Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
06/07/2024, 04:55
General
-
Target
f78310d1c8cb2b1d77e9e8605a9122f85356ed11b6462231ea3f776c8fe7c40b.exe
-
Size
93KB
-
MD5
caf203fcd15b9b441ff19f332a395fd5
-
SHA1
1541a8bfebd97b62351de9851b9f612f18fbd873
-
SHA256
f78310d1c8cb2b1d77e9e8605a9122f85356ed11b6462231ea3f776c8fe7c40b
-
SHA512
34716433c13d8cba4e56735501d9567f94a6a0a442ca596f9c07311c1c4e5b1cb583a347b80d1d823fca0a1fa0f9d00e8ca8df19a74cefe350d72ef9985e4702
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIQIDyviFxx2hCtgIMLP9rBZaRBE:ymb3NkkiQ3mdBjFIVLd2hWZGreRCYBI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f78310d1c8cb2b1d77e9e8605a9122f85356ed11b6462231ea3f776c8fe7c40b.exe"C:\Users\Admin\AppData\Local\Temp\f78310d1c8cb2b1d77e9e8605a9122f85356ed11b6462231ea3f776c8fe7c40b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrlfxr.exec:\9rrlfxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\42604.exec:\42604.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8046460.exec:\8046460.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffxlf.exec:\xrffxlf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxfrx.exec:\fxfxfrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\408022.exec:\408022.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvj.exec:\dddvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhhtb.exec:\bhhhtb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a0464.exec:\a0464.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0868222.exec:\0868222.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8828640.exec:\8828640.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhtbb.exec:\thhtbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\68820.exec:\68820.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbnt.exec:\hhhbnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4846280.exec:\4846280.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtntt.exec:\nhtntt.exe17⤵
- Executes dropped EXE
-
\??\c:\ttnbhn.exec:\ttnbhn.exe18⤵
- Executes dropped EXE
-
\??\c:\60802.exec:\60802.exe19⤵
- Executes dropped EXE
-
\??\c:\6040224.exec:\6040224.exe20⤵
- Executes dropped EXE
-
\??\c:\jvvdp.exec:\jvvdp.exe21⤵
- Executes dropped EXE
-
\??\c:\424246.exec:\424246.exe22⤵
- Executes dropped EXE
-
\??\c:\hthbnb.exec:\hthbnb.exe23⤵
- Executes dropped EXE
-
\??\c:\ttbbtt.exec:\ttbbtt.exe24⤵
- Executes dropped EXE
-
\??\c:\080400.exec:\080400.exe25⤵
- Executes dropped EXE
-
\??\c:\lfflrlx.exec:\lfflrlx.exe26⤵
- Executes dropped EXE
-
\??\c:\644606.exec:\644606.exe27⤵
- Executes dropped EXE
-
\??\c:\026820.exec:\026820.exe28⤵
- Executes dropped EXE
-
\??\c:\464406.exec:\464406.exe29⤵
- Executes dropped EXE
-
\??\c:\rrrflxx.exec:\rrrflxx.exe30⤵
- Executes dropped EXE
-
\??\c:\84408.exec:\84408.exe31⤵
- Executes dropped EXE
-
\??\c:\880884.exec:\880884.exe32⤵
- Executes dropped EXE
-
\??\c:\808446.exec:\808446.exe33⤵
- Executes dropped EXE
-
\??\c:\40844.exec:\40844.exe34⤵
- Executes dropped EXE
-
\??\c:\u222080.exec:\u222080.exe35⤵
- Executes dropped EXE
-
\??\c:\tthhnt.exec:\tthhnt.exe36⤵
- Executes dropped EXE
-
\??\c:\664866.exec:\664866.exe37⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe38⤵
- Executes dropped EXE
-
\??\c:\82808.exec:\82808.exe39⤵
- Executes dropped EXE
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe40⤵
- Executes dropped EXE
-
\??\c:\5vjpp.exec:\5vjpp.exe41⤵
- Executes dropped EXE
-
\??\c:\2682446.exec:\2682446.exe42⤵
- Executes dropped EXE
-
\??\c:\0468644.exec:\0468644.exe43⤵
- Executes dropped EXE
-
