Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
24/06/2024, 23:50
General
-
Target
8f0e8a2825ce3e716f5e99fedf5004972f0284b89b4cf0251b01778b8684bf9e.exe
-
Size
205KB
-
MD5
b95793ca87f6834e4210a63a68f75483
-
SHA1
a7321604e34ea7c26a4778c95c605044af44a413
-
SHA256
8f0e8a2825ce3e716f5e99fedf5004972f0284b89b4cf0251b01778b8684bf9e
-
SHA512
9c9e9d570cb0aa7e001704aa012d1b878c1599e0dd4b4b9e8b86a2abecbc192aa9c16cbb44a4e143890d663143de083ac7ad2b15eba7feb46ab156af91a68506
-
SSDEEP
6144:rcm4FmowdHoStBuhW246lCXb7YpdnSj6KsaB:x4wFHoSLjr0+HsaB
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8f0e8a2825ce3e716f5e99fedf5004972f0284b89b4cf0251b01778b8684bf9e.exe"C:\Users\Admin\AppData\Local\Temp\8f0e8a2825ce3e716f5e99fedf5004972f0284b89b4cf0251b01778b8684bf9e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vfplb.exec:\vfplb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdljffx.exec:\bdljffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhbfnbf.exec:\rhbfnbf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjxbbdb.exec:\tjxbbdb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxntht.exec:\lxxntht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlhhx.exec:\frlhhx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jndnlbr.exec:\jndnlbr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxlnd.exec:\nxlnd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vhdnx.exec:\vhdnx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xhbhtl.exec:\xhbhtl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxvbft.exec:\xxvbft.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fbjbtt.exec:\fbjbtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bpnhrx.exec:\bpnhrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpnltd.exec:\jdpnltd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvflbbr.exec:\vvflbbr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhfdn.exec:\lhfdn.exe17⤵
- Executes dropped EXE
-
\??\c:\fvxnj.exec:\fvxnj.exe18⤵
- Executes dropped EXE
-
\??\c:\bbrdhfx.exec:\bbrdhfx.exe19⤵
- Executes dropped EXE
-
\??\c:\lrxtd.exec:\lrxtd.exe20⤵
- Executes dropped EXE
-
\??\c:\jtxfhfv.exec:\jtxfhfv.exe21⤵
- Executes dropped EXE
-
\??\c:\bvjfpd.exec:\bvjfpd.exe22⤵
- Executes dropped EXE
-
\??\c:\jllxfn.exec:\jllxfn.exe23⤵
- Executes dropped EXE
-
\??\c:\jjtlrr.exec:\jjtlrr.exe24⤵
- Executes dropped EXE
-
\??\c:\dxxfrb.exec:\dxxfrb.exe25⤵
- Executes dropped EXE
-
\??\c:\jbhjllf.exec:\jbhjllf.exe26⤵
- Executes dropped EXE
-
\??\c:\tbvdffr.exec:\tbvdffr.exe27⤵
- Executes dropped EXE
-
\??\c:\tbldb.exec:\tbldb.exe28⤵
- Executes dropped EXE
-
\??\c:\tllhhxv.exec:\tllhhxv.exe29⤵
- Executes dropped EXE
-
\??\c:\brdxrp.exec:\brdxrp.exe30⤵
- Executes dropped EXE
-
\??\c:\brrhvld.exec:\brrhvld.exe31⤵
- Executes dropped EXE
-
\??\c:\jhhbr.exec:\jhhbr.exe32⤵
- Executes dropped EXE
-
\??\c:\vlpdbpb.exec:\vlpdbpb.exe33⤵
- Executes dropped EXE
-
\??\c:\xdfnblf.exec:\xdfnblf.exe34⤵
- Executes dropped EXE
-
\??\c:\rvhpt.exec:\rvhpt.exe35⤵
- Executes dropped EXE
-
\??\c:\rlthttl.exec:\rlthttl.exe36⤵
- Executes dropped EXE
-
\??\c:\dlvtfj.exec:\dlvtfj.exe37⤵
- Executes dropped EXE
-
\??\c:\jnjnfj.exec:\jnjnfj.exe38⤵
- Executes dropped EXE
-
\??\c:\nfvhnfb.exec:\nfvhnfb.exe39⤵
- Executes dropped EXE
-
\??\c:\rjtvnn.exec:\rjtvnn.exe40⤵
- Executes dropped EXE
-
\??\c:\flnfd.exec:\flnfd.exe41⤵
- Executes dropped EXE
-
\??\c:\fjvdnxh.exec:\fjvdnxh.exe42⤵
- Executes dropped EXE
-
\??\c:\hpbbhxh.exec:\hpbbhxh.exe43⤵
