Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
08/05/2024, 19:33
General
-
Target
2159b259021c83fd27bbf30c54074750_NEIKI.exe
-
Size
447KB
-
MD5
2159b259021c83fd27bbf30c54074750
-
SHA1
2d94d80a50bb0ed9db2f3a49ee851b27b2dbad62
-
SHA256
8b05b4fa81c06919fb40133cdbe4f65c2062af87814f382a1b0647b697e891cb
-
SHA512
6cd4a3c47b2ee61630283d7f6856073bfb80362cf90d41bdac841381f20c308ad8051599de38a9f6fe8ddf56e81b36c55dc3c5313018c2ab81feca67133b87fc
-
SSDEEP
6144:n3C9BRo7MlrWKo+lS0Le4xRSAoq78yoyfx93sEqkeGLk:n3C9yMo+S0L9xRnoq7H9xqYLk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2159b259021c83fd27bbf30c54074750_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\2159b259021c83fd27bbf30c54074750_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tvlxvt.exec:\tvlxvt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddbbdxn.exec:\ddbbdxn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxbfvlr.exec:\hxbfvlr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bljbv.exec:\bljbv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbfpt.exec:\bbfpt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxndphn.exec:\nxndphn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thxxlx.exec:\thxxlx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbrlxh.exec:\hbrlxh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdptlhl.exec:\xdptlhl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdtbv.exec:\pdtbv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lvtnt.exec:\lvtnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xtrjjx.exec:\xtrjjx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tvfxldn.exec:\tvfxldn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ltjnhxh.exec:\ltjnhxh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djtddf.exec:\djtddf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxndx.exec:\nxndx.exe17⤵
- Executes dropped EXE
-
\??\c:\rjppp.exec:\rjppp.exe18⤵
- Executes dropped EXE
-
\??\c:\hfdjvrt.exec:\hfdjvrt.exe19⤵
- Executes dropped EXE
-
\??\c:\prvjpv.exec:\prvjpv.exe20⤵
- Executes dropped EXE
-
\??\c:\phxjxr.exec:\phxjxr.exe21⤵
- Executes dropped EXE
-
\??\c:\tlfrl.exec:\tlfrl.exe22⤵
- Executes dropped EXE
-
\??\c:\jrbtdb.exec:\jrbtdb.exe23⤵
- Executes dropped EXE
-
\??\c:\xbnxtfb.exec:\xbnxtfb.exe24⤵
- Executes dropped EXE
-
\??\c:\hhtxdbd.exec:\hhtxdbd.exe25⤵
- Executes dropped EXE
-
\??\c:\lfvvdt.exec:\lfvvdt.exe26⤵
- Executes dropped EXE
-
\??\c:\tthhjr.exec:\tthhjr.exe27⤵
- Executes dropped EXE
-
\??\c:\prfjbx.exec:\prfjbx.exe28⤵
- Executes dropped EXE
-
\??\c:\bhrdtn.exec:\bhrdtn.exe29⤵
- Executes dropped EXE
-
\??\c:\pxvxnf.exec:\pxvxnf.exe30⤵
- Executes dropped EXE
-
\??\c:\hfpdftn.exec:\hfpdftn.exe31⤵
- Executes dropped EXE
-
\??\c:\bvdjt.exec:\bvdjt.exe32⤵
- Executes dropped EXE
-
\??\c:\xxxjl.exec:\xxxjl.exe33⤵
- Executes dropped EXE
-
\??\c:\nhplh.exec:\nhplh.exe34⤵
- Executes dropped EXE
-
\??\c:\xtvtjn.exec:\xtvtjn.exe35⤵
- Executes dropped EXE
-
\??\c:\lxbfnnl.exec:\lxbfnnl.exe36⤵
- Executes dropped EXE
-
\??\c:\bdrth.exec:\bdrth.exe37⤵
- Executes dropped EXE
-
\??\c:\hfrrhn.exec:\hfrrhn.exe38⤵
- Executes dropped EXE
-
\??\c:\fxrbnpb.exec:\fxrbnpb.exe39⤵
- Executes dropped EXE
-
\??\c:\pdrdprv.exec:\pdrdprv.exe40⤵
- Executes dropped EXE
-
\??\c:\flrxb.exec:\flrxb.exe41⤵
- Executes dropped EXE
-
\??\c:\prbvv.exec:\prbvv.exe42⤵
- Executes dropped EXE
-
\??\c:\bjbrnht.exec:\bjbrnht.exe43⤵
