Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
29s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
08/07/2024, 01:50
General
-
Target
9c623463facf38a35de1f7df408b1641aedbe1b56eba9c8961a5e6e46800eeb6.exe
-
Size
79KB
-
MD5
7d87a62d19ce90beedb3aa8cf667c2d6
-
SHA1
6230dafb93abbe384cf8dc012478260266ab1b5d
-
SHA256
9c623463facf38a35de1f7df408b1641aedbe1b56eba9c8961a5e6e46800eeb6
-
SHA512
44881a229163b7d5352c581b84d3a4d4700d35ddd9344dc4863c88b5272ab5b150ad63ee8124b7664102f1fcded791e050c1104ea93cb584dec79cf3d9df7b56
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrAr:ymb3NkkiQ3mdBjFIIp9L9QrrAr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c623463facf38a35de1f7df408b1641aedbe1b56eba9c8961a5e6e46800eeb6.exe"C:\Users\Admin\AppData\Local\Temp\9c623463facf38a35de1f7df408b1641aedbe1b56eba9c8961a5e6e46800eeb6.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrllr.exec:\rlfrllr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnnhb.exec:\3bnnhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxfxx.exec:\rlxxfxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttbt.exec:\ttttbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxxrx.exec:\rxfxxrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhbn.exec:\tthhbn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrrxff.exec:\xfrrxff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfrrx.exec:\xrxfrrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfffxrl.exec:\xfffxrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxxxff.exec:\flxxxff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxfrlx.exec:\9rxfrlx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvd.exec:\jdvvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhhn.exec:\bthhhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfflx.exec:\xflfflx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjv.exec:\jjjjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthbhb.exec:\nthbhb.exe17⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe18⤵
- Executes dropped EXE
-
\??\c:\nnnhnh.exec:\nnnhnh.exe19⤵
- Executes dropped EXE
-
\??\c:\fflxffl.exec:\fflxffl.exe20⤵
- Executes dropped EXE
-
\??\c:\tttbbh.exec:\tttbbh.exe21⤵
- Executes dropped EXE
-
\??\c:\nhtbnh.exec:\nhtbnh.exe22⤵
- Executes dropped EXE
-
\??\c:\rlxxxxf.exec:\rlxxxxf.exe23⤵
- Executes dropped EXE
-
\??\c:\djjjp.exec:\djjjp.exe24⤵
- Executes dropped EXE
-
\??\c:\xxflxff.exec:\xxflxff.exe25⤵
- Executes dropped EXE
-
\??\c:\rrrrxfl.exec:\rrrrxfl.exe26⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe27⤵
- Executes dropped EXE
-
\??\c:\tttnbb.exec:\tttnbb.exe28⤵
- Executes dropped EXE
-
\??\c:\fxrrfff.exec:\fxrrfff.exe29⤵
- Executes dropped EXE
-
\??\c:\djdpp.exec:\djdpp.exe30⤵
- Executes dropped EXE
-
\??\c:\nbnnbt.exec:\nbnnbt.exe31⤵
- Executes dropped EXE
-
\??\c:\xflflfx.exec:\xflflfx.exe32⤵
- Executes dropped EXE
-
\??\c:\xrrrfxr.exec:\xrrrfxr.exe33⤵
- Executes dropped EXE
-
\??\c:\pvvvd.exec:\pvvvd.exe34⤵
- Executes dropped EXE
-
\??\c:\3tbntt.exec:\3tbntt.exe35⤵
- Executes dropped EXE
-
\??\c:\jjdvj.exec:\jjdvj.exe36⤵
- Executes dropped EXE
-
\??\c:\flffrrx.exec:\flffrrx.exe37⤵
- Executes dropped EXE
-
\??\c:\ntnbbb.exec:\ntnbbb.exe38⤵
- Executes dropped EXE
-
\??\c:\rllllrr.exec:\rllllrr.exe39⤵
- Executes dropped EXE
-
\??\c:\1bbhbn.exec:\1bbhbn.exe40⤵
- Executes dropped EXE
-
\??\c:\vddvd.exec:\vddvd.exe41⤵
- Executes dropped EXE
-
\??\c:\3llllxf.exec:\3llllxf.exe42⤵
- Executes dropped EXE
-
\??\c:\hthhnn.exec:\hthhnn.exe43⤵
- Executes dropped EXE
-
