Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
10/05/2024, 23:52
General
-
Target
32015f5029c47f220b4ed9fdc679c7f0_NeikiAnalytics.exe
-
Size
63KB
-
MD5
32015f5029c47f220b4ed9fdc679c7f0
-
SHA1
df7e79db52df49bb4e340a99b43c608d19d734b7
-
SHA256
d53a130d50eb7678d0935e237e5a88eb1c9696c475134418ca9ea3e04a32138e
-
SHA512
560af17b0ef089c75779a9432ae3bdb5ec84e4b807f62774d0e0c8f3565489a0e340090dccfe0b3ab2af70180bb0a22003abaeb572f4561f8cc687a8b977cae4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIhJm/w/:ymb3NkkiQ3mdBjFILm2
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\32015f5029c47f220b4ed9fdc679c7f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\32015f5029c47f220b4ed9fdc679c7f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lrflrrf.exec:\lrflrrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppp.exec:\jdppp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxrrr.exec:\ffxxrrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxxxr.exec:\rlfxxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhnbb.exec:\thhnbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvv.exec:\jvvvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxlxr.exec:\fxlxlxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhbb.exec:\tbnhbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjd.exec:\pjpjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxfx.exec:\rfffxfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbnth.exec:\btbnth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtnn.exec:\nnbtnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jjdv.exec:\3jjdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffffl.exec:\lfffffl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntttb.exec:\nntttb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdv.exec:\dpjdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlfff.exec:\xrrlfff.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxllll.exec:\7rxllll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbnbh.exec:\tbbnbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddpp.exec:\1ddpp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrrrf.exec:\ffxrrrf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpj.exec:\dvdpj.exe23⤵
- Executes dropped EXE
-
\??\c:\vvjdv.exec:\vvjdv.exe24⤵
- Executes dropped EXE
-
\??\c:\lxxxrxr.exec:\lxxxrxr.exe25⤵
- Executes dropped EXE
-
\??\c:\ttttnt.exec:\ttttnt.exe26⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe27⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe28⤵
- Executes dropped EXE
-
\??\c:\xxrllll.exec:\xxrllll.exe29⤵
- Executes dropped EXE
-
\??\c:\nnnnnn.exec:\nnnnnn.exe30⤵
- Executes dropped EXE
-
\??\c:\ttbbtb.exec:\ttbbtb.exe31⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe32⤵
- Executes dropped EXE
-
\??\c:\rllllrx.exec:\rllllrx.exe33⤵
- Executes dropped EXE
-
\??\c:\hbbttn.exec:\hbbttn.exe34⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe35⤵
- Executes dropped EXE
-
\??\c:\jvvvv.exec:\jvvvv.exe36⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe37⤵
- Executes dropped EXE
-
\??\c:\xrxrllx.exec:\xrxrllx.exe38⤵
- Executes dropped EXE
-
\??\c:\hhhtnn.exec:\hhhtnn.exe39⤵
- Executes dropped EXE
-
\??\c:\thbhhn.exec:\thbhhn.exe40⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe41⤵
- Executes dropped EXE
-
\??\c:\jjpdj.exec:\jjpdj.exe42⤵
- Executes dropped EXE
-
\??\c:\xxxxxlr.exec:\xxxxxlr.exe43⤵
- Executes dropped EXE
-
\??\c:\rrrlfff.exec:\rrrlfff.exe44⤵
- Executes dropped EXE
-
\??\c:\7ttnnt.exec:\7ttnnt.exe45⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe46⤵
- Executes dropped EXE
-
\??\c:\fflrxfl.exec:\fflrxfl.exe47⤵
