Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
10/05/2024, 11:59
General
-
Target
d98b040e611868a09af0e983e9946730_NeikiAnalytics.exe
-
Size
441KB
-
MD5
d98b040e611868a09af0e983e9946730
-
SHA1
39fd2b00c4d73c131f211443baf0151697e1dde4
-
SHA256
730cec8b85ac2341dfb4421d651fea8c427e51dec405cdef5fc8d7afd7045162
-
SHA512
485012eeaa6a9c2658176da24f377d3643c6c089080ff00b50ad36706d7149fd721d3cba60427178ab20a57203777861eeebba215c42fc233efacfd46031f659
-
SSDEEP
12288:M4wFHoSpg4wFHonR/nPF2LnFL4wF04wFK4wFK4wluWI:UrR/nPm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d98b040e611868a09af0e983e9946730_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d98b040e611868a09af0e983e9946730_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppdv.exec:\7ppdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxlff.exec:\fxrxlff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthth.exec:\hhthth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bbthh.exec:\3bbthh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjjv.exec:\3pjjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxlfxr.exec:\3rxlfxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxrfx.exec:\lxfxrfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjd.exec:\pdjjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvv.exec:\jjvvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rllxrr.exec:\3rllxrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxlfx.exec:\rrlxlfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjj.exec:\dvpjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnnn.exec:\tnnnnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjp.exec:\pjjjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrrrl.exec:\frxrrrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httbbh.exec:\httbbh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvv.exec:\djdvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfxxf.exec:\fxlfxxf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhntb.exec:\tbhntb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xrfxfx.exec:\5xrfxfx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxxl.exec:\lflfxxl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnhhh.exec:\7bnhhh.exe23⤵
- Executes dropped EXE
-
\??\c:\5ntnnn.exec:\5ntnnn.exe24⤵
- Executes dropped EXE
-
\??\c:\jjdpj.exec:\jjdpj.exe25⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe26⤵
- Executes dropped EXE
-
\??\c:\rflfflf.exec:\rflfflf.exe27⤵
- Executes dropped EXE
-
\??\c:\tntntt.exec:\tntntt.exe28⤵
- Executes dropped EXE
-
\??\c:\djppv.exec:\djppv.exe29⤵
- Executes dropped EXE
-
\??\c:\5ppjd.exec:\5ppjd.exe30⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe31⤵
- Executes dropped EXE
-
\??\c:\ppvpp.exec:\ppvpp.exe32⤵
- Executes dropped EXE
-
\??\c:\hbnhbt.exec:\hbnhbt.exe33⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe34⤵
- Executes dropped EXE
-
\??\c:\vvjdp.exec:\vvjdp.exe35⤵
- Executes dropped EXE
-
\??\c:\9rlfffx.exec:\9rlfffx.exe36⤵
- Executes dropped EXE
-
\??\c:\nntnhh.exec:\nntnhh.exe37⤵
- Executes dropped EXE
-
\??\c:\ffrrrrr.exec:\ffrrrrr.exe38⤵
- Executes dropped EXE
-
\??\c:\thttbn.exec:\thttbn.exe39⤵
- Executes dropped EXE
-
\??\c:\3djdv.exec:\3djdv.exe40⤵
- Executes dropped EXE
-
\??\c:\tbnhbt.exec:\tbnhbt.exe41⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe42⤵
- Executes dropped EXE
-
\??\c:\tbnhhb.exec:\tbnhhb.exe43⤵
- Executes dropped EXE
-
\??\c:\xflxllr.exec:\xflxllr.exe44⤵
- Executes dropped EXE
-
\??\c:\vjddv.exec:\vjddv.exe45⤵
