Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
09/05/2024, 10:41
General
-
Target
15007bca6d2449388e9898c1626216d0_NeikiAnalytics.exe
-
Size
87KB
-
MD5
15007bca6d2449388e9898c1626216d0
-
SHA1
9dbce738c331433febbccb80e045ec0dbd158657
-
SHA256
2a212aff3225e17884ead79dc2236a9d3fe510b91dcfb1e93f9625b6a94602f0
-
SHA512
f83dd73e9e646d9e689e7a22a008796ea18bca4eba70cf8156401b1c7261739c56b41d0370423d13384d4bd5415633f652dc4a9c8ee949fad1e1e63ef48f62a9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73yqKH/KjveD:ymb3NkkiQ3mdBjFo73yX+vQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\15007bca6d2449388e9898c1626216d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\15007bca6d2449388e9898c1626216d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjpj.exec:\ddjpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dpdj.exec:\9dpdj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbbbh.exec:\1nbbbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpd.exec:\dvjpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffffr.exec:\rlffffr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbhb.exec:\tnnbhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppp.exec:\pjppp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlxrr.exec:\xlrlxrr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrlllf.exec:\7xrlllf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnttt.exec:\bnnttt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvpd.exec:\9jvpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlfxrr.exec:\lxlfxrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbnbb.exec:\thbnbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhtt.exec:\hbnhtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjj.exec:\pjvjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1flxxrf.exec:\1flxxrf.exe17⤵
- Executes dropped EXE
-
\??\c:\hbntbh.exec:\hbntbh.exe18⤵
- Executes dropped EXE
-
\??\c:\hbhnbb.exec:\hbhnbb.exe19⤵
- Executes dropped EXE
-
\??\c:\jvpjp.exec:\jvpjp.exe20⤵
- Executes dropped EXE
-
\??\c:\5dvpv.exec:\5dvpv.exe21⤵
- Executes dropped EXE
-
\??\c:\xrfxflx.exec:\xrfxflx.exe22⤵
- Executes dropped EXE
-
\??\c:\tnbhtb.exec:\tnbhtb.exe23⤵
- Executes dropped EXE
-
\??\c:\7pdjv.exec:\7pdjv.exe24⤵
- Executes dropped EXE
-
\??\c:\fxfflfl.exec:\fxfflfl.exe25⤵
- Executes dropped EXE
-
\??\c:\7hhhnb.exec:\7hhhnb.exe26⤵
- Executes dropped EXE
-
\??\c:\7ntbnn.exec:\7ntbnn.exe27⤵
- Executes dropped EXE
-
\??\c:\vvjpd.exec:\vvjpd.exe28⤵
- Executes dropped EXE
-
\??\c:\9rfflrx.exec:\9rfflrx.exe29⤵
- Executes dropped EXE
-
\??\c:\3nntnn.exec:\3nntnn.exe30⤵
- Executes dropped EXE
-
\??\c:\hbnhhn.exec:\hbnhhn.exe31⤵
- Executes dropped EXE
-
\??\c:\dvjjd.exec:\dvjjd.exe32⤵
- Executes dropped EXE
-
\??\c:\3rflrxf.exec:\3rflrxf.exe33⤵
- Executes dropped EXE
-
\??\c:\fflrlrr.exec:\fflrlrr.exe34⤵
- Executes dropped EXE
-
\??\c:\3thntt.exec:\3thntt.exe35⤵
- Executes dropped EXE
-
\??\c:\dpdpp.exec:\dpdpp.exe36⤵
- Executes dropped EXE
-
\??\c:\3lxlrfl.exec:\3lxlrfl.exe37⤵
- Executes dropped EXE
-
\??\c:\1fxlrlr.exec:\1fxlrlr.exe38⤵
- Executes dropped EXE
-
\??\c:\tnthht.exec:\tnthht.exe39⤵
- Executes dropped EXE
-
\??\c:\hhbbnt.exec:\hhbbnt.exe40⤵
- Executes dropped EXE
-
\??\c:\1jdjp.exec:\1jdjp.exe41⤵
- Executes dropped EXE
-
\??\c:\rfrrrxf.exec:\rfrrrxf.exe42⤵
- Executes dropped EXE
-
\??\c:\fflxlrx.exec:\fflxlrx.exe43⤵
- Executes dropped EXE
-
\??\c:\hhbtnb.exec:\hhbtnb.exe44⤵
- Executes dropped EXE
-
