Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
30/06/2024, 20:07
General
-
Target
2ed3dffb6e41ebe2ff589be60f8e1eea853bffb7d57673b61560a5d22a9cef2c.exe
-
Size
55KB
-
MD5
e034c30cd04d381720f3a691960839c7
-
SHA1
d531ae810fba3bbe0dc947f94d9604bcc3f1302e
-
SHA256
2ed3dffb6e41ebe2ff589be60f8e1eea853bffb7d57673b61560a5d22a9cef2c
-
SHA512
f9098cdfe997080ecfd87efbe33d797309f4d9e96c5c5ba6d6a1f46a140878e900c29ff3adb13d22834165512169e6d288304ed7eebe505134cc3d803af7c06e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFK:ymb3NkkiQ3mdBjFIFK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
UPX dump on OEP (original entry point) 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2ed3dffb6e41ebe2ff589be60f8e1eea853bffb7d57673b61560a5d22a9cef2c.exe"C:\Users\Admin\AppData\Local\Temp\2ed3dffb6e41ebe2ff589be60f8e1eea853bffb7d57673b61560a5d22a9cef2c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjd.exec:\jddjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvpp.exec:\djvpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrxfx.exec:\llfrxfx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbttn.exec:\ttbttn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvpp.exec:\5pvpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dpvj.exec:\7dpvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnthb.exec:\thnthb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpvv.exec:\jvpvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlxff.exec:\xlrlxff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rfrlfx.exec:\3rfrlfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbnbb.exec:\1nbnbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djjp.exec:\7djjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxlrl.exec:\fxlxlrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnbbb.exec:\hhnbbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnthbn.exec:\hnthbn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjd.exec:\jjvjd.exe17⤵
- Executes dropped EXE
-
\??\c:\rxrxrxl.exec:\rxrxrxl.exe18⤵
- Executes dropped EXE
-
\??\c:\7fxfxlx.exec:\7fxfxlx.exe19⤵
- Executes dropped EXE
-
\??\c:\tnhntb.exec:\tnhntb.exe20⤵
- Executes dropped EXE
-
\??\c:\jpvpd.exec:\jpvpd.exe21⤵
- Executes dropped EXE
-
\??\c:\vdjdj.exec:\vdjdj.exe22⤵
- Executes dropped EXE
-
\??\c:\7rxrxxf.exec:\7rxrxxf.exe23⤵
- Executes dropped EXE
-
\??\c:\ttbbhb.exec:\ttbbhb.exe24⤵
- Executes dropped EXE
-
\??\c:\ttbtht.exec:\ttbtht.exe25⤵
- Executes dropped EXE
-
\??\c:\vdjvd.exec:\vdjvd.exe26⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe27⤵
- Executes dropped EXE
-
\??\c:\llxfxrx.exec:\llxfxrx.exe28⤵
- Executes dropped EXE
-
\??\c:\7hthbh.exec:\7hthbh.exe29⤵
- Executes dropped EXE
-
\??\c:\bnnhnn.exec:\bnnhnn.exe30⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe31⤵
- Executes dropped EXE
-
\??\c:\rlrfxxl.exec:\rlrfxxl.exe32⤵
- Executes dropped EXE
-
\??\c:\9fxlffx.exec:\9fxlffx.exe33⤵
- Executes dropped EXE
-
\??\c:\7thhnt.exec:\7thhnt.exe34⤵
- Executes dropped EXE
-
\??\c:\9hnnhh.exec:\9hnnhh.exe35⤵
- Executes dropped EXE
-
\??\c:\dpdpv.exec:\dpdpv.exe36⤵
- Executes dropped EXE
-
\??\c:\rfxfllf.exec:\rfxfllf.exe37⤵
- Executes dropped EXE
-
\??\c:\tnhntb.exec:\tnhntb.exe38⤵
- Executes dropped EXE
-
\??\c:\djppv.exec:\djppv.exe39⤵
- Executes dropped EXE
-
\??\c:\5jpvj.exec:\5jpvj.exe40⤵
- Executes dropped EXE
-
\??\c:\1llrlrl.exec:\1llrlrl.exe41⤵
- Executes dropped EXE
-
\??\c:\xrlrffr.exec:\xrlrffr.exe42⤵
- Executes dropped EXE
-
\??\c:\hhhhtt.exec:\hhhhtt.exe43⤵
- Executes dropped EXE
-
\??\c:\nthhtn.exec:\nthhtn.exe44⤵
