Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
05/06/2024, 20:25
General
-
Target
2c1eec17eab32ea0c36a2296a105aaf08a09fa637697f3c61bed76a7785f3c8d.exe
-
Size
267KB
-
MD5
209d1e329a38c0329b0a926e2289f87b
-
SHA1
350b08d83135692b1e09a8016e574559cb52a77e
-
SHA256
2c1eec17eab32ea0c36a2296a105aaf08a09fa637697f3c61bed76a7785f3c8d
-
SHA512
219505a4df6311f3d0e787b63fc07e579398e770f478e82fd7ba6bdf55e178955783e92b31558a86faeec02f9148d1276381e3d64524f089517662bf887a582b
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmPzTkV2y/QTa9RBZydZbf83pnzgmmIMz:n3C9BRIG0asYFm71mPfkVB8dKwaWj
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
UPX dump on OEP (original entry point) 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2c1eec17eab32ea0c36a2296a105aaf08a09fa637697f3c61bed76a7785f3c8d.exe"C:\Users\Admin\AppData\Local\Temp\2c1eec17eab32ea0c36a2296a105aaf08a09fa637697f3c61bed76a7785f3c8d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9djpv.exec:\9djpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnntnt.exec:\nnntnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxxxff.exec:\1rxxxff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxfrf.exec:\rllxfrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdjv.exec:\1pdjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dddv.exec:\3dddv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbhh.exec:\hhtbhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpv.exec:\vpdpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlrrl.exec:\frxlrrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbnt.exec:\ttnbnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvvv.exec:\7dvvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxllf.exec:\xrrxllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbbnt.exec:\7bbbnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvd.exec:\vvpvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxflr.exec:\ffxxflr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxlrx.exec:\rrlxlrx.exe17⤵
- Executes dropped EXE
-
\??\c:\hbnthn.exec:\hbnthn.exe18⤵
- Executes dropped EXE
-
\??\c:\vjdpv.exec:\vjdpv.exe19⤵
- Executes dropped EXE
-
\??\c:\rrrrlxx.exec:\rrrrlxx.exe20⤵
- Executes dropped EXE
-
\??\c:\7rrrfrl.exec:\7rrrfrl.exe21⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe22⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe23⤵
- Executes dropped EXE
-
\??\c:\llffrrl.exec:\llffrrl.exe24⤵
- Executes dropped EXE
-
\??\c:\bbnhnn.exec:\bbnhnn.exe25⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe26⤵
- Executes dropped EXE
-
\??\c:\xfrlrlr.exec:\xfrlrlr.exe27⤵
- Executes dropped EXE
-
\??\c:\nbntbh.exec:\nbntbh.exe28⤵
- Executes dropped EXE
-
\??\c:\nhhnbt.exec:\nhhnbt.exe29⤵
- Executes dropped EXE
-
\??\c:\vvvdv.exec:\vvvdv.exe30⤵
- Executes dropped EXE
-
\??\c:\rlfrxlx.exec:\rlfrxlx.exe31⤵
- Executes dropped EXE
-
\??\c:\1htbnb.exec:\1htbnb.exe32⤵
- Executes dropped EXE
-
\??\c:\vdvjd.exec:\vdvjd.exe33⤵
- Executes dropped EXE
-
\??\c:\5rffffr.exec:\5rffffr.exe34⤵
- Executes dropped EXE
-
\??\c:\lfrfrxf.exec:\lfrfrxf.exe35⤵
- Executes dropped EXE
-
\??\c:\ttntnt.exec:\ttntnt.exe36⤵
- Executes dropped EXE
-
\??\c:\nhbhtb.exec:\nhbhtb.exe37⤵
- Executes dropped EXE
-
\??\c:\7vjpp.exec:\7vjpp.exe38⤵
- Executes dropped EXE
-
\??\c:\pjdvd.exec:\pjdvd.exe39⤵
- Executes dropped EXE
-
\??\c:\rrlfllx.exec:\rrlfllx.exe40⤵
- Executes dropped EXE
-
\??\c:\flflxfr.exec:\flflxfr.exe41⤵
- Executes dropped EXE
-
\??\c:\9tthhh.exec:\9tthhh.exe42⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe43⤵
- Executes dropped EXE
-
