Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
21/07/2024, 23:40
General
-
Target
2b496769513b4829e7e99aa4d959d000N.exe
-
Size
68KB
-
MD5
2b496769513b4829e7e99aa4d959d000
-
SHA1
3dfc221ece2143eac1753ae58d28204a834e1ffb
-
SHA256
6d58231936d99404657a49ad23138bbfa9427531d791e38d8e64ba08d2e1f9d9
-
SHA512
f3e8352b9319775494239aeb21508f26ee470692ec9a2b054494c64c619c51bea600474eb2bbcfc6f24bfc43ff3ba011f6014d459fe68056f8b424392fb1f8ef
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfUci4IO:ymb3NkkiQ3mdBjFI4V4ci4IO
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2b496769513b4829e7e99aa4d959d000N.exe"C:\Users\Admin\AppData\Local\Temp\2b496769513b4829e7e99aa4d959d000N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbnh.exec:\bthbnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpvd.exec:\vjpvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frflxff.exec:\frflxff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thnnb.exec:\3thnnb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjp.exec:\jjvjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlxll.exec:\fxrlxll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrfrff.exec:\lfrfrff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbhn.exec:\thbbhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdd.exec:\dvpdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrrrr.exec:\rrlrrrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbbb.exec:\thtbbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnhh.exec:\btnnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdd.exec:\pdvdd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrxrx.exec:\rrlrxrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxflxrx.exec:\lxflxrx.exe17⤵
- Executes dropped EXE
-
\??\c:\9tbtbh.exec:\9tbtbh.exe18⤵
- Executes dropped EXE
-
\??\c:\btnntn.exec:\btnntn.exe19⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe20⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe21⤵
- Executes dropped EXE
-
\??\c:\xlxxxxf.exec:\xlxxxxf.exe22⤵
- Executes dropped EXE
-
\??\c:\nbhbhh.exec:\nbhbhh.exe23⤵
- Executes dropped EXE
-
\??\c:\nhnttb.exec:\nhnttb.exe24⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe25⤵
- Executes dropped EXE
-
\??\c:\5frlrrl.exec:\5frlrrl.exe26⤵
- Executes dropped EXE
-
\??\c:\rlxflfl.exec:\rlxflfl.exe27⤵
- Executes dropped EXE
-
\??\c:\5nnhtn.exec:\5nnhtn.exe28⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe29⤵
- Executes dropped EXE
-
\??\c:\pjpjp.exec:\pjpjp.exe30⤵
- Executes dropped EXE
-
\??\c:\fxffffl.exec:\fxffffl.exe31⤵
- Executes dropped EXE
-
\??\c:\3rrxxff.exec:\3rrxxff.exe32⤵
- Executes dropped EXE
-
\??\c:\hthhnn.exec:\hthhnn.exe33⤵
- Executes dropped EXE
-
\??\c:\pdvvd.exec:\pdvvd.exe34⤵
- Executes dropped EXE
-
\??\c:\ppdjj.exec:\ppdjj.exe35⤵
- Executes dropped EXE
-
\??\c:\xlllllx.exec:\xlllllx.exe36⤵
- Executes dropped EXE
-
\??\c:\hnhbhn.exec:\hnhbhn.exe37⤵
- Executes dropped EXE
-
\??\c:\tntntt.exec:\tntntt.exe38⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe39⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe40⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe41⤵
- Executes dropped EXE
-
\??\c:\lrffxfr.exec:\lrffxfr.exe42⤵
- Executes dropped EXE
-
\??\c:\fffxxxr.exec:\fffxxxr.exe43⤵
- Executes dropped EXE
-
\??\c:\bnbbtb.exec:\bnbbtb.exe44⤵
- Executes dropped EXE
-
\??\c:\nhnbtt.exec:\nhnbtt.exe45⤵
- Executes dropped EXE
-
\??\c:\pvvvd.exec:\pvvvd.exe46⤵
