdjp.exec:\vvdjp.exe41⤵
- Executes dropped EXE
-
\??\c:\rrxlrll.exec:\rrxlrll.exe42⤵
- Executes dropped EXE
-
\??\c:\fflrrlf.exec:\fflrrlf.exe43⤵
- Executes dropped EXE
-
\??\c:\tthhhb.exec:\tthhhb.exe44⤵
- Executes dropped EXE
-
\??\c:\3vvvv.exec:\3vvvv.exe45⤵
- Executes dropped EXE
-
\??\c:\jjpdj.exec:\jjpdj.exe46⤵
- Executes dropped EXE
-
\??\c:\xlrlfff.exec:\xlrlfff.exe47⤵
- Executes dropped EXE
-
\??\c:\llxfxfr.exec:\llxfxfr.exe48⤵
- Executes dropped EXE
-
\??\c:\1htbnt.exec:\1htbnt.exe49⤵
- Executes dropped EXE
-
\??\c:\vvvvd.exec:\vvvvd.exe50⤵
- Executes dropped EXE
-
\??\c:\3vjvj.exec:\3vjvj.exe51⤵
- Executes dropped EXE
-
\??\c:\fxfrflr.exec:\fxfrflr.exe52⤵
- Executes dropped EXE
-
\??\c:\thtnnh.exec:\thtnnh.exe53⤵
- Executes dropped EXE
-
\??\c:\bbbnbn.exec:\bbbnbn.exe54⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe55⤵
- Executes dropped EXE
-
\??\c:\1pvpp.exec:\1pvpp.exe56⤵
- Executes dropped EXE
-
\??\c:\5flffxr.exec:\5flffxr.exe57⤵
- Executes dropped EXE
-
\??\c:\llxxxxf.exec:\llxxxxf.exe58⤵
- Executes dropped EXE
-
\??\c:\3httnh.exec:\3httnh.exe59⤵
- Executes dropped EXE
-
\??\c:\bthhnt.exec:\bthhnt.exe60⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe61⤵
- Executes dropped EXE
-
\??\c:\1rflrrx.exec:\1rflrrx.exe62⤵
- Executes dropped EXE
-
\??\c:\hbbhbh.exec:\hbbhbh.exe63⤵
- Executes dropped EXE
-
\??\c:\bthnnt.exec:\bthnnt.exe64⤵
- Executes dropped EXE
-
\??\c:\3dvvj.exec:\3dvvj.exe65⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe66⤵
-
\??\c:\flrrlll.exec:\flrrlll.exe67⤵
-
\??\c:\rlfrlfl.exec:\rlfrlfl.exe68⤵
-
\??\c:\bhnhht.exec:\bhnhht.exe69⤵
-
\??\c:\hthhbb.exec:\hthhbb.exe70⤵
-
\??\c:\vppjj.exec:\vppjj.exe71⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe72⤵
-
\??\c:\lfrxxxx.exec:\lfrxxxx.exe73⤵
-
\??\c:\3rrrllr.exec:\3rrrllr.exe74⤵
-
\??\c:\lffflrx.exec:\lffflrx.exe75⤵
-
\??\c:\nhtbbb.exec:\nhtbbb.exe76⤵
-
\??\c:\bthntt.exec:\bthntt.exe77⤵
-
\??\c:\pjpdd.exec:\pjpdd.exe78⤵
-
\??\c:\jpdjj.exec:\jpdjj.exe79⤵
-
\??\c:\xrrlllr.exec:\xrrlllr.exe80⤵
-
\??\c:\fxfxflf.exec:\fxfxflf.exe81⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe82⤵
-
\??\c:\hbntnb.exec:\hbntnb.exe83⤵
-
\??\c:\5jdjp.exec:\5jdjp.exe84⤵
-
\??\c:\ppppv.exec:\ppppv.exe85⤵
-
\??\c:\1lffrrf.exec:\1lffrrf.exe86⤵
-
\??\c:\3ffflrx.exec:\3ffflrx.exe87⤵
-
\??\c:\hthntt.exec:\hthntt.exe88⤵
-
\??\c:\bttnth.exec:\bttnth.exe89⤵
-
\??\c:\ddvjj.exec:\ddvjj.exe90⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe91⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe92⤵
-
\??\c:\frxxffl.exec:\frxxffl.exe93⤵
-
\??\c:\xrlxlrx.exec:\xrlxlrx.exe94⤵
-
\??\c:\3hhnbh.exec:\3hhnbh.exe95⤵
-
\??\c:\7htbhh.exec:\7htbhh.exe96⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe97⤵
-
\??\c:\vvppv.exec:\vvppv.exe98⤵
-
\??\c:\xflxfff.exec:\xflxfff.exe99⤵
-
\??\c:\fxrlrxf.exec:\fxrlrxf.exe100⤵
-
\??\c:\btnbht.exec:\btnbht.exe101⤵
-
\??\c:\hhhhhn.exec:\hhhhhn.exe102⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe103⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe104⤵
-
\??\c:\9lxrxrx.exec:\9lxrxrx.exe105⤵
-
\??\c:\lllfxfx.exec:\lllfxfx.exe106⤵
-
\??\c:\bbtbtb.exec:\bbtbtb.exe107⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe108⤵
-
\??\c:\9jdpj.exec:\9jdpj.exe109⤵
-
\??\c:\7dvdj.exec:\7dvdj.exe110⤵
-
\??\c:\1vddj.exec:\1vddj.exe111⤵
-
\??\c:\9llrfrl.exec:\9llrfrl.exe112⤵
-
\??\c:\9rrfrxl.exec:\9rrfrxl.exe113⤵
-
\??\c:\hhntbh.exec:\hhntbh.exe114⤵
-
\??\c:\ttbbbh.exec:\ttbbbh.exe115⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe116⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe117⤵
-
\??\c:\rlxflrx.exec:\rlxflrx.exe118⤵
-
\??\c:\rflllll.exec:\rflllll.exe119⤵
-
\??\c:\bbhtbt.exec:\bbhtbt.exe120⤵
-
\??\c:\tntthn.exec:\tntthn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-