Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
29/05/2024, 01:07
General
-
Target
1d8241f54bc9fe616a9d278a6110ae10.exe
-
Size
520KB
-
MD5
1d8241f54bc9fe616a9d278a6110ae10
-
SHA1
3421919049276645bef654f50dce75b3dc34e8d3
-
SHA256
03d1811f1ab5eb5a2827997f50c2600acf0ba1d94f1f7e9a459b61aee413786f
-
SHA512
d0e2bd521690c0926bcbc9776113f8347bcb68c2b9ee2e44c85258c56e25a2f3c701008e008ab52d5693bec38ca1571addfcb1211e15b207377f8592fadc45bc
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2CfNnkymTwaJ3o89H3w:q7Tc2NYHUrAwfMHNnpls489A
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d8241f54bc9fe616a9d278a6110ae10.exe"C:\Users\Admin\AppData\Local\Temp\1d8241f54bc9fe616a9d278a6110ae10.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhnhn.exec:\hbhnhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhnht.exec:\hnhnht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btthb.exec:\9btthb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrrf.exec:\lffxrrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhht.exec:\hthhht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjvv.exec:\jvjvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllxxfl.exec:\fllxxfl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvj.exec:\jjjvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpj.exec:\ppjpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbhbb.exec:\3tbhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvj.exec:\jdjvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflffl.exec:\rlflffl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpd.exec:\pjdpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfflr.exec:\rllfflr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntbb.exec:\bbntbb.exe17⤵
- Executes dropped EXE
-
\??\c:\tbntbt.exec:\tbntbt.exe18⤵
- Executes dropped EXE
-
\??\c:\pdjpp.exec:\pdjpp.exe19⤵
- Executes dropped EXE
-
\??\c:\bthhtt.exec:\bthhtt.exe20⤵
- Executes dropped EXE
-
\??\c:\vjdpv.exec:\vjdpv.exe21⤵
- Executes dropped EXE
-
\??\c:\9xxllfr.exec:\9xxllfr.exe22⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe23⤵
- Executes dropped EXE
-
\??\c:\9tnthn.exec:\9tnthn.exe24⤵
- Executes dropped EXE
-
\??\c:\pddpj.exec:\pddpj.exe25⤵
- Executes dropped EXE
-
\??\c:\5hhnbh.exec:\5hhnbh.exe26⤵
- Executes dropped EXE
-
\??\c:\rfxlxlf.exec:\rfxlxlf.exe27⤵
- Executes dropped EXE
-
\??\c:\9jjvj.exec:\9jjvj.exe28⤵
- Executes dropped EXE
-
\??\c:\9xxfrxl.exec:\9xxfrxl.exe29⤵
- Executes dropped EXE
-
\??\c:\vjjjp.exec:\vjjjp.exe30⤵
- Executes dropped EXE
-
\??\c:\xfrxfxx.exec:\xfrxfxx.exe31⤵
- Executes dropped EXE
-
\??\c:\5jjjv.exec:\5jjjv.exe32⤵
- Executes dropped EXE
-
\??\c:\rrflxfx.exec:\rrflxfx.exe33⤵
- Executes dropped EXE
-
\??\c:\9pppd.exec:\9pppd.exe34⤵
- Executes dropped EXE
-
\??\c:\3dvdd.exec:\3dvdd.exe35⤵
- Executes dropped EXE
-
\??\c:\lffrlrl.exec:\lffrlrl.exe36⤵
- Executes dropped EXE
-
\??\c:\3hnthh.exec:\3hnthh.exe37⤵
- Executes dropped EXE
-
\??\c:\jvpvj.exec:\jvpvj.exe38⤵
- Executes dropped EXE
-
\??\c:\5vjvj.exec:\5vjvj.exe39⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe40⤵
- Executes dropped EXE
-
\??\c:\7pjpj.exec:\7pjpj.exe41⤵
- Executes dropped EXE
-
\??\c:\1rffxlx.exec:\1rffxlx.exe42⤵
- Executes dropped EXE
-
\??\c:\xrxlxfr.exec:\xrxlxfr.exe43⤵
- Executes dropped EXE
-
\??\c:\tthnnt.exec:\tthnnt.exe44⤵
- Executes dropped EXE
-
\??\c:\1ppvv.exec:\1ppvv.exe45⤵
- Executes dropped EXE
-
\??\c:\fxlxflf.exec:\fxlxflf.exe46⤵
