Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
08/05/2024, 15:23
General
-
Target
ed5d0cae4083465925ba0602c82fc9c0_NEIKI.exe
-
Size
95KB
-
MD5
ed5d0cae4083465925ba0602c82fc9c0
-
SHA1
4971b37abd9b9a064b1ba4dcc2db759b16d7d5bc
-
SHA256
49d3f219d99cc969cab53cade411d4d5d1f67d46305d6b73cf08b22f6307b9a0
-
SHA512
bd68118213fb1b206cbdc94f1afed17130dd49e2e148ead9237090b5d8d5f2d9ff0c867f98feb93b0e7158fdd8c8d4d481db6e28747976272fe2505b19a87aa6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/2CC:ymb3NkkiQ3mdBjFo73PYP1lri3K8GwyV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ed5d0cae4083465925ba0602c82fc9c0_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\ed5d0cae4083465925ba0602c82fc9c0_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xllllll.exec:\xllllll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbttbn.exec:\tbttbn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdjj.exec:\3jdjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jvpd.exec:\3jvpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxffx.exec:\rlxxffx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllflfr.exec:\rllflfr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbntbb.exec:\nbntbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnthn.exec:\hbnthn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtn.exec:\btbbtn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpp.exec:\pdvpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvvv.exec:\9dvvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jpvv.exec:\1jpvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7flffxf.exec:\7flffxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrxxf.exec:\rlxrxxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhntbt.exec:\hhntbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnnh.exec:\nbnnnh.exe17⤵
- Executes dropped EXE
-
\??\c:\vjvjj.exec:\vjvjj.exe18⤵
- Executes dropped EXE
-
\??\c:\djvvd.exec:\djvvd.exe19⤵
- Executes dropped EXE
-
\??\c:\xrfxffr.exec:\xrfxffr.exe20⤵
- Executes dropped EXE
-
\??\c:\bthtnh.exec:\bthtnh.exe21⤵
- Executes dropped EXE
-
\??\c:\hbbbhn.exec:\hbbbhn.exe22⤵
- Executes dropped EXE
-
\??\c:\nhbhhh.exec:\nhbhhh.exe23⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe24⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe25⤵
- Executes dropped EXE
-
\??\c:\xrfxxxf.exec:\xrfxxxf.exe26⤵
- Executes dropped EXE
-
\??\c:\xlrxxff.exec:\xlrxxff.exe27⤵
- Executes dropped EXE
-
\??\c:\bntnhb.exec:\bntnhb.exe28⤵
- Executes dropped EXE
-
\??\c:\7tnthh.exec:\7tnthh.exe29⤵
- Executes dropped EXE
-
\??\c:\1dpvj.exec:\1dpvj.exe30⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe31⤵
- Executes dropped EXE
-
\??\c:\rrlrllf.exec:\rrlrllf.exe32⤵
- Executes dropped EXE
-
\??\c:\9xllxxl.exec:\9xllxxl.exe33⤵
- Executes dropped EXE
-
\??\c:\thtntt.exec:\thtntt.exe34⤵
- Executes dropped EXE
-
\??\c:\nhhhtt.exec:\nhhhtt.exe35⤵
- Executes dropped EXE
-
\??\c:\bnnnnn.exec:\bnnnnn.exe36⤵
- Executes dropped EXE
-
\??\c:\dvdvj.exec:\dvdvj.exe37⤵
- Executes dropped EXE
-
\??\c:\1vpdj.exec:\1vpdj.exe38⤵
- Executes dropped EXE
-
\??\c:\xlllrll.exec:\xlllrll.exe39⤵
- Executes dropped EXE
-
\??\c:\1xxxxrr.exec:\1xxxxrr.exe40⤵
- Executes dropped EXE
-
\??\c:\btbhnn.exec:\btbhnn.exe41⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe42⤵
- Executes dropped EXE
-
\??\c:\7htbhb.exec:\7htbhb.exe43⤵
- Executes dropped EXE
-
\??\c:\3pjpj.exec:\3pjpj.exe44⤵
- Executes dropped EXE
-
\??\c:\pdjjd.exec:\pdjjd.exe45⤵
