Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
10/05/2024, 02:57
General
-
Target
54f18b358597d7aba47a9fd12936beb0_NeikiAnalytics.exe
-
Size
144KB
-
MD5
54f18b358597d7aba47a9fd12936beb0
-
SHA1
d443626351daba488dcc926b0ed9232fb36e2aea
-
SHA256
1b4223fee33608d89a961fedfef2338aa9dd32da8acefce437774d3991667ed2
-
SHA512
52515cd4e53c93d2d416102ca55b91b54c20a71a1676fc81e7b4f70b99e588cda82c1438568ba6a8c953887d3c2366ed91ff88f63f51981ebc41c0c5e0a4302f
-
SSDEEP
3072:ymb3NkkiQ3mdBjFosxXGPXbXQMFHLgDWSmklgQh:n3C9BRosxW8MFHLMW7Qh
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\54f18b358597d7aba47a9fd12936beb0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\54f18b358597d7aba47a9fd12936beb0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpdv.exec:\jjpdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvd.exec:\pjpvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfxrr.exec:\fxlfxrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnhn.exec:\nnnnhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnh.exec:\bntnnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvj.exec:\vddvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjd.exec:\pjpjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbb.exec:\tnnhbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrrfl.exec:\fffrrfl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnbt.exec:\hntnbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhbb.exec:\hbnhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppv.exec:\vpppv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlrll.exec:\xrrlrll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbb.exec:\nhhhbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvv.exec:\vpvvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxrr.exec:\rllfxrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrfff.exec:\llxrfff.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbtt.exec:\hbhbtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppv.exec:\jjppv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfrxl.exec:\fxxfrxl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhbbt.exec:\1nhbbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjvp.exec:\1vjvp.exe23⤵
- Executes dropped EXE
-
\??\c:\vjpjp.exec:\vjpjp.exe24⤵
- Executes dropped EXE
-
\??\c:\lflxrlf.exec:\lflxrlf.exe25⤵
- Executes dropped EXE
-
\??\c:\jpdjj.exec:\jpdjj.exe26⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe27⤵
- Executes dropped EXE
-
\??\c:\7flfrrx.exec:\7flfrrx.exe28⤵
- Executes dropped EXE
-
\??\c:\hbttbt.exec:\hbttbt.exe29⤵
- Executes dropped EXE
-
\??\c:\tthbnh.exec:\tthbnh.exe30⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe31⤵
- Executes dropped EXE
-
\??\c:\7flxllf.exec:\7flxllf.exe32⤵
- Executes dropped EXE
-
\??\c:\htnnhh.exec:\htnnhh.exe33⤵
- Executes dropped EXE
-
\??\c:\tntnnh.exec:\tntnnh.exe34⤵
- Executes dropped EXE
-
\??\c:\dpjjv.exec:\dpjjv.exe35⤵
- Executes dropped EXE
-
\??\c:\ffflfrf.exec:\ffflfrf.exe36⤵
- Executes dropped EXE
-
\??\c:\xrffxll.exec:\xrffxll.exe37⤵
- Executes dropped EXE
-
\??\c:\bthnht.exec:\bthnht.exe38⤵
- Executes dropped EXE
-
\??\c:\5ppjv.exec:\5ppjv.exe39⤵
- Executes dropped EXE
-
\??\c:\dpjvp.exec:\dpjvp.exe40⤵
- Executes dropped EXE
-
\??\c:\xrlfrrl.exec:\xrlfrrl.exe41⤵
- Executes dropped EXE
-
\??\c:\hbbnhb.exec:\hbbnhb.exe42⤵
- Executes dropped EXE
-
\??\c:\nhhbtb.exec:\nhhbtb.exe43⤵
- Executes dropped EXE
-
\??\c:\hnthbt.exec:\hnthbt.exe44⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe45⤵
- Executes dropped EXE
-
\??\c:\rflfxfx.exec:\rflfxfx.exe46⤵
