Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
28/05/2024, 20:45
General
-
Target
3ffe146ef81f1febf8f7d72a3cf80bc04366273acc51323e46b71fd62439b89c.exe
-
Size
72KB
-
MD5
6ae6ef071cb042615d07dcd412fab4cb
-
SHA1
547c791205c3636b568c92837dc14804b97c31d2
-
SHA256
3ffe146ef81f1febf8f7d72a3cf80bc04366273acc51323e46b71fd62439b89c
-
SHA512
8401e6bc31129de1a6b4e8dbb07348b9fd693d1bcd675e2fb99aeea111988c4858c14997ff5c20a32d629caca84ab391208b84fb1fcadf66201acb051d6c4fde
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgUVyiAnaHj:ymb3NkkiQ3mdBjFIgUEq
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
UPX dump on OEP (original entry point) 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3ffe146ef81f1febf8f7d72a3cf80bc04366273acc51323e46b71fd62439b89c.exe"C:\Users\Admin\AppData\Local\Temp\3ffe146ef81f1febf8f7d72a3cf80bc04366273acc51323e46b71fd62439b89c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxllxr.exec:\xxxllxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrrxlf.exec:\9xrrxlf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtnbn.exec:\tbtnbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvp.exec:\dvjvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxll.exec:\fxlrxll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllrllf.exec:\lllrllf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbhnb.exec:\1hbhnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hthtt.exec:\7hthtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppdj.exec:\5ppdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjv.exec:\ppjjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxlrf.exec:\lffxlrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxlxfr.exec:\ffxlxfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnbhb.exec:\ntnbhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllrfl.exec:\lfllrfl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrxrxr.exec:\9xrxrxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhtnt.exec:\tnhtnt.exe17⤵
- Executes dropped EXE
-
\??\c:\bbtntt.exec:\bbtntt.exe18⤵
- Executes dropped EXE
-
\??\c:\pvjjd.exec:\pvjjd.exe19⤵
- Executes dropped EXE
-
\??\c:\rlrfrfl.exec:\rlrfrfl.exe20⤵
- Executes dropped EXE
-
\??\c:\3hbbbh.exec:\3hbbbh.exe21⤵
- Executes dropped EXE
-
\??\c:\3nnnhh.exec:\3nnnhh.exe22⤵
- Executes dropped EXE
-
\??\c:\jjpvp.exec:\jjpvp.exe23⤵
- Executes dropped EXE
-
\??\c:\dvvpv.exec:\dvvpv.exe24⤵
- Executes dropped EXE
-
\??\c:\ffrxflr.exec:\ffrxflr.exe25⤵
- Executes dropped EXE
-
\??\c:\9bhbnn.exec:\9bhbnn.exe26⤵
- Executes dropped EXE
-
\??\c:\hbbbbh.exec:\hbbbbh.exe27⤵
- Executes dropped EXE
-
\??\c:\vvdpp.exec:\vvdpp.exe28⤵
- Executes dropped EXE
-
\??\c:\rlfxlrr.exec:\rlfxlrr.exe29⤵
- Executes dropped EXE
-
\??\c:\7thtbh.exec:\7thtbh.exe30⤵
- Executes dropped EXE
-
\??\c:\pddjd.exec:\pddjd.exe31⤵
- Executes dropped EXE
-
\??\c:\9ddvp.exec:\9ddvp.exe32⤵
- Executes dropped EXE
-
\??\c:\rlflrxl.exec:\rlflrxl.exe33⤵
- Executes dropped EXE
-
\??\c:\1hbtth.exec:\1hbtth.exe34⤵
- Executes dropped EXE
-
\??\c:\nbtbnt.exec:\nbtbnt.exe35⤵
- Executes dropped EXE
-
\??\c:\vpdjd.exec:\vpdjd.exe36⤵
- Executes dropped EXE
-
\??\c:\ppdpd.exec:\ppdpd.exe37⤵
- Executes dropped EXE
-
\??\c:\7lfrflx.exec:\7lfrflx.exe38⤵
- Executes dropped EXE
-
\??\c:\frxfrrf.exec:\frxfrrf.exe39⤵
- Executes dropped EXE
-
\??\c:\tnbnbb.exec:\tnbnbb.exe40⤵
- Executes dropped EXE
-
\??\c:\9bbhtb.exec:\9bbhtb.exe41⤵
- Executes dropped EXE
-
\??\c:\rxrxrll.exec:\rxrxrll.exe42⤵
- Executes dropped EXE
-
\??\c:\7nhttt.exec:\7nhttt.exe43⤵
