Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
01/06/2024, 23:13
General
-
Target
7c164f79531d3c2e02c117f04f4ba087f450e5281552e7a2e833faa7c0ca7566.exe
-
Size
77KB
-
MD5
7eca1619dc0b3af265d2f918a8ab6b7a
-
SHA1
6d3484b570ae4e8e43088425b60085e6a8f271ff
-
SHA256
7c164f79531d3c2e02c117f04f4ba087f450e5281552e7a2e833faa7c0ca7566
-
SHA512
217ee96b2cd881106e178b6bf2c59b9e7a9e6b6095fbede86811944da70f2ddc25ef83332d8649c11aa4d1f898a32cf55a3765630a72fc66ebfbd295464d552f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAX8YieVIJclPvPJtcdcY:ymb3NkkiQ3mdBjFo68YBVIJc9JtxY
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7c164f79531d3c2e02c117f04f4ba087f450e5281552e7a2e833faa7c0ca7566.exe"C:\Users\Admin\AppData\Local\Temp\7c164f79531d3c2e02c117f04f4ba087f450e5281552e7a2e833faa7c0ca7566.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbttb.exec:\nnbttb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjj.exec:\pdjjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxlffl.exec:\5lxlffl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthntb.exec:\nthntb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxlllr.exec:\rrxlllr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlrllf.exec:\lxlrllf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtnt.exec:\nhbtnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjd.exec:\vvpjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrxfr.exec:\fxrrxfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hntbh.exec:\7hntbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnnt.exec:\bhnnnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvjp.exec:\ppvjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rfffrr.exec:\9rfffrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbnh.exec:\bbtbnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbnht.exec:\3tbnht.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpdp.exec:\9jpdp.exe17⤵
- Executes dropped EXE
-
\??\c:\5ffllfx.exec:\5ffllfx.exe18⤵
- Executes dropped EXE
-
\??\c:\5hhnhb.exec:\5hhnhb.exe19⤵
- Executes dropped EXE
-
\??\c:\bhhnhh.exec:\bhhnhh.exe20⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe21⤵
- Executes dropped EXE
-
\??\c:\rlfflff.exec:\rlfflff.exe22⤵
- Executes dropped EXE
-
\??\c:\1flxrfl.exec:\1flxrfl.exe23⤵
- Executes dropped EXE
-
\??\c:\tbtnbn.exec:\tbtnbn.exe24⤵
- Executes dropped EXE
-
\??\c:\jjpvj.exec:\jjpvj.exe25⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe26⤵
- Executes dropped EXE
-
\??\c:\7fllxxl.exec:\7fllxxl.exe27⤵
- Executes dropped EXE
-
\??\c:\bnbhnh.exec:\bnbhnh.exe28⤵
- Executes dropped EXE
-
\??\c:\3vjjv.exec:\3vjjv.exe29⤵
- Executes dropped EXE
-
\??\c:\xxrllfl.exec:\xxrllfl.exe30⤵
- Executes dropped EXE
-
\??\c:\fxxxxlx.exec:\fxxxxlx.exe31⤵
- Executes dropped EXE
-
\??\c:\hhbnbn.exec:\hhbnbn.exe32⤵
- Executes dropped EXE
-
\??\c:\jvvdd.exec:\jvvdd.exe33⤵
- Executes dropped EXE
-
\??\c:\rlffrxl.exec:\rlffrxl.exe34⤵
- Executes dropped EXE
-
\??\c:\tnbbhn.exec:\tnbbhn.exe35⤵
- Executes dropped EXE
-
\??\c:\1bnntt.exec:\1bnntt.exe36⤵
- Executes dropped EXE
-
\??\c:\pdjpj.exec:\pdjpj.exe37⤵
- Executes dropped EXE
-
\??\c:\lxlrrxx.exec:\lxlrrxx.exe38⤵
- Executes dropped EXE
-
\??\c:\xrrflrr.exec:\xrrflrr.exe39⤵
- Executes dropped EXE
-
\??\c:\tnhnnt.exec:\tnhnnt.exe40⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe41⤵
- Executes dropped EXE
-
\??\c:\jppjv.exec:\jppjv.exe42⤵
- Executes dropped EXE
-
\??\c:\9rllrxf.exec:\9rllrxf.exe43⤵
- Executes dropped EXE
-
\??\c:\xfxrlrf.exec:\xfxrlrf.exe44⤵
