Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
16/06/2024, 03:58
General
-
Target
e9b05d1af3c858aa6399ee61b9f41a2ea409d4275eda9c7f9aa78eec031bcae0.exe
-
Size
308KB
-
MD5
17a51fa72d5a9e3b466eeec37c5a706b
-
SHA1
7527223c1349ca49bc75e1996cb6436504a5bb33
-
SHA256
e9b05d1af3c858aa6399ee61b9f41a2ea409d4275eda9c7f9aa78eec031bcae0
-
SHA512
e306c5f83cda0d65b0fc83d329b34462585763f470185d9314e1c2b0c6617586b969798559581875901bde3e2c6c13f01cc53d50a4ce0352ccd5ab3afd1d9b3a
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LAIRUohDLS0k+sLiiBVS0ILlMcGGW7sRCl9eMw:n3C9BRo/AIuunS3+sOiBVSXxMxTsm9ep
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e9b05d1af3c858aa6399ee61b9f41a2ea409d4275eda9c7f9aa78eec031bcae0.exe"C:\Users\Admin\AppData\Local\Temp\e9b05d1af3c858aa6399ee61b9f41a2ea409d4275eda9c7f9aa78eec031bcae0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntbn.exec:\nhntbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxrfx.exec:\rrlxrfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdp.exec:\jjjdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvj.exec:\dvpvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbnt.exec:\hbtbnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjp.exec:\dvpjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnntn.exec:\bnnntn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpj.exec:\vjvpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlfrxr.exec:\rxlfrxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnntt.exec:\btnntt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvd.exec:\jjvvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxlrl.exec:\rrrxlrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdpd.exec:\jjdpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xlxflf.exec:\9xlxflf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrffr.exec:\lflrffr.exe17⤵
- Executes dropped EXE
-
\??\c:\htttbn.exec:\htttbn.exe18⤵
- Executes dropped EXE
-
\??\c:\vpvdd.exec:\vpvdd.exe19⤵
- Executes dropped EXE
-
\??\c:\xxrflrx.exec:\xxrflrx.exe20⤵
- Executes dropped EXE
-
\??\c:\ddvjd.exec:\ddvjd.exe21⤵
- Executes dropped EXE
-
\??\c:\lllxrff.exec:\lllxrff.exe22⤵
- Executes dropped EXE
-
\??\c:\1ntbtt.exec:\1ntbtt.exe23⤵
- Executes dropped EXE
-
\??\c:\xrllxlr.exec:\xrllxlr.exe24⤵
- Executes dropped EXE
-
\??\c:\hthnnt.exec:\hthnnt.exe25⤵
- Executes dropped EXE
-
\??\c:\lfxxfrf.exec:\lfxxfrf.exe26⤵
- Executes dropped EXE
-
\??\c:\nhtbbn.exec:\nhtbbn.exe27⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe28⤵
- Executes dropped EXE
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe29⤵
- Executes dropped EXE
-
\??\c:\bnbbhb.exec:\bnbbhb.exe30⤵
- Executes dropped EXE
-
\??\c:\9jvpp.exec:\9jvpp.exe31⤵
- Executes dropped EXE
-
\??\c:\5fxflrx.exec:\5fxflrx.exe32⤵
- Executes dropped EXE
-
\??\c:\tbnnht.exec:\tbnnht.exe33⤵
- Executes dropped EXE
-
\??\c:\5dppj.exec:\5dppj.exe34⤵
- Executes dropped EXE
-
\??\c:\xxrffrr.exec:\xxrffrr.exe35⤵
- Executes dropped EXE
-
\??\c:\bbthth.exec:\bbthth.exe36⤵
- Executes dropped EXE
-
\??\c:\jvdpp.exec:\jvdpp.exe37⤵
- Executes dropped EXE
-
\??\c:\5llrxxl.exec:\5llrxxl.exe38⤵
- Executes dropped EXE
-
\??\c:\9fllrrr.exec:\9fllrrr.exe39⤵
- Executes dropped EXE
-
\??\c:\hthbbt.exec:\hthbbt.exe40⤵
- Executes dropped EXE
-
\??\c:\ntnbnn.exec:\ntnbnn.exe41⤵
- Executes dropped EXE
-
\??\c:\pddpv.exec:\pddpv.exe42⤵
- Executes dropped EXE
-
\??\c:\7frrffl.exec:\7frrffl.exe43⤵
- Executes dropped EXE
-
\??\c:\ntbtbn.exec:\ntbtbn.exe44⤵
- Executes dropped EXE
-
\??\c:\ttthbh.exec:\ttthbh.exe45⤵
- Executes dropped EXE
-
