Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
22/07/2024, 19:54
General
-
Target
2d18142072bcb0f6e248a399c04b87650faebe5d8e87b0f84e4059274c21cc91.exe
-
Size
417KB
-
MD5
c10fa53151c92a9ddb8a6ec5f4fbe8df
-
SHA1
99352ef9c706f558ed539256511b4c1b3dd63128
-
SHA256
2d18142072bcb0f6e248a399c04b87650faebe5d8e87b0f84e4059274c21cc91
-
SHA512
a510c3171787391ceb29be2c62bfa2a73f205a626d6168f63a84ca694e03360a6e75a6585005dd1143025e3d71e9da138117b44d270e80a5085ba4cab0d15559
-
SSDEEP
12288:n3C9ytvngQj4DtvnV9wLn9UTfC8eieJNBNIsYPv:SgdnJUdnV9P
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2d18142072bcb0f6e248a399c04b87650faebe5d8e87b0f84e4059274c21cc91.exe"C:\Users\Admin\AppData\Local\Temp\2d18142072bcb0f6e248a399c04b87650faebe5d8e87b0f84e4059274c21cc91.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrlrfr.exec:\9rrlrfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbth.exec:\nbbbth.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfllrr.exec:\rlfllrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhtb.exec:\nhhhtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbnhh.exec:\tbbnhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjv.exec:\pjvjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhtb.exec:\tnbhtb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvpd.exec:\1pvpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflffrx.exec:\fflffrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbnn.exec:\bttbnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvjv.exec:\1pvjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrfxlf.exec:\3lrfxlf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjvj.exec:\jvjvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrxffr.exec:\1rrxffr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnthh.exec:\nnnthh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvj.exec:\vpvvj.exe17⤵
- Executes dropped EXE
-
\??\c:\bbbnhh.exec:\bbbnhh.exe18⤵
- Executes dropped EXE
-
\??\c:\1btbhn.exec:\1btbhn.exe19⤵
- Executes dropped EXE
-
\??\c:\lfrrflf.exec:\lfrrflf.exe20⤵
- Executes dropped EXE
-
\??\c:\thhhtn.exec:\thhhtn.exe21⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe22⤵
- Executes dropped EXE
-
\??\c:\lrxllrf.exec:\lrxllrf.exe23⤵
- Executes dropped EXE
-
\??\c:\xxrlrxr.exec:\xxrlrxr.exe24⤵
- Executes dropped EXE
-
\??\c:\fxxxflr.exec:\fxxxflr.exe25⤵
- Executes dropped EXE
-
\??\c:\httnbh.exec:\httnbh.exe26⤵
- Executes dropped EXE
-
\??\c:\hhhtnb.exec:\hhhtnb.exe27⤵
- Executes dropped EXE
-
\??\c:\pdddd.exec:\pdddd.exe28⤵
- Executes dropped EXE
-
\??\c:\ffrxllx.exec:\ffrxllx.exe29⤵
- Executes dropped EXE
-
\??\c:\nhthnn.exec:\nhthnn.exe30⤵
- Executes dropped EXE
-
\??\c:\9lxxlxl.exec:\9lxxlxl.exe31⤵
- Executes dropped EXE
-
\??\c:\nhthtb.exec:\nhthtb.exe32⤵
- Executes dropped EXE
-
\??\c:\vpvjp.exec:\vpvjp.exe33⤵
- Executes dropped EXE
-
\??\c:\nhhnbb.exec:\nhhnbb.exe34⤵
- Executes dropped EXE
-
\??\c:\jjjvp.exec:\jjjvp.exe35⤵
- Executes dropped EXE
-
\??\c:\llfxfxx.exec:\llfxfxx.exe36⤵
- Executes dropped EXE
-
\??\c:\rrlfxrx.exec:\rrlfxrx.exe37⤵
- Executes dropped EXE
-
\??\c:\nbthbh.exec:\nbthbh.exe38⤵
- Executes dropped EXE
-
\??\c:\vjdjv.exec:\vjdjv.exe39⤵
- Executes dropped EXE
-
\??\c:\3vdvj.exec:\3vdvj.exe40⤵
- Executes dropped EXE
-
\??\c:\lfrrffl.exec:\lfrrffl.exe41⤵
- Executes dropped EXE
-
\??\c:\5bbnbh.exec:\5bbnbh.exe42⤵
- Executes dropped EXE
-
\??\c:\ttntbb.exec:\ttntbb.exe43⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe44⤵
- Executes dropped EXE
-
