Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
52s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
07/05/2024, 23:58
General
-
Target
6f92a47978dba204bac824c671d20c80_NEIKI.exe
-
Size
433KB
-
MD5
6f92a47978dba204bac824c671d20c80
-
SHA1
b653fa1b9a68a599d196a9c25063fe127fc57cad
-
SHA256
f89397809333c39f43fba2b2c6822c90a00bb12aa5f91319aaf34566a4a8c014
-
SHA512
23a84b8001f2f79fb3214747aa1dfd2415b6b9c5cf88379687e6bd0a3a1c6d72f23d03a8c5b5f235b36f038a130134e264927bbe8ab1420825295d6c5c2d345f
-
SSDEEP
12288:n3C9uMPh2kkkkK4kXkkkkkkkkl888888888888888888nF:ShPh2kkkkK4kXkkkkkkkkr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6f92a47978dba204bac824c671d20c80_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\6f92a47978dba204bac824c671d20c80_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\26640.exec:\26640.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpp.exec:\ppjpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c820068.exec:\c820068.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfxfl.exec:\rlxfxfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\60880.exec:\60880.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\860688.exec:\860688.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xllfll.exec:\5xllfll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbtt.exec:\nhbbtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnbb.exec:\tthnbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddv.exec:\vpddv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\42682.exec:\42682.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfrxl.exec:\rrlfrxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04442.exec:\04442.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\60668.exec:\60668.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbnn.exec:\hbbbnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c606802.exec:\c606802.exe17⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe18⤵
- Executes dropped EXE
-
\??\c:\tnbhnn.exec:\tnbhnn.exe19⤵
- Executes dropped EXE
-
\??\c:\2662008.exec:\2662008.exe20⤵
- Executes dropped EXE
-
\??\c:\u266880.exec:\u266880.exe21⤵
- Executes dropped EXE
-
\??\c:\nnthhh.exec:\nnthhh.exe22⤵
- Executes dropped EXE
-
\??\c:\68066.exec:\68066.exe23⤵
- Executes dropped EXE
-
\??\c:\44284.exec:\44284.exe24⤵
- Executes dropped EXE
-
\??\c:\bthnnt.exec:\bthnnt.exe25⤵
- Executes dropped EXE
-
\??\c:\0822440.exec:\0822440.exe26⤵
- Executes dropped EXE
-
\??\c:\9frrllf.exec:\9frrllf.exe27⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe28⤵
- Executes dropped EXE
-
\??\c:\q02440.exec:\q02440.exe29⤵
- Executes dropped EXE
-
\??\c:\m6402.exec:\m6402.exe30⤵
- Executes dropped EXE
-
\??\c:\e48466.exec:\e48466.exe31⤵
- Executes dropped EXE
-
\??\c:\hnhhnn.exec:\hnhhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\9rrrxrx.exec:\9rrrxrx.exe33⤵
- Executes dropped EXE
-
\??\c:\6868280.exec:\6868280.exe34⤵
- Executes dropped EXE
-
\??\c:\042844.exec:\042844.exe35⤵
- Executes dropped EXE
-
\??\c:\nhnnbb.exec:\nhnnbb.exe36⤵
- Executes dropped EXE
-
\??\c:\u640068.exec:\u640068.exe37⤵
- Executes dropped EXE
-
\??\c:\llxfrrl.exec:\llxfrrl.exe38⤵
- Executes dropped EXE
-
\??\c:\5rfllrf.exec:\5rfllrf.exe39⤵
- Executes dropped EXE
-
\??\c:\xxrrxxl.exec:\xxrrxxl.exe40⤵
- Executes dropped EXE
-
\??\c:\4800228.exec:\4800228.exe41⤵
- Executes dropped EXE
-
\??\c:\jjpjp.exec:\jjpjp.exe42⤵
- Executes dropped EXE
-
\??\c:\i424062.exec:\i424062.exe43⤵
- Executes dropped EXE
-
\??\c:\u244006.exec:\u244006.exe44⤵
