Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
09/07/2024, 07:39
General
-
Target
f685f662584f6fac10287c9f3b09c682878f3de6c1a6daa0c9fa1f175ff1ad9c.exe
-
Size
402KB
-
MD5
c1a1293a263eb2f969c195df613a3d19
-
SHA1
0528035e8ae10f6e30716f27d27659a27e1ff4f0
-
SHA256
f685f662584f6fac10287c9f3b09c682878f3de6c1a6daa0c9fa1f175ff1ad9c
-
SHA512
35d9e5c4cc02734c62bea0f44608a571ae367336c8dc58e5f4b7b85a3bc28235d4cf88cd21bd840663fd8ac1bab52aceb2da8ae7c4193ede9733af4e0be99425
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmX5kr+uIBpkJITEEuR9XTVyXmmBv:n3C9BRIG0asYFm71mJkr+uIBe1T8X9
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f685f662584f6fac10287c9f3b09c682878f3de6c1a6daa0c9fa1f175ff1ad9c.exe"C:\Users\Admin\AppData\Local\Temp\f685f662584f6fac10287c9f3b09c682878f3de6c1a6daa0c9fa1f175ff1ad9c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3dpdv.exec:\3dpdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddp.exec:\pdddp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdp.exec:\djjdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrrxrx.exec:\lxrrxrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhnh.exec:\thnhnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdp.exec:\jvjdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrfxl.exec:\lffrfxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntnbn.exec:\nntnbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppdd.exec:\7ppdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthbh.exec:\ttthbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpj.exec:\vpjpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbhnh.exec:\bhbhnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvp.exec:\vjjvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1llrrxf.exec:\1llrrxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvvd.exec:\1vvvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xfrflf.exec:\1xfrflf.exe17⤵
- Executes dropped EXE
-
\??\c:\bhhttt.exec:\bhhttt.exe18⤵
- Executes dropped EXE
-
\??\c:\vppvp.exec:\vppvp.exe19⤵
- Executes dropped EXE
-
\??\c:\jjjvd.exec:\jjjvd.exe20⤵
- Executes dropped EXE
-
\??\c:\hnnbtb.exec:\hnnbtb.exe21⤵
- Executes dropped EXE
-
\??\c:\9jjpp.exec:\9jjpp.exe22⤵
- Executes dropped EXE
-
\??\c:\5tnbht.exec:\5tnbht.exe23⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe24⤵
- Executes dropped EXE
-
\??\c:\nnthht.exec:\nnthht.exe25⤵
- Executes dropped EXE
-
\??\c:\9pdjd.exec:\9pdjd.exe26⤵
- Executes dropped EXE
-
\??\c:\llffrxx.exec:\llffrxx.exe27⤵
- Executes dropped EXE
-
\??\c:\nbnnhh.exec:\nbnnhh.exe28⤵
- Executes dropped EXE
-
\??\c:\pppjp.exec:\pppjp.exe29⤵
- Executes dropped EXE
-
\??\c:\bhhbth.exec:\bhhbth.exe30⤵
- Executes dropped EXE
-
\??\c:\rrlrfrl.exec:\rrlrfrl.exe31⤵
- Executes dropped EXE
-
\??\c:\nbttth.exec:\nbttth.exe32⤵
- Executes dropped EXE
-
\??\c:\rfrlrrr.exec:\rfrlrrr.exe33⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe34⤵
- Executes dropped EXE
-
\??\c:\fllffff.exec:\fllffff.exe35⤵
- Executes dropped EXE
-
\??\c:\nnbhnn.exec:\nnbhnn.exe36⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe37⤵
- Executes dropped EXE
-
\??\c:\1rffflr.exec:\1rffflr.exe38⤵
- Executes dropped EXE
-
\??\c:\nhbbnt.exec:\nhbbnt.exe39⤵
- Executes dropped EXE
-
\??\c:\nbhhnt.exec:\nbhhnt.exe40⤵
- Executes dropped EXE
-
\??\c:\vjddd.exec:\vjddd.exe41⤵
- Executes dropped EXE
-
\??\c:\9lffrfx.exec:\9lffrfx.exe42⤵
- Executes dropped EXE
-
\??\c:\fxlrxfr.exec:\fxlrxfr.exe43⤵
- Executes dropped EXE
-
\??\c:\bbttbb.exec:\bbttbb.exe44⤵
- Executes dropped EXE
-
\??\c:\dddpd.exec:\dddpd.exe45⤵
