Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
15/07/2024, 09:50
General
-
Target
f03fd34d1fc39c7bd3151b7ec4b9cd492b531bde795d51c83e4fa41907149ef8.exe
-
Size
65KB
-
MD5
bd8cb5de0ddc084e29de443333e49440
-
SHA1
5bc2f2b6e573e75b87748f58d6fb8f9befcae7f5
-
SHA256
f03fd34d1fc39c7bd3151b7ec4b9cd492b531bde795d51c83e4fa41907149ef8
-
SHA512
d51c4cfcfd9ac533cac3431bb56d948e2972a5631a1665f54adf92870fc9febd26f3ed69f2f6985d301bb97c522323061e0ddcfd284d462b9fb38d4398970077
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJULh1214ar:ymb3NkkiQ3mdBjFIFdJmdar
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f03fd34d1fc39c7bd3151b7ec4b9cd492b531bde795d51c83e4fa41907149ef8.exe"C:\Users\Admin\AppData\Local\Temp\f03fd34d1fc39c7bd3151b7ec4b9cd492b531bde795d51c83e4fa41907149ef8.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7thnbn.exec:\7thnbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pddv.exec:\1pddv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xrfrxl.exec:\5xrfrxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnhth.exec:\9tnhth.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvpv.exec:\5jvpv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjdd.exec:\1vjdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnnbh.exec:\1tnnbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jppv.exec:\3jppv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpj.exec:\jddpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrrxl.exec:\lfrrrxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbbth.exec:\7nbbth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbnt.exec:\htbbnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppd.exec:\vvppd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlrff.exec:\lfxlrff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxflrx.exec:\rlxflrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhhtt.exec:\1nhhtt.exe17⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe18⤵
- Executes dropped EXE
-
\??\c:\jjvjp.exec:\jjvjp.exe19⤵
- Executes dropped EXE
-
\??\c:\5rffrxf.exec:\5rffrxf.exe20⤵
- Executes dropped EXE
-
\??\c:\7tntbh.exec:\7tntbh.exe21⤵
- Executes dropped EXE
-
\??\c:\nnhthh.exec:\nnhthh.exe22⤵
- Executes dropped EXE
-
\??\c:\ddppd.exec:\ddppd.exe23⤵
- Executes dropped EXE
-
\??\c:\9rrfrfr.exec:\9rrfrfr.exe24⤵
- Executes dropped EXE
-
\??\c:\bttnbh.exec:\bttnbh.exe25⤵
- Executes dropped EXE
-
\??\c:\vvvdp.exec:\vvvdp.exe26⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe27⤵
- Executes dropped EXE
-
\??\c:\tnhntt.exec:\tnhntt.exe28⤵
- Executes dropped EXE
-
\??\c:\3hhbht.exec:\3hhbht.exe29⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe30⤵
- Executes dropped EXE
-
\??\c:\fxflrrf.exec:\fxflrrf.exe31⤵
- Executes dropped EXE
-
\??\c:\7rrxrfx.exec:\7rrxrfx.exe32⤵
- Executes dropped EXE
-
\??\c:\btntnn.exec:\btntnn.exe33⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe34⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe35⤵
- Executes dropped EXE
-
\??\c:\lflxxxl.exec:\lflxxxl.exe36⤵
- Executes dropped EXE
-
\??\c:\7frflxf.exec:\7frflxf.exe37⤵
- Executes dropped EXE
-
\??\c:\nnhthh.exec:\nnhthh.exe38⤵
- Executes dropped EXE
-
\??\c:\hbhthn.exec:\hbhthn.exe39⤵
- Executes dropped EXE
-
\??\c:\pdvvj.exec:\pdvvj.exe40⤵
- Executes dropped EXE
-
\??\c:\3jvjp.exec:\3jvjp.exe41⤵
- Executes dropped EXE
-
\??\c:\1xffrlr.exec:\1xffrlr.exe42⤵
- Executes dropped EXE
-
\??\c:\lllrxlx.exec:\lllrxlx.exe43⤵
- Executes dropped EXE
-
\??\c:\tbbnnh.exec:\tbbnnh.exe44⤵
- Executes dropped EXE
-
\??\c:\nnhntb.exec:\nnhntb.exe45⤵
- Executes dropped EXE
-
\??\c:\ppdjj.exec:\ppdjj.exe46⤵
- Executes dropped EXE
-
\??\c:\1vjdp.exec:\1vjdp.exe47⤵
- Executes dropped EXE
-
\??\c:\3rxxllx.exec:\3rxxllx.exe48⤵
- Executes dropped EXE
-
\??\c:\hhbntt.exec:\hhbntt.exe49⤵
- Executes dropped EXE
-
\??\c:\3thnbt.exec:\3thnbt.exe50⤵
- Executes dropped EXE
-
\??\c:\jjjvj.exec:\jjjvj.exe51⤵
- Executes dropped EXE
-
\??\c:\5jjdp.exec:\5jjdp.exe52⤵
- Executes dropped EXE
-
\??\c:\nhhnhn.exec:\nhhnhn.exe53⤵
- Executes dropped EXE
-
\??\c:\3nhnbb.exec:\3nhnbb.exe54⤵
- Executes dropped EXE
-
\??\c:\ddjjv.exec:\ddjjv.exe55⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe56⤵
- Executes dropped EXE
-
\??\c:\rfxxflx.exec:\rfxxflx.exe57⤵
- Executes dropped EXE
-
\??\c:\frllrxf.exec:\frllrxf.exe58⤵
- Executes dropped EXE
-
\??\c:\ttnbtt.exec:\ttnbtt.exe59⤵
- Executes dropped EXE
-
\??\c:\nnhhnt.exec:\nnhhnt.exe60⤵
- Executes dropped EXE
-
\??\c:\vppvj.exec:\vppvj.exe61⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe62⤵
- Executes dropped EXE
-
\??\c:\xrllrfx.exec:\xrllrfx.exe63⤵
- Executes dropped EXE
-
\??\c:\rlxrfll.exec:\rlxrfll.exe64⤵
- Executes dropped EXE
-
\??\c:\hbtbtb.exec:\hbtbtb.exe65⤵
- Executes dropped EXE
-
\??\c:\1bntnn.exec:\1bntnn.exe66⤵
-
\??\c:\9pdjp.exec:\9pdjp.exe67⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe68⤵
-
\??\c:\lxrfllf.exec:\lxrfllf.exe69⤵
-
\??\c:\fflllrf.exec:\fflllrf.exe70⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe71⤵
-
\??\c:\thbbnn.exec:\thbbnn.exe72⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe73⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe74⤵
-
\??\c:\frflxrr.exec:\frflxrr.exe75⤵
-
\??\c:\7rllxlr.exec:\7rllxlr.exe76⤵
-
\??\c:\5nnbnb.exec:\5nnbnb.exe77⤵
-
\??\c:\5bthnb.exec:\5bthnb.exe78⤵
-
\??\c:\pppdd.exec:\pppdd.exe79⤵
-
\??\c:\7vppd.exec:\7vppd.exe80⤵
-
\??\c:\rlxfrrf.exec:\rlxfrrf.exe81⤵
-
\??\c:\xllxfll.exec:\xllxfll.exe82⤵
-
\??\c:\bnthbh.exec:\bnthbh.exe83⤵
-
\??\c:\nhbbbh.exec:\nhbbbh.exe84⤵
-
\??\c:\ddddv.exec:\ddddv.exe85⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe86⤵
-
\??\c:\rlflllx.exec:\rlflllx.exe87⤵
-
\??\c:\3rflxfr.exec:\3rflxfr.exe88⤵
-
\??\c:\ttnbnb.exec:\ttnbnb.exe89⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe90⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe91⤵
-
\??\c:\xxlxxlr.exec:\xxlxxlr.exe92⤵
-
\??\c:\9lxfrxr.exec:\9lxfrxr.exe93⤵
-
\??\c:\btthnn.exec:\btthnn.exe94⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe95⤵
-
\??\c:\vjdpv.exec:\vjdpv.exe96⤵
-
\??\c:\ppjdj.exec:\ppjdj.exe97⤵
-
\??\c:\fxlxxfl.exec:\fxlxxfl.exe98⤵
-
\??\c:\rrlxfrr.exec:\rrlxfrr.exe99⤵
-
\??\c:\lfrxfrx.exec:\lfrxfrx.exe100⤵
-
\??\c:\tnbbnt.exec:\tnbbnt.exe101⤵
-
\??\c:\nnnhtb.exec:\nnnhtb.exe102⤵
-
\??\c:\ddvjj.exec:\ddvjj.exe103⤵
-
\??\c:\pddjp.exec:\pddjp.exe104⤵
-
\??\c:\ffrxrrf.exec:\ffrxrrf.exe105⤵
-
\??\c:\lfxrxfl.exec:\lfxrxfl.exe106⤵
-
\??\c:\hththt.exec:\hththt.exe107⤵
-
\??\c:\1bnbhh.exec:\1bnbhh.exe108⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe109⤵
-
\??\c:\3jdjd.exec:\3jdjd.exe110⤵
-
\??\c:\rllrfxf.exec:\rllrfxf.exe111⤵
-
\??\c:\xrxfllr.exec:\xrxfllr.exe112⤵
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe113⤵
-
\??\c:\hbnbnh.exec:\hbnbnh.exe114⤵
-
\??\c:\hbntth.exec:\hbntth.exe115⤵
-
\??\c:\3jdjp.exec:\3jdjp.exe116⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe117⤵
-
\??\c:\xrrxrxx.exec:\xrrxrxx.exe118⤵
-
\??\c:\rllfrrr.exec:\rllfrrr.exe119⤵
-
\??\c:\nhbnbb.exec:\nhbnbb.exe120⤵
-
\??\c:\3nbnbn.exec:\3nbnbn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-