\??\c:\vvjpd.exec:\vvjpd.exe44⤵
- Executes dropped EXE
-
\??\c:\rxxrxfx.exec:\rxxrxfx.exe45⤵
- Executes dropped EXE
-
\??\c:\rrrxrxl.exec:\rrrxrxl.exe46⤵
- Executes dropped EXE
-
\??\c:\9nhbhn.exec:\9nhbhn.exe47⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe48⤵
- Executes dropped EXE
-
\??\c:\ppjpd.exec:\ppjpd.exe49⤵
- Executes dropped EXE
-
\??\c:\9fxlxfr.exec:\9fxlxfr.exe50⤵
- Executes dropped EXE
-
\??\c:\rllfxfx.exec:\rllfxfx.exe51⤵
- Executes dropped EXE
-
\??\c:\hhtnhn.exec:\hhtnhn.exe52⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe53⤵
- Executes dropped EXE
-
\??\c:\dvpdd.exec:\dvpdd.exe54⤵
- Executes dropped EXE
-
\??\c:\lffrffx.exec:\lffrffx.exe55⤵
- Executes dropped EXE
-
\??\c:\9xrlrrr.exec:\9xrlrrr.exe56⤵
- Executes dropped EXE
-
\??\c:\bbnhth.exec:\bbnhth.exe57⤵
- Executes dropped EXE
-
\??\c:\nntbnn.exec:\nntbnn.exe58⤵
- Executes dropped EXE
-
\??\c:\7dvdp.exec:\7dvdp.exe59⤵
- Executes dropped EXE
-
\??\c:\xrxxllr.exec:\xrxxllr.exe60⤵
- Executes dropped EXE
-
\??\c:\llrrfxr.exec:\llrrfxr.exe61⤵
- Executes dropped EXE
-
\??\c:\nbhttn.exec:\nbhttn.exe62⤵
- Executes dropped EXE
-
\??\c:\1nbnbb.exec:\1nbnbb.exe63⤵
- Executes dropped EXE
-
\??\c:\ddddj.exec:\ddddj.exe64⤵
- Executes dropped EXE
-
\??\c:\vvpdp.exec:\vvpdp.exe65⤵
- Executes dropped EXE
-
\??\c:\ffxfrfx.exec:\ffxfrfx.exe66⤵
-
\??\c:\xrxfrrx.exec:\xrxfrrx.exe67⤵
-
\??\c:\1ntbhn.exec:\1ntbhn.exe68⤵
-
\??\c:\9nbntb.exec:\9nbntb.exe69⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe70⤵
-
\??\c:\1dvjd.exec:\1dvjd.exe71⤵
-
\??\c:\lxllxxl.exec:\lxllxxl.exe72⤵
-
\??\c:\nntntb.exec:\nntntb.exe73⤵
-
\??\c:\nhhtbb.exec:\nhhtbb.exe74⤵
-
\??\c:\9hbhth.exec:\9hbhth.exe75⤵
-
\??\c:\9pvdp.exec:\9pvdp.exe76⤵
-
\??\c:\fxlrrfr.exec:\fxlrrfr.exe77⤵
-
\??\c:\frfrfrx.exec:\frfrfrx.exe78⤵
-
\??\c:\hbtbnn.exec:\hbtbnn.exe79⤵
-
\??\c:\btttbh.exec:\btttbh.exe80⤵
-
\??\c:\djdjd.exec:\djdjd.exe81⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe82⤵
-
\??\c:\xxffllr.exec:\xxffllr.exe83⤵
-
\??\c:\fxfrxxl.exec:\fxfrxxl.exe84⤵
-
\??\c:\httbnh.exec:\httbnh.exe85⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe86⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe87⤵
-
\??\c:\llfflrx.exec:\llfflrx.exe88⤵
-
\??\c:\xllffxl.exec:\xllffxl.exe89⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe90⤵
-
\??\c:\vvdjp.exec:\vvdjp.exe91⤵
-
\??\c:\djvjp.exec:\djvjp.exe92⤵
-
\??\c:\fxxfxff.exec:\fxxfxff.exe93⤵
-
\??\c:\hhbhbh.exec:\hhbhbh.exe94⤵
-
\??\c:\hhhnnt.exec:\hhhnnt.exe95⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe96⤵
-
\??\c:\9vjjj.exec:\9vjjj.exe97⤵
-
\??\c:\7xllrxf.exec:\7xllrxf.exe98⤵
-
\??\c:\frxxfxx.exec:\frxxfxx.exe99⤵
-
\??\c:\tnbbnt.exec:\tnbbnt.exe100⤵
-
\??\c:\1bnnnb.exec:\1bnnnb.exe101⤵
-
\??\c:\jpjdj.exec:\jpjdj.exe102⤵
-
\??\c:\jvvdp.exec:\jvvdp.exe103⤵
-
\??\c:\5rllxlx.exec:\5rllxlx.exe104⤵
-
\??\c:\rlxxfff.exec:\rlxxfff.exe105⤵
-
\??\c:\hhhnhh.exec:\hhhnhh.exe106⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe107⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe108⤵
-
\??\c:\frxxxrx.exec:\frxxxrx.exe109⤵
-
\??\c:\5lxxllx.exec:\5lxxllx.exe110⤵
-
\??\c:\5ttnht.exec:\5ttnht.exe111⤵
-
\??\c:\3bbhnt.exec:\3bbhnt.exe112⤵
-
\??\c:\pddjp.exec:\pddjp.exe113⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe114⤵
-
\??\c:\7lflllr.exec:\7lflllr.exe115⤵
-
\??\c:\llfxrfl.exec:\llfxrfl.exe116⤵
-
\??\c:\bnhhbh.exec:\bnhhbh.exe117⤵
-
\??\c:\vjvjv.exec:\vjvjv.exe118⤵
-
\??\c:\5dddj.exec:\5dddj.exe119⤵
-
\??\c:\xrllllr.exec:\xrllllr.exe120⤵
-
\??\c:\frxxxxr.exec:\frxxxxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-