\??\c:\xrlxxfl.exec:\xrlxxfl.exe44⤵
- Executes dropped EXE
-
\??\c:\bhbnnh.exec:\bhbnnh.exe45⤵
- Executes dropped EXE
-
\??\c:\pdvvd.exec:\pdvvd.exe46⤵
- Executes dropped EXE
-
\??\c:\fflxxxf.exec:\fflxxxf.exe47⤵
- Executes dropped EXE
-
\??\c:\nnthnn.exec:\nnthnn.exe48⤵
- Executes dropped EXE
-
\??\c:\jjpdj.exec:\jjpdj.exe49⤵
- Executes dropped EXE
-
\??\c:\xlrrlxx.exec:\xlrrlxx.exe50⤵
- Executes dropped EXE
-
\??\c:\vvdjp.exec:\vvdjp.exe51⤵
- Executes dropped EXE
-
\??\c:\djjdj.exec:\djjdj.exe52⤵
- Executes dropped EXE
-
\??\c:\lrrlrxx.exec:\lrrlrxx.exe53⤵
- Executes dropped EXE
-
\??\c:\bhnhnb.exec:\bhnhnb.exe54⤵
- Executes dropped EXE
-
\??\c:\jpdjp.exec:\jpdjp.exe55⤵
- Executes dropped EXE
-
\??\c:\bntnnh.exec:\bntnnh.exe56⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe57⤵
- Executes dropped EXE
-
\??\c:\bthhtn.exec:\bthhtn.exe58⤵
- Executes dropped EXE
-
\??\c:\fxrfrrl.exec:\fxrfrrl.exe59⤵
- Executes dropped EXE
-
\??\c:\9pdjp.exec:\9pdjp.exe60⤵
- Executes dropped EXE
-
\??\c:\hbnttt.exec:\hbnttt.exe61⤵
- Executes dropped EXE
-
\??\c:\jpjjd.exec:\jpjjd.exe62⤵
- Executes dropped EXE
-
\??\c:\ffxfrrr.exec:\ffxfrrr.exe63⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe64⤵
- Executes dropped EXE
-
\??\c:\xflfllr.exec:\xflfllr.exe65⤵
- Executes dropped EXE
-
\??\c:\5jdjd.exec:\5jdjd.exe66⤵
-
\??\c:\7bbbbh.exec:\7bbbbh.exe67⤵
-
\??\c:\9vvdj.exec:\9vvdj.exe68⤵
-
\??\c:\hntbbh.exec:\hntbbh.exe69⤵
-
\??\c:\pddjv.exec:\pddjv.exe70⤵
-
\??\c:\rxrxflr.exec:\rxrxflr.exe71⤵
-
\??\c:\5ntthn.exec:\5ntthn.exe72⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe73⤵
-
\??\c:\ttntbb.exec:\ttntbb.exe74⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe75⤵
-
\??\c:\nnbhbn.exec:\nnbhbn.exe76⤵
-
\??\c:\jpppd.exec:\jpppd.exe77⤵
-
\??\c:\lrrllfx.exec:\lrrllfx.exe78⤵
-
\??\c:\nnbtbb.exec:\nnbtbb.exe79⤵
-
\??\c:\rlllrll.exec:\rlllrll.exe80⤵
-
\??\c:\hnttbh.exec:\hnttbh.exe81⤵
-
\??\c:\dddvv.exec:\dddvv.exe82⤵
-
\??\c:\flxfrfx.exec:\flxfrfx.exe83⤵
-
\??\c:\bntbtb.exec:\bntbtb.exe84⤵
-
\??\c:\llrrxff.exec:\llrrxff.exe85⤵
-
\??\c:\bnnbhh.exec:\bnnbhh.exe86⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe87⤵
-
\??\c:\lrxfffx.exec:\lrxfffx.exe88⤵
-
\??\c:\5tbhht.exec:\5tbhht.exe89⤵
-
\??\c:\rfrfxrl.exec:\rfrfxrl.exe90⤵
-
\??\c:\9hhnnh.exec:\9hhnnh.exe91⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe92⤵
-
\??\c:\llrlxrr.exec:\llrlxrr.exe93⤵
-
\??\c:\nhnbbb.exec:\nhnbbb.exe94⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe95⤵
-
\??\c:\lrrlrfl.exec:\lrrlrfl.exe96⤵
-
\??\c:\bnnhhb.exec:\bnnhhb.exe97⤵
-
\??\c:\vjjdj.exec:\vjjdj.exe98⤵
-
\??\c:\xflfrrr.exec:\xflfrrr.exe99⤵
-
\??\c:\nntnnh.exec:\nntnnh.exe100⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe101⤵
-
\??\c:\nnnhhb.exec:\nnnhhb.exe102⤵
-
\??\c:\pdppp.exec:\pdppp.exe103⤵
-
\??\c:\lxxxfff.exec:\lxxxfff.exe104⤵
-
\??\c:\nttnnn.exec:\nttnnn.exe105⤵
-
\??\c:\fxxxfff.exec:\fxxxfff.exe106⤵
-
\??\c:\tbhhhb.exec:\tbhhhb.exe107⤵
-
\??\c:\jpvjj.exec:\jpvjj.exe108⤵
-
\??\c:\bttbtb.exec:\bttbtb.exe109⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe110⤵
-
\??\c:\lxfxfrx.exec:\lxfxfrx.exe111⤵
-
\??\c:\nhbhtt.exec:\nhbhtt.exe112⤵
-
\??\c:\jjjvv.exec:\jjjvv.exe113⤵
-
\??\c:\1bhbtb.exec:\1bhbtb.exe114⤵
-
\??\c:\ddjvd.exec:\ddjvd.exe115⤵
-
\??\c:\hnbhbh.exec:\hnbhbh.exe116⤵
-
\??\c:\djpvd.exec:\djpvd.exe117⤵
-
\??\c:\fllxlfl.exec:\fllxlfl.exe118⤵
-
\??\c:\nntnbt.exec:\nntnbt.exe119⤵
-
\??\c:\xxlxlll.exec:\xxlxlll.exe120⤵
-
\??\c:\nbttbt.exec:\nbttbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-