- Executes dropped EXE
-
\??\c:\jdxtbt.exec:\jdxtbt.exe44⤵
- Executes dropped EXE
-
\??\c:\rjbpvn.exec:\rjbpvn.exe45⤵
- Executes dropped EXE
-
\??\c:\nvdrx.exec:\nvdrx.exe46⤵
- Executes dropped EXE
-
\??\c:\xbjfdnv.exec:\xbjfdnv.exe47⤵
- Executes dropped EXE
-
\??\c:\lpvfb.exec:\lpvfb.exe48⤵
- Executes dropped EXE
-
\??\c:\nxxlhvh.exec:\nxxlhvh.exe49⤵
- Executes dropped EXE
-
\??\c:\frnjjx.exec:\frnjjx.exe50⤵
- Executes dropped EXE
-
\??\c:\dxhxth.exec:\dxhxth.exe51⤵
- Executes dropped EXE
-
\??\c:\dxbrb.exec:\dxbrb.exe52⤵
- Executes dropped EXE
-
\??\c:\ltftdpl.exec:\ltftdpl.exe53⤵
- Executes dropped EXE
-
\??\c:\vfthn.exec:\vfthn.exe54⤵
- Executes dropped EXE
-
\??\c:\ndpfrp.exec:\ndpfrp.exe55⤵
- Executes dropped EXE
-
\??\c:\lnrvjh.exec:\lnrvjh.exe56⤵
- Executes dropped EXE
-
\??\c:\jvxrnj.exec:\jvxrnj.exe57⤵
- Executes dropped EXE
-
\??\c:\jdxxpl.exec:\jdxxpl.exe58⤵
- Executes dropped EXE
-
\??\c:\brlbjf.exec:\brlbjf.exe59⤵
- Executes dropped EXE
-
\??\c:\hxvxbp.exec:\hxvxbp.exe60⤵
- Executes dropped EXE
-
\??\c:\rnpnjb.exec:\rnpnjb.exe61⤵
- Executes dropped EXE
-
\??\c:\ffxlnph.exec:\ffxlnph.exe62⤵
- Executes dropped EXE
-
\??\c:\rfpbldd.exec:\rfpbldd.exe63⤵
- Executes dropped EXE
-
\??\c:\jrbpjl.exec:\jrbpjl.exe64⤵
- Executes dropped EXE
-
\??\c:\tbxfvlh.exec:\tbxfvlh.exe65⤵
- Executes dropped EXE
-
\??\c:\rdlnpbf.exec:\rdlnpbf.exe66⤵
-
\??\c:\lbdfdrv.exec:\lbdfdrv.exe67⤵
-
\??\c:\vjdfl.exec:\vjdfl.exe68⤵
-
\??\c:\lblpvlj.exec:\lblpvlj.exe69⤵
-
\??\c:\pbbrvv.exec:\pbbrvv.exe70⤵
-
\??\c:\vjtjnxj.exec:\vjtjnxj.exe71⤵
-
\??\c:\rdllvv.exec:\rdllvv.exe72⤵
-
\??\c:\jlbfrjb.exec:\jlbfrjb.exe73⤵
-
\??\c:\nxvpfx.exec:\nxvpfx.exe74⤵
-
\??\c:\rjvvb.exec:\rjvvb.exe75⤵
-
\??\c:\vhnrtn.exec:\vhnrtn.exe76⤵
-
\??\c:\bndph.exec:\bndph.exe77⤵
-
\??\c:\trflrx.exec:\trflrx.exe78⤵
-
\??\c:\fdthxnn.exec:\fdthxnn.exe79⤵
-
\??\c:\rbphf.exec:\rbphf.exe80⤵
-
\??\c:\bfhfj.exec:\bfhfj.exe81⤵
-
\??\c:\lrddjfl.exec:\lrddjfl.exe82⤵
-
\??\c:\rnrjtp.exec:\rnrjtp.exe83⤵
-
\??\c:\lbbhj.exec:\lbbhj.exe84⤵
-
\??\c:\vjxbbrh.exec:\vjxbbrh.exe85⤵
-
\??\c:\lvtdl.exec:\lvtdl.exe86⤵
-
\??\c:\fphtrdx.exec:\fphtrdx.exe87⤵
-
\??\c:\djpnvjp.exec:\djpnvjp.exe88⤵
-
\??\c:\fdrnt.exec:\fdrnt.exe89⤵
-
\??\c:\dtbvtvl.exec:\dtbvtvl.exe90⤵
-
\??\c:\jpfpfh.exec:\jpfpfh.exe91⤵
-
\??\c:\vfftxt.exec:\vfftxt.exe92⤵
-
\??\c:\vvnfnb.exec:\vvnfnb.exe93⤵
-
\??\c:\xtlfx.exec:\xtlfx.exe94⤵
-
\??\c:\lxjjlt.exec:\lxjjlt.exe95⤵
-
\??\c:\vnvtv.exec:\vnvtv.exe96⤵
-
\??\c:\ftvjp.exec:\ftvjp.exe97⤵
-
\??\c:\hhjpjrb.exec:\hhjpjrb.exe98⤵
-
\??\c:\dbfhdhj.exec:\dbfhdhj.exe99⤵
-
\??\c:\nhxpp.exec:\nhxpp.exe100⤵
-
\??\c:\nhjdjbn.exec:\nhjdjbn.exe101⤵
-
\??\c:\nbxnv.exec:\nbxnv.exe102⤵
-
\??\c:\dffphtb.exec:\dffphtb.exe103⤵
-
\??\c:\vhffthl.exec:\vhffthl.exe104⤵
-
\??\c:\xlttvlh.exec:\xlttvlh.exe105⤵
-
\??\c:\xrndlp.exec:\xrndlp.exe106⤵
-
\??\c:\njfjfxd.exec:\njfjfxd.exe107⤵
-
\??\c:\lfphvlh.exec:\lfphvlh.exe108⤵
-
\??\c:\nnlhrpl.exec:\nnlhrpl.exe109⤵
-
\??\c:\nffxlx.exec:\nffxlx.exe110⤵
-
\??\c:\nfptpj.exec:\nfptpj.exe111⤵
-
\??\c:\hrhvdp.exec:\hrhvdp.exe112⤵
-
\??\c:\njnxfpb.exec:\njnxfpb.exe113⤵
-
\??\c:\rnnld.exec:\rnnld.exe114⤵
-
\??\c:\dphlfr.exec:\dphlfr.exe115⤵
-
\??\c:\xvlbn.exec:\xvlbn.exe116⤵
-
\??\c:\njxlr.exec:\njxlr.exe117⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe118⤵
-
\??\c:\lfhhffn.exec:\lfhhffn.exe119⤵
-
\??\c:\brxlp.exec:\brxlp.exe120⤵
-
\??\c:\brntfpn.exec:\brntfpn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-