Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
08/05/2024, 04:12
General
-
Target
ca14135ae7a5d5e9ac9c3c7ecc89b980_NEIKI.exe
-
Size
433KB
-
MD5
ca14135ae7a5d5e9ac9c3c7ecc89b980
-
SHA1
e92c7f7a656364c3c3b6363b386d47cdc34b6715
-
SHA256
9ffdffe225cc68e42d1ed4361e0f9b76244555a661d49868f3a99d743573c71a
-
SHA512
abb19969d64d291ade0a7b5a6006cc5eaf2e28b366f6eabd191bc88a1f93b5aa0cc5391baf9095358f855dc486d22904394dfaf86d2c31c37c47a5fb400389f4
-
SSDEEP
12288:n3C9uMPh2kkkkK4kXkkkkkkkkl888888888888888888nR:ShPh2kkkkK4kXkkkkkkkkD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ca14135ae7a5d5e9ac9c3c7ecc89b980_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\ca14135ae7a5d5e9ac9c3c7ecc89b980_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvd.exec:\pvvvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrlfxr.exec:\1lrlfxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpp.exec:\jdvpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxlfxr.exec:\lrxlfxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlffxr.exec:\rrlffxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdv.exec:\pdvdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxlffx.exec:\9fxlffx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvd.exec:\vvdvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpj.exec:\vpvpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrffx.exec:\lxxrffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rrllfr.exec:\3rrllfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdv.exec:\jdjdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflffx.exec:\xrflffx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtnbt.exec:\thtnbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpd.exec:\jvvpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frfrxl.exec:\3frfrxl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthhb.exec:\btthhb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxffrlx.exec:\rxffrlx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnbht.exec:\bnnbht.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnnh.exec:\hhtnnh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdvj.exec:\3jdvj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrrll.exec:\fffrrll.exe23⤵
- Executes dropped EXE
-
\??\c:\jjvvp.exec:\jjvvp.exe24⤵
- Executes dropped EXE
-
\??\c:\7lrlxxf.exec:\7lrlxxf.exe25⤵
- Executes dropped EXE
-
\??\c:\9hhbnh.exec:\9hhbnh.exe26⤵
- Executes dropped EXE
-
\??\c:\jppjj.exec:\jppjj.exe27⤵
- Executes dropped EXE
-
\??\c:\nnbnbn.exec:\nnbnbn.exe28⤵
- Executes dropped EXE
-
\??\c:\jpvjv.exec:\jpvjv.exe29⤵
- Executes dropped EXE
-
\??\c:\xrlrrlr.exec:\xrlrrlr.exe30⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe31⤵
- Executes dropped EXE
-
\??\c:\lrxlfxr.exec:\lrxlfxr.exe32⤵
- Executes dropped EXE
-
\??\c:\rflfrlx.exec:\rflfrlx.exe33⤵
- Executes dropped EXE
-
\??\c:\9htnbt.exec:\9htnbt.exe34⤵
- Executes dropped EXE
-
\??\c:\pvvjd.exec:\pvvjd.exe35⤵
- Executes dropped EXE
-
\??\c:\lllfxrx.exec:\lllfxrx.exe36⤵
- Executes dropped EXE
-
\??\c:\nbhbnn.exec:\nbhbnn.exe37⤵
- Executes dropped EXE
-
\??\c:\nhhbnh.exec:\nhhbnh.exe38⤵
- Executes dropped EXE
-
\??\c:\7jjdv.exec:\7jjdv.exe39⤵
- Executes dropped EXE
-
\??\c:\xllxrlf.exec:\xllxrlf.exe40⤵
- Executes dropped EXE
-
\??\c:\hnthtn.exec:\hnthtn.exe41⤵
- Executes dropped EXE
-
\??\c:\hbhnhb.exec:\hbhnhb.exe42⤵
- Executes dropped EXE
-
\??\c:\vdpdv.exec:\vdpdv.exe43⤵
- Executes dropped EXE
-
\??\c:\3xfrrrr.exec:\3xfrrrr.exe44⤵
- Executes dropped EXE