- Executes dropped EXE
-
\??\c:\5rffxxf.exec:\5rffxxf.exe46⤵
- Executes dropped EXE
-
\??\c:\3xlxxll.exec:\3xlxxll.exe47⤵
- Executes dropped EXE
-
\??\c:\lfllrll.exec:\lfllrll.exe48⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe49⤵
- Executes dropped EXE
-
\??\c:\nhnnnt.exec:\nhnnnt.exe50⤵
- Executes dropped EXE
-
\??\c:\nhnnbb.exec:\nhnnbb.exe51⤵
- Executes dropped EXE
-
\??\c:\vjjjj.exec:\vjjjj.exe52⤵
- Executes dropped EXE
-
\??\c:\pvdpj.exec:\pvdpj.exe53⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe54⤵
- Executes dropped EXE
-
\??\c:\xlfflff.exec:\xlfflff.exe55⤵
- Executes dropped EXE
-
\??\c:\rlxrlll.exec:\rlxrlll.exe56⤵
- Executes dropped EXE
-
\??\c:\fxrxlrr.exec:\fxrxlrr.exe57⤵
- Executes dropped EXE
-
\??\c:\tbnhnh.exec:\tbnhnh.exe58⤵
- Executes dropped EXE
-
\??\c:\7ntttn.exec:\7ntttn.exe59⤵
- Executes dropped EXE
-
\??\c:\lfrlfxx.exec:\lfrlfxx.exe60⤵
- Executes dropped EXE
-
\??\c:\3flflfl.exec:\3flflfl.exe61⤵
- Executes dropped EXE
-
\??\c:\7tbbtt.exec:\7tbbtt.exe62⤵
- Executes dropped EXE
-
\??\c:\bntntt.exec:\bntntt.exe63⤵
- Executes dropped EXE
-
\??\c:\tnbttb.exec:\tnbttb.exe64⤵
- Executes dropped EXE
-
\??\c:\9djjp.exec:\9djjp.exe65⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe66⤵
-
\??\c:\3jpjv.exec:\3jpjv.exe67⤵
-
\??\c:\frlrrrr.exec:\frlrrrr.exe68⤵
-
\??\c:\rfxfxxx.exec:\rfxfxxx.exe69⤵
-
\??\c:\9lflrfr.exec:\9lflrfr.exe70⤵
-
\??\c:\3nbbhh.exec:\3nbbhh.exe71⤵
-
\??\c:\hbthtt.exec:\hbthtt.exe72⤵
-
\??\c:\nhnthn.exec:\nhnthn.exe73⤵
-
\??\c:\pdvdp.exec:\pdvdp.exe74⤵
-
\??\c:\5dvjj.exec:\5dvjj.exe75⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe76⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe77⤵
-
\??\c:\frrlrrr.exec:\frrlrrr.exe78⤵
-
\??\c:\xrxflrx.exec:\xrxflrx.exe79⤵
-
\??\c:\3xllrxl.exec:\3xllrxl.exe80⤵
-
\??\c:\nbnnnh.exec:\nbnnnh.exe81⤵
-
\??\c:\hbtbtn.exec:\hbtbtn.exe82⤵
-
\??\c:\7htttt.exec:\7htttt.exe83⤵
-
\??\c:\jvdpv.exec:\jvdpv.exe84⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe85⤵
-
\??\c:\5pvvd.exec:\5pvvd.exe86⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe87⤵
-
\??\c:\rlrxxxf.exec:\rlrxxxf.exe88⤵
-
\??\c:\xxfxrxf.exec:\xxfxrxf.exe89⤵
-
\??\c:\9rfflxx.exec:\9rfflxx.exe90⤵
-
\??\c:\bnttbh.exec:\bnttbh.exe91⤵
-
\??\c:\1htnnt.exec:\1htnnt.exe92⤵
-
\??\c:\nbnthb.exec:\nbnthb.exe93⤵
-
\??\c:\dppdd.exec:\dppdd.exe94⤵
-
\??\c:\9dppp.exec:\9dppp.exe95⤵
-
\??\c:\jvpjj.exec:\jvpjj.exe96⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe97⤵
-
\??\c:\5lxlfrl.exec:\5lxlfrl.exe98⤵
-
\??\c:\7lxxxxf.exec:\7lxxxxf.exe99⤵
-
\??\c:\rffxxxf.exec:\rffxxxf.exe100⤵
-
\??\c:\bnbbhn.exec:\bnbbhn.exe101⤵
-
\??\c:\9bnhhb.exec:\9bnhhb.exe102⤵
-
\??\c:\nhhhtn.exec:\nhhhtn.exe103⤵
-
\??\c:\5nbhbh.exec:\5nbhbh.exe104⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe105⤵
-
\??\c:\vdppp.exec:\vdppp.exe106⤵
-
\??\c:\3jvpp.exec:\3jvpp.exe107⤵
-
\??\c:\flxxxff.exec:\flxxxff.exe108⤵
-
\??\c:\7rllrlr.exec:\7rllrlr.exe109⤵
-
\??\c:\lflfrxx.exec:\lflfrxx.exe110⤵
-
\??\c:\5bhntt.exec:\5bhntt.exe111⤵
-
\??\c:\btbbtb.exec:\btbbtb.exe112⤵
-
\??\c:\7nhbbn.exec:\7nhbbn.exe113⤵
-
\??\c:\7pvvv.exec:\7pvvv.exe114⤵
-
\??\c:\jvppv.exec:\jvppv.exe115⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe116⤵
-
\??\c:\fxffrlr.exec:\fxffrlr.exe117⤵
-
\??\c:\rlrrrlr.exec:\rlrrrlr.exe118⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe119⤵
-
\??\c:\btbnnt.exec:\btbnnt.exe120⤵
-
\??\c:\nhhnnn.exec:\nhhnnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-