Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
10/05/2024, 12:56
General
-
Target
e73fbfa78b18ee5d50d7ec84814b8c50_NeikiAnalytics.exe
-
Size
164KB
-
MD5
e73fbfa78b18ee5d50d7ec84814b8c50
-
SHA1
fc041e578425a06161fd018861c595627fe3f09f
-
SHA256
e5ff830526b266bc7d4879e3c9e0577c5917f623d38792bbf79830503f5d31d5
-
SHA512
8889ef62c5365d6ba880ce7a24a0dd6a36c59836dec314244197e4fffe4fd16e5949cafbe1b65efa251661b0f5496ec9272c9538294596fab9ce83f425b5915c
-
SSDEEP
3072:khOmTsF93UYfwC6GIoutpYcvrqrE66kropO6BWlPFH4t6NDWOH148BH15v4:kcm4FmowdHoSphraHcpOFltH4ttj8BH0
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e73fbfa78b18ee5d50d7ec84814b8c50_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\e73fbfa78b18ee5d50d7ec84814b8c50_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbnb.exec:\btnbnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5djpp.exec:\5djpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxlfrr.exec:\lrxlfrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnbn.exec:\tnhnbn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddj.exec:\pjddj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffrrf.exec:\xrffrrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnthhn.exec:\tnthhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhhn.exec:\btbhhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddp.exec:\pjddp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrxllr.exec:\lrrxllr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthntb.exec:\bthntb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpp.exec:\pjvpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlllxlf.exec:\xlllxlf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhnnb.exec:\bhhnnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdpj.exec:\1pdpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvd.exec:\jdjvd.exe17⤵
- Executes dropped EXE
-
\??\c:\btbbhn.exec:\btbbhn.exe18⤵
- Executes dropped EXE
-
\??\c:\djjvj.exec:\djjvj.exe19⤵
- Executes dropped EXE
-
\??\c:\fxlfrlx.exec:\fxlfrlx.exe20⤵
- Executes dropped EXE
-
\??\c:\frxrrrf.exec:\frxrrrf.exe21⤵
- Executes dropped EXE
-
\??\c:\7hbntb.exec:\7hbntb.exe22⤵
- Executes dropped EXE
-
\??\c:\9dvjv.exec:\9dvjv.exe23⤵
- Executes dropped EXE
-
\??\c:\ffrrxlx.exec:\ffrrxlx.exe24⤵
- Executes dropped EXE
-
\??\c:\htbhtt.exec:\htbhtt.exe25⤵
- Executes dropped EXE
-
\??\c:\vdvdd.exec:\vdvdd.exe26⤵
- Executes dropped EXE
-
\??\c:\xxxxlxf.exec:\xxxxlxf.exe27⤵
- Executes dropped EXE
-
\??\c:\tntthh.exec:\tntthh.exe28⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe29⤵
- Executes dropped EXE
-
\??\c:\1rllrlx.exec:\1rllrlx.exe30⤵
- Executes dropped EXE
-
\??\c:\rlxxffl.exec:\rlxxffl.exe31⤵
- Executes dropped EXE
-
\??\c:\ttnnnn.exec:\ttnnnn.exe32⤵
- Executes dropped EXE
-
\??\c:\3jdjp.exec:\3jdjp.exe33⤵
- Executes dropped EXE
-
\??\c:\frrfrff.exec:\frrfrff.exe34⤵
- Executes dropped EXE
-
\??\c:\1jvdv.exec:\1jvdv.exe35⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe36⤵
- Executