Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
10/05/2024, 23:52
General
-
Target
32015f5029c47f220b4ed9fdc679c7f0_NeikiAnalytics.exe
-
Size
63KB
-
MD5
32015f5029c47f220b4ed9fdc679c7f0
-
SHA1
df7e79db52df49bb4e340a99b43c608d19d734b7
-
SHA256
d53a130d50eb7678d0935e237e5a88eb1c9696c475134418ca9ea3e04a32138e
-
SHA512
560af17b0ef089c75779a9432ae3bdb5ec84e4b807f62774d0e0c8f3565489a0e340090dccfe0b3ab2af70180bb0a22003abaeb572f4561f8cc687a8b977cae4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIhJm/w/:ymb3NkkiQ3mdBjFILm2
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\32015f5029c47f220b4ed9fdc679c7f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\32015f5029c47f220b4ed9fdc679c7f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\thbnbh.exec:\thbnbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhnt.exec:\tnbhnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\486284.exec:\486284.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u880684.exec:\u880684.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\826642.exec:\826642.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\004046.exec:\004046.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\282042.exec:\282042.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2864804.exec:\2864804.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\622008.exec:\622008.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c248860.exec:\c248860.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\862206.exec:\862206.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btntbh.exec:\btntbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\82468.exec:\82468.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g8006.exec:\g8006.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s8028.exec:\s8028.exe17⤵
- Executes dropped EXE
-
\??\c:\hhtbnn.exec:\hhtbnn.exe18⤵
- Executes dropped EXE
-
\??\c:\4284062.exec:\4284062.exe19⤵
- Executes dropped EXE
-
\??\c:\424066.exec:\424066.exe20⤵
- Executes dropped EXE
-
\??\c:\042446.exec:\042446.exe21⤵
- Executes dropped EXE
-
\??\c:\04668.exec:\04668.exe22⤵
- Executes dropped EXE
-
\??\c:\488428.exec:\488428.exe23⤵
- Executes dropped EXE
-
\??\c:\9lrrrxl.exec:\9lrrrxl.exe24⤵
- Executes dropped EXE
-
\??\c:\6066888.exec:\6066888.exe25⤵
- Executes dropped EXE
-
\??\c:\fxrrfrf.exec:\fxrrfrf.exe26⤵
- Executes dropped EXE
-
\??\c:\tbbbhh.exec:\tbbbhh.exe27⤵
- Executes dropped EXE
-
\??\c:\ppdjp.exec:\ppdjp.exe28⤵
- Executes dropped EXE
-
\??\c:\4200886.exec:\4200886.exe29⤵
- Executes dropped EXE
-
\??\c:\0024680.exec:\0024680.exe30⤵
- Executes dropped EXE
-
\??\c:\86006.exec:\86006.exe31⤵
- Executes dropped EXE
-
\??\c:\480684.exec:\480684.exe32⤵
- Executes dropped EXE
-
\??\c:\nttbhn.exec:\nttbhn.exe33⤵
- Executes dropped EXE
-
\??\c:\1btnbh.exec:\1btnbh.exe34⤵
- Executes dropped EXE
-
\??\c:\hbttnh.exec:\hbttnh.exe35⤵
-
\??\c:\a2002.exec:\a2002.exe36⤵
- Executes dropped EXE
-
\??\c:\tthntn.exec:\tthntn.exe37⤵
- Executes dropped EXE
-
\??\c:\pdpjv.exec:\pdpjv.exe38⤵
- Executes dropped EXE
-
\??\c:\ppdvv.exec:\ppdvv.exe39⤵
- Executes dropped EXE
-
\??\c:\208462.exec:\208462.exe40⤵
- Executes dropped EXE
-
\??\c:\6480860.exec:\6480860.exe41⤵
- Executes dropped EXE
-
\??\c:\608424.exec:\608424.exe42⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe43⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe44⤵
- Executes dropped EXE
-
\??\c:\tntbnn.exec:\tntbnn.exe45⤵
