Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
08/05/2024, 04:12
General
-
Target
ca14135ae7a5d5e9ac9c3c7ecc89b980_NEIKI.exe
-
Size
433KB
-
MD5
ca14135ae7a5d5e9ac9c3c7ecc89b980
-
SHA1
e92c7f7a656364c3c3b6363b386d47cdc34b6715
-
SHA256
9ffdffe225cc68e42d1ed4361e0f9b76244555a661d49868f3a99d743573c71a
-
SHA512
abb19969d64d291ade0a7b5a6006cc5eaf2e28b366f6eabd191bc88a1f93b5aa0cc5391baf9095358f855dc486d22904394dfaf86d2c31c37c47a5fb400389f4
-
SSDEEP
12288:n3C9uMPh2kkkkK4kXkkkkkkkkl888888888888888888nR:ShPh2kkkkK4kXkkkkkkkkD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ca14135ae7a5d5e9ac9c3c7ecc89b980_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\ca14135ae7a5d5e9ac9c3c7ecc89b980_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\864460.exec:\864460.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppd.exec:\pdppd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\046244.exec:\046244.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a4244.exec:\a4244.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\080060.exec:\080060.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjd.exec:\vpdjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m4624.exec:\m4624.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s6822.exec:\s6822.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllxrx.exec:\xxllxrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvp.exec:\djdvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6640004.exec:\6640004.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\42886.exec:\42886.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdj.exec:\jdvdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvd.exec:\pvvvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\420206.exec:\420206.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k20060.exec:\k20060.exe17⤵
- Executes dropped EXE
-
\??\c:\3pvpj.exec:\3pvpj.exe18⤵
- Executes dropped EXE
-
\??\c:\08444.exec:\08444.exe19⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe20⤵
- Executes dropped EXE
-
\??\c:\frflllr.exec:\frflllr.exe21⤵
- Executes dropped EXE
-
\??\c:\0422402.exec:\0422402.exe22⤵
- Executes dropped EXE
-
\??\c:\202800.exec:\202800.exe23⤵
- Executes dropped EXE
-
\??\c:\jdpvp.exec:\jdpvp.exe24⤵
- Executes dropped EXE
-
\??\c:\3bhntt.exec:\3bhntt.exe25⤵
- Executes dropped EXE
-
\??\c:\dpddp.exec:\dpddp.exe26⤵
- Executes dropped EXE
-
\??\c:\46222.exec:\46222.exe27⤵
- Executes dropped EXE
-
\??\c:\5thhhb.exec:\5thhhb.exe28⤵
- Executes dropped EXE
-
\??\c:\42402.exec:\42402.exe29⤵
- Executes dropped EXE
-
\??\c:\u866228.exec:\u866228.exe30⤵
- Executes dropped EXE
-
\??\c:\7ntthn.exec:\7ntthn.exe31⤵
- Executes dropped EXE
-
\??\c:\08044.exec:\08044.exe32⤵
- Executes dropped EXE
-
\??\c:\dpjjv.exec:\dpjjv.exe33⤵
- Executes dropped EXE
-
\??\c:\648288.exec:\648288.exe34⤵
- Executes dropped EXE
-
\??\c:\5pddd.exec:\5pddd.exe35⤵
- Executes dropped EXE
-
\??\c:\fxffllr.exec:\fxffllr.exe36⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe37⤵
- Executes dropped EXE
-
\??\c:\7rflllr.exec:\7rflllr.exe38⤵
- Executes dropped EXE
-
\??\c:\u028668.exec:\u028668.exe39⤵
- Executes dropped EXE
-
\??\c:\1bhhhh.exec:\1bhhhh.exe40⤵
- Executes dropped EXE
-
\??\c:\rlxflrf.exec:\rlxflrf.exe41⤵
- Executes dropped EXE
-
\??\c:\tnhnnn.exec:\tnhnnn.exe42⤵
- Executes dropped EXE
-
\??\c:\86880.exec:\86880.exe43⤵
- Executes dropped EXE
-
\??\c:\ffflxfl.exec:\ffflxfl.exe44⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe45⤵