-
\??\c:\nhbnbb.exec:\nhbnbb.exe45⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe46⤵
- Executes dropped EXE
-
\??\c:\vvjdp.exec:\vvjdp.exe47⤵
- Executes dropped EXE
-
\??\c:\xxffrfr.exec:\xxffrfr.exe48⤵
- Executes dropped EXE
-
\??\c:\bbnbbh.exec:\bbnbbh.exe49⤵
- Executes dropped EXE
-
\??\c:\1jjdp.exec:\1jjdp.exe50⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe51⤵
- Executes dropped EXE
-
\??\c:\5rlxrfl.exec:\5rlxrfl.exe52⤵
- Executes dropped EXE
-
\??\c:\tttbtt.exec:\tttbtt.exe53⤵
- Executes dropped EXE
-
\??\c:\pvpdp.exec:\pvpdp.exe54⤵
- Executes dropped EXE
-
\??\c:\3ppdv.exec:\3ppdv.exe55⤵
- Executes dropped EXE
-
\??\c:\5xxfxlx.exec:\5xxfxlx.exe56⤵
- Executes dropped EXE
-
\??\c:\hhhtnh.exec:\hhhtnh.exe57⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe58⤵
- Executes dropped EXE
-
\??\c:\xflfrxr.exec:\xflfrxr.exe59⤵
- Executes dropped EXE
-
\??\c:\bbnhtb.exec:\bbnhtb.exe60⤵
- Executes dropped EXE
-
\??\c:\htnbnh.exec:\htnbnh.exe61⤵
- Executes dropped EXE
-
\??\c:\pvvjv.exec:\pvvjv.exe62⤵
- Executes dropped EXE
-
\??\c:\9lfxlxr.exec:\9lfxlxr.exe63⤵
- Executes dropped EXE
-
\??\c:\xlllxrf.exec:\xlllxrf.exe64⤵
- Executes dropped EXE
-
\??\c:\hntnbn.exec:\hntnbn.exe65⤵
- Executes dropped EXE
-
\??\c:\hhnhtb.exec:\hhnhtb.exe66⤵
-
\??\c:\1vpdp.exec:\1vpdp.exe67⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe68⤵
-
\??\c:\xlllllx.exec:\xlllllx.exe69⤵
-
\??\c:\bhnbtn.exec:\bhnbtn.exe70⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe71⤵
-
\??\c:\9xrxlfl.exec:\9xrxlfl.exe72⤵
-
\??\c:\xflfxrl.exec:\xflfxrl.exe73⤵
-
\??\c:\nhbtnb.exec:\nhbtnb.exe74⤵
-
\??\c:\vppvv.exec:\vppvv.exe75⤵
-
\??\c:\fxllfxl.exec:\fxllfxl.exe76⤵
-
\??\c:\nnhhnh.exec:\nnhhnh.exe77⤵
-
\??\c:\ttbnhb.exec:\ttbnhb.exe78⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe79⤵
-
\??\c:\5xfrfxx.exec:\5xfrfxx.exe80⤵
-
\??\c:\tbbnbt.exec:\tbbnbt.exe81⤵
-
\??\c:\3jdpp.exec:\3jdpp.exe82⤵
-
\??\c:\rffrlxr.exec:\rffrlxr.exe83⤵
-
\??\c:\nthnhb.exec:\nthnhb.exe84⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe85⤵
-
\??\c:\1jpdv.exec:\1jpdv.exe86⤵
-
\??\c:\rxfrrrl.exec:\rxfrrrl.exe87⤵
-
\??\c:\ntnbtn.exec:\ntnbtn.exe88⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe89⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe90⤵
-
\??\c:\rlxllff.exec:\rlxllff.exe91⤵
-
\??\c:\btttnn.exec:\btttnn.exe92⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe93⤵
-
\??\c:\9dvpv.exec:\9dvpv.exe94⤵
-
\??\c:\flfrllx.exec:\flfrllx.exe95⤵
-
\??\c:\thhthb.exec:\thhthb.exe96⤵
-
\??\c:\7jjdd.exec:\7jjdd.exe97⤵
-
\??\c:\jvvjv.exec:\jvvjv.exe98⤵
-
\??\c:\fllrfrl.exec:\fllrfrl.exe99⤵
-
\??\c:\btnhtn.exec:\btnhtn.exe100⤵
-
\??\c:\thhtnh.exec:\thhtnh.exe101⤵
-
\??\c:\jpvdp.exec:\jpvdp.exe102⤵
-
\??\c:\fllfrff.exec:\fllfrff.exe103⤵
-
\??\c:\lxxrllr.exec:\lxxrllr.exe104⤵
-
\??\c:\hbbttn.exec:\hbbttn.exe105⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe106⤵
-
\??\c:\3fxrflx.exec:\3fxrflx.exe107⤵
-
\??\c:\3hhtnh.exec:\3hhtnh.exe108⤵
-
\??\c:\pdvjp.exec:\pdvjp.exe109⤵
-
\??\c:\dpjvj.exec:\dpjvj.exe110⤵
-
\??\c:\1rffxlx.exec:\1rffxlx.exe111⤵
-
\??\c:\3nhthb.exec:\3nhthb.exe112⤵
-
\??\c:\nhhttn.exec:\nhhttn.exe113⤵
-
\??\c:\5vvpv.exec:\5vvpv.exe114⤵
-
\??\c:\fflxlfr.exec:\fflxlfr.exe115⤵
-
\??\c:\9fffflf.exec:\9fffflf.exe116⤵
-
\??\c:\ttthtn.exec:\ttthtn.exe117⤵
-
\??\c:\5jdvp.exec:\5jdvp.exe118⤵
-
\??\c:\xlfrfxl.exec:\xlfrfxl.exe119⤵
-
\??\c:\ttnthb.exec:\ttnthb.exe120⤵
-
\??\c:\pvpjp.exec:\pvpjp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-