Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
24/06/2024, 22:11
General
-
Target
63c3010ed6f7badd46914efe5167ec52fc5933244bc6b943f3bbfc99e9c3f790.exe
-
Size
57KB
-
MD5
2e756b8f6120f9284cc85b08bfb15f9d
-
SHA1
b36854304104b8b31811cc68cb03e76b100880e5
-
SHA256
63c3010ed6f7badd46914efe5167ec52fc5933244bc6b943f3bbfc99e9c3f790
-
SHA512
9e749952eb1990c523e7f0b25ddbbf0b7deb923e092192d95165cbcea1b0a7f4834008bfc77a98c56ca4eacf89a39e8899e21af447742c6351283b5b02029d25
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chVVA:ymb3NkkiQ3mdBjF0crVA
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
UPX dump on OEP (original entry point) 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\63c3010ed6f7badd46914efe5167ec52fc5933244bc6b943f3bbfc99e9c3f790.exe"C:\Users\Admin\AppData\Local\Temp\63c3010ed6f7badd46914efe5167ec52fc5933244bc6b943f3bbfc99e9c3f790.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxrxl.exec:\lxlxrxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnbth.exec:\7hnbth.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnnn.exec:\btnnnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllffxx.exec:\lllffxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhnn.exec:\nhhhnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvd.exec:\pjpvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdpj.exec:\vjdpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrflrrx.exec:\rrflrrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1btntt.exec:\1btntt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbnh.exec:\bttbnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjjp.exec:\9jjjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfflrrx.exec:\rfflrrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxrfrf.exec:\flxrfrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbnn.exec:\nhnbnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvd.exec:\jdjvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdp.exec:\pjvdp.exe17⤵
- Executes dropped EXE
-
\??\c:\xxfffxr.exec:\xxfffxr.exe18⤵
- Executes dropped EXE
-
\??\c:\bbnhbh.exec:\bbnhbh.exe19⤵
- Executes dropped EXE
-
\??\c:\7htbbh.exec:\7htbbh.exe20⤵
- Executes dropped EXE
-
\??\c:\5pdjp.exec:\5pdjp.exe21⤵
- Executes dropped EXE
-
\??\c:\lfrxfrx.exec:\lfrxfrx.exe22⤵
- Executes dropped EXE
-
\??\c:\rlflrrx.exec:\rlflrrx.exe23⤵
- Executes dropped EXE
-
\??\c:\bthntb.exec:\bthntb.exe24⤵
- Executes dropped EXE
-
\??\c:\nhttbt.exec:\nhttbt.exe25⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe26⤵
- Executes dropped EXE
-
\??\c:\dvddp.exec:\dvddp.exe27⤵
- Executes dropped EXE
-
\??\c:\5frxxlx.exec:\5frxxlx.exe28⤵
- Executes dropped EXE
-
\??\c:\rlxfrxx.exec:\rlxfrxx.exe29⤵
- Executes dropped EXE
-
\??\c:\7hbnnn.exec:\7hbnnn.exe30⤵
- Executes dropped EXE
-
\??\c:\9dpjj.exec:\9dpjj.exe31⤵
- Executes dropped EXE
-
\??\c:\xrxfllf.exec:\xrxfllf.exe32⤵
- Executes dropped EXE
-
\??\c:\lfrlxxl.exec:\lfrlxxl.exe33⤵
- Executes dropped EXE
-
\??\c:\nhtthh.exec:\nhtthh.exe34⤵
- Executes dropped EXE
-
\??\c:\5hbnbn.exec:\5hbnbn.exe35⤵
- Executes dropped EXE
-
\??\c:\jpvvd.exec:\jpvvd.exe36⤵
- Executes dropped EXE
-
\??\c:\ffrlxfr.exec:\ffrlxfr.exe37⤵
- Executes dropped EXE
-
\??\c:\xrlfrxx.exec:\xrlfrxx.exe38⤵
- Executes dropped EXE
-
\??\c:\bthtbn.exec:\bthtbn.exe39⤵
- Executes dropped EXE
-
\??\c:\nhhhhn.exec:\nhhhhn.exe40⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe41⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe42⤵
- Executes dropped EXE
-
\??\c:\5fxfflr.exec:\5fxfflr.exe43⤵
- Executes dropped EXE
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe44⤵
