Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
09/05/2024, 12:56
General
-
Target
3a4f979748217fad0d1037f57d6adf20_NeikiAnalytics.exe
-
Size
64KB
-
MD5
3a4f979748217fad0d1037f57d6adf20
-
SHA1
e23aeab9eb69dd2e5f57a005625e507a9e7c8776
-
SHA256
e9331d367e2516fd5251f68876c031db7c172bc28890bd9c4c91b302d7cc2c5d
-
SHA512
b09f22183f124fa52d17ec1b59ef23cb9fe284ab8d0476e57ed53be0da6e523f705c1988ddda6561d351249120dae0e78675ad4f05eedebcdb74a65eb89457dc
-
SSDEEP
1536:fvQBeOGtrYSSsrc93UBIfdC67m6AJiqsKzX7LWY6i3:fhOm2sI93UufdC67ciynd6i3
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3a4f979748217fad0d1037f57d6adf20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3a4f979748217fad0d1037f57d6adf20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdjj.exec:\jvdjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxrrf.exec:\rrrxrrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhthnn.exec:\nhthnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjv.exec:\dvjjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvjv.exec:\7dvjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fflxfl.exec:\7fflxfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhnhb.exec:\nhhnhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttbt.exec:\hhttbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvv.exec:\vvpvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrfll.exec:\rlrrfll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrrxrx.exec:\llrrxrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bntbb.exec:\7bntbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbhnt.exec:\7nbhnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvp.exec:\jvdvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrfrx.exec:\fxlrfrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxrxl.exec:\frfxrxl.exe17⤵
- Executes dropped EXE
-
\??\c:\5tnhbn.exec:\5tnhbn.exe18⤵
- Executes dropped EXE
-
\??\c:\nbtbtt.exec:\nbtbtt.exe19⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe20⤵
- Executes dropped EXE
-
\??\c:\lrflfxl.exec:\lrflfxl.exe21⤵
- Executes dropped EXE
-
\??\c:\xrrxrrf.exec:\xrrxrrf.exe22⤵
- Executes dropped EXE
-
\??\c:\thbhnb.exec:\thbhnb.exe23⤵
- Executes dropped EXE
-
\??\c:\vppvv.exec:\vppvv.exe24⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe25⤵
- Executes dropped EXE
-
\??\c:\lxrlllr.exec:\lxrlllr.exe26⤵
- Executes dropped EXE
-
\??\c:\hthntt.exec:\hthntt.exe27⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe28⤵
- Executes dropped EXE
-
\??\c:\7pdvp.exec:\7pdvp.exe29⤵
- Executes dropped EXE
-
\??\c:\7xrrlrx.exec:\7xrrlrx.exe30⤵
- Executes dropped EXE
-
\??\c:\btntht.exec:\btntht.exe31⤵
- Executes dropped EXE
-
\??\c:\9bnbnt.exec:\9bnbnt.exe32⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe33⤵
- Executes dropped EXE
-
\??\c:\fxfflrf.exec:\fxfflrf.exe34⤵
- Executes dropped EXE
-
\??\c:\lfrxfxf.exec:\lfrxfxf.exe35⤵
- Executes dropped EXE
-
\??\c:\tnhntt.exec:\tnhntt.exe36⤵
- Executes dropped EXE
-
\??\c:\bbhthb.exec:\bbhthb.exe37⤵
- Executes dropped EXE
-
\??\c:\jjdjj.exec:\jjdjj.exe38⤵
- Executes dropped EXE
-
\??\c:\5pppv.exec:\5pppv.exe39⤵
- Executes dropped EXE
-
\??\c:\xrxxflx.exec:\xrxxflx.exe40⤵
- Executes dropped EXE
-
\??\c:\rrllxxx.exec:\rrllxxx.exe41⤵
- Executes dropped EXE
-
\??\c:\tnbtbn.exec:\tnbtbn.exe42⤵
- Executes dropped EXE
-
\??\c:\hbbbtn.exec:\hbbbtn.exe43⤵
- Executes dropped EXE
-
\??\c:\jddpp.exec:\jddpp.exe44⤵
- Executes dropped EXE
-
\??\c:\ppjpp.exec:\ppjpp.exe45⤵