- Executes dropped EXE
-
\??\c:\26062.exec:\26062.exe45⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe46⤵
- Executes dropped EXE
-
\??\c:\5nthbb.exec:\5nthbb.exe47⤵
- Executes dropped EXE
-
\??\c:\0444446.exec:\0444446.exe48⤵
- Executes dropped EXE
-
\??\c:\082648.exec:\082648.exe49⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe50⤵
- Executes dropped EXE
-
\??\c:\hhthbb.exec:\hhthbb.exe51⤵
- Executes dropped EXE
-
\??\c:\ddjdj.exec:\ddjdj.exe52⤵
- Executes dropped EXE
-
\??\c:\thttbb.exec:\thttbb.exe53⤵
- Executes dropped EXE
-
\??\c:\g2008.exec:\g2008.exe54⤵
- Executes dropped EXE
-
\??\c:\1lfxffr.exec:\1lfxffr.exe55⤵
- Executes dropped EXE
-
\??\c:\3hntbh.exec:\3hntbh.exe56⤵
- Executes dropped EXE
-
\??\c:\6428002.exec:\6428002.exe57⤵
- Executes dropped EXE
-
\??\c:\frllrrl.exec:\frllrrl.exe58⤵
- Executes dropped EXE
-
\??\c:\468240.exec:\468240.exe59⤵
- Executes dropped EXE
-
\??\c:\u602440.exec:\u602440.exe60⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe61⤵
- Executes dropped EXE
-
\??\c:\7nbbtb.exec:\7nbbtb.exe62⤵
- Executes dropped EXE
-
\??\c:\040460.exec:\040460.exe63⤵
- Executes dropped EXE
-
\??\c:\pjvjp.exec:\pjvjp.exe64⤵
- Executes dropped EXE
-
\??\c:\jdpvv.exec:\jdpvv.exe65⤵
- Executes dropped EXE
-
\??\c:\a6486.exec:\a6486.exe66⤵
-
\??\c:\600022.exec:\600022.exe67⤵
-
\??\c:\1tntbb.exec:\1tntbb.exe68⤵
-
\??\c:\k64400.exec:\k64400.exe69⤵
-
\??\c:\6422446.exec:\6422446.exe70⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe71⤵
-
\??\c:\w42464.exec:\w42464.exe72⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe73⤵
-
\??\c:\ttnbnt.exec:\ttnbnt.exe74⤵
-
\??\c:\604466.exec:\604466.exe75⤵
-
\??\c:\i266228.exec:\i266228.exe76⤵
-
\??\c:\626022.exec:\626022.exe77⤵
-
\??\c:\k80028.exec:\k80028.exe78⤵
-
\??\c:\20220.exec:\20220.exe79⤵
-
\??\c:\604068.exec:\604068.exe80⤵
-
\??\c:\2088002.exec:\2088002.exe81⤵
-
\??\c:\pjddj.exec:\pjddj.exe82⤵
-
\??\c:\1tnnbn.exec:\1tnnbn.exe83⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe84⤵
-
\??\c:\hhbhnb.exec:\hhbhnb.exe85⤵
-
\??\c:\60880.exec:\60880.exe86⤵
-
\??\c:\680620.exec:\680620.exe87⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe88⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe89⤵
-
\??\c:\5jddj.exec:\5jddj.exe90⤵
-
\??\c:\nbbhbh.exec:\nbbhbh.exe91⤵
-
\??\c:\884068.exec:\884068.exe92⤵
-
\??\c:\642800.exec:\642800.exe93⤵
-
\??\c:\lfxxllx.exec:\lfxxllx.exe94⤵
-
\??\c:\0804002.exec:\0804002.exe95⤵
-
\??\c:\204040.exec:\204040.exe96⤵
-
\??\c:\480006.exec:\480006.exe97⤵
-
\??\c:\0068280.exec:\0068280.exe98⤵
-
\??\c:\ddppv.exec:\ddppv.exe99⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe100⤵
-
\??\c:\802888.exec:\802888.exe101⤵
-
\??\c:\rxfrlfx.exec:\rxfrlfx.exe102⤵
-
\??\c:\k86022.exec:\k86022.exe103⤵
-
\??\c:\pjddp.exec:\pjddp.exe104⤵
-
\??\c:\0804666.exec:\0804666.exe105⤵
-
\??\c:\ffrrxxl.exec:\ffrrxxl.exe106⤵
-
\??\c:\xrrrflx.exec:\xrrrflx.exe107⤵
-
\??\c:\k26806.exec:\k26806.exe108⤵
-
\??\c:\s6668.exec:\s6668.exe109⤵
-
\??\c:\6064240.exec:\6064240.exe110⤵
-
\??\c:\2668846.exec:\2668846.exe111⤵
-
\??\c:\48280.exec:\48280.exe112⤵
-
\??\c:\ntnthh.exec:\ntnthh.exe113⤵
-
\??\c:\fffrflr.exec:\fffrflr.exe114⤵
-
\??\c:\5lxrxxf.exec:\5lxrxxf.exe115⤵
-
\??\c:\088022.exec:\088022.exe116⤵
-
\??\c:\bbnbnb.exec:\bbnbnb.exe117⤵
-
\??\c:\860684.exec:\860684.exe118⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe119⤵
-
\??\c:\nthtnn.exec:\nthtnn.exe120⤵
-
\??\c:\lxffrfx.exec:\lxffrfx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-