Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
08/05/2024, 15:23
General
-
Target
ed5d0cae4083465925ba0602c82fc9c0_NEIKI.exe
-
Size
95KB
-
MD5
ed5d0cae4083465925ba0602c82fc9c0
-
SHA1
4971b37abd9b9a064b1ba4dcc2db759b16d7d5bc
-
SHA256
49d3f219d99cc969cab53cade411d4d5d1f67d46305d6b73cf08b22f6307b9a0
-
SHA512
bd68118213fb1b206cbdc94f1afed17130dd49e2e148ead9237090b5d8d5f2d9ff0c867f98feb93b0e7158fdd8c8d4d481db6e28747976272fe2505b19a87aa6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/2CC:ymb3NkkiQ3mdBjFo73PYP1lri3K8GwyV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ed5d0cae4083465925ba0602c82fc9c0_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\ed5d0cae4083465925ba0602c82fc9c0_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtbth.exec:\tbtbth.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdj.exec:\vvjdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfxxlr.exec:\lrfxxlr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnthb.exec:\htnthb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvjj.exec:\jpvjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfffxxr.exec:\xfffxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbbb.exec:\tbbbbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdv.exec:\vjpdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddv.exec:\jdddv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ffxrrl.exec:\1ffxrrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnbnh.exec:\bnnbnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddv.exec:\pvddv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvv.exec:\vvdvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxllr.exec:\rrxxllr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnttnn.exec:\hnttnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdv.exec:\vpjdv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjvp.exec:\djjvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfllx.exec:\fxlfllx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhhh.exec:\bnhhhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpp.exec:\jpvpp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjd.exec:\djpjd.exe23⤵
- Executes dropped EXE
-
\??\c:\xxlrllx.exec:\xxlrllx.exe24⤵
- Executes dropped EXE
-
\??\c:\tttnhh.exec:\tttnhh.exe25⤵
- Executes dropped EXE
-
\??\c:\nbhtnh.exec:\nbhtnh.exe26⤵
- Executes dropped EXE
-
\??\c:\jvpjv.exec:\jvpjv.exe27⤵
- Executes dropped EXE
-
\??\c:\llffxxx.exec:\llffxxx.exe28⤵
- Executes dropped EXE
-
\??\c:\rflfffl.exec:\rflfffl.exe29⤵
- Executes dropped EXE
-
\??\c:\bnbtnh.exec:\bnbtnh.exe30⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe31⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe32⤵
- Executes dropped EXE
-
\??\c:\rflfxxx.exec:\rflfxxx.exe33⤵
- Executes dropped EXE
-
\??\c:\bhthtn.exec:\bhthtn.exe34⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe35⤵
- Executes dropped EXE
-
\??\c:\lxlfllf.exec:\lxlfllf.exe36⤵
- Executes dropped EXE
-
\??\c:\nhhhbt.exec:\nhhhbt.exe37⤵
- Executes dropped EXE
-
\??\c:\7jjdv.exec:\7jjdv.exe38⤵
- Executes dropped EXE
-
\??\c:\rllfrfr.exec:\rllfrfr.exe39⤵
- Executes dropped EXE
-
\??\c:\1hbttn.exec:\1hbttn.exe40⤵
- Executes dropped EXE
-
\??\c:\9tttnh.exec:\9tttnh.exe41⤵
- Executes dropped EXE
-
\??\c:\vpvjd.exec:\vpvjd.exe42⤵
- Executes dropped EXE
-
\??\c:\vdpvj.exec:\vdpvj.exe43⤵
- Executes dropped EXE
-
\??\c:\rrrrfll.exec:\rrrrfll.exe44⤵
- Executes dropped EXE
-
\??\c:\tnttnt.exec:\tnttnt.exe45⤵
- Executes dropped EXE
-
\??\c:\3djjp.exec:\3djjp.exe46⤵
- Executes dropped EXE