- Executes dropped EXE
-
\??\c:\jppdp.exec:\jppdp.exe45⤵
- Executes dropped EXE
-
\??\c:\pjjpv.exec:\pjjpv.exe46⤵
- Executes dropped EXE
-
\??\c:\llfxrfx.exec:\llfxrfx.exe47⤵
- Executes dropped EXE
-
\??\c:\lfflxfr.exec:\lfflxfr.exe48⤵
- Executes dropped EXE
-
\??\c:\btnnbb.exec:\btnnbb.exe49⤵
- Executes dropped EXE
-
\??\c:\nthhbh.exec:\nthhbh.exe50⤵
- Executes dropped EXE
-
\??\c:\3jppv.exec:\3jppv.exe51⤵
- Executes dropped EXE
-
\??\c:\3dvdp.exec:\3dvdp.exe52⤵
- Executes dropped EXE
-
\??\c:\fxlrffr.exec:\fxlrffr.exe53⤵
- Executes dropped EXE
-
\??\c:\5xfrrfr.exec:\5xfrrfr.exe54⤵
- Executes dropped EXE
-
\??\c:\7bbhtb.exec:\7bbhtb.exe55⤵
- Executes dropped EXE
-
\??\c:\tnhtht.exec:\tnhtht.exe56⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe57⤵
- Executes dropped EXE
-
\??\c:\ppppd.exec:\ppppd.exe58⤵
- Executes dropped EXE
-
\??\c:\ppdpd.exec:\ppdpd.exe59⤵
- Executes dropped EXE
-
\??\c:\rfxrfxx.exec:\rfxrfxx.exe60⤵
- Executes dropped EXE
-
\??\c:\ntthnt.exec:\ntthnt.exe61⤵
- Executes dropped EXE
-
\??\c:\jvpjj.exec:\jvpjj.exe62⤵
- Executes dropped EXE
-
\??\c:\dpddp.exec:\dpddp.exe63⤵
- Executes dropped EXE
-
\??\c:\lrxrlll.exec:\lrxrlll.exe64⤵
- Executes dropped EXE
-
\??\c:\ttbnbn.exec:\ttbnbn.exe65⤵
- Executes dropped EXE
-
\??\c:\vdjdd.exec:\vdjdd.exe66⤵
-
\??\c:\vdjvj.exec:\vdjvj.exe67⤵
-
\??\c:\xxrxlxl.exec:\xxrxlxl.exe68⤵
-
\??\c:\lllxxxl.exec:\lllxxxl.exe69⤵
-
\??\c:\ffxflrl.exec:\ffxflrl.exe70⤵
-
\??\c:\bnnbhb.exec:\bnnbhb.exe71⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe72⤵
-
\??\c:\7vjdp.exec:\7vjdp.exe73⤵
-
\??\c:\lllrxfl.exec:\lllrxfl.exe74⤵
-
\??\c:\llrlxlr.exec:\llrlxlr.exe75⤵
-
\??\c:\tnnnbb.exec:\tnnnbb.exe76⤵
-
\??\c:\hhhnhn.exec:\hhhnhn.exe77⤵
-
\??\c:\dpdjd.exec:\dpdjd.exe78⤵
-
\??\c:\jddpv.exec:\jddpv.exe79⤵
-
\??\c:\lrlrffr.exec:\lrlrffr.exe80⤵
-
\??\c:\flfrlxr.exec:\flfrlxr.exe81⤵
-
\??\c:\hbtnht.exec:\hbtnht.exe82⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe83⤵
-
\??\c:\7vdpj.exec:\7vdpj.exe84⤵
-
\??\c:\xlfflrf.exec:\xlfflrf.exe85⤵
-
\??\c:\xrfrrlx.exec:\xrfrrlx.exe86⤵
-
\??\c:\nnbhbb.exec:\nnbhbb.exe87⤵
-
\??\c:\nnhnbh.exec:\nnhnbh.exe88⤵
-
\??\c:\ddppv.exec:\ddppv.exe89⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe90⤵
-
\??\c:\llfrffr.exec:\llfrffr.exe91⤵
-
\??\c:\rxrflll.exec:\rxrflll.exe92⤵
-
\??\c:\bhtbhh.exec:\bhtbhh.exe93⤵
-
\??\c:\ttnbtb.exec:\ttnbtb.exe94⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe95⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe96⤵
-
\??\c:\rlrrllx.exec:\rlrrllx.exe97⤵
-
\??\c:\xfffflr.exec:\xfffflr.exe98⤵
-
\??\c:\hbhnhh.exec:\hbhnhh.exe99⤵
-
\??\c:\bbbnnt.exec:\bbbnnt.exe100⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe101⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe102⤵
-
\??\c:\rfrrfxl.exec:\rfrrfxl.exe103⤵
-
\??\c:\7ffxlrf.exec:\7ffxlrf.exe104⤵
-
\??\c:\tbtbth.exec:\tbtbth.exe105⤵
-
\??\c:\7bbhbh.exec:\7bbhbh.exe106⤵
-
\??\c:\vdpdj.exec:\vdpdj.exe107⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe108⤵
-
\??\c:\rfrrffl.exec:\rfrrffl.exe109⤵
-
\??\c:\rlrxrfr.exec:\rlrxrfr.exe110⤵
-
\??\c:\bthhtb.exec:\bthhtb.exe111⤵
-
\??\c:\nntbnt.exec:\nntbnt.exe112⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe113⤵
-
\??\c:\pjppv.exec:\pjppv.exe114⤵
-
\??\c:\djdvp.exec:\djdvp.exe115⤵
-
\??\c:\frxlfrl.exec:\frxlfrl.exe116⤵
-
\??\c:\hhbhht.exec:\hhbhht.exe117⤵
-
\??\c:\ttthbn.exec:\ttthbn.exe118⤵
-
\??\c:\1jddj.exec:\1jddj.exe119⤵
-
\??\c:\dddpp.exec:\dddpp.exe120⤵
-
\??\c:\fxfrlxx.exec:\fxfrlxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-