- Executes dropped EXE
-
\??\c:\9lfxrxx.exec:\9lfxrxx.exe46⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe47⤵
- Executes dropped EXE
-
\??\c:\vdpjd.exec:\vdpjd.exe48⤵
- Executes dropped EXE
-
\??\c:\rfxrlfx.exec:\rfxrlfx.exe49⤵
- Executes dropped EXE
-
\??\c:\djdvp.exec:\djdvp.exe50⤵
- Executes dropped EXE
-
\??\c:\lflllfl.exec:\lflllfl.exe51⤵
- Executes dropped EXE
-
\??\c:\ttnbhh.exec:\ttnbhh.exe52⤵
- Executes dropped EXE
-
\??\c:\pvjjd.exec:\pvjjd.exe53⤵
- Executes dropped EXE
-
\??\c:\5fffffx.exec:\5fffffx.exe54⤵
- Executes dropped EXE
-
\??\c:\xrfffff.exec:\xrfffff.exe55⤵
- Executes dropped EXE
-
\??\c:\tbbbbt.exec:\tbbbbt.exe56⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe57⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe58⤵
- Executes dropped EXE
-
\??\c:\rrllflf.exec:\rrllflf.exe59⤵
- Executes dropped EXE
-
\??\c:\bbnntt.exec:\bbnntt.exe60⤵
- Executes dropped EXE
-
\??\c:\9rfxrrx.exec:\9rfxrrx.exe61⤵
- Executes dropped EXE
-
\??\c:\xllfxxr.exec:\xllfxxr.exe62⤵
- Executes dropped EXE
-
\??\c:\nhttnb.exec:\nhttnb.exe63⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe64⤵
- Executes dropped EXE
-
\??\c:\1llrlrr.exec:\1llrlrr.exe65⤵
- Executes dropped EXE
-
\??\c:\fxxlfrx.exec:\fxxlfrx.exe66⤵
-
\??\c:\ppppj.exec:\ppppj.exe67⤵
-
\??\c:\lllllxr.exec:\lllllxr.exe68⤵
-
\??\c:\nhhhnn.exec:\nhhhnn.exe69⤵
-
\??\c:\rxfflrr.exec:\rxfflrr.exe70⤵
-
\??\c:\5bhhbb.exec:\5bhhbb.exe71⤵
-
\??\c:\7dvvv.exec:\7dvvv.exe72⤵
-
\??\c:\rffxxrr.exec:\rffxxrr.exe73⤵
-
\??\c:\frrlfrr.exec:\frrlfrr.exe74⤵
-
\??\c:\hhnhbt.exec:\hhnhbt.exe75⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe76⤵
-
\??\c:\5ppjj.exec:\5ppjj.exe77⤵
-
\??\c:\xxllfff.exec:\xxllfff.exe78⤵
-
\??\c:\htbttt.exec:\htbttt.exe79⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe80⤵
-
\??\c:\3xfxrrr.exec:\3xfxrrr.exe81⤵
-
\??\c:\fllllll.exec:\fllllll.exe82⤵
-
\??\c:\nttnhh.exec:\nttnhh.exe83⤵
-
\??\c:\1dddp.exec:\1dddp.exe84⤵
-
\??\c:\9fxxxxr.exec:\9fxxxxr.exe85⤵
-
\??\c:\rlrrrrr.exec:\rlrrrrr.exe86⤵
-
\??\c:\7bhhbh.exec:\7bhhbh.exe87⤵
-
\??\c:\vvjvp.exec:\vvjvp.exe88⤵
-
\??\c:\xrfxrfx.exec:\xrfxrfx.exe89⤵
-
\??\c:\thnbbn.exec:\thnbbn.exe90⤵
-
\??\c:\3ntbhn.exec:\3ntbhn.exe91⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe92⤵
-
\??\c:\5fxxxxf.exec:\5fxxxxf.exe93⤵
-
\??\c:\tthbnt.exec:\tthbnt.exe94⤵
-
\??\c:\djdjj.exec:\djdjj.exe95⤵
-
\??\c:\xrlrlrx.exec:\xrlrlrx.exe96⤵
-
\??\c:\hnbbbb.exec:\hnbbbb.exe97⤵
-
\??\c:\jddpp.exec:\jddpp.exe98⤵
-
\??\c:\rlfxlfx.exec:\rlfxlfx.exe99⤵
-
\??\c:\3lflxxl.exec:\3lflxxl.exe100⤵
-
\??\c:\hntnnh.exec:\hntnnh.exe101⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe102⤵
-
\??\c:\fffxrfr.exec:\fffxrfr.exe103⤵
-
\??\c:\rxlfrlx.exec:\rxlfrlx.exe104⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe105⤵
-
\??\c:\djdvd.exec:\djdvd.exe106⤵
-
\??\c:\lfrlfff.exec:\lfrlfff.exe107⤵
-
\??\c:\5bbtnn.exec:\5bbtnn.exe108⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe109⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe110⤵
-
\??\c:\rlfrllf.exec:\rlfrllf.exe111⤵
-
\??\c:\bnbtnh.exec:\bnbtnh.exe112⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe113⤵
-
\??\c:\lxlfllr.exec:\lxlfllr.exe114⤵
-
\??\c:\9hnttt.exec:\9hnttt.exe115⤵
-
\??\c:\hhhhnn.exec:\hhhhnn.exe116⤵
-
\??\c:\dddvp.exec:\dddvp.exe117⤵
-
\??\c:\3rlfxfx.exec:\3rlfxfx.exe118⤵
-
\??\c:\nbnhbh.exec:\nbnhbh.exe119⤵
-
\??\c:\vppjj.exec:\vppjj.exe120⤵
-
\??\c:\7vppj.exec:\7vppj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-