\??\c:\3dddv.exec:\3dddv.exe46⤵
- Executes dropped EXE
-
\??\c:\xrllrxf.exec:\xrllrxf.exe47⤵
- Executes dropped EXE
-
\??\c:\9bnhnh.exec:\9bnhnh.exe48⤵
- Executes dropped EXE
-
\??\c:\btnnbt.exec:\btnnbt.exe49⤵
- Executes dropped EXE
-
\??\c:\xflfflr.exec:\xflfflr.exe50⤵
- Executes dropped EXE
-
\??\c:\7rffxxr.exec:\7rffxxr.exe51⤵
- Executes dropped EXE
-
\??\c:\nhttbt.exec:\nhttbt.exe52⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe53⤵
- Executes dropped EXE
-
\??\c:\rxxlrxr.exec:\rxxlrxr.exe54⤵
- Executes dropped EXE
-
\??\c:\frrxrff.exec:\frrxrff.exe55⤵
- Executes dropped EXE
-
\??\c:\hhhthn.exec:\hhhthn.exe56⤵
- Executes dropped EXE
-
\??\c:\dpjdp.exec:\dpjdp.exe57⤵
- Executes dropped EXE
-
\??\c:\rxlxlxr.exec:\rxlxlxr.exe58⤵
- Executes dropped EXE
-
\??\c:\rlrxffr.exec:\rlrxffr.exe59⤵
- Executes dropped EXE
-
\??\c:\bthbht.exec:\bthbht.exe60⤵
- Executes dropped EXE
-
\??\c:\jdpdd.exec:\jdpdd.exe61⤵
- Executes dropped EXE
-
\??\c:\rxxrrff.exec:\rxxrrff.exe62⤵
- Executes dropped EXE
-
\??\c:\hththb.exec:\hththb.exe63⤵
- Executes dropped EXE
-
\??\c:\ppvdv.exec:\ppvdv.exe64⤵
- Executes dropped EXE
-
\??\c:\vjdjj.exec:\vjdjj.exe65⤵
- Executes dropped EXE
-
\??\c:\xrflrxl.exec:\xrflrxl.exe66⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe67⤵
-
\??\c:\7djdd.exec:\7djdd.exe68⤵
-
\??\c:\7jddp.exec:\7jddp.exe69⤵
-
\??\c:\flfrllr.exec:\flfrllr.exe70⤵
-
\??\c:\nbtbhh.exec:\nbtbhh.exe71⤵
-
\??\c:\9hbhnn.exec:\9hbhnn.exe72⤵
-
\??\c:\jppvd.exec:\jppvd.exe73⤵
-
\??\c:\lfrxllr.exec:\lfrxllr.exe74⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe75⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe76⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe77⤵
-
\??\c:\rllrxlf.exec:\rllrxlf.exe78⤵
-
\??\c:\9hnnbb.exec:\9hnnbb.exe79⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe80⤵
-
\??\c:\lfxfrxx.exec:\lfxfrxx.exe81⤵
-
\??\c:\lllrffr.exec:\lllrffr.exe82⤵
-
\??\c:\tbbbtb.exec:\tbbbtb.exe83⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe84⤵
-
\??\c:\xrxlxxf.exec:\xrxlxxf.exe85⤵
-
\??\c:\llrrxfx.exec:\llrrxfx.exe86⤵
-
\??\c:\nnnbnn.exec:\nnnbnn.exe87⤵
-
\??\c:\jpdpd.exec:\jpdpd.exe88⤵
-
\??\c:\llxfxxx.exec:\llxfxxx.exe89⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe90⤵
-
\??\c:\btntnb.exec:\btntnb.exe91⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe92⤵
-
\??\c:\7lffffl.exec:\7lffffl.exe93⤵
-
\??\c:\dpjjd.exec:\dpjjd.exe94⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe95⤵
-
\??\c:\llxrlxl.exec:\llxrlxl.exe96⤵
-
\??\c:\hntbhn.exec:\hntbhn.exe97⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe98⤵
-
\??\c:\7dppp.exec:\7dppp.exe99⤵
-
\??\c:\9xlfflr.exec:\9xlfflr.exe100⤵
-
\??\c:\7nnhbt.exec:\7nnhbt.exe101⤵
-
\??\c:\3jjdd.exec:\3jjdd.exe102⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe103⤵
-
\??\c:\7lxrfll.exec:\7lxrfll.exe104⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe105⤵
-
\??\c:\thtthn.exec:\thtthn.exe106⤵
-
\??\c:\1ddpv.exec:\1ddpv.exe107⤵
-
\??\c:\rlxflxr.exec:\rlxflxr.exe108⤵
-
\??\c:\xrlfrxl.exec:\xrlfrxl.exe109⤵
-
\??\c:\tthnbh.exec:\tthnbh.exe110⤵
-
\??\c:\5ttbnn.exec:\5ttbnn.exe111⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe112⤵
-
\??\c:\lxrrffl.exec:\lxrrffl.exe113⤵
-
\??\c:\9flrfll.exec:\9flrfll.exe114⤵
-
\??\c:\1nnbhn.exec:\1nnbhn.exe115⤵
-
\??\c:\dpvjj.exec:\dpvjj.exe116⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe117⤵
-
\??\c:\flflrxx.exec:\flflrxx.exe118⤵
-
\??\c:\3bnthh.exec:\3bnthh.exe119⤵
-
\??\c:\pvjpj.exec:\pvjpj.exe120⤵
-
\??\c:\1dvjp.exec:\1dvjp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-