Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
09/05/2024, 12:56
General
-
Target
3a4f979748217fad0d1037f57d6adf20_NeikiAnalytics.exe
-
Size
64KB
-
MD5
3a4f979748217fad0d1037f57d6adf20
-
SHA1
e23aeab9eb69dd2e5f57a005625e507a9e7c8776
-
SHA256
e9331d367e2516fd5251f68876c031db7c172bc28890bd9c4c91b302d7cc2c5d
-
SHA512
b09f22183f124fa52d17ec1b59ef23cb9fe284ab8d0476e57ed53be0da6e523f705c1988ddda6561d351249120dae0e78675ad4f05eedebcdb74a65eb89457dc
-
SSDEEP
1536:fvQBeOGtrYSSsrc93UBIfdC67m6AJiqsKzX7LWY6i3:fhOm2sI93UufdC67ciynd6i3
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2669163743\zmstage.exeC:\Users\Admin\AppData\Local\Temp\2669163743\zmstage.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\3a4f979748217fad0d1037f57d6adf20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3a4f979748217fad0d1037f57d6adf20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpj.exec:\vdvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrrrr.exec:\rlrrrrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrffx.exec:\lxxrffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbthb.exec:\tnbthb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvpp.exec:\9vvpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllffff.exec:\rllffff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhnn.exec:\nhbhnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbtt.exec:\bbhbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdv.exec:\ppjdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pdvp.exec:\9pdvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxxxxl.exec:\5lxxxxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnbt.exec:\bhnnbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnnb.exec:\hbtnnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddp.exec:\pjddp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxfrr.exec:\xxrxfrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxxxx.exec:\xxfxxxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhtt.exec:\tbhhtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhbt.exec:\btnhbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjv.exec:\jjjjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xllllf.exec:\9xllllf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhbbb.exec:\5bhbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe24⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe25⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe26⤵
- Executes dropped EXE
-
\??\c:\7rrrffx.exec:\7rrrffx.exe27⤵
- Executes dropped EXE
-
\??\c:\tbbtnn.exec:\tbbtnn.exe28⤵
- Executes dropped EXE
-
\??\c:\bhntnn.exec:\bhntnn.exe29⤵
- Executes dropped EXE
-
\??\c:\pvdvj.exec:\pvdvj.exe30⤵
- Executes dropped EXE
-
\??\c:\lxrrlfr.exec:\lxrrlfr.exe31⤵
- Executes dropped EXE
-
\??\c:\rrllfxx.exec:\rrllfxx.exe32⤵
- Executes dropped EXE
-
\??\c:\9nhbbt.exec:\9nhbbt.exe33⤵
- Executes dropped EXE
-
\??\c:\tnbbtt.exec:\tnbbtt.exe34⤵
- Executes dropped EXE
-
\??\c:\1ddpp.exec:\1ddpp.exe35⤵
- Executes dropped EXE
-
\??\c:\pdddp.exec:\pdddp.exe36⤵
- Executes dropped EXE
-
\??\c:\rlrlllr.exec:\rlrlllr.exe37⤵
- Executes dropped EXE
-
\??\c:\flfrxrf.exec:\flfrxrf.exe38⤵
- Executes dropped EXE
-
\??\c:\tnhbbt.exec:\tnhbbt.exe39⤵
- Executes dropped EXE
-
\??\c:\btnhtn.exec:\btnhtn.exe40⤵
- Executes dropped EXE
-
\??\c:\jdpdv.exec:\jdpdv.exe41⤵
- Executes dropped EXE
-
\??\c:\pdjdp.exec:\pdjdp.exe42⤵
- Executes dropped EXE
-
\??\c:\3xfrlrl.exec:\3xfrlrl.exe43⤵
- Executes dropped EXE
-
\??\c:\rxfrfxr.exec:\rxfrfxr.exe44⤵
- Executes dropped EXE
-
\??\c:\nbtnbt.exec:\nbtnbt.exe45⤵
