Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
08/07/2024, 00:04
General
-
Target
789e2d6afe1d798b80a152301c912c5bac02d826be68d8ac2eee8801b43f5b92.exe
-
Size
122KB
-
MD5
7ce3c13809b0ccbd366c902f1f6717ab
-
SHA1
0048b46b5a725eea3528f1cff109aadbaeafedd2
-
SHA256
789e2d6afe1d798b80a152301c912c5bac02d826be68d8ac2eee8801b43f5b92
-
SHA512
b1210f8f860cf69a2936477935b1f49f1932b50325bce2444c9f87aeb1bf5a7afa624e4114ae34cb309ba0b401c085b9a15435167fd35f969d0eb8772ecc5d63
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDomRGApSuLAR2yPBCQ1nDFu1Q8sp:ymb3NkkiQ3mdBjFomR7UsyJC+n0Gsgc8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\789e2d6afe1d798b80a152301c912c5bac02d826be68d8ac2eee8801b43f5b92.exe"C:\Users\Admin\AppData\Local\Temp\789e2d6afe1d798b80a152301c912c5bac02d826be68d8ac2eee8801b43f5b92.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppd.exec:\jdppd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntbb.exec:\nhntbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllrxl.exec:\xrllrxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbnt.exec:\nhtbnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdj.exec:\pjvdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jvdj.exec:\7jvdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxlfrr.exec:\ffxlfrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnntt.exec:\nbnntt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvdp.exec:\5dvdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdv.exec:\vvpdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrflf.exec:\rrlrflf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbnbb.exec:\7tbnbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vjjv.exec:\9vjjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpvd.exec:\9vpvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrfrl.exec:\lflrfrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhntt.exec:\tnhntt.exe17⤵
- Executes dropped EXE
-
\??\c:\vvjvp.exec:\vvjvp.exe18⤵
- Executes dropped EXE
-
\??\c:\jjvvj.exec:\jjvvj.exe19⤵
- Executes dropped EXE
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe20⤵
- Executes dropped EXE
-
\??\c:\hbnttt.exec:\hbnttt.exe21⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe22⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe23⤵
- Executes dropped EXE
-
\??\c:\3lxfrxl.exec:\3lxfrxl.exe24⤵
- Executes dropped EXE
-
\??\c:\nnhhtt.exec:\nnhhtt.exe25⤵
- Executes dropped EXE
-
\??\c:\dpjvd.exec:\dpjvd.exe26⤵
- Executes dropped EXE
-
\??\c:\7rffffl.exec:\7rffffl.exe27⤵
- Executes dropped EXE
-
\??\c:\tnhhbh.exec:\tnhhbh.exe28⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe29⤵
- Executes dropped EXE
-
\??\c:\flrlxrr.exec:\flrlxrr.exe30⤵
- Executes dropped EXE
-
\??\c:\rlffrrx.exec:\rlffrrx.exe31⤵
- Executes dropped EXE
-
\??\c:\hhhntt.exec:\hhhntt.exe32⤵
- Executes dropped EXE
-
\??\c:\dpvjp.exec:\dpvjp.exe33⤵
- Executes dropped EXE
-
\??\c:\fxflrxl.exec:\fxflrxl.exe34⤵
- Executes dropped EXE
-
\??\c:\nnhntt.exec:\nnhntt.exe35⤵
- Executes dropped EXE
-
\??\c:\3nnbhh.exec:\3nnbhh.exe36⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe37⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe38⤵
- Executes dropped EXE
-
\??\c:\ffflflx.exec:\ffflflx.exe39⤵
- Executes dropped EXE
-
\??\c:\nhbntt.exec:\nhbntt.exe40⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe41⤵
- Executes dropped EXE
-
\??\c:\dpjvv.exec:\dpjvv.exe42⤵
- Executes dropped EXE
-
\??\c:\ffxxxfl.exec:\ffxxxfl.exe43⤵
- Executes dropped EXE
-
\??\c:\lxrxxxx.exec:\lxrxxxx.exe44⤵
- Executes dropped EXE
-
\??\c:\tttbnh.exec:\tttbnh.exe45⤵
- Executes dropped EXE
-