- Executes dropped EXE
-
\??\c:\nnnhnn.exec:\nnnhnn.exe44⤵
- Executes dropped EXE
-
\??\c:\vpdjd.exec:\vpdjd.exe45⤵
- Executes dropped EXE
-
\??\c:\pjdjj.exec:\pjdjj.exe46⤵
- Executes dropped EXE
-
\??\c:\rxlllxx.exec:\rxlllxx.exe47⤵
- Executes dropped EXE
-
\??\c:\flflfrf.exec:\flflfrf.exe48⤵
- Executes dropped EXE
-
\??\c:\bthtbb.exec:\bthtbb.exe49⤵
- Executes dropped EXE
-
\??\c:\nhbbht.exec:\nhbbht.exe50⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe51⤵
- Executes dropped EXE
-
\??\c:\7xxxflx.exec:\7xxxflx.exe52⤵
- Executes dropped EXE
-
\??\c:\frlxlrx.exec:\frlxlrx.exe53⤵
- Executes dropped EXE
-
\??\c:\bhtbhb.exec:\bhtbhb.exe54⤵
- Executes dropped EXE
-
\??\c:\7nbhnt.exec:\7nbhnt.exe55⤵
- Executes dropped EXE
-
\??\c:\vdpdd.exec:\vdpdd.exe56⤵
- Executes dropped EXE
-
\??\c:\7dvjv.exec:\7dvjv.exe57⤵
- Executes dropped EXE
-
\??\c:\ffrrffl.exec:\ffrrffl.exe58⤵
- Executes dropped EXE
-
\??\c:\lxrllrf.exec:\lxrllrf.exe59⤵
- Executes dropped EXE
-
\??\c:\hbtbtb.exec:\hbtbtb.exe60⤵
- Executes dropped EXE
-
\??\c:\tttbnb.exec:\tttbnb.exe61⤵
- Executes dropped EXE
-
\??\c:\dddjv.exec:\dddjv.exe62⤵
- Executes dropped EXE
-
\??\c:\vvpjp.exec:\vvpjp.exe63⤵
- Executes dropped EXE
-
\??\c:\7rlrxxl.exec:\7rlrxxl.exe64⤵
- Executes dropped EXE
-
\??\c:\xlrlllf.exec:\xlrlllf.exe65⤵
- Executes dropped EXE
-
\??\c:\9nhttt.exec:\9nhttt.exe66⤵
-
\??\c:\1httbn.exec:\1httbn.exe67⤵
-
\??\c:\7pjpj.exec:\7pjpj.exe68⤵
-
\??\c:\1dpvj.exec:\1dpvj.exe69⤵
-
\??\c:\fxlrxxl.exec:\fxlrxxl.exe70⤵
-
\??\c:\fxrrrxr.exec:\fxrrrxr.exe71⤵
-
\??\c:\lfflffl.exec:\lfflffl.exe72⤵
-
\??\c:\hbtbnn.exec:\hbtbnn.exe73⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe74⤵
-
\??\c:\vdvdd.exec:\vdvdd.exe75⤵
-
\??\c:\fxxfxfr.exec:\fxxfxfr.exe76⤵
-
\??\c:\1xflrlr.exec:\1xflrlr.exe77⤵
-
\??\c:\hhhnbn.exec:\hhhnbn.exe78⤵
-
\??\c:\5nhbnb.exec:\5nhbnb.exe79⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe80⤵
-
\??\c:\jpdjd.exec:\jpdjd.exe81⤵
-
\??\c:\rxrrrlr.exec:\rxrrrlr.exe82⤵
-
\??\c:\bttnnt.exec:\bttnnt.exe83⤵
-
\??\c:\hbhnbh.exec:\hbhnbh.exe84⤵
-
\??\c:\hnnhnb.exec:\hnnhnb.exe85⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe86⤵
-
\??\c:\lfrfxfl.exec:\lfrfxfl.exe87⤵
-
\??\c:\xfxxrrx.exec:\xfxxrrx.exe88⤵
-
\??\c:\nhtnnt.exec:\nhtnnt.exe89⤵
-
\??\c:\tnntnt.exec:\tnntnt.exe90⤵
-
\??\c:\dddpv.exec:\dddpv.exe91⤵
-
\??\c:\jvvdv.exec:\jvvdv.exe92⤵
-
\??\c:\9rllrxl.exec:\9rllrxl.exe93⤵
-
\??\c:\hthnbb.exec:\hthnbb.exe94⤵
-
\??\c:\bhnntt.exec:\bhnntt.exe95⤵
-
\??\c:\djdvp.exec:\djdvp.exe96⤵
-
\??\c:\jjdjj.exec:\jjdjj.exe97⤵
-
\??\c:\rrllflf.exec:\rrllflf.exe98⤵
-
\??\c:\rfxrffr.exec:\rfxrffr.exe99⤵
-
\??\c:\nthntt.exec:\nthntt.exe100⤵
-
\??\c:\pvjjj.exec:\pvjjj.exe101⤵
-
\??\c:\flrffxr.exec:\flrffxr.exe102⤵
-
\??\c:\xlxxrlr.exec:\xlxxrlr.exe103⤵
-
\??\c:\7hbhtb.exec:\7hbhtb.exe104⤵
-
\??\c:\bhnnhb.exec:\bhnnhb.exe105⤵
-
\??\c:\pppvp.exec:\pppvp.exe106⤵
-
\??\c:\pppvd.exec:\pppvd.exe107⤵
-
\??\c:\9jjjd.exec:\9jjjd.exe108⤵
-
\??\c:\rlffflr.exec:\rlffflr.exe109⤵
-
\??\c:\5xfrlxr.exec:\5xfrlxr.exe110⤵
-
\??\c:\hhthhb.exec:\hhthhb.exe111⤵
-
\??\c:\ddpdv.exec:\ddpdv.exe112⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe113⤵
-
\??\c:\9xrxlfr.exec:\9xrxlfr.exe114⤵
-
\??\c:\xrxfxrl.exec:\xrxfxrl.exe115⤵
-
\??\c:\hnthnb.exec:\hnthnb.exe116⤵
-
\??\c:\nbnhhb.exec:\nbnhhb.exe117⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe118⤵
-
\??\c:\3jdvj.exec:\3jdvj.exe119⤵
-
\??\c:\rlffxff.exec:\rlffxff.exe120⤵
-
\??\c:\ttnthh.exec:\ttnthh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-