- Executes dropped EXE
-
\??\c:\9lrffff.exec:\9lrffff.exe46⤵
- Executes dropped EXE
-
\??\c:\xxxlrxx.exec:\xxxlrxx.exe47⤵
- Executes dropped EXE
-
\??\c:\tnhtbn.exec:\tnhtbn.exe48⤵
- Executes dropped EXE
-
\??\c:\9pjjp.exec:\9pjjp.exe49⤵
- Executes dropped EXE
-
\??\c:\lfxxxxf.exec:\lfxxxxf.exe50⤵
- Executes dropped EXE
-
\??\c:\flrlfrl.exec:\flrlfrl.exe51⤵
- Executes dropped EXE
-
\??\c:\5btbht.exec:\5btbht.exe52⤵
- Executes dropped EXE
-
\??\c:\vdvjv.exec:\vdvjv.exe53⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe54⤵
- Executes dropped EXE
-
\??\c:\xlrxfxl.exec:\xlrxfxl.exe55⤵
- Executes dropped EXE
-
\??\c:\7nthnt.exec:\7nthnt.exe56⤵
- Executes dropped EXE
-
\??\c:\thhbnh.exec:\thhbnh.exe57⤵
- Executes dropped EXE
-
\??\c:\3jjvd.exec:\3jjvd.exe58⤵
- Executes dropped EXE
-
\??\c:\rrxfxfr.exec:\rrxfxfr.exe59⤵
- Executes dropped EXE
-
\??\c:\tthbbt.exec:\tthbbt.exe60⤵
- Executes dropped EXE
-
\??\c:\hnhnbh.exec:\hnhnbh.exe61⤵
- Executes dropped EXE
-
\??\c:\vvpdj.exec:\vvpdj.exe62⤵
- Executes dropped EXE
-
\??\c:\xxxfrfl.exec:\xxxfrfl.exe63⤵
- Executes dropped EXE
-
\??\c:\llrfrxx.exec:\llrfrxx.exe64⤵
- Executes dropped EXE
-
\??\c:\3tnbnh.exec:\3tnbnh.exe65⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe66⤵
-
\??\c:\xxfrxlf.exec:\xxfrxlf.exe67⤵
-
\??\c:\ntbbth.exec:\ntbbth.exe68⤵
-
\??\c:\hnbhnt.exec:\hnbhnt.exe69⤵
-
\??\c:\vdjvv.exec:\vdjvv.exe70⤵
-
\??\c:\rrllrxl.exec:\rrllrxl.exe71⤵
-
\??\c:\lfxfrxl.exec:\lfxfrxl.exe72⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe73⤵
-
\??\c:\djjvp.exec:\djjvp.exe74⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe75⤵
-
\??\c:\lxxlllf.exec:\lxxlllf.exe76⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe77⤵
-
\??\c:\pdppv.exec:\pdppv.exe78⤵
-
\??\c:\vjpdj.exec:\vjpdj.exe79⤵
-
\??\c:\llfflrl.exec:\llfflrl.exe80⤵
-
\??\c:\nbbnth.exec:\nbbnth.exe81⤵
-
\??\c:\hbnbnb.exec:\hbnbnb.exe82⤵
-
\??\c:\1ddvj.exec:\1ddvj.exe83⤵
-
\??\c:\fxxxrlf.exec:\fxxxrlf.exe84⤵
-
\??\c:\5llrffr.exec:\5llrffr.exe85⤵
-
\??\c:\htntth.exec:\htntth.exe86⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe87⤵
-
\??\c:\ddjvv.exec:\ddjvv.exe88⤵
-
\??\c:\1fxxfff.exec:\1fxxfff.exe89⤵
-
\??\c:\bbbtnb.exec:\bbbtnb.exe90⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe91⤵
-
\??\c:\9vdpd.exec:\9vdpd.exe92⤵
-
\??\c:\9xrrflf.exec:\9xrrflf.exe93⤵
-
\??\c:\fxxflrf.exec:\fxxflrf.exe94⤵
-
\??\c:\3bthbn.exec:\3bthbn.exe95⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe96⤵
-
\??\c:\3jjdv.exec:\3jjdv.exe97⤵
-
\??\c:\rfxrllr.exec:\rfxrllr.exe98⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe99⤵
-
\??\c:\lffrfrl.exec:\lffrfrl.exe100⤵
-
\??\c:\pdpdd.exec:\pdpdd.exe101⤵
-
\??\c:\rffffrx.exec:\rffffrx.exe102⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe103⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe104⤵
-
\??\c:\flfxxlr.exec:\flfxxlr.exe105⤵
-
\??\c:\5bbnht.exec:\5bbnht.exe106⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe107⤵
-
\??\c:\xffxxrr.exec:\xffxxrr.exe108⤵
-
\??\c:\hhthnn.exec:\hhthnn.exe109⤵
-
\??\c:\lxfflfr.exec:\lxfflfr.exe110⤵
-
\??\c:\tbbtbn.exec:\tbbtbn.exe111⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe112⤵
-
\??\c:\jdddp.exec:\jdddp.exe113⤵
-
\??\c:\rrlrfrf.exec:\rrlrfrf.exe114⤵
-
\??\c:\3frflxr.exec:\3frflxr.exe115⤵
-
\??\c:\htbntt.exec:\htbntt.exe116⤵
-
\??\c:\llfffxf.exec:\llfffxf.exe117⤵
-
\??\c:\nhhnbh.exec:\nhhnbh.exe118⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe119⤵
-
\??\c:\3frlrfl.exec:\3frlrfl.exe120⤵
-
\??\c:\nbbnht.exec:\nbbnht.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-