\??\c:\nbtbhh.exec:\nbtbhh.exe44⤵
- Executes dropped EXE
-
\??\c:\08822.exec:\08822.exe45⤵
- Executes dropped EXE
-
\??\c:\4826266.exec:\4826266.exe46⤵
- Executes dropped EXE
-
\??\c:\xxfrfxf.exec:\xxfrfxf.exe47⤵
- Executes dropped EXE
-
\??\c:\q20240.exec:\q20240.exe48⤵
- Executes dropped EXE
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe49⤵
- Executes dropped EXE
-
\??\c:\2040228.exec:\2040228.exe50⤵
- Executes dropped EXE
-
\??\c:\bnttnn.exec:\bnttnn.exe51⤵
- Executes dropped EXE
-
\??\c:\1lflffl.exec:\1lflffl.exe52⤵
- Executes dropped EXE
-
\??\c:\486084.exec:\486084.exe53⤵
- Executes dropped EXE
-
\??\c:\hbhnht.exec:\hbhnht.exe54⤵
- Executes dropped EXE
-
\??\c:\lxllrrx.exec:\lxllrrx.exe55⤵
- Executes dropped EXE
-
\??\c:\608400.exec:\608400.exe56⤵
- Executes dropped EXE
-
\??\c:\7jddv.exec:\7jddv.exe57⤵
- Executes dropped EXE
-
\??\c:\3pjpv.exec:\3pjpv.exe58⤵
- Executes dropped EXE
-
\??\c:\fxflxxl.exec:\fxflxxl.exe59⤵
- Executes dropped EXE
-
\??\c:\btntbh.exec:\btntbh.exe60⤵
- Executes dropped EXE
-
\??\c:\nhthnb.exec:\nhthnb.exe61⤵
- Executes dropped EXE
-
\??\c:\flxfllx.exec:\flxfllx.exe62⤵
- Executes dropped EXE
-
\??\c:\9dddp.exec:\9dddp.exe63⤵
- Executes dropped EXE
-
\??\c:\bthnht.exec:\bthnht.exe64⤵
- Executes dropped EXE
-
\??\c:\fxrlffx.exec:\fxrlffx.exe65⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe66⤵
-
\??\c:\hnbbbh.exec:\hnbbbh.exe67⤵
-
\??\c:\886262.exec:\886262.exe68⤵
-
\??\c:\6664860.exec:\6664860.exe69⤵
-
\??\c:\rrlffff.exec:\rrlffff.exe70⤵
-
\??\c:\a0648.exec:\a0648.exe71⤵
-
\??\c:\2048626.exec:\2048626.exe72⤵
-
\??\c:\bhnhht.exec:\bhnhht.exe73⤵
-
\??\c:\bhtnnn.exec:\bhtnnn.exe74⤵
-
\??\c:\3nbhtn.exec:\3nbhtn.exe75⤵
-
\??\c:\lllxxxx.exec:\lllxxxx.exe76⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe77⤵
-
\??\c:\i488662.exec:\i488662.exe78⤵
-
\??\c:\48006.exec:\48006.exe79⤵
-
\??\c:\864402.exec:\864402.exe80⤵
-
\??\c:\1ntttt.exec:\1ntttt.exe81⤵
-
\??\c:\lxxxlrr.exec:\lxxxlrr.exe82⤵
-
\??\c:\486204.exec:\486204.exe83⤵
-
\??\c:\2008406.exec:\2008406.exe84⤵
-
\??\c:\tnntbn.exec:\tnntbn.exe85⤵
-
\??\c:\q46248.exec:\q46248.exe86⤵
-
\??\c:\0480600.exec:\0480600.exe87⤵
-
\??\c:\5btntn.exec:\5btntn.exe88⤵
-
\??\c:\7htnbh.exec:\7htnbh.exe89⤵
-
\??\c:\7bhtnt.exec:\7bhtnt.exe90⤵
-
\??\c:\xrxxfxx.exec:\xrxxfxx.exe91⤵
-
\??\c:\062482.exec:\062482.exe92⤵
-
\??\c:\nhthht.exec:\nhthht.exe93⤵
-
\??\c:\2666420.exec:\2666420.exe94⤵
-
\??\c:\86066.exec:\86066.exe95⤵
-
\??\c:\266224.exec:\266224.exe96⤵
-
\??\c:\lflrlll.exec:\lflrlll.exe97⤵
-
\??\c:\04062.exec:\04062.exe98⤵
-
\??\c:\22086.exec:\22086.exe99⤵
-
\??\c:\3xffrrl.exec:\3xffrrl.exe100⤵
-
\??\c:\840862.exec:\840862.exe101⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe102⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe103⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe104⤵
-
\??\c:\68204.exec:\68204.exe105⤵
-
\??\c:\68880.exec:\68880.exe106⤵
-
\??\c:\066420.exec:\066420.exe107⤵
-
\??\c:\2268684.exec:\2268684.exe108⤵
-
\??\c:\w02080.exec:\w02080.exe109⤵
-
\??\c:\88026.exec:\88026.exe110⤵
-
\??\c:\g2620.exec:\g2620.exe111⤵
-
\??\c:\3bbhtn.exec:\3bbhtn.exe112⤵
-
\??\c:\q44404.exec:\q44404.exe113⤵
-
\??\c:\fxxxfll.exec:\fxxxfll.exe114⤵
-
\??\c:\602466.exec:\602466.exe115⤵
-
\??\c:\5ddjj.exec:\5ddjj.exe116⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe117⤵
-
\??\c:\lfflfxl.exec:\lfflfxl.exe118⤵
-
\??\c:\tnnthn.exec:\tnnthn.exe119⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe120⤵
-
\??\c:\s0242.exec:\s0242.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-