Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
11/06/2024, 23:47
General
-
Target
79b51ecad9d4ce2f760b069ec18b96720e0037eef69c3b7d4fec6836628fc45e.exe
-
Size
1.2MB
-
MD5
19b9ea3682a72bd02ebb754b4765bdc0
-
SHA1
33cc0c238a7395b91d4930d2055a03235a197241
-
SHA256
79b51ecad9d4ce2f760b069ec18b96720e0037eef69c3b7d4fec6836628fc45e
-
SHA512
fbc234656796e7701aaa05424ec3774786aea59528ac7e88c50d5a38f80b28e312bd51bc529054fa026f0b8c96071f87902e49cf0d6e08206f333dc415c3c7ca
-
SSDEEP
24576:ShPh2kkkkK4kXkkkkkkkkhLX3a20R0v50+YNpsKv2EvZHp3oWt:4bazR0vKLXZ7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
UPX dump on OEP (original entry point) 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\79b51ecad9d4ce2f760b069ec18b96720e0037eef69c3b7d4fec6836628fc45e.exe"C:\Users\Admin\AppData\Local\Temp\79b51ecad9d4ce2f760b069ec18b96720e0037eef69c3b7d4fec6836628fc45e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrlrf.exec:\xrrrlrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\42006.exec:\42006.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddv.exec:\jpddv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48680.exec:\48680.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllrxf.exec:\rrllrxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4800224.exec:\4800224.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppvj.exec:\vppvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\004246.exec:\004246.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k08440.exec:\k08440.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0488628.exec:\0488628.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\820840.exec:\820840.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\486688.exec:\486688.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbhnt.exec:\7tbhnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbbh.exec:\bnbbbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e88462.exec:\e88462.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w04624.exec:\w04624.exe17⤵
- Executes dropped EXE
-
\??\c:\tnnthn.exec:\tnnthn.exe18⤵
- Executes dropped EXE
-
\??\c:\4862846.exec:\4862846.exe19⤵
- Executes dropped EXE
-
\??\c:\ffrxllx.exec:\ffrxllx.exe20⤵
- Executes dropped EXE
-
\??\c:\bthhbb.exec:\bthhbb.exe21⤵
- Executes dropped EXE
-
\??\c:\rlfrrfr.exec:\rlfrrfr.exe22⤵
- Executes dropped EXE
-
\??\c:\3rrrlrx.exec:\3rrrlrx.exe23⤵
- Executes dropped EXE
-
\??\c:\00428.exec:\00428.exe24⤵
- Executes dropped EXE
-
\??\c:\rlfxlfl.exec:\rlfxlfl.exe25⤵
- Executes dropped EXE
-
\??\c:\nthntb.exec:\nthntb.exe26⤵
- Executes dropped EXE
-
\??\c:\246606.exec:\246606.exe27⤵
- Executes dropped EXE
-
\??\c:\nnhbnn.exec:\nnhbnn.exe28⤵
- Executes dropped EXE
-
\??\c:\3jddv.exec:\3jddv.exe29⤵
- Executes dropped EXE
-
\??\c:\m8286.exec:\m8286.exe30⤵
- Executes dropped EXE
-
\??\c:\nhbbnb.exec:\nhbbnb.exe31⤵
- Executes dropped EXE
-
\??\c:\208848.exec:\208848.exe32⤵
- Executes dropped EXE
-
\??\c:\86424.exec:\86424.exe33⤵
- Executes dropped EXE
-
\??\c:\fxlxffr.exec:\fxlxffr.exe34⤵
- Executes dropped EXE
-
\??\c:\htnnnt.exec:\htnnnt.exe35⤵
- Executes dropped EXE
-
\??\c:\tnntbt.exec:\tnntbt.exe36⤵
- Executes dropped EXE
-
\??\c:\42488.exec:\42488.exe37⤵
- Executes dropped EXE
-
\??\c:\g2620.exec:\g2620.exe38⤵
- Executes dropped EXE
-
\??\c:\26624.exec:\26624.exe39⤵
- Executes dropped EXE
-
\??\c:\w80802.exec:\w80802.exe40⤵
- Executes dropped EXE
-
\??\c:\42842.exec:\42842.exe41⤵
- Executes dropped EXE
-
\??\c:\822848.exec:\822848.exe42⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe43⤵