\??\c:\rlxffrf.exec:\rlxffrf.exe45⤵
- Executes dropped EXE
-
\??\c:\rxrlrxx.exec:\rxrlrxx.exe46⤵
- Executes dropped EXE
-
\??\c:\tnnbhn.exec:\tnnbhn.exe47⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe48⤵
- Executes dropped EXE
-
\??\c:\ppjjp.exec:\ppjjp.exe49⤵
- Executes dropped EXE
-
\??\c:\rrrxlrf.exec:\rrrxlrf.exe50⤵
- Executes dropped EXE
-
\??\c:\nbnnnt.exec:\nbnnnt.exe51⤵
- Executes dropped EXE
-
\??\c:\nnnnth.exec:\nnnnth.exe52⤵
- Executes dropped EXE
-
\??\c:\jdjvp.exec:\jdjvp.exe53⤵
- Executes dropped EXE
-
\??\c:\rllfrxl.exec:\rllfrxl.exe54⤵
- Executes dropped EXE
-
\??\c:\xrlrffr.exec:\xrlrffr.exe55⤵
- Executes dropped EXE
-
\??\c:\nnntht.exec:\nnntht.exe56⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe57⤵
- Executes dropped EXE
-
\??\c:\fxxrlrf.exec:\fxxrlrf.exe58⤵
- Executes dropped EXE
-
\??\c:\flfrfrl.exec:\flfrfrl.exe59⤵
- Executes dropped EXE
-
\??\c:\tnnbnn.exec:\tnnbnn.exe60⤵
- Executes dropped EXE
-
\??\c:\bbthbb.exec:\bbthbb.exe61⤵
- Executes dropped EXE
-
\??\c:\dddpj.exec:\dddpj.exe62⤵
- Executes dropped EXE
-
\??\c:\7djvj.exec:\7djvj.exe63⤵
- Executes dropped EXE
-
\??\c:\fflxlrl.exec:\fflxlrl.exe64⤵
- Executes dropped EXE
-
\??\c:\nhbnhn.exec:\nhbnhn.exe65⤵
- Executes dropped EXE
-
\??\c:\7jdjp.exec:\7jdjp.exe66⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe67⤵
-
\??\c:\rrllffl.exec:\rrllffl.exe68⤵
-
\??\c:\7ntbtt.exec:\7ntbtt.exe69⤵
-
\??\c:\3dvdv.exec:\3dvdv.exe70⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe71⤵
-
\??\c:\rlffllx.exec:\rlffllx.exe72⤵
-
\??\c:\bbntbh.exec:\bbntbh.exe73⤵
-
\??\c:\3jpjv.exec:\3jpjv.exe74⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe75⤵
-
\??\c:\rlxrflf.exec:\rlxrflf.exe76⤵
-
\??\c:\5thntt.exec:\5thntt.exe77⤵
-
\??\c:\bhhnhn.exec:\bhhnhn.exe78⤵
-
\??\c:\7ppdj.exec:\7ppdj.exe79⤵
-
\??\c:\1lrlxrl.exec:\1lrlxrl.exe80⤵
-
\??\c:\9flxffr.exec:\9flxffr.exe81⤵
-
\??\c:\nhtnht.exec:\nhtnht.exe82⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe83⤵
-
\??\c:\fxlrxfl.exec:\fxlrxfl.exe84⤵
-
\??\c:\9lllffr.exec:\9lllffr.exe85⤵
-
\??\c:\nhbnbn.exec:\nhbnbn.exe86⤵
-
\??\c:\3pvvj.exec:\3pvvj.exe87⤵
-
\??\c:\rrrxflx.exec:\rrrxflx.exe88⤵
-
\??\c:\frfxrfr.exec:\frfxrfr.exe89⤵
-
\??\c:\ttnbtb.exec:\ttnbtb.exe90⤵
-
\??\c:\dpddj.exec:\dpddj.exe91⤵
-
\??\c:\pjddp.exec:\pjddp.exe92⤵
-
\??\c:\rflxfrx.exec:\rflxfrx.exe93⤵
-
\??\c:\nbthtb.exec:\nbthtb.exe94⤵
-
\??\c:\ppddv.exec:\ppddv.exe95⤵
-
\??\c:\7jvpd.exec:\7jvpd.exe96⤵
-
\??\c:\xxxfflf.exec:\xxxfflf.exe97⤵
-
\??\c:\ntthnb.exec:\ntthnb.exe98⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe99⤵
-
\??\c:\ffflffx.exec:\ffflffx.exe100⤵
-
\??\c:\rlflllx.exec:\rlflllx.exe101⤵
-
\??\c:\tnbhnb.exec:\tnbhnb.exe102⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe103⤵
-
\??\c:\xllrfrx.exec:\xllrfrx.exe104⤵
-
\??\c:\ffxfflf.exec:\ffxfflf.exe105⤵
-
\??\c:\ttnbhn.exec:\ttnbhn.exe106⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe107⤵
-
\??\c:\jpjdj.exec:\jpjdj.exe108⤵
-
\??\c:\lfxfxfx.exec:\lfxfxfx.exe109⤵
-
\??\c:\nhthnt.exec:\nhthnt.exe110⤵
-
\??\c:\5nnbhn.exec:\5nnbhn.exe111⤵
-
\??\c:\7djvd.exec:\7djvd.exe112⤵
-
\??\c:\5xlllrl.exec:\5xlllrl.exe113⤵
-
\??\c:\tbthtb.exec:\tbthtb.exe114⤵
-
\??\c:\9hnbnb.exec:\9hnbnb.exe115⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe116⤵
-
\??\c:\lflxrrl.exec:\lflxrrl.exe117⤵
-
\??\c:\btnbhh.exec:\btnbhh.exe118⤵
-
\??\c:\nnhhth.exec:\nnhhth.exe119⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe120⤵
-
\??\c:\xxrflxl.exec:\xxrflxl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-