Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
16/06/2024, 02:31
General
-
Target
c990ca4dfb9cc2e1023466e22822f47685603d79fc17b4e395b1ce89ee981659.exe
-
Size
446KB
-
MD5
a4fc0640b546cfcddc3d11ab3fbd1111
-
SHA1
1a811d7d1028a55cc2496cd4f422ac5e7ded82e2
-
SHA256
c990ca4dfb9cc2e1023466e22822f47685603d79fc17b4e395b1ce89ee981659
-
SHA512
beaa578c87cdeb986256d77a5242392e5b4a2373b81cec4893d7a565d0362b3cc011778e7efa389ff3ebadf0575c320441fb3cca20249f4c8e0e733fe6578a4b
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/T4i37K3BoKg0p5WI09JsB:n3C9ytvn8whkb4i3e3GFO6JsB
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
UPX dump on OEP (original entry point) 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c990ca4dfb9cc2e1023466e22822f47685603d79fc17b4e395b1ce89ee981659.exe"C:\Users\Admin\AppData\Local\Temp\c990ca4dfb9cc2e1023466e22822f47685603d79fc17b4e395b1ce89ee981659.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnttb.exec:\5tnttb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnhtn.exec:\7bnhtn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdjp.exec:\1jdjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flflrfx.exec:\flflrfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjv.exec:\vpjjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfffrx.exec:\rlfffrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjp.exec:\jdpjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbnt.exec:\bhhbnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfrxl.exec:\xrxfrxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhtb.exec:\nbnhtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvv.exec:\vvdvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xrrffr.exec:\5xrrffr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhthb.exec:\nhhthb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvj.exec:\dvdvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnth.exec:\tnnnth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvdj.exec:\1dvdj.exe17⤵
- Executes dropped EXE
-
\??\c:\bnnhnt.exec:\bnnhnt.exe18⤵
- Executes dropped EXE
-
\??\c:\jppdv.exec:\jppdv.exe19⤵
- Executes dropped EXE
-
\??\c:\rllxlrf.exec:\rllxlrf.exe20⤵
- Executes dropped EXE
-
\??\c:\nhtbhh.exec:\nhtbhh.exe21⤵
- Executes dropped EXE
-
\??\c:\rlxflxr.exec:\rlxflxr.exe22⤵
- Executes dropped EXE
-
\??\c:\hnbbhh.exec:\hnbbhh.exe23⤵
- Executes dropped EXE
-
\??\c:\nnnbtb.exec:\nnnbtb.exe24⤵
- Executes dropped EXE
-
\??\c:\xxfrfff.exec:\xxfrfff.exe25⤵
- Executes dropped EXE
-
\??\c:\htnbnt.exec:\htnbnt.exe26⤵
- Executes dropped EXE
-
\??\c:\flffrrl.exec:\flffrrl.exe27⤵
- Executes dropped EXE
-
\??\c:\nhnttt.exec:\nhnttt.exe28⤵
- Executes dropped EXE
-
\??\c:\dpjjj.exec:\dpjjj.exe29⤵
- Executes dropped EXE
-
\??\c:\hnbhhb.exec:\hnbhhb.exe30⤵
- Executes dropped EXE
-
\??\c:\pvdpd.exec:\pvdpd.exe31⤵
- Executes dropped EXE
-
\??\c:\rfxllfr.exec:\rfxllfr.exe32⤵
- Executes dropped EXE
-
\??\c:\bnbhtb.exec:\bnbhtb.exe33⤵
- Executes dropped EXE
-
\??\c:\xxrrxll.exec:\xxrrxll.exe34⤵
- Executes dropped EXE
-
\??\c:\9thbnt.exec:\9thbnt.exe35⤵
-
\??\c:\jdddj.exec:\jdddj.exe36⤵
- Executes dropped EXE
-
\??\c:\1lffrfr.exec:\1lffrfr.exe37⤵
- Executes dropped EXE
-
\??\c:\bthntt.exec:\bthntt.exe38⤵
- Executes dropped EXE
-
\??\c:\3vjdj.exec:\3vjdj.exe39⤵
- Executes dropped EXE
-
\??\c:\rxflfrl.exec:\rxflfrl.exe40⤵
- Executes dropped EXE
-
\??\c:\3tthtn.exec:\3tthtn.exe41⤵
- Executes dropped EXE
-
\??\c:\dppdd.exec:\dppdd.exe42⤵
- Executes dropped EXE
-
\??\c:\rrlxfrl.exec:\rrlxfrl.exe43⤵
- Executes dropped EXE