\??\c:\tthhtt.exec:\tthhtt.exe45⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe46⤵
- Executes dropped EXE
-
\??\c:\xrxlxlx.exec:\xrxlxlx.exe47⤵
- Executes dropped EXE
-
\??\c:\rlfxfrf.exec:\rlfxfrf.exe48⤵
- Executes dropped EXE
-
\??\c:\5xffllr.exec:\5xffllr.exe49⤵
- Executes dropped EXE
-
\??\c:\9tnbbt.exec:\9tnbbt.exe50⤵
- Executes dropped EXE
-
\??\c:\1ppvd.exec:\1ppvd.exe51⤵
- Executes dropped EXE
-
\??\c:\lfrrrxl.exec:\lfrrrxl.exe52⤵
- Executes dropped EXE
-
\??\c:\rrrxrxf.exec:\rrrxrxf.exe53⤵
- Executes dropped EXE
-
\??\c:\bbthnh.exec:\bbthnh.exe54⤵
- Executes dropped EXE
-
\??\c:\nhhthh.exec:\nhhthh.exe55⤵
- Executes dropped EXE
-
\??\c:\ppjvv.exec:\ppjvv.exe56⤵
- Executes dropped EXE
-
\??\c:\9jddp.exec:\9jddp.exe57⤵
- Executes dropped EXE
-
\??\c:\fxxxlrf.exec:\fxxxlrf.exe58⤵
- Executes dropped EXE
-
\??\c:\9fxxffl.exec:\9fxxffl.exe59⤵
- Executes dropped EXE
-
\??\c:\3nhttb.exec:\3nhttb.exe60⤵
- Executes dropped EXE
-
\??\c:\hhhthh.exec:\hhhthh.exe61⤵
- Executes dropped EXE
-
\??\c:\vvvjp.exec:\vvvjp.exe62⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe63⤵
- Executes dropped EXE
-
\??\c:\lfrxfxf.exec:\lfrxfxf.exe64⤵
- Executes dropped EXE
-
\??\c:\ntbtbt.exec:\ntbtbt.exe65⤵
- Executes dropped EXE
-
\??\c:\hhhtbh.exec:\hhhtbh.exe66⤵
-
\??\c:\5jvdp.exec:\5jvdp.exe67⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe68⤵
-
\??\c:\rrfrffl.exec:\rrfrffl.exe69⤵
-
\??\c:\lfflrfr.exec:\lfflrfr.exe70⤵
-
\??\c:\bnbbhn.exec:\bnbbhn.exe71⤵
-
\??\c:\dvppd.exec:\dvppd.exe72⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe73⤵
-
\??\c:\fxrrxff.exec:\fxrrxff.exe74⤵
-
\??\c:\1xxlxxl.exec:\1xxlxxl.exe75⤵
-
\??\c:\hbthtb.exec:\hbthtb.exe76⤵
-
\??\c:\3tthtt.exec:\3tthtt.exe77⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe78⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe79⤵
-
\??\c:\xxrfxxl.exec:\xxrfxxl.exe80⤵
-
\??\c:\rrrflrx.exec:\rrrflrx.exe81⤵
-
\??\c:\7bbhnn.exec:\7bbhnn.exe82⤵
-
\??\c:\bbnhbh.exec:\bbnhbh.exe83⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe84⤵
-
\??\c:\5jpvd.exec:\5jpvd.exe85⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe86⤵
-
\??\c:\rlxffxf.exec:\rlxffxf.exe87⤵
-
\??\c:\1btbnn.exec:\1btbnn.exe88⤵
-
\??\c:\htbhnn.exec:\htbhnn.exe89⤵
-
\??\c:\1vjpv.exec:\1vjpv.exe90⤵
-
\??\c:\pddpj.exec:\pddpj.exe91⤵
-
\??\c:\7rlfrfl.exec:\7rlfrfl.exe92⤵
-
\??\c:\1xllrxl.exec:\1xllrxl.exe93⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe94⤵
-
\??\c:\btnbnb.exec:\btnbnb.exe95⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe96⤵
-
\??\c:\5vjjj.exec:\5vjjj.exe97⤵
-
\??\c:\frllxrx.exec:\frllxrx.exe98⤵
-
\??\c:\7xllxfl.exec:\7xllxfl.exe99⤵
-
\??\c:\hhnbtt.exec:\hhnbtt.exe100⤵
-
\??\c:\hthnhh.exec:\hthnhh.exe101⤵
-
\??\c:\dvddv.exec:\dvddv.exe102⤵
-
\??\c:\7vpvj.exec:\7vpvj.exe103⤵
-
\??\c:\9flxffr.exec:\9flxffr.exe104⤵
-
\??\c:\1xrrxfr.exec:\1xrrxfr.exe105⤵
-
\??\c:\btbhtt.exec:\btbhtt.exe106⤵
-
\??\c:\9thbth.exec:\9thbth.exe107⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe108⤵
-
\??\c:\xfrlxlf.exec:\xfrlxlf.exe109⤵
-
\??\c:\frxlxfr.exec:\frxlxfr.exe110⤵
-
\??\c:\hbbhtt.exec:\hbbhtt.exe111⤵
-
\??\c:\nhbhht.exec:\nhbhht.exe112⤵
-
\??\c:\tntbhn.exec:\tntbhn.exe113⤵
-
\??\c:\vvddj.exec:\vvddj.exe114⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe115⤵
-
\??\c:\5fllrrx.exec:\5fllrrx.exe116⤵
-
\??\c:\rlrrflr.exec:\rlrrflr.exe117⤵
-
\??\c:\3tnnht.exec:\3tnnht.exe118⤵
-
\??\c:\3hhhnt.exec:\3hhhnt.exe119⤵
-
\??\c:\vjpdj.exec:\vjpdj.exe120⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-