Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
21s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
21/07/2024, 12:12
General
-
Target
bfe9ad8cdebb84d2b3a30415bfa7fd00N.exe
-
Size
84KB
-
MD5
bfe9ad8cdebb84d2b3a30415bfa7fd00
-
SHA1
ab7c3d8dd4785f1255c1ea7284749856e41cce91
-
SHA256
6c036948d3d10bc7277cf78265b70fa58b0c13b888ac77a7afa390e4fd954a17
-
SHA512
9457fa4dd5f2c132008b71de6cfafbea1da98786286e45f28c7571688b71c5c696ce27a0e3b389653eae96bb44f26277fc0e67f4cf590026560f259bd829bc2a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAXPfgr2hKmdbcPi2v/:ymb3NkkiQ3mdBjFo6Pfgy3dbc//
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bfe9ad8cdebb84d2b3a30415bfa7fd00N.exe"C:\Users\Admin\AppData\Local\Temp\bfe9ad8cdebb84d2b3a30415bfa7fd00N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlrfr.exec:\rlxlrfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhth.exec:\tnbhth.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vpvj.exec:\3vpvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrxfl.exec:\rfrrxfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhtth.exec:\hhhtth.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppvd.exec:\7ppvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlffl.exec:\rlrlffl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbhh.exec:\btbbhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpp.exec:\jvdpp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrfrf.exec:\rffrfrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrfxlf.exec:\ffrfxlf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbbh.exec:\ttnbbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvj.exec:\ppjvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlrlrl.exec:\lrlrlrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bthnb.exec:\3bthnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbnbn.exec:\hhbnbn.exe17⤵
- Executes dropped EXE
-
\??\c:\jjjvj.exec:\jjjvj.exe18⤵
- Executes dropped EXE
-
\??\c:\3xffllx.exec:\3xffllx.exe19⤵
- Executes dropped EXE
-
\??\c:\thttbh.exec:\thttbh.exe20⤵
- Executes dropped EXE
-
\??\c:\jjpvv.exec:\jjpvv.exe21⤵
- Executes dropped EXE
-
\??\c:\1pjjv.exec:\1pjjv.exe22⤵
- Executes dropped EXE
-
\??\c:\xxrxlrl.exec:\xxrxlrl.exe23⤵
- Executes dropped EXE
-
\??\c:\thbntt.exec:\thbntt.exe24⤵
- Executes dropped EXE
-
\??\c:\hhbthn.exec:\hhbthn.exe25⤵
- Executes dropped EXE
-
\??\c:\7vpjv.exec:\7vpjv.exe26⤵
- Executes dropped EXE
-
\??\c:\xrxflfr.exec:\xrxflfr.exe27⤵
- Executes dropped EXE
-
\??\c:\nnhthn.exec:\nnhthn.exe28⤵
- Executes dropped EXE
-
\??\c:\vjjdd.exec:\vjjdd.exe29⤵
- Executes dropped EXE
-
\??\c:\rfflxxf.exec:\rfflxxf.exe30⤵
- Executes dropped EXE
-
\??\c:\3bbntt.exec:\3bbntt.exe31⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe32⤵
- Executes dropped EXE
-
\??\c:\dpdjp.exec:\dpdjp.exe33⤵
- Executes dropped EXE
-
\??\c:\xxxxffl.exec:\xxxxffl.exe34⤵
- Executes dropped EXE
-
\??\c:\1bbtht.exec:\1bbtht.exe35⤵
- Executes dropped EXE
-
\??\c:\9pvjd.exec:\9pvjd.exe36⤵
- Executes dropped EXE
-
\??\c:\9pdpd.exec:\9pdpd.exe37⤵
- Executes dropped EXE
-
\??\c:\9xfxffr.exec:\9xfxffr.exe38⤵
- Executes dropped EXE
-
\??\c:\bthbhb.exec:\bthbhb.exe39⤵
- Executes dropped EXE
-
\??\c:\7hhnbn.exec:\7hhnbn.exe40⤵
- Executes dropped EXE
-
\??\c:\djpvd.exec:\djpvd.exe41⤵
- Executes dropped EXE
-
\??\c:\xrlrlxr.exec:\xrlrlxr.exe42⤵
- Executes dropped EXE
-
\??\c:\fxlrflf.exec:\fxlrflf.exe43⤵
- Executes dropped EXE
-
\??\c:\7nnhnn.exec:\7nnhnn.exe44⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe45⤵