- Executes dropped EXE
-
\??\c:\fxbnf.exec:\fxbnf.exe44⤵
- Executes dropped EXE
-
\??\c:\hlrhd.exec:\hlrhd.exe45⤵
- Executes dropped EXE
-
\??\c:\vnxlvf.exec:\vnxlvf.exe46⤵
- Executes dropped EXE
-
\??\c:\hhvnjn.exec:\hhvnjn.exe47⤵
- Executes dropped EXE
-
\??\c:\jdxhvrn.exec:\jdxhvrn.exe48⤵
- Executes dropped EXE
-
\??\c:\nxxftjx.exec:\nxxftjx.exe49⤵
- Executes dropped EXE
-
\??\c:\lxbdv.exec:\lxbdv.exe50⤵
- Executes dropped EXE
-
\??\c:\tdrlptb.exec:\tdrlptb.exe51⤵
- Executes dropped EXE
-
\??\c:\hlppj.exec:\hlppj.exe52⤵
- Executes dropped EXE
-
\??\c:\xhnltdn.exec:\xhnltdn.exe53⤵
- Executes dropped EXE
-
\??\c:\nxvvxh.exec:\nxvvxh.exe54⤵
- Executes dropped EXE
-
\??\c:\rnxvf.exec:\rnxvf.exe55⤵
- Executes dropped EXE
-
\??\c:\xbdjpd.exec:\xbdjpd.exe56⤵
- Executes dropped EXE
-
\??\c:\ntdtl.exec:\ntdtl.exe57⤵
- Executes dropped EXE
-
\??\c:\bvxnttv.exec:\bvxnttv.exe58⤵
- Executes dropped EXE
-
\??\c:\rnjpv.exec:\rnjpv.exe59⤵
- Executes dropped EXE
-
\??\c:\vdvrbx.exec:\vdvrbx.exe60⤵
- Executes dropped EXE
-
\??\c:\dhnxv.exec:\dhnxv.exe61⤵
- Executes dropped EXE
-
\??\c:\txftnlx.exec:\txftnlx.exe62⤵
- Executes dropped EXE
-
\??\c:\dbdldbd.exec:\dbdldbd.exe63⤵
- Executes dropped EXE
-
\??\c:\xtplpll.exec:\xtplpll.exe64⤵
- Executes dropped EXE
-
\??\c:\lxdrdx.exec:\lxdrdx.exe65⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe66⤵
-
\??\c:\rjnhvxj.exec:\rjnhvxj.exe67⤵
-
\??\c:\dhhjvr.exec:\dhhjvr.exe68⤵
-
\??\c:\hxvhnnd.exec:\hxvhnnd.exe69⤵
-
\??\c:\tnhpb.exec:\tnhpb.exe70⤵
-
\??\c:\jpndj.exec:\jpndj.exe71⤵
-
\??\c:\jnxfnf.exec:\jnxfnf.exe72⤵
-
\??\c:\rfpvdfx.exec:\rfpvdfx.exe73⤵
-
\??\c:\bvxjpb.exec:\bvxjpb.exe74⤵
-
\??\c:\lphbltr.exec:\lphbltr.exe75⤵
-
\??\c:\rbpvt.exec:\rbpvt.exe76⤵
-
\??\c:\xfppp.exec:\xfppp.exe77⤵
-
\??\c:\ppnrfh.exec:\ppnrfh.exe78⤵
-
\??\c:\ldtfj.exec:\ldtfj.exe79⤵
-
\??\c:\ljdjv.exec:\ljdjv.exe80⤵
-
\??\c:\hdpph.exec:\hdpph.exe81⤵
-
\??\c:\ddhbvbf.exec:\ddhbvbf.exe82⤵
-
\??\c:\pbdvlb.exec:\pbdvlb.exe83⤵
-
\??\c:\lxxvn.exec:\lxxvn.exe84⤵
-
\??\c:\rrhndpl.exec:\rrhndpl.exe85⤵
-
\??\c:\tfdjxfv.exec:\tfdjxfv.exe86⤵
-
\??\c:\hxrft.exec:\hxrft.exe87⤵
-
\??\c:\fnlhl.exec:\fnlhl.exe88⤵
-
\??\c:\vdblf.exec:\vdblf.exe89⤵
-
\??\c:\tjpxjpl.exec:\tjpxjpl.exe90⤵
-
\??\c:\jlpltb.exec:\jlpltb.exe91⤵
-
\??\c:\fdbfxb.exec:\fdbfxb.exe92⤵
-
\??\c:\ldhnjh.exec:\ldhnjh.exe93⤵
-
\??\c:\hxdphjd.exec:\hxdphjd.exe94⤵
-
\??\c:\pdnnbb.exec:\pdnnbb.exe95⤵
-
\??\c:\nhtpp.exec:\nhtpp.exe96⤵
-
\??\c:\hfpfp.exec:\hfpfp.exe97⤵
-
\??\c:\jphhl.exec:\jphhl.exe98⤵
-
\??\c:\tblrpdt.exec:\tblrpdt.exe99⤵
-
\??\c:\rpndnrp.exec:\rpndnrp.exe100⤵
-
\??\c:\frvbp.exec:\frvbp.exe101⤵
-
\??\c:\dnlbpd.exec:\dnlbpd.exe102⤵
-
\??\c:\fhplthx.exec:\fhplthx.exe103⤵
-
\??\c:\pjtffj.exec:\pjtffj.exe104⤵
-
\??\c:\fxdxv.exec:\fxdxv.exe105⤵
-
\??\c:\bnvxxp.exec:\bnvxxp.exe106⤵
-
\??\c:\fnxxrpr.exec:\fnxxrpr.exe107⤵
-
\??\c:\fpbnn.exec:\fpbnn.exe108⤵
-
\??\c:\rtjrjv.exec:\rtjrjv.exe109⤵
-
\??\c:\vhnnf.exec:\vhnnf.exe110⤵
-
\??\c:\ddtdhd.exec:\ddtdhd.exe111⤵
-
\??\c:\tddrvl.exec:\tddrvl.exe112⤵
-
\??\c:\tpvnh.exec:\tpvnh.exe113⤵
-
\??\c:\fxfjrb.exec:\fxfjrb.exe114⤵
-
\??\c:\fnhln.exec:\fnhln.exe115⤵
-
\??\c:\bnbvf.exec:\bnbvf.exe116⤵
-
\??\c:\xfxxf.exec:\xfxxf.exe117⤵
-
\??\c:\bjrxdth.exec:\bjrxdth.exe118⤵
-
\??\c:\fxvrd.exec:\fxvrd.exe119⤵
-
\??\c:\rxthr.exec:\rxthr.exe120⤵
-
\??\c:\dxdbbt.exec:\dxdbbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-