- Executes dropped EXE
-
\??\c:\02040.exec:\02040.exe46⤵
- Executes dropped EXE
-
\??\c:\5djjj.exec:\5djjj.exe47⤵
- Executes dropped EXE
-
\??\c:\086688.exec:\086688.exe48⤵
- Executes dropped EXE
-
\??\c:\nbnntt.exec:\nbnntt.exe49⤵
- Executes dropped EXE
-
\??\c:\8288442.exec:\8288442.exe50⤵
- Executes dropped EXE
-
\??\c:\5pdjj.exec:\5pdjj.exe51⤵
- Executes dropped EXE
-
\??\c:\42000.exec:\42000.exe52⤵
- Executes dropped EXE
-
\??\c:\vjvpv.exec:\vjvpv.exe53⤵
- Executes dropped EXE
-
\??\c:\8626602.exec:\8626602.exe54⤵
- Executes dropped EXE
-
\??\c:\1thhhh.exec:\1thhhh.exe55⤵
- Executes dropped EXE
-
\??\c:\7vjpp.exec:\7vjpp.exe56⤵
- Executes dropped EXE
-
\??\c:\9bhhnn.exec:\9bhhnn.exe57⤵
- Executes dropped EXE
-
\??\c:\lfrfllr.exec:\lfrfllr.exe58⤵
- Executes dropped EXE
-
\??\c:\fxxxxxx.exec:\fxxxxxx.exe59⤵
- Executes dropped EXE
-
\??\c:\5bbnhh.exec:\5bbnhh.exe60⤵
- Executes dropped EXE
-
\??\c:\q60622.exec:\q60622.exe61⤵
- Executes dropped EXE
-
\??\c:\2066662.exec:\2066662.exe62⤵
- Executes dropped EXE
-
\??\c:\s8062.exec:\s8062.exe63⤵
- Executes dropped EXE
-
\??\c:\7lxrrxx.exec:\7lxrrxx.exe64⤵
- Executes dropped EXE
-
\??\c:\jvjpd.exec:\jvjpd.exe65⤵
- Executes dropped EXE
-
\??\c:\pdjpv.exec:\pdjpv.exe66⤵
-
\??\c:\6022484.exec:\6022484.exe67⤵
-
\??\c:\bnbbbt.exec:\bnbbbt.exe68⤵
-
\??\c:\424800.exec:\424800.exe69⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe70⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe71⤵
-
\??\c:\20260.exec:\20260.exe72⤵
-
\??\c:\fxrrlrl.exec:\fxrrlrl.exe73⤵
-
\??\c:\080006.exec:\080006.exe74⤵
-
\??\c:\btbbhb.exec:\btbbhb.exe75⤵
-
\??\c:\3nnhbb.exec:\3nnhbb.exe76⤵
-
\??\c:\bthnhh.exec:\bthnhh.exe77⤵
-
\??\c:\8264068.exec:\8264068.exe78⤵
-
\??\c:\q86686.exec:\q86686.exe79⤵
-
\??\c:\ffllrrx.exec:\ffllrrx.exe80⤵
-
\??\c:\9vdjp.exec:\9vdjp.exe81⤵
-
\??\c:\864062.exec:\864062.exe82⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe83⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe84⤵
-
\??\c:\64802.exec:\64802.exe85⤵
-
\??\c:\0286000.exec:\0286000.exe86⤵
-
\??\c:\0462480.exec:\0462480.exe87⤵
-
\??\c:\5nhbbb.exec:\5nhbbb.exe88⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe89⤵
-
\??\c:\20222.exec:\20222.exe90⤵
-
\??\c:\864406.exec:\864406.exe91⤵
-
\??\c:\7nhtbh.exec:\7nhtbh.exe92⤵
-
\??\c:\llflrxf.exec:\llflrxf.exe93⤵
-
\??\c:\jddjj.exec:\jddjj.exe94⤵
-
\??\c:\6840000.exec:\6840000.exe95⤵
-
\??\c:\w24004.exec:\w24004.exe96⤵
-
\??\c:\9xlrrlr.exec:\9xlrrlr.exe97⤵
-
\??\c:\thtttt.exec:\thtttt.exe98⤵
-
\??\c:\i626266.exec:\i626266.exe99⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe100⤵
-
\??\c:\w24062.exec:\w24062.exe101⤵
-
\??\c:\1nbhhn.exec:\1nbhhn.exe102⤵
-
\??\c:\llflxxf.exec:\llflxxf.exe103⤵
-
\??\c:\48624.exec:\48624.exe104⤵
-
\??\c:\20666.exec:\20666.exe105⤵
-
\??\c:\48624.exec:\48624.exe106⤵
-
\??\c:\4866846.exec:\4866846.exe107⤵
-
\??\c:\086288.exec:\086288.exe108⤵
-
\??\c:\rfrlllr.exec:\rfrlllr.exe109⤵
-
\??\c:\a0666.exec:\a0666.exe110⤵
-
\??\c:\lfxrxlr.exec:\lfxrxlr.exe111⤵
-
\??\c:\thnnhn.exec:\thnnhn.exe112⤵
-
\??\c:\68068.exec:\68068.exe113⤵
-
\??\c:\20228.exec:\20228.exe114⤵
-
\??\c:\rlfxlll.exec:\rlfxlll.exe115⤵
-
\??\c:\024460.exec:\024460.exe116⤵
-
\??\c:\jdppv.exec:\jdppv.exe117⤵
-
\??\c:\0288828.exec:\0288828.exe118⤵
-
\??\c:\rrxxfxf.exec:\rrxxfxf.exe119⤵
-
\??\c:\hhtttn.exec:\hhtttn.exe120⤵
-
\??\c:\5xffllx.exec:\5xffllx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-