- Executes dropped EXE
-
\??\c:\xlrrrlr.exec:\xlrrrlr.exe44⤵
- Executes dropped EXE
-
\??\c:\g2062.exec:\g2062.exe45⤵
- Executes dropped EXE
-
\??\c:\dvpdj.exec:\dvpdj.exe46⤵
- Executes dropped EXE
-
\??\c:\1xrfrxf.exec:\1xrfrxf.exe47⤵
- Executes dropped EXE
-
\??\c:\6868466.exec:\6868466.exe48⤵
- Executes dropped EXE
-
\??\c:\bnhtbb.exec:\bnhtbb.exe49⤵
- Executes dropped EXE
-
\??\c:\42624.exec:\42624.exe50⤵
- Executes dropped EXE
-
\??\c:\nhthtb.exec:\nhthtb.exe51⤵
- Executes dropped EXE
-
\??\c:\k68404.exec:\k68404.exe52⤵
- Executes dropped EXE
-
\??\c:\3lrrffl.exec:\3lrrffl.exe53⤵
- Executes dropped EXE
-
\??\c:\fxfflll.exec:\fxfflll.exe54⤵
- Executes dropped EXE
-
\??\c:\rrlrflr.exec:\rrlrflr.exe55⤵
- Executes dropped EXE
-
\??\c:\xxlxrxl.exec:\xxlxrxl.exe56⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe57⤵
- Executes dropped EXE
-
\??\c:\8262424.exec:\8262424.exe58⤵
- Executes dropped EXE
-
\??\c:\8640806.exec:\8640806.exe59⤵
- Executes dropped EXE
-
\??\c:\fxrlrrf.exec:\fxrlrrf.exe60⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe61⤵
- Executes dropped EXE
-
\??\c:\826644.exec:\826644.exe62⤵
- Executes dropped EXE
-
\??\c:\nnbbtb.exec:\nnbbtb.exe63⤵
- Executes dropped EXE
-
\??\c:\lxflxfl.exec:\lxflxfl.exe64⤵
- Executes dropped EXE
-
\??\c:\xxrrxxr.exec:\xxrrxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\rlxxffr.exec:\rlxxffr.exe66⤵
-
\??\c:\60684.exec:\60684.exe67⤵
-
\??\c:\i080620.exec:\i080620.exe68⤵
-
\??\c:\3fxlrxf.exec:\3fxlrxf.exe69⤵
-
\??\c:\xlxllrf.exec:\xlxllrf.exe70⤵
-
\??\c:\w42206.exec:\w42206.exe71⤵
-
\??\c:\4844006.exec:\4844006.exe72⤵
-
\??\c:\4040028.exec:\4040028.exe73⤵
-
\??\c:\nntbnn.exec:\nntbnn.exe74⤵
-
\??\c:\bhhtnb.exec:\bhhtnb.exe75⤵
-
\??\c:\40068.exec:\40068.exe76⤵
-
\??\c:\tthnbn.exec:\tthnbn.exe77⤵
-
\??\c:\082244.exec:\082244.exe78⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe79⤵
-
\??\c:\6800606.exec:\6800606.exe80⤵
-
\??\c:\2488662.exec:\2488662.exe81⤵
-
\??\c:\g2468.exec:\g2468.exe82⤵
-
\??\c:\m2440.exec:\m2440.exe83⤵
-
\??\c:\60600.exec:\60600.exe84⤵
-
\??\c:\fxrrrfl.exec:\fxrrrfl.exe85⤵
-
\??\c:\22228.exec:\22228.exe86⤵
-
\??\c:\5fflrxl.exec:\5fflrxl.exe87⤵
-
\??\c:\u622880.exec:\u622880.exe88⤵
-
\??\c:\thbhnt.exec:\thbhnt.exe89⤵
-
\??\c:\hbbbnh.exec:\hbbbnh.exe90⤵
-
\??\c:\vjvjv.exec:\vjvjv.exe91⤵
-
\??\c:\420606.exec:\420606.exe92⤵
-
\??\c:\60842.exec:\60842.exe93⤵
-
\??\c:\rlflxfr.exec:\rlflxfr.exe94⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe95⤵
-
\??\c:\1frxfll.exec:\1frxfll.exe96⤵
-
\??\c:\pjddj.exec:\pjddj.exe97⤵
-
\??\c:\tnbttn.exec:\tnbttn.exe98⤵
-
\??\c:\22006.exec:\22006.exe99⤵
-
\??\c:\s4680.exec:\s4680.exe100⤵
-
\??\c:\680606.exec:\680606.exe101⤵
-
\??\c:\btnthh.exec:\btnthh.exe102⤵
-
\??\c:\44624.exec:\44624.exe103⤵
-
\??\c:\e82840.exec:\e82840.exe104⤵
-
\??\c:\620868.exec:\620868.exe105⤵
-
\??\c:\482862.exec:\482862.exe106⤵
-
\??\c:\llrrlxx.exec:\llrrlxx.exe107⤵
-
\??\c:\8862440.exec:\8862440.exe108⤵
-
\??\c:\0006842.exec:\0006842.exe109⤵
-
\??\c:\hnhhnn.exec:\hnhhnn.exe110⤵
-
\??\c:\82440.exec:\82440.exe111⤵
-
\??\c:\604460.exec:\604460.exe112⤵
-
\??\c:\028462.exec:\028462.exe113⤵
-
\??\c:\824628.exec:\824628.exe114⤵
-
\??\c:\rfxfllr.exec:\rfxfllr.exe115⤵
-
\??\c:\02884.exec:\02884.exe116⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe117⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe118⤵
-
\??\c:\600206.exec:\600206.exe119⤵
-
\??\c:\xrxxflr.exec:\xrxxflr.exe120⤵
-
\??\c:\86068.exec:\86068.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-