-
\??\c:\tbnbnb.exec:\tbnbnb.exe44⤵
- Executes dropped EXE
-
\??\c:\jjjpv.exec:\jjjpv.exe45⤵
- Executes dropped EXE
-
\??\c:\flllrlr.exec:\flllrlr.exe46⤵
- Executes dropped EXE
-
\??\c:\tnnbnh.exec:\tnnbnh.exe47⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe48⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe49⤵
- Executes dropped EXE
-
\??\c:\9lflrrx.exec:\9lflrrx.exe50⤵
- Executes dropped EXE
-
\??\c:\9bnnht.exec:\9bnnht.exe51⤵
- Executes dropped EXE
-
\??\c:\vdvdp.exec:\vdvdp.exe52⤵
- Executes dropped EXE
-
\??\c:\9fxflrl.exec:\9fxflrl.exe53⤵
- Executes dropped EXE
-
\??\c:\5hnhbh.exec:\5hnhbh.exe54⤵
- Executes dropped EXE
-
\??\c:\djjjd.exec:\djjjd.exe55⤵
- Executes dropped EXE
-
\??\c:\lfrfffl.exec:\lfrfffl.exe56⤵
- Executes dropped EXE
-
\??\c:\ntnntt.exec:\ntnntt.exe57⤵
- Executes dropped EXE
-
\??\c:\nbbnbb.exec:\nbbnbb.exe58⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe59⤵
- Executes dropped EXE
-
\??\c:\xxxflrl.exec:\xxxflrl.exe60⤵
- Executes dropped EXE
-
\??\c:\hhhtnh.exec:\hhhtnh.exe61⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe62⤵
- Executes dropped EXE
-
\??\c:\9ffrxfr.exec:\9ffrxfr.exe63⤵
- Executes dropped EXE
-
\??\c:\htbhhh.exec:\htbhhh.exe64⤵
- Executes dropped EXE
-
\??\c:\pvpjp.exec:\pvpjp.exe65⤵
- Executes dropped EXE
-
\??\c:\ppppd.exec:\ppppd.exe66⤵
- Executes dropped EXE
-
\??\c:\3fxlfrf.exec:\3fxlfrf.exe67⤵
-
\??\c:\5nntbn.exec:\5nntbn.exe68⤵
-
\??\c:\9vvjd.exec:\9vvjd.exe69⤵
-
\??\c:\xlxlrfl.exec:\xlxlrfl.exe70⤵
-
\??\c:\7hnbnb.exec:\7hnbnb.exe71⤵
-
\??\c:\7vjjp.exec:\7vjjp.exe72⤵
-
\??\c:\rflflrr.exec:\rflflrr.exe73⤵
-
\??\c:\lxrrrfr.exec:\lxrrrfr.exe74⤵
-
\??\c:\bhbntb.exec:\bhbntb.exe75⤵
-
\??\c:\7vjpd.exec:\7vjpd.exe76⤵
-
\??\c:\rxxlrlf.exec:\rxxlrlf.exe77⤵
-
\??\c:\rlrfxlr.exec:\rlrfxlr.exe78⤵
-
\??\c:\nnthtb.exec:\nnthtb.exe79⤵
-
\??\c:\5djpd.exec:\5djpd.exe80⤵
-
\??\c:\lxfllrl.exec:\lxfllrl.exe81⤵
-
\??\c:\htbbnn.exec:\htbbnn.exe82⤵
-
\??\c:\pddjv.exec:\pddjv.exe83⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe84⤵
-
\??\c:\llfxflf.exec:\llfxflf.exe85⤵
-
\??\c:\nnnthh.exec:\nnnthh.exe86⤵
-
\??\c:\vdddp.exec:\vdddp.exe87⤵
-
\??\c:\lfxlrrr.exec:\lfxlrrr.exe88⤵
-
\??\c:\nnbbnt.exec:\nnbbnt.exe89⤵
-
\??\c:\nnbhth.exec:\nnbhth.exe90⤵
-
\??\c:\lrxrlxx.exec:\lrxrlxx.exe91⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe92⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe93⤵
-
\??\c:\1ddjj.exec:\1ddjj.exe94⤵
-
\??\c:\3lxrxxl.exec:\3lxrxxl.exe95⤵
-
\??\c:\7nbbhh.exec:\7nbbhh.exe96⤵
-
\??\c:\vdpdv.exec:\vdpdv.exe97⤵
-
\??\c:\xlflxxx.exec:\xlflxxx.exe98⤵
-
\??\c:\hhbtbh.exec:\hhbtbh.exe99⤵
-
\??\c:\nnbbbb.exec:\nnbbbb.exe100⤵
-
\??\c:\5ddjv.exec:\5ddjv.exe101⤵
-
\??\c:\lrxxxxx.exec:\lrxxxxx.exe102⤵
-
\??\c:\nttnbn.exec:\nttnbn.exe103⤵
-
\??\c:\jjddp.exec:\jjddp.exe104⤵
-
\??\c:\rxfrlrf.exec:\rxfrlrf.exe105⤵
-
\??\c:\bbhntt.exec:\bbhntt.exe106⤵
-
\??\c:\5nntht.exec:\5nntht.exe107⤵
-
\??\c:\ntbbht.exec:\ntbbht.exe108⤵
-
\??\c:\ttntnt.exec:\ttntnt.exe109⤵
-
\??\c:\jddpp.exec:\jddpp.exe110⤵
-
\??\c:\7xxxrlx.exec:\7xxxrlx.exe111⤵
-
\??\c:\httbhn.exec:\httbhn.exe112⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe113⤵
-
\??\c:\xrflrxl.exec:\xrflrxl.exe114⤵
-
\??\c:\9hbhnt.exec:\9hbhnt.exe115⤵
-
\??\c:\pdddp.exec:\pdddp.exe116⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe117⤵
-
\??\c:\xxxlxxl.exec:\xxxlxxl.exe118⤵
-
\??\c:\hbhntb.exec:\hbhntb.exe119⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe120⤵
-
\??\c:\fxllfxx.exec:\fxllfxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-