- Executes dropped EXE
-
\??\c:\frxxlfl.exec:\frxxlfl.exe47⤵
- Executes dropped EXE
-
\??\c:\1rflxff.exec:\1rflxff.exe48⤵
- Executes dropped EXE
-
\??\c:\9xfxxxf.exec:\9xfxxxf.exe49⤵
- Executes dropped EXE
-
\??\c:\tnthnt.exec:\tnthnt.exe50⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe51⤵
- Executes dropped EXE
-
\??\c:\9ddjv.exec:\9ddjv.exe52⤵
- Executes dropped EXE
-
\??\c:\rlffrlx.exec:\rlffrlx.exe53⤵
- Executes dropped EXE
-
\??\c:\fxrfllr.exec:\fxrfllr.exe54⤵
- Executes dropped EXE
-
\??\c:\nhbhtt.exec:\nhbhtt.exe55⤵
- Executes dropped EXE
-
\??\c:\thnntt.exec:\thnntt.exe56⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe57⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe58⤵
- Executes dropped EXE
-
\??\c:\lxffllr.exec:\lxffllr.exe59⤵
- Executes dropped EXE
-
\??\c:\xlxfffl.exec:\xlxfffl.exe60⤵
- Executes dropped EXE
-
\??\c:\3xflxfl.exec:\3xflxfl.exe61⤵
- Executes dropped EXE
-
\??\c:\7thhnn.exec:\7thhnn.exe62⤵
- Executes dropped EXE
-
\??\c:\jppjj.exec:\jppjj.exe63⤵
- Executes dropped EXE
-
\??\c:\7djdd.exec:\7djdd.exe64⤵
- Executes dropped EXE
-
\??\c:\5fxxxxl.exec:\5fxxxxl.exe65⤵
- Executes dropped EXE
-
\??\c:\3lxfllr.exec:\3lxfllr.exe66⤵
-
\??\c:\hbnbbn.exec:\hbnbbn.exe67⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe68⤵
-
\??\c:\5vdvp.exec:\5vdvp.exe69⤵
-
\??\c:\rlflrfl.exec:\rlflrfl.exe70⤵
-
\??\c:\llrxffl.exec:\llrxffl.exe71⤵
-
\??\c:\bnthnn.exec:\bnthnn.exe72⤵
-
\??\c:\9thhnn.exec:\9thhnn.exe73⤵
-
\??\c:\vpddj.exec:\vpddj.exe74⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe75⤵
-
\??\c:\llflxlf.exec:\llflxlf.exe76⤵
-
\??\c:\ttntnt.exec:\ttntnt.exe77⤵
-
\??\c:\bbbbtb.exec:\bbbbtb.exe78⤵
-
\??\c:\dppjj.exec:\dppjj.exe79⤵
-
\??\c:\fxlrlxl.exec:\fxlrlxl.exe80⤵
-
\??\c:\lflxrfr.exec:\lflxrfr.exe81⤵
-
\??\c:\tnhnbn.exec:\tnhnbn.exe82⤵
-
\??\c:\3nnhbn.exec:\3nnhbn.exe83⤵
-
\??\c:\jvddj.exec:\jvddj.exe84⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe85⤵
-
\??\c:\lfflllx.exec:\lfflllx.exe86⤵
-
\??\c:\9flrflr.exec:\9flrflr.exe87⤵
-
\??\c:\bttttt.exec:\bttttt.exe88⤵
-
\??\c:\5hnbnn.exec:\5hnbnn.exe89⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe90⤵
-
\??\c:\jvvdp.exec:\jvvdp.exe91⤵
-
\??\c:\frffflr.exec:\frffflr.exe92⤵
-
\??\c:\7tbbnn.exec:\7tbbnn.exe93⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe94⤵
-
\??\c:\7djjp.exec:\7djjp.exe95⤵
-
\??\c:\9dppv.exec:\9dppv.exe96⤵
-
\??\c:\llrrxff.exec:\llrrxff.exe97⤵
-
\??\c:\7xflxfl.exec:\7xflxfl.exe98⤵
-
\??\c:\thttbh.exec:\thttbh.exe99⤵
-
\??\c:\nnbhtn.exec:\nnbhtn.exe100⤵
-
\??\c:\pvjpp.exec:\pvjpp.exe101⤵
-
\??\c:\dpvdj.exec:\dpvdj.exe102⤵
-
\??\c:\xlrllfx.exec:\xlrllfx.exe103⤵
-
\??\c:\llflffx.exec:\llflffx.exe104⤵
-
\??\c:\hbnbhh.exec:\hbnbhh.exe105⤵
-
\??\c:\nhtbbh.exec:\nhtbbh.exe106⤵
-
\??\c:\5hthtn.exec:\5hthtn.exe107⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe108⤵
-
\??\c:\9rrxxff.exec:\9rrxxff.exe109⤵
-
\??\c:\lxrxfxf.exec:\lxrxfxf.exe110⤵
-
\??\c:\rlrrfff.exec:\rlrrfff.exe111⤵
-
\??\c:\5tbhnn.exec:\5tbhnn.exe112⤵
-
\??\c:\thnnhn.exec:\thnnhn.exe113⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe114⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe115⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe116⤵
-
\??\c:\rfrrxlr.exec:\rfrrxlr.exe117⤵
-
\??\c:\rllfrrx.exec:\rllfrrx.exe118⤵
-
\??\c:\7nhhht.exec:\7nhhht.exe119⤵
-
\??\c:\thnbhn.exec:\thnbhn.exe120⤵
-
\??\c:\1dpdj.exec:\1dpdj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-