- Executes dropped EXE
-
\??\c:\5hhhbn.exec:\5hhhbn.exe45⤵
- Executes dropped EXE
-
\??\c:\nbnnnb.exec:\nbnnnb.exe46⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe47⤵
- Executes dropped EXE
-
\??\c:\djvpp.exec:\djvpp.exe48⤵
- Executes dropped EXE
-
\??\c:\rrllfff.exec:\rrllfff.exe49⤵
- Executes dropped EXE
-
\??\c:\nbhbtb.exec:\nbhbtb.exe50⤵
- Executes dropped EXE
-
\??\c:\hhhthn.exec:\hhhthn.exe51⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe52⤵
- Executes dropped EXE
-
\??\c:\jdpdv.exec:\jdpdv.exe53⤵
- Executes dropped EXE
-
\??\c:\xrflrlx.exec:\xrflrlx.exe54⤵
- Executes dropped EXE
-
\??\c:\jppdp.exec:\jppdp.exe55⤵
- Executes dropped EXE
-
\??\c:\ddppv.exec:\ddppv.exe56⤵
- Executes dropped EXE
-
\??\c:\9fxlxfr.exec:\9fxlxfr.exe57⤵
- Executes dropped EXE
-
\??\c:\1tbbht.exec:\1tbbht.exe58⤵
- Executes dropped EXE
-
\??\c:\1nnnnn.exec:\1nnnnn.exe59⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe60⤵
- Executes dropped EXE
-
\??\c:\xrlfxlr.exec:\xrlfxlr.exe61⤵
- Executes dropped EXE
-
\??\c:\xxlxfxx.exec:\xxlxfxx.exe62⤵
- Executes dropped EXE
-
\??\c:\nbhhth.exec:\nbhhth.exe63⤵
- Executes dropped EXE
-
\??\c:\nthtnh.exec:\nthtnh.exe64⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe65⤵
- Executes dropped EXE
-
\??\c:\vjpdj.exec:\vjpdj.exe66⤵
-
\??\c:\lxxflxl.exec:\lxxflxl.exe67⤵
-
\??\c:\9fxxllx.exec:\9fxxllx.exe68⤵
-
\??\c:\ttbnhh.exec:\ttbnhh.exe69⤵
-
\??\c:\nththb.exec:\nththb.exe70⤵
-
\??\c:\dppdj.exec:\dppdj.exe71⤵
-
\??\c:\xrxrxrr.exec:\xrxrxrr.exe72⤵
-
\??\c:\ffrrxfl.exec:\ffrrxfl.exe73⤵
-
\??\c:\xxxxlrf.exec:\xxxxlrf.exe74⤵
-
\??\c:\nnbthn.exec:\nnbthn.exe75⤵
-
\??\c:\1hbhnt.exec:\1hbhnt.exe76⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe77⤵
-
\??\c:\vvvjp.exec:\vvvjp.exe78⤵
-
\??\c:\xxflrfr.exec:\xxflrfr.exe79⤵
-
\??\c:\9lrlfll.exec:\9lrlfll.exe80⤵
-
\??\c:\7bnhtt.exec:\7bnhtt.exe81⤵
-
\??\c:\1ttbnb.exec:\1ttbnb.exe82⤵
-
\??\c:\3ppvd.exec:\3ppvd.exe83⤵
-
\??\c:\rlfrxxf.exec:\rlfrxxf.exe84⤵
-
\??\c:\fxrfllr.exec:\fxrfllr.exe85⤵
-
\??\c:\tbbhtb.exec:\tbbhtb.exe86⤵
-
\??\c:\hbnbht.exec:\hbnbht.exe87⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe88⤵
-
\??\c:\9pvdv.exec:\9pvdv.exe89⤵
-
\??\c:\ffxfxfl.exec:\ffxfxfl.exe90⤵
-
\??\c:\xxrrflf.exec:\xxrrflf.exe91⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe92⤵
-
\??\c:\btbnbb.exec:\btbnbb.exe93⤵
-
\??\c:\1nnbth.exec:\1nnbth.exe94⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe95⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe96⤵
-
\??\c:\llxlxfr.exec:\llxlxfr.exe97⤵
-
\??\c:\lllrlrl.exec:\lllrlrl.exe98⤵
-
\??\c:\thhntb.exec:\thhntb.exe99⤵
-
\??\c:\5thhnt.exec:\5thhnt.exe100⤵
-
\??\c:\pppdj.exec:\pppdj.exe101⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe102⤵
-
\??\c:\rlffllr.exec:\rlffllr.exe103⤵
-
\??\c:\3llllfr.exec:\3llllfr.exe104⤵
-
\??\c:\tnhhtb.exec:\tnhhtb.exe105⤵
-
\??\c:\9bbbtt.exec:\9bbbtt.exe106⤵
-
\??\c:\bbbbnh.exec:\bbbbnh.exe107⤵
-
\??\c:\9ppvd.exec:\9ppvd.exe108⤵
-
\??\c:\7xlrfll.exec:\7xlrfll.exe109⤵
-
\??\c:\9fflxxl.exec:\9fflxxl.exe110⤵
-
\??\c:\hnntht.exec:\hnntht.exe111⤵
-
\??\c:\hhhbhn.exec:\hhhbhn.exe112⤵
-
\??\c:\bhntht.exec:\bhntht.exe113⤵
-
\??\c:\vdppv.exec:\vdppv.exe114⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe115⤵
-
\??\c:\lfxlrrf.exec:\lfxlrrf.exe116⤵
-
\??\c:\xllxfll.exec:\xllxfll.exe117⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe118⤵
-
\??\c:\hthtbh.exec:\hthtbh.exe119⤵
-
\??\c:\jpppd.exec:\jpppd.exe120⤵
-
\??\c:\lxfflrx.exec:\lxfflrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-