\??\c:\9nbhtb.exec:\9nbhtb.exe46⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe47⤵
- Executes dropped EXE
-
\??\c:\jjjpv.exec:\jjjpv.exe48⤵
- Executes dropped EXE
-
\??\c:\lllrlrf.exec:\lllrlrf.exe49⤵
- Executes dropped EXE
-
\??\c:\xrxxflr.exec:\xrxxflr.exe50⤵
- Executes dropped EXE
-
\??\c:\tnnbtb.exec:\tnnbtb.exe51⤵
- Executes dropped EXE
-
\??\c:\tnthnb.exec:\tnthnb.exe52⤵
- Executes dropped EXE
-
\??\c:\pvppj.exec:\pvppj.exe53⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe54⤵
- Executes dropped EXE
-
\??\c:\fffrxfr.exec:\fffrxfr.exe55⤵
- Executes dropped EXE
-
\??\c:\5fxllrf.exec:\5fxllrf.exe56⤵
- Executes dropped EXE
-
\??\c:\9nbhtb.exec:\9nbhtb.exe57⤵
- Executes dropped EXE
-
\??\c:\9jdjp.exec:\9jdjp.exe58⤵
- Executes dropped EXE
-
\??\c:\dvpdj.exec:\dvpdj.exe59⤵
- Executes dropped EXE
-
\??\c:\dvjvj.exec:\dvjvj.exe60⤵
- Executes dropped EXE
-
\??\c:\1xxrxrf.exec:\1xxrxrf.exe61⤵
- Executes dropped EXE
-
\??\c:\bbbnbb.exec:\bbbnbb.exe62⤵
- Executes dropped EXE
-
\??\c:\hthnbb.exec:\hthnbb.exe63⤵
- Executes dropped EXE
-
\??\c:\dvvpv.exec:\dvvpv.exe64⤵
- Executes dropped EXE
-
\??\c:\7vdjd.exec:\7vdjd.exe65⤵
- Executes dropped EXE
-
\??\c:\xrxfllr.exec:\xrxfllr.exe66⤵
-
\??\c:\3bbhhn.exec:\3bbhhn.exe67⤵
-
\??\c:\nhtbhb.exec:\nhtbhb.exe68⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe69⤵
-
\??\c:\xxxxlrf.exec:\xxxxlrf.exe70⤵
-
\??\c:\xrfflfr.exec:\xrfflfr.exe71⤵
-
\??\c:\7tbttn.exec:\7tbttn.exe72⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe73⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe74⤵
-
\??\c:\3pvjj.exec:\3pvjj.exe75⤵
-
\??\c:\rlxrrrf.exec:\rlxrrrf.exe76⤵
-
\??\c:\tttbth.exec:\tttbth.exe77⤵
-
\??\c:\bbntnt.exec:\bbntnt.exe78⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe79⤵
-
\??\c:\7rflllx.exec:\7rflllx.exe80⤵
-
\??\c:\lxllrxl.exec:\lxllrxl.exe81⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe82⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe83⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe84⤵
-
\??\c:\lllfxrr.exec:\lllfxrr.exe85⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe86⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe87⤵
-
\??\c:\9ppvp.exec:\9ppvp.exe88⤵
-
\??\c:\3pjjj.exec:\3pjjj.exe89⤵
-
\??\c:\rrrfflr.exec:\rrrfflr.exe90⤵
-
\??\c:\ffrrffl.exec:\ffrrffl.exe91⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe92⤵
-
\??\c:\5httbb.exec:\5httbb.exe93⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe94⤵
-
\??\c:\rlrxxfr.exec:\rlrxxfr.exe95⤵
-
\??\c:\9lffffl.exec:\9lffffl.exe96⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe97⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe98⤵
-
\??\c:\7ddpd.exec:\7ddpd.exe99⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe100⤵
-
\??\c:\rlrlrrf.exec:\rlrlrrf.exe101⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe102⤵
-
\??\c:\tttbnt.exec:\tttbnt.exe103⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe104⤵
-
\??\c:\fxllrfx.exec:\fxllrfx.exe105⤵
-
\??\c:\7ffrrlx.exec:\7ffrrlx.exe106⤵
-
\??\c:\9hhhnn.exec:\9hhhnn.exe107⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe108⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe109⤵
-
\??\c:\rlxxffl.exec:\rlxxffl.exe110⤵
-
\??\c:\llfffrr.exec:\llfffrr.exe111⤵
-
\??\c:\hbttbt.exec:\hbttbt.exe112⤵
-
\??\c:\ttnttt.exec:\ttnttt.exe113⤵
-
\??\c:\7vvvj.exec:\7vvvj.exe114⤵
-
\??\c:\lllfxxl.exec:\lllfxxl.exe115⤵
-
\??\c:\1fxfffl.exec:\1fxfffl.exe116⤵
-
\??\c:\3bnnnn.exec:\3bnnnn.exe117⤵
-
\??\c:\pppdp.exec:\pppdp.exe118⤵
-
\??\c:\1jvpp.exec:\1jvpp.exe119⤵
-
\??\c:\xrfrrrr.exec:\xrfrrrr.exe120⤵
-
\??\c:\fxffflr.exec:\fxffflr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-