-
\??\c:\9xxrrll.exec:\9xxrrll.exe47⤵
- Executes dropped EXE
-
\??\c:\9tbbtt.exec:\9tbbtt.exe48⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe49⤵
- Executes dropped EXE
-
\??\c:\vjpdj.exec:\vjpdj.exe50⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe51⤵
- Executes dropped EXE
-
\??\c:\fxxlllf.exec:\fxxlllf.exe52⤵
- Executes dropped EXE
-
\??\c:\5ffxxxr.exec:\5ffxxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\nnnhtt.exec:\nnnhtt.exe54⤵
- Executes dropped EXE
-
\??\c:\tnnbtt.exec:\tnnbtt.exe55⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe56⤵
- Executes dropped EXE
-
\??\c:\jjvpd.exec:\jjvpd.exe57⤵
- Executes dropped EXE
-
\??\c:\xrllxxr.exec:\xrllxxr.exe58⤵
- Executes dropped EXE
-
\??\c:\tbbhtt.exec:\tbbhtt.exe59⤵
- Executes dropped EXE
-
\??\c:\ttbtnh.exec:\ttbtnh.exe60⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe61⤵
- Executes dropped EXE
-
\??\c:\rxxrllf.exec:\rxxrllf.exe62⤵
- Executes dropped EXE
-
\??\c:\ttbthn.exec:\ttbthn.exe63⤵
- Executes dropped EXE
-
\??\c:\bbthnh.exec:\bbthnh.exe64⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe65⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe66⤵
-
\??\c:\5fxlxrl.exec:\5fxlxrl.exe67⤵
-
\??\c:\xrxrxrl.exec:\xrxrxrl.exe68⤵
-
\??\c:\3hnhhh.exec:\3hnhhh.exe69⤵
-
\??\c:\tnnhth.exec:\tnnhth.exe70⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe71⤵
-
\??\c:\rxxrfff.exec:\rxxrfff.exe72⤵
-
\??\c:\bhtttb.exec:\bhtttb.exe73⤵
-
\??\c:\pdppp.exec:\pdppp.exe74⤵
-
\??\c:\fffrfxr.exec:\fffrfxr.exe75⤵
-
\??\c:\llffxxr.exec:\llffxxr.exe76⤵
-
\??\c:\hntnnt.exec:\hntnnt.exe77⤵
-
\??\c:\lrrllxr.exec:\lrrllxr.exe78⤵
-
\??\c:\rlxxxxx.exec:\rlxxxxx.exe79⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe80⤵
-
\??\c:\dddvp.exec:\dddvp.exe81⤵
-
\??\c:\xlfxrll.exec:\xlfxrll.exe82⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe83⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe84⤵
-
\??\c:\xlrlxxx.exec:\xlrlxxx.exe85⤵
-
\??\c:\lfxxrrr.exec:\lfxxrrr.exe86⤵
-
\??\c:\tbbttn.exec:\tbbttn.exe87⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe88⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe89⤵
-
\??\c:\lfrlrrl.exec:\lfrlrrl.exe90⤵
-
\??\c:\hhnntt.exec:\hhnntt.exe91⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe92⤵
-
\??\c:\jjddv.exec:\jjddv.exe93⤵
-
\??\c:\rlrrlrr.exec:\rlrrlrr.exe94⤵
-
\??\c:\llfxlfx.exec:\llfxlfx.exe95⤵
-
\??\c:\9hhbnn.exec:\9hhbnn.exe96⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe97⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe98⤵
-
\??\c:\xrxrlrl.exec:\xrxrlrl.exe99⤵
-
\??\c:\frlfxrl.exec:\frlfxrl.exe100⤵
-
\??\c:\nbttnh.exec:\nbttnh.exe101⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe102⤵
-
\??\c:\pjpdp.exec:\pjpdp.exe103⤵
-
\??\c:\xlfxllf.exec:\xlfxllf.exe104⤵
-
\??\c:\rlrfxxr.exec:\rlrfxxr.exe105⤵
-
\??\c:\1hbthb.exec:\1hbthb.exe106⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe107⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe108⤵
-
\??\c:\5fffxxx.exec:\5fffxxx.exe109⤵
-
\??\c:\fllfxxl.exec:\fllfxxl.exe110⤵
-
\??\c:\tbttnh.exec:\tbttnh.exe111⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe112⤵
-
\??\c:\9jdvj.exec:\9jdvj.exe113⤵
-
\??\c:\xrlfrlr.exec:\xrlfrlr.exe114⤵
-
\??\c:\bhnhbh.exec:\bhnhbh.exe115⤵
-
\??\c:\hhhbtn.exec:\hhhbtn.exe116⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe117⤵
-
\??\c:\vvppp.exec:\vvppp.exe118⤵
-
\??\c:\3rrlxfx.exec:\3rrlxfx.exe119⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe120⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-