- Executes dropped EXE
-
\??\c:\lfrxxxx.exec:\lfrxxxx.exe48⤵
- Executes dropped EXE
-
\??\c:\hbttbb.exec:\hbttbb.exe49⤵
- Executes dropped EXE
-
\??\c:\dddjd.exec:\dddjd.exe50⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe51⤵
- Executes dropped EXE
-
\??\c:\xlllrrf.exec:\xlllrrf.exe52⤵
- Executes dropped EXE
-
\??\c:\tbnbth.exec:\tbnbth.exe53⤵
- Executes dropped EXE
-
\??\c:\hntbnt.exec:\hntbnt.exe54⤵
- Executes dropped EXE
-
\??\c:\vjvdd.exec:\vjvdd.exe55⤵
- Executes dropped EXE
-
\??\c:\rlxxffl.exec:\rlxxffl.exe56⤵
- Executes dropped EXE
-
\??\c:\nntbnb.exec:\nntbnb.exe57⤵
- Executes dropped EXE
-
\??\c:\jpddp.exec:\jpddp.exe58⤵
- Executes dropped EXE
-
\??\c:\9ffxrrl.exec:\9ffxrrl.exe59⤵
- Executes dropped EXE
-
\??\c:\bnthnh.exec:\bnthnh.exe60⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe61⤵
- Executes dropped EXE
-
\??\c:\xllfxrf.exec:\xllfxrf.exe62⤵
- Executes dropped EXE
-
\??\c:\flffllf.exec:\flffllf.exe63⤵
- Executes dropped EXE
-
\??\c:\hthhhh.exec:\hthhhh.exe64⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe65⤵
- Executes dropped EXE
-
\??\c:\3ffxxxx.exec:\3ffxxxx.exe66⤵
-
\??\c:\lfrffxr.exec:\lfrffxr.exe67⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe68⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe69⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe70⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe71⤵
-
\??\c:\lrfxxxr.exec:\lrfxxxr.exe72⤵
-
\??\c:\nnnhhh.exec:\nnnhhh.exe73⤵
-
\??\c:\jddjj.exec:\jddjj.exe74⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe75⤵
-
\??\c:\llxrxxx.exec:\llxrxxx.exe76⤵
-
\??\c:\bbbnnn.exec:\bbbnnn.exe77⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe78⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe79⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe80⤵
-
\??\c:\frxrlrr.exec:\frxrlrr.exe81⤵
-
\??\c:\hbnnhn.exec:\hbnnhn.exe82⤵
-
\??\c:\pvpjj.exec:\pvpjj.exe83⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe84⤵
-
\??\c:\lxlffff.exec:\lxlffff.exe85⤵
-
\??\c:\lflrlll.exec:\lflrlll.exe86⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe87⤵
-
\??\c:\5hbbhn.exec:\5hbbhn.exe88⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe89⤵
-
\??\c:\rlxffrr.exec:\rlxffrr.exe90⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe91⤵
-
\??\c:\tnbbbt.exec:\tnbbbt.exe92⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe93⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe94⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe95⤵
-
\??\c:\nnbhnb.exec:\nnbhnb.exe96⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe97⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe98⤵
-
\??\c:\flrrrrr.exec:\flrrrrr.exe99⤵
-
\??\c:\bhtnhh.exec:\bhtnhh.exe100⤵
-
\??\c:\hhntnt.exec:\hhntnt.exe101⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe102⤵
-
\??\c:\jpdjd.exec:\jpdjd.exe103⤵
-
\??\c:\lfllffl.exec:\lfllffl.exe104⤵
-
\??\c:\rlrrrrr.exec:\rlrrrrr.exe105⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe106⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe107⤵
-
\??\c:\jdppp.exec:\jdppp.exe108⤵
-
\??\c:\fffxxxx.exec:\fffxxxx.exe109⤵
-
\??\c:\xffffff.exec:\xffffff.exe110⤵
-
\??\c:\htbtbh.exec:\htbtbh.exe111⤵
-
\??\c:\flffffl.exec:\flffffl.exe112⤵
-
\??\c:\hbtthb.exec:\hbtthb.exe113⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe114⤵
-
\??\c:\pppvd.exec:\pppvd.exe115⤵
-
\??\c:\xfllllr.exec:\xfllllr.exe116⤵
-
\??\c:\ffxllfl.exec:\ffxllfl.exe117⤵
-
\??\c:\ntbnbh.exec:\ntbnbh.exe118⤵
-
\??\c:\bbbbnn.exec:\bbbbnn.exe119⤵
-
\??\c:\5jddv.exec:\5jddv.exe120⤵
-
\??\c:\5lrlflf.exec:\5lrlflf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-