- Executes dropped EXE
-
\??\c:\7jvjv.exec:\7jvjv.exe46⤵
- Executes dropped EXE
-
\??\c:\9xrlxxl.exec:\9xrlxxl.exe47⤵
- Executes dropped EXE
-
\??\c:\bhthhb.exec:\bhthhb.exe48⤵
- Executes dropped EXE
-
\??\c:\9hhbnb.exec:\9hhbnb.exe49⤵
- Executes dropped EXE
-
\??\c:\3pdjv.exec:\3pdjv.exe50⤵
- Executes dropped EXE
-
\??\c:\3fxflrf.exec:\3fxflrf.exe51⤵
- Executes dropped EXE
-
\??\c:\llllfrx.exec:\llllfrx.exe52⤵
- Executes dropped EXE
-
\??\c:\thnhht.exec:\thnhht.exe53⤵
- Executes dropped EXE
-
\??\c:\vpjvv.exec:\vpjvv.exe54⤵
- Executes dropped EXE
-
\??\c:\1vjdd.exec:\1vjdd.exe55⤵
- Executes dropped EXE
-
\??\c:\9flfffr.exec:\9flfffr.exe56⤵
- Executes dropped EXE
-
\??\c:\bhbnhh.exec:\bhbnhh.exe57⤵
- Executes dropped EXE
-
\??\c:\nhnntb.exec:\nhnntb.exe58⤵
- Executes dropped EXE
-
\??\c:\pjpdp.exec:\pjpdp.exe59⤵
- Executes dropped EXE
-
\??\c:\fxrxfxf.exec:\fxrxfxf.exe60⤵
- Executes dropped EXE
-
\??\c:\tbnhhh.exec:\tbnhhh.exe61⤵
- Executes dropped EXE
-
\??\c:\7nhhnt.exec:\7nhhnt.exe62⤵
- Executes dropped EXE
-
\??\c:\vvjdd.exec:\vvjdd.exe63⤵
- Executes dropped EXE
-
\??\c:\lfrrflx.exec:\lfrrflx.exe64⤵
- Executes dropped EXE
-
\??\c:\frxrfxf.exec:\frxrfxf.exe65⤵
- Executes dropped EXE
-
\??\c:\hbtbhh.exec:\hbtbhh.exe66⤵
-
\??\c:\9ppdv.exec:\9ppdv.exe67⤵
-
\??\c:\pdvdp.exec:\pdvdp.exe68⤵
-
\??\c:\rrlxrfr.exec:\rrlxrfr.exe69⤵
-
\??\c:\btnttt.exec:\btnttt.exe70⤵
-
\??\c:\nhbnhn.exec:\nhbnhn.exe71⤵
-
\??\c:\pvpdd.exec:\pvpdd.exe72⤵
-
\??\c:\fxlfrxl.exec:\fxlfrxl.exe73⤵
-
\??\c:\llxxllf.exec:\llxxllf.exe74⤵
-
\??\c:\nhnhtb.exec:\nhnhtb.exe75⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe76⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe77⤵
-
\??\c:\xrfffll.exec:\xrfffll.exe78⤵
-
\??\c:\xxrxrlx.exec:\xxrxrlx.exe79⤵
-
\??\c:\5tnnbh.exec:\5tnnbh.exe80⤵
-
\??\c:\5hbtth.exec:\5hbtth.exe81⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe82⤵
-
\??\c:\rrxxlxl.exec:\rrxxlxl.exe83⤵
-
\??\c:\lfxflrf.exec:\lfxflrf.exe84⤵
-
\??\c:\nhnbnb.exec:\nhnbnb.exe85⤵
-
\??\c:\hhbhht.exec:\hhbhht.exe86⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe87⤵
-
\??\c:\ffrrxlr.exec:\ffrrxlr.exe88⤵
-
\??\c:\lxlfrrx.exec:\lxlfrrx.exe89⤵
-
\??\c:\ntbtbb.exec:\ntbtbb.exe90⤵
-
\??\c:\nnhhtt.exec:\nnhhtt.exe91⤵
-
\??\c:\3ppdp.exec:\3ppdp.exe92⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe93⤵
-
\??\c:\rfxxfxf.exec:\rfxxfxf.exe94⤵
-
\??\c:\5hnnhh.exec:\5hnnhh.exe95⤵
-
\??\c:\tbthth.exec:\tbthth.exe96⤵
-
\??\c:\djjpp.exec:\djjpp.exe97⤵
-
\??\c:\5rflrxf.exec:\5rflrxf.exe98⤵
-
\??\c:\fxflffl.exec:\fxflffl.exe99⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe100⤵
-
\??\c:\nththt.exec:\nththt.exe101⤵
-
\??\c:\djjvj.exec:\djjvj.exe102⤵
-
\??\c:\xlxllxx.exec:\xlxllxx.exe103⤵
-
\??\c:\fxlrxrf.exec:\fxlrxrf.exe104⤵
-
\??\c:\3nbbbh.exec:\3nbbbh.exe105⤵
-
\??\c:\hhthnn.exec:\hhthnn.exe106⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe107⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe108⤵
-
\??\c:\xllrlfl.exec:\xllrlfl.exe109⤵
-
\??\c:\ttnbht.exec:\ttnbht.exe110⤵
-
\??\c:\5ddjp.exec:\5ddjp.exe111⤵
-
\??\c:\ddjvv.exec:\ddjvv.exe112⤵
-
\??\c:\rllrflf.exec:\rllrflf.exe113⤵
-
\??\c:\xxrxrxl.exec:\xxrxrxl.exe114⤵
-
\??\c:\ttbnnn.exec:\ttbnnn.exe115⤵
-
\??\c:\9pdvj.exec:\9pdvj.exe116⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe117⤵
-
\??\c:\fxlrflx.exec:\fxlrflx.exe118⤵
-
\??\c:\ttnnbh.exec:\ttnnbh.exe119⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe120⤵
-
\??\c:\1dpdp.exec:\1dpdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-