Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
08/05/2024, 22:38
General
-
Target
809624faf15f44e1dd36c92f119c9f40_NEIKI.exe
-
Size
52KB
-
MD5
809624faf15f44e1dd36c92f119c9f40
-
SHA1
144cef5fc819fcbf3e8a967b720d4b30d2d5f90a
-
SHA256
c116710e1d8bcfd21f6bb0f57d3de32638d6824fb3acf3546b7526388d3781e8
-
SHA512
f26d4202d487ac22ec8de0e46f8b27b3e37182f5e9f4f6528fad9d065ec8f3db1985986f470ee261b79362b72813d05ac214fe4a90ffcfa65f9e74625b307d44
-
SSDEEP
1536:RvQBeOGtrYS3srx93UBWfwC6Ggnouy8Cp:RhOmTsF93UYfwC6GIoutc
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\809624faf15f44e1dd36c92f119c9f40_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\809624faf15f44e1dd36c92f119c9f40_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhht.exec:\hbbhht.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpd.exec:\jvjpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvjd.exec:\5jvjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlflrlr.exec:\xlflrlr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnht.exec:\tthnht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvv.exec:\vpdvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxlrrl.exec:\1lxlrrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bbhnn.exec:\3bbhnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnhnt.exec:\1tnhnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvd.exec:\vjjvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxxrf.exec:\lfrxxrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrfxx.exec:\frlrfxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7btnhn.exec:\7btnhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjp.exec:\vpjjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvdj.exec:\1dvdj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxffxx.exec:\rlxffxx.exe17⤵
- Executes dropped EXE
-
\??\c:\nhhhth.exec:\nhhhth.exe18⤵
- Executes dropped EXE
-
\??\c:\bthbhn.exec:\bthbhn.exe19⤵
- Executes dropped EXE
-
\??\c:\pjdjd.exec:\pjdjd.exe20⤵
- Executes dropped EXE
-
\??\c:\xrlxffl.exec:\xrlxffl.exe21⤵
- Executes dropped EXE
-
\??\c:\rlflxxf.exec:\rlflxxf.exe22⤵
- Executes dropped EXE
-
\??\c:\nthhhh.exec:\nthhhh.exe23⤵
- Executes dropped EXE
-
\??\c:\hhbhtn.exec:\hhbhtn.exe24⤵
- Executes dropped EXE
-
\??\c:\9dvjp.exec:\9dvjp.exe25⤵
- Executes dropped EXE
-
\??\c:\3fxfflx.exec:\3fxfflx.exe26⤵
- Executes dropped EXE
-
\??\c:\7lfflxx.exec:\7lfflxx.exe27⤵
- Executes dropped EXE
-
\??\c:\btbbhh.exec:\btbbhh.exe28⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe29⤵
- Executes dropped EXE
-
\??\c:\xrflrxf.exec:\xrflrxf.exe30⤵
- Executes dropped EXE
-
\??\c:\1lrlxrx.exec:\1lrlxrx.exe31⤵
- Executes dropped EXE
-
\??\c:\tttntb.exec:\tttntb.exe32⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe33⤵
- Executes dropped EXE
-
\??\c:\3xxfxrf.exec:\3xxfxrf.exe34⤵
- Executes dropped EXE
-
\??\c:\fxfflxf.exec:\fxfflxf.exe35⤵
- Executes dropped EXE
-
\??\c:\1htbnt.exec:\1htbnt.exe36⤵
- Executes dropped EXE
-
\??\c:\vpjpj.exec:\vpjpj.exe37⤵
- Executes dropped EXE
-
\??\c:\vdppv.exec:\vdppv.exe38⤵
- Executes dropped EXE
-
\??\c:\7rrxffl.exec:\7rrxffl.exe39⤵
- Executes dropped EXE
-
\??\c:\fxllrrx.exec:\fxllrrx.exe40⤵
- Executes dropped EXE
-
\??\c:\bttbbt.exec:\bttbbt.exe41⤵
- Executes dropped EXE
-
\??\c:\vjvjj.exec:\vjvjj.exe42⤵
- Executes dropped EXE
-
\??\c:\jddvd.exec:\jddvd.exe43⤵
- Executes dropped EXE
-
\??\c:\ffllrrr.exec:\ffllrrr.exe44⤵
- Executes dropped EXE
-
\??\c:\5xlrxxf.exec:\5xlrxxf.exe45⤵
- Executes dropped EXE
-
\??\c:\tnbbtt.exec:\tnbbtt.exe46⤵