- Executes dropped EXE
-
\??\c:\bthnnt.exec:\bthnnt.exe47⤵
- Executes dropped EXE
-
\??\c:\dvvdj.exec:\dvvdj.exe48⤵
- Executes dropped EXE
-
\??\c:\pdddp.exec:\pdddp.exe49⤵
- Executes dropped EXE
-
\??\c:\lffrlxr.exec:\lffrlxr.exe50⤵
- Executes dropped EXE
-
\??\c:\hhtnhn.exec:\hhtnhn.exe51⤵
- Executes dropped EXE
-
\??\c:\7jppd.exec:\7jppd.exe52⤵
- Executes dropped EXE
-
\??\c:\xfxrxfr.exec:\xfxrxfr.exe53⤵
- Executes dropped EXE
-
\??\c:\3ntbhb.exec:\3ntbhb.exe54⤵
- Executes dropped EXE
-
\??\c:\nnbnhb.exec:\nnbnhb.exe55⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe56⤵
- Executes dropped EXE
-
\??\c:\fxflxxl.exec:\fxflxxl.exe57⤵
- Executes dropped EXE
-
\??\c:\3bnntb.exec:\3bnntb.exe58⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe59⤵
- Executes dropped EXE
-
\??\c:\ppvdj.exec:\ppvdj.exe60⤵
- Executes dropped EXE
-
\??\c:\rrlfxxr.exec:\rrlfxxr.exe61⤵
- Executes dropped EXE
-
\??\c:\7tthtb.exec:\7tthtb.exe62⤵
- Executes dropped EXE
-
\??\c:\vdjdd.exec:\vdjdd.exe63⤵
- Executes dropped EXE
-
\??\c:\pjpdd.exec:\pjpdd.exe64⤵
- Executes dropped EXE
-
\??\c:\3frrlrl.exec:\3frrlrl.exe65⤵
- Executes dropped EXE
-
\??\c:\bbthht.exec:\bbthht.exe66⤵
-
\??\c:\pvjdd.exec:\pvjdd.exe67⤵
-
\??\c:\rlfrlrf.exec:\rlfrlrf.exe68⤵
-
\??\c:\tbbtnt.exec:\tbbtnt.exe69⤵
-
\??\c:\bhthbh.exec:\bhthbh.exe70⤵
-
\??\c:\5ddpv.exec:\5ddpv.exe71⤵
-
\??\c:\flllrfx.exec:\flllrfx.exe72⤵
-
\??\c:\bbnntb.exec:\bbnntb.exe73⤵
-
\??\c:\vvddd.exec:\vvddd.exe74⤵
-
\??\c:\lxxxlll.exec:\lxxxlll.exe75⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe76⤵
-
\??\c:\bbtbhh.exec:\bbtbhh.exe77⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe78⤵
-
\??\c:\9xrxffl.exec:\9xrxffl.exe79⤵
-
\??\c:\7bnbhn.exec:\7bnbhn.exe80⤵
-
\??\c:\1vjjv.exec:\1vjjv.exe81⤵
-
\??\c:\lxxlfll.exec:\lxxlfll.exe82⤵
-
\??\c:\tnbbnb.exec:\tnbbnb.exe83⤵
-
\??\c:\thntnt.exec:\thntnt.exe84⤵
-
\??\c:\jddjd.exec:\jddjd.exe85⤵
-
\??\c:\xxlrlrf.exec:\xxlrlrf.exe86⤵
-
\??\c:\nnnhnh.exec:\nnnhnh.exe87⤵
-
\??\c:\1hnbht.exec:\1hnbht.exe88⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe89⤵
-
\??\c:\rllrxxx.exec:\rllrxxx.exe90⤵
-
\??\c:\thnbth.exec:\thnbth.exe91⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe92⤵
-
\??\c:\fllxxlf.exec:\fllxxlf.exe93⤵
-
\??\c:\3frxrxl.exec:\3frxrxl.exe94⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe95⤵
-
\??\c:\pvdpp.exec:\pvdpp.exe96⤵
-
\??\c:\ffflxfx.exec:\ffflxfx.exe97⤵
-
\??\c:\htthnt.exec:\htthnt.exe98⤵
-
\??\c:\bbbbtb.exec:\bbbbtb.exe99⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe100⤵
-
\??\c:\ffxlfrx.exec:\ffxlfrx.exe101⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe102⤵
-
\??\c:\tnnnhb.exec:\tnnnhb.exe103⤵
-
\??\c:\3vvdp.exec:\3vvdp.exe104⤵
-
\??\c:\lfrxxrf.exec:\lfrxxrf.exe105⤵
-
\??\c:\7bttnt.exec:\7bttnt.exe106⤵
-
\??\c:\jjjvv.exec:\jjjvv.exe107⤵
-
\??\c:\nbthnt.exec:\nbthnt.exe108⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe109⤵
-
\??\c:\lrrxffx.exec:\lrrxffx.exe110⤵
-
\??\c:\dpvjp.exec:\dpvjp.exe111⤵
-
\??\c:\rfxxlrx.exec:\rfxxlrx.exe112⤵
-
\??\c:\rrxxxxx.exec:\rrxxxxx.exe113⤵
-
\??\c:\bthnhn.exec:\bthnhn.exe114⤵
-
\??\c:\pdvdv.exec:\pdvdv.exe115⤵
-
\??\c:\xffrlfx.exec:\xffrlfx.exe116⤵
-
\??\c:\hnthbn.exec:\hnthbn.exe117⤵
-
\??\c:\bhhnbt.exec:\bhhnbt.exe118⤵
-
\??\c:\9jpvp.exec:\9jpvp.exe119⤵
-
\??\c:\llffrxr.exec:\llffrxr.exe120⤵
-
\??\c:\hthnbh.exec:\hthnbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-