- Executes dropped EXE
-
\??\c:\lfxxflx.exec:\lfxxflx.exe46⤵
- Executes dropped EXE
-
\??\c:\1lfllrx.exec:\1lfllrx.exe47⤵
- Executes dropped EXE
-
\??\c:\rlxfxfr.exec:\rlxfxfr.exe48⤵
- Executes dropped EXE
-
\??\c:\nhtbhh.exec:\nhtbhh.exe49⤵
- Executes dropped EXE
-
\??\c:\hhbhtb.exec:\hhbhtb.exe50⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe51⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe52⤵
- Executes dropped EXE
-
\??\c:\xrlrrlx.exec:\xrlrrlx.exe53⤵
- Executes dropped EXE
-
\??\c:\bnhnbh.exec:\bnhnbh.exe54⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe55⤵
- Executes dropped EXE
-
\??\c:\ppjpv.exec:\ppjpv.exe56⤵
- Executes dropped EXE
-
\??\c:\jjppd.exec:\jjppd.exe57⤵
- Executes dropped EXE
-
\??\c:\ffrfrlx.exec:\ffrfrlx.exe58⤵
- Executes dropped EXE
-
\??\c:\frxlxlf.exec:\frxlxlf.exe59⤵
- Executes dropped EXE
-
\??\c:\llrfxfl.exec:\llrfxfl.exe60⤵
- Executes dropped EXE
-
\??\c:\btntbb.exec:\btntbb.exe61⤵
- Executes dropped EXE
-
\??\c:\3btthh.exec:\3btthh.exe62⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe63⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe64⤵
- Executes dropped EXE
-
\??\c:\rfrrrfl.exec:\rfrrrfl.exe65⤵
- Executes dropped EXE
-
\??\c:\fflrffl.exec:\fflrffl.exe66⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe67⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe68⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe69⤵
-
\??\c:\5rllrrf.exec:\5rllrrf.exe70⤵
-
\??\c:\lfllxrx.exec:\lfllxrx.exe71⤵
-
\??\c:\1llfrxf.exec:\1llfrxf.exe72⤵
-
\??\c:\1nhntb.exec:\1nhntb.exe73⤵
-
\??\c:\7hbhtn.exec:\7hbhtn.exe74⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe75⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe76⤵
-
\??\c:\xrlrfrf.exec:\xrlrfrf.exe77⤵
-
\??\c:\xxflflx.exec:\xxflflx.exe78⤵
-
\??\c:\bttbnh.exec:\bttbnh.exe79⤵
-
\??\c:\nnbnbb.exec:\nnbnbb.exe80⤵
-
\??\c:\btbbnt.exec:\btbbnt.exe81⤵
-
\??\c:\jdppv.exec:\jdppv.exe82⤵
-
\??\c:\pjddj.exec:\pjddj.exe83⤵
-
\??\c:\ffxxfxf.exec:\ffxxfxf.exe84⤵
-
\??\c:\7llrlxl.exec:\7llrlxl.exe85⤵
-
\??\c:\hbbntb.exec:\hbbntb.exe86⤵
-
\??\c:\1thnhn.exec:\1thnhn.exe87⤵
-
\??\c:\nhhnnh.exec:\nhhnnh.exe88⤵
-
\??\c:\1jdpd.exec:\1jdpd.exe89⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe90⤵
-
\??\c:\lfrxllr.exec:\lfrxllr.exe91⤵
-
\??\c:\xrfrrxf.exec:\xrfrrxf.exe92⤵
-
\??\c:\9lrlfrx.exec:\9lrlfrx.exe93⤵
-
\??\c:\hbtbtt.exec:\hbtbtt.exe94⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe95⤵
-
\??\c:\3jvdj.exec:\3jvdj.exe96⤵
-
\??\c:\fxllrxf.exec:\fxllrxf.exe97⤵
-
\??\c:\5rfrffx.exec:\5rfrffx.exe98⤵
-
\??\c:\tntttb.exec:\tntttb.exe99⤵
-
\??\c:\bthbtb.exec:\bthbtb.exe100⤵
-
\??\c:\nhttbt.exec:\nhttbt.exe101⤵
-
\??\c:\1dvjp.exec:\1dvjp.exe102⤵
-
\??\c:\pjddd.exec:\pjddd.exe103⤵
-
\??\c:\3rlrxxl.exec:\3rlrxxl.exe104⤵
-
\??\c:\3lrxxfl.exec:\3lrxxfl.exe105⤵
-
\??\c:\bntbnb.exec:\bntbnb.exe106⤵
-
\??\c:\3thtbh.exec:\3thtbh.exe107⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe108⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe109⤵
-
\??\c:\lllrxfl.exec:\lllrxfl.exe110⤵
-
\??\c:\lfflrll.exec:\lfflrll.exe111⤵
-
\??\c:\7thhnh.exec:\7thhnh.exe112⤵
-
\??\c:\hbnhhn.exec:\hbnhhn.exe113⤵
-
\??\c:\pjddj.exec:\pjddj.exe114⤵
-
\??\c:\1pdpv.exec:\1pdpv.exe115⤵
-
\??\c:\1jvpv.exec:\1jvpv.exe116⤵
-
\??\c:\lllrxfl.exec:\lllrxfl.exe117⤵
-
\??\c:\xxrxffx.exec:\xxrxffx.exe118⤵
-
\??\c:\bbhthn.exec:\bbhthn.exe119⤵
-
\??\c:\3nhthh.exec:\3nhthh.exe120⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-