- Executes dropped EXE
-
\??\c:\9ttbnh.exec:\9ttbnh.exe47⤵
- Executes dropped EXE
-
\??\c:\1pvdd.exec:\1pvdd.exe48⤵
- Executes dropped EXE
-
\??\c:\1djpd.exec:\1djpd.exe49⤵
- Executes dropped EXE
-
\??\c:\5flrxrl.exec:\5flrxrl.exe50⤵
- Executes dropped EXE
-
\??\c:\fxfrllx.exec:\fxfrllx.exe51⤵
- Executes dropped EXE
-
\??\c:\9hntbb.exec:\9hntbb.exe52⤵
- Executes dropped EXE
-
\??\c:\dvjvv.exec:\dvjvv.exe53⤵
- Executes dropped EXE
-
\??\c:\5pppp.exec:\5pppp.exe54⤵
- Executes dropped EXE
-
\??\c:\xlxxfff.exec:\xlxxfff.exe55⤵
- Executes dropped EXE
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe56⤵
- Executes dropped EXE
-
\??\c:\1bntbn.exec:\1bntbn.exe57⤵
- Executes dropped EXE
-
\??\c:\jvjvj.exec:\jvjvj.exe58⤵
- Executes dropped EXE
-
\??\c:\5jdjj.exec:\5jdjj.exe59⤵
- Executes dropped EXE
-
\??\c:\1ffxffr.exec:\1ffxffr.exe60⤵
- Executes dropped EXE
-
\??\c:\xxflfrx.exec:\xxflfrx.exe61⤵
- Executes dropped EXE
-
\??\c:\hbbbhb.exec:\hbbbhb.exe62⤵
- Executes dropped EXE
-
\??\c:\9djdd.exec:\9djdd.exe63⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe64⤵
- Executes dropped EXE
-
\??\c:\fxlrrrf.exec:\fxlrrrf.exe65⤵
- Executes dropped EXE
-
\??\c:\9llrxlx.exec:\9llrxlx.exe66⤵
-
\??\c:\rfllrxx.exec:\rfllrxx.exe67⤵
-
\??\c:\htbhhh.exec:\htbhhh.exe68⤵
-
\??\c:\5bhbbb.exec:\5bhbbb.exe69⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe70⤵
-
\??\c:\xrlrxff.exec:\xrlrxff.exe71⤵
-
\??\c:\1rrfllf.exec:\1rrfllf.exe72⤵
-
\??\c:\1hbbbb.exec:\1hbbbb.exe73⤵
-
\??\c:\htbthn.exec:\htbthn.exe74⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe75⤵
-
\??\c:\fxxxfxf.exec:\fxxxfxf.exe76⤵
-
\??\c:\rlxfrrr.exec:\rlxfrrr.exe77⤵
-
\??\c:\bnbhtt.exec:\bnbhtt.exe78⤵
-
\??\c:\httttb.exec:\httttb.exe79⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe80⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe81⤵
-
\??\c:\rrfxrrr.exec:\rrfxrrr.exe82⤵
-
\??\c:\rlflfrx.exec:\rlflfrx.exe83⤵
-
\??\c:\tnbbht.exec:\tnbbht.exe84⤵
-
\??\c:\hbttbt.exec:\hbttbt.exe85⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe86⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe87⤵
-
\??\c:\xxrflxf.exec:\xxrflxf.exe88⤵
-
\??\c:\rlfxffl.exec:\rlfxffl.exe89⤵
-
\??\c:\3tthnt.exec:\3tthnt.exe90⤵
-
\??\c:\ttnhth.exec:\ttnhth.exe91⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe92⤵
-
\??\c:\jdddp.exec:\jdddp.exe93⤵
-
\??\c:\rlxflxr.exec:\rlxflxr.exe94⤵
-
\??\c:\5xlrffl.exec:\5xlrffl.exe95⤵
-
\??\c:\5thnbn.exec:\5thnbn.exe96⤵
-
\??\c:\bnbtbt.exec:\bnbtbt.exe97⤵
-
\??\c:\5vppd.exec:\5vppd.exe98⤵
-
\??\c:\ppddv.exec:\ppddv.exe99⤵
-
\??\c:\1xxxffr.exec:\1xxxffr.exe100⤵
-
\??\c:\xrfxxff.exec:\xrfxxff.exe101⤵
-
\??\c:\nhnthn.exec:\nhnthn.exe102⤵
-
\??\c:\hthntt.exec:\hthntt.exe103⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe104⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe105⤵
-
\??\c:\lfrxlll.exec:\lfrxlll.exe106⤵
-
\??\c:\rlxrfrf.exec:\rlxrfrf.exe107⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe108⤵
-
\??\c:\tnhhtn.exec:\tnhhtn.exe109⤵
-
\??\c:\1vjvp.exec:\1vjvp.exe110⤵
-
\??\c:\jdppv.exec:\jdppv.exe111⤵
-
\??\c:\1flrffx.exec:\1flrffx.exe112⤵
-
\??\c:\lrllrfr.exec:\lrllrfr.exe113⤵
-
\??\c:\nbhbnt.exec:\nbhbnt.exe114⤵
-
\??\c:\btnttt.exec:\btnttt.exe115⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe116⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe117⤵
-
\??\c:\xlfflrx.exec:\xlfflrx.exe118⤵
-
\??\c:\fxfllxl.exec:\fxfllxl.exe119⤵
-
\??\c:\ttnhhh.exec:\ttnhhh.exe120⤵
-
\??\c:\pvvvj.exec:\pvvvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-