- Executes dropped EXE
-
\??\c:\hhtbtn.exec:\hhtbtn.exe45⤵
- Executes dropped EXE
-
\??\c:\1ththn.exec:\1ththn.exe46⤵
- Executes dropped EXE
-
\??\c:\5vvvd.exec:\5vvvd.exe47⤵
- Executes dropped EXE
-
\??\c:\dpdpd.exec:\dpdpd.exe48⤵
- Executes dropped EXE
-
\??\c:\5ffllxl.exec:\5ffllxl.exe49⤵
- Executes dropped EXE
-
\??\c:\3fxlxrr.exec:\3fxlxrr.exe50⤵
- Executes dropped EXE
-
\??\c:\bbnnbn.exec:\bbnnbn.exe51⤵
- Executes dropped EXE
-
\??\c:\1vppj.exec:\1vppj.exe52⤵
- Executes dropped EXE
-
\??\c:\ppdjd.exec:\ppdjd.exe53⤵
- Executes dropped EXE
-
\??\c:\rffflxf.exec:\rffflxf.exe54⤵
- Executes dropped EXE
-
\??\c:\xxllffl.exec:\xxllffl.exe55⤵
- Executes dropped EXE
-
\??\c:\btnbbh.exec:\btnbbh.exe56⤵
- Executes dropped EXE
-
\??\c:\hbthtb.exec:\hbthtb.exe57⤵
- Executes dropped EXE
-
\??\c:\1jpdd.exec:\1jpdd.exe58⤵
- Executes dropped EXE
-
\??\c:\ddvpv.exec:\ddvpv.exe59⤵
- Executes dropped EXE
-
\??\c:\xxrxxlx.exec:\xxrxxlx.exe60⤵
- Executes dropped EXE
-
\??\c:\3rrrffl.exec:\3rrrffl.exe61⤵
- Executes dropped EXE
-
\??\c:\ttbhnt.exec:\ttbhnt.exe62⤵
- Executes dropped EXE
-
\??\c:\hthnnn.exec:\hthnnn.exe63⤵
- Executes dropped EXE
-
\??\c:\dvvvj.exec:\dvvvj.exe64⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe65⤵
- Executes dropped EXE
-
\??\c:\fxrrffx.exec:\fxrrffx.exe66⤵
-
\??\c:\xlrffll.exec:\xlrffll.exe67⤵
-
\??\c:\hbbhhn.exec:\hbbhhn.exe68⤵
-
\??\c:\tntnbh.exec:\tntnbh.exe69⤵
-
\??\c:\btthnn.exec:\btthnn.exe70⤵
-
\??\c:\7ppvd.exec:\7ppvd.exe71⤵
-
\??\c:\vjddd.exec:\vjddd.exe72⤵
-
\??\c:\lrlrxfl.exec:\lrlrxfl.exe73⤵
-
\??\c:\lfrlxlx.exec:\lfrlxlx.exe74⤵
-
\??\c:\nhbhhh.exec:\nhbhhh.exe75⤵
-
\??\c:\btbntt.exec:\btbntt.exe76⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe77⤵
-
\??\c:\lfrxxxf.exec:\lfrxxxf.exe78⤵
-
\??\c:\fxlrxff.exec:\fxlrxff.exe79⤵
-
\??\c:\fxxlfrf.exec:\fxxlfrf.exe80⤵
-
\??\c:\5hbbnt.exec:\5hbbnt.exe81⤵
-
\??\c:\3nhhnt.exec:\3nhhnt.exe82⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe83⤵
-
\??\c:\1vjpd.exec:\1vjpd.exe84⤵
-
\??\c:\xlrrrxf.exec:\xlrrrxf.exe85⤵
-
\??\c:\lfxxllx.exec:\lfxxllx.exe86⤵
-
\??\c:\nntbhb.exec:\nntbhb.exe87⤵
-
\??\c:\9bhtnb.exec:\9bhtnb.exe88⤵
-
\??\c:\vjdpv.exec:\vjdpv.exe89⤵
-
\??\c:\jddvd.exec:\jddvd.exe90⤵
-
\??\c:\lfrxrxx.exec:\lfrxrxx.exe91⤵
-
\??\c:\3rlrflx.exec:\3rlrflx.exe92⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe93⤵
-
\??\c:\hhbnhh.exec:\hhbnhh.exe94⤵
-
\??\c:\9vvjp.exec:\9vvjp.exe95⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe96⤵
-
\??\c:\xrxflrf.exec:\xrxflrf.exe97⤵
-
\??\c:\rfrfrxl.exec:\rfrfrxl.exe98⤵
-
\??\c:\1tnbbh.exec:\1tnbbh.exe99⤵
-
\??\c:\nnnbth.exec:\nnnbth.exe100⤵
-
\??\c:\3vvdj.exec:\3vvdj.exe101⤵
-
\??\c:\3jjvd.exec:\3jjvd.exe102⤵
-
\??\c:\9rfxflx.exec:\9rfxflx.exe103⤵
-
\??\c:\rrlfrxf.exec:\rrlfrxf.exe104⤵
-
\??\c:\hbntbt.exec:\hbntbt.exe105⤵
-
\??\c:\hhhtbt.exec:\hhhtbt.exe106⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe107⤵
-
\??\c:\rrlrrxf.exec:\rrlrrxf.exe108⤵
-
\??\c:\3rlxlll.exec:\3rlxlll.exe109⤵
-
\??\c:\nhhthh.exec:\nhhthh.exe110⤵
-
\??\c:\nbtbbb.exec:\nbtbbb.exe111⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe112⤵
-
\??\c:\1jvjp.exec:\1jvjp.exe113⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe114⤵
-
\??\c:\lfllxxf.exec:\lfllxxf.exe115⤵
-
\??\c:\rlfrrfl.exec:\rlfrrfl.exe116⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe117⤵
-
\??\c:\9htbht.exec:\9htbht.exe118⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe119⤵
-
\??\c:\pppdd.exec:\pppdd.exe120⤵
-
\??\c:\1lllrxf.exec:\1lllrxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-