- Executes dropped EXE
-
\??\c:\nthbtt.exec:\nthbtt.exe47⤵
- Executes dropped EXE
-
\??\c:\7ttnbt.exec:\7ttnbt.exe48⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe49⤵
- Executes dropped EXE
-
\??\c:\7jjdp.exec:\7jjdp.exe50⤵
- Executes dropped EXE
-
\??\c:\lxffxxx.exec:\lxffxxx.exe51⤵
- Executes dropped EXE
-
\??\c:\tbbnbb.exec:\tbbnbb.exe52⤵
- Executes dropped EXE
-
\??\c:\9bbttt.exec:\9bbttt.exe53⤵
- Executes dropped EXE
-
\??\c:\3vvpj.exec:\3vvpj.exe54⤵
- Executes dropped EXE
-
\??\c:\fxrlxfx.exec:\fxrlxfx.exe55⤵
- Executes dropped EXE
-
\??\c:\thntnb.exec:\thntnb.exe56⤵
- Executes dropped EXE
-
\??\c:\bnnhtt.exec:\bnnhtt.exe57⤵
- Executes dropped EXE
-
\??\c:\pvdjd.exec:\pvdjd.exe58⤵
- Executes dropped EXE
-
\??\c:\llxrrll.exec:\llxrrll.exe59⤵
- Executes dropped EXE
-
\??\c:\nnhhnn.exec:\nnhhnn.exe60⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe61⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe62⤵
- Executes dropped EXE
-
\??\c:\9llffff.exec:\9llffff.exe63⤵
- Executes dropped EXE
-
\??\c:\lfxrffx.exec:\lfxrffx.exe64⤵
- Executes dropped EXE
-
\??\c:\tttnhh.exec:\tttnhh.exe65⤵
- Executes dropped EXE
-
\??\c:\ttbbhn.exec:\ttbbhn.exe66⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe67⤵
-
\??\c:\3xfxllf.exec:\3xfxllf.exe68⤵
-
\??\c:\nbbhtb.exec:\nbbhtb.exe69⤵
-
\??\c:\7pvvd.exec:\7pvvd.exe70⤵
-
\??\c:\lxxrffx.exec:\lxxrffx.exe71⤵
-
\??\c:\xfffxxf.exec:\xfffxxf.exe72⤵
-
\??\c:\hbhnnn.exec:\hbhnnn.exe73⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe74⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe75⤵
-
\??\c:\lrrlxxr.exec:\lrrlxxr.exe76⤵
-
\??\c:\tnbnnh.exec:\tnbnnh.exe77⤵
-
\??\c:\bhhntt.exec:\bhhntt.exe78⤵
-
\??\c:\5pdpv.exec:\5pdpv.exe79⤵
-
\??\c:\rxrfrlf.exec:\rxrfrlf.exe80⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe81⤵
-
\??\c:\7nnnbb.exec:\7nnnbb.exe82⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe83⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe84⤵
-
\??\c:\rlfxxxf.exec:\rlfxxxf.exe85⤵
-
\??\c:\bttnnh.exec:\bttnnh.exe86⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe87⤵
-
\??\c:\5vjjj.exec:\5vjjj.exe88⤵
-
\??\c:\xlffxxr.exec:\xlffxxr.exe89⤵
-
\??\c:\flfxxfx.exec:\flfxxfx.exe90⤵
-
\??\c:\bnnntt.exec:\bnnntt.exe91⤵
-
\??\c:\9bbntn.exec:\9bbntn.exe92⤵
-
\??\c:\3jddj.exec:\3jddj.exe93⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe94⤵
-
\??\c:\9lrrllr.exec:\9lrrllr.exe95⤵
-
\??\c:\9hnthh.exec:\9hnthh.exe96⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe97⤵
-
\??\c:\7jvpp.exec:\7jvpp.exe98⤵
-
\??\c:\btbthh.exec:\btbthh.exe99⤵
-
\??\c:\1btnhb.exec:\1btnhb.exe100⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe101⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe102⤵
-
\??\c:\9lfrrlf.exec:\9lfrrlf.exe103⤵
-
\??\c:\3bbnhh.exec:\3bbnhh.exe104⤵
-
\??\c:\1bhhnh.exec:\1bhhnh.exe105⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe106⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe107⤵
-
\??\c:\lxrlxrf.exec:\lxrlxrf.exe108⤵
-
\??\c:\fxlfrlf.exec:\fxlfrlf.exe109⤵
-
\??\c:\nbthtn.exec:\nbthtn.exe110⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe111⤵
-
\??\c:\jpjdd.exec:\jpjdd.exe112⤵
-
\??\c:\fxxlxrl.exec:\fxxlxrl.exe113⤵
-
\??\c:\9llfrxr.exec:\9llfrxr.exe114⤵
-
\??\c:\ntnhtn.exec:\ntnhtn.exe115⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe116⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe117⤵
-
\??\c:\flrxfxf.exec:\flrxfxf.exe118⤵
-
\??\c:\7thbtn.exec:\7thbtn.exe119⤵
-
\??\c:\tnhbhb.exec:\tnhbhb.exe120⤵
-
\??\c:\7jjvv.exec:\7jjvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-