- Executes dropped EXE
-
\??\c:\bhbtnn.exec:\bhbtnn.exe46⤵
- Executes dropped EXE
-
\??\c:\3ddvj.exec:\3ddvj.exe47⤵
- Executes dropped EXE
-
\??\c:\vvpjj.exec:\vvpjj.exe48⤵
- Executes dropped EXE
-
\??\c:\lxrfxlx.exec:\lxrfxlx.exe49⤵
- Executes dropped EXE
-
\??\c:\fxllrrx.exec:\fxllrrx.exe50⤵
- Executes dropped EXE
-
\??\c:\tnbtnh.exec:\tnbtnh.exe51⤵
- Executes dropped EXE
-
\??\c:\tttnbt.exec:\tttnbt.exe52⤵
- Executes dropped EXE
-
\??\c:\3pjdv.exec:\3pjdv.exe53⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe54⤵
- Executes dropped EXE
-
\??\c:\7llxllf.exec:\7llxllf.exe55⤵
- Executes dropped EXE
-
\??\c:\btbhhb.exec:\btbhhb.exe56⤵
- Executes dropped EXE
-
\??\c:\nhbbnn.exec:\nhbbnn.exe57⤵
- Executes dropped EXE
-
\??\c:\5jvvj.exec:\5jvvj.exe58⤵
- Executes dropped EXE
-
\??\c:\rlrrrll.exec:\rlrrrll.exe59⤵
- Executes dropped EXE
-
\??\c:\bbhhhb.exec:\bbhhhb.exe60⤵
- Executes dropped EXE
-
\??\c:\7nnhtt.exec:\7nnhtt.exe61⤵
- Executes dropped EXE
-
\??\c:\dpjjj.exec:\dpjjj.exe62⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe63⤵
- Executes dropped EXE
-
\??\c:\xrlffff.exec:\xrlffff.exe64⤵
- Executes dropped EXE
-
\??\c:\frrfxrl.exec:\frrfxrl.exe65⤵
- Executes dropped EXE
-
\??\c:\bbttbh.exec:\bbttbh.exe66⤵
-
\??\c:\bbhbbb.exec:\bbhbbb.exe67⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe68⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe69⤵
-
\??\c:\ffxffxf.exec:\ffxffxf.exe70⤵
-
\??\c:\xrxxfff.exec:\xrxxfff.exe71⤵
-
\??\c:\ntnbht.exec:\ntnbht.exe72⤵
-
\??\c:\bnhbnh.exec:\bnhbnh.exe73⤵
-
\??\c:\3pjdv.exec:\3pjdv.exe74⤵
-
\??\c:\vdppj.exec:\vdppj.exe75⤵
-
\??\c:\3flfrlf.exec:\3flfrlf.exe76⤵
-
\??\c:\lrrrrfl.exec:\lrrrrfl.exe77⤵
-
\??\c:\5lllxlx.exec:\5lllxlx.exe78⤵
-
\??\c:\nbtttb.exec:\nbtttb.exe79⤵
-
\??\c:\hnhhtt.exec:\hnhhtt.exe80⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe81⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe82⤵
-
\??\c:\rlrlfxr.exec:\rlrlfxr.exe83⤵
-
\??\c:\lffrxlx.exec:\lffrxlx.exe84⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe85⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe86⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe87⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe88⤵
-
\??\c:\rflxrlf.exec:\rflxrlf.exe89⤵
-
\??\c:\rrllfff.exec:\rrllfff.exe90⤵
-
\??\c:\nttbnt.exec:\nttbnt.exe91⤵
-
\??\c:\jpppp.exec:\jpppp.exe92⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe93⤵
-
\??\c:\djjdv.exec:\djjdv.exe94⤵
-
\??\c:\lffxfff.exec:\lffxfff.exe95⤵
-
\??\c:\rxlfxxf.exec:\rxlfxxf.exe96⤵
-
\??\c:\ttbhth.exec:\ttbhth.exe97⤵
-
\??\c:\hnhhhh.exec:\hnhhhh.exe98⤵
-
\??\c:\3dvvp.exec:\3dvvp.exe99⤵
-
\??\c:\pddvj.exec:\pddvj.exe100⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe101⤵
-
\??\c:\xllfxxr.exec:\xllfxxr.exe102⤵
-
\??\c:\xfrrrlr.exec:\xfrrrlr.exe103⤵
-
\??\c:\nbnhhb.exec:\nbnhhb.exe104⤵
-
\??\c:\ttnhbb.exec:\ttnhbb.exe105⤵
-
\??\c:\hhtnnh.exec:\hhtnnh.exe106⤵
-
\??\c:\vpppd.exec:\vpppd.exe107⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe108⤵
-
\??\c:\9rllrrx.exec:\9rllrrx.exe109⤵
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe110⤵
-
\??\c:\rffxrlf.exec:\rffxrlf.exe111⤵
-
\??\c:\btbnbt.exec:\btbnbt.exe112⤵
-
\??\c:\ntnhhn.exec:\ntnhhn.exe113⤵
-
\??\c:\pddvj.exec:\pddvj.exe114⤵
-
\??\c:\5dppj.exec:\5dppj.exe115⤵
-
\??\c:\7flfxxr.exec:\7flfxxr.exe116⤵
-
\??\c:\5lfxrrl.exec:\5lfxrrl.exe117⤵
-
\??\c:\tbhtnn.exec:\tbhtnn.exe118⤵
-
\??\c:\1tnnhh.exec:\1tnnhh.exe119⤵
-
\??\c:\vvppj.exec:\vvppj.exe120⤵
-
\??\c:\pvdvd.exec:\pvdvd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-