- Executes dropped EXE
-
\??\c:\6422484.exec:\6422484.exe46⤵
- Executes dropped EXE
-
\??\c:\264066.exec:\264066.exe47⤵
- Executes dropped EXE
-
\??\c:\ffffrrx.exec:\ffffrrx.exe48⤵
- Executes dropped EXE
-
\??\c:\tnbntt.exec:\tnbntt.exe49⤵
- Executes dropped EXE
-
\??\c:\u860624.exec:\u860624.exe50⤵
- Executes dropped EXE
-
\??\c:\1nbhhn.exec:\1nbhhn.exe51⤵
- Executes dropped EXE
-
\??\c:\1dpdp.exec:\1dpdp.exe52⤵
- Executes dropped EXE
-
\??\c:\82620.exec:\82620.exe53⤵
- Executes dropped EXE
-
\??\c:\xxlrxxf.exec:\xxlrxxf.exe54⤵
- Executes dropped EXE
-
\??\c:\202244.exec:\202244.exe55⤵
- Executes dropped EXE
-
\??\c:\o606662.exec:\o606662.exe56⤵
- Executes dropped EXE
-
\??\c:\m0022.exec:\m0022.exe57⤵
- Executes dropped EXE
-
\??\c:\o420880.exec:\o420880.exe58⤵
- Executes dropped EXE
-
\??\c:\040060.exec:\040060.exe59⤵
- Executes dropped EXE
-
\??\c:\w20006.exec:\w20006.exe60⤵
- Executes dropped EXE
-
\??\c:\8288080.exec:\8288080.exe61⤵
- Executes dropped EXE
-
\??\c:\q84206.exec:\q84206.exe62⤵
- Executes dropped EXE
-
\??\c:\nhntth.exec:\nhntth.exe63⤵
- Executes dropped EXE
-
\??\c:\26224.exec:\26224.exe64⤵
- Executes dropped EXE
-
\??\c:\fxrrffr.exec:\fxrrffr.exe65⤵
- Executes dropped EXE
-
\??\c:\pppdv.exec:\pppdv.exe66⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe67⤵
-
\??\c:\bnntbn.exec:\bnntbn.exe68⤵
-
\??\c:\8082880.exec:\8082880.exe69⤵
-
\??\c:\4800224.exec:\4800224.exe70⤵
-
\??\c:\i488446.exec:\i488446.exe71⤵
-
\??\c:\tnhnnn.exec:\tnhnnn.exe72⤵
-
\??\c:\lfxfllx.exec:\lfxfllx.exe73⤵
-
\??\c:\w60844.exec:\w60844.exe74⤵
-
\??\c:\ffrxlxr.exec:\ffrxlxr.exe75⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe76⤵
-
\??\c:\0462444.exec:\0462444.exe77⤵
-
\??\c:\dpddd.exec:\dpddd.exe78⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe79⤵
-
\??\c:\c862442.exec:\c862442.exe80⤵
-
\??\c:\ffrrxxx.exec:\ffrrxxx.exe81⤵
-
\??\c:\bbhhht.exec:\bbhhht.exe82⤵
-
\??\c:\thhtbh.exec:\thhtbh.exe83⤵
-
\??\c:\02884.exec:\02884.exe84⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe85⤵
-
\??\c:\fxrllxf.exec:\fxrllxf.exe86⤵
-
\??\c:\xlrrxfl.exec:\xlrrxfl.exe87⤵
-
\??\c:\tnbbnh.exec:\tnbbnh.exe88⤵
-
\??\c:\060620.exec:\060620.exe89⤵
-
\??\c:\4408806.exec:\4408806.exe90⤵
-
\??\c:\840640.exec:\840640.exe91⤵
-
\??\c:\440666.exec:\440666.exe92⤵
-
\??\c:\868400.exec:\868400.exe93⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe94⤵
-
\??\c:\60402.exec:\60402.exe95⤵
-
\??\c:\208868.exec:\208868.exe96⤵
-
\??\c:\048400.exec:\048400.exe97⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe98⤵
-
\??\c:\rlxxrxr.exec:\rlxxrxr.exe99⤵
-
\??\c:\80622.exec:\80622.exe100⤵
-
\??\c:\lxllrxr.exec:\lxllrxr.exe101⤵
-
\??\c:\004062.exec:\004062.exe102⤵
-
\??\c:\446888.exec:\446888.exe103⤵
-
\??\c:\8680668.exec:\8680668.exe104⤵
-
\??\c:\8824284.exec:\8824284.exe105⤵
-
\??\c:\w42400.exec:\w42400.exe106⤵
-
\??\c:\llrxrxl.exec:\llrxrxl.exe107⤵
-
\??\c:\0488064.exec:\0488064.exe108⤵
-
\??\c:\8846280.exec:\8846280.exe109⤵
-
\??\c:\5nthhn.exec:\5nthhn.exe110⤵
-
\??\c:\842820.exec:\842820.exe111⤵
-
\??\c:\tthnbb.exec:\tthnbb.exe112⤵
-
\??\c:\60824.exec:\60824.exe113⤵
-
\??\c:\268804.exec:\268804.exe114⤵
-
\??\c:\o806208.exec:\o806208.exe115⤵
-
\??\c:\228282.exec:\228282.exe116⤵
-
\??\c:\3vpvj.exec:\3vpvj.exe117⤵
-
\??\c:\rfllllx.exec:\rfllllx.exe118⤵
-
\??\c:\204062.exec:\204062.exe119⤵
-
\??\c:\btbbbh.exec:\btbbbh.exe120⤵
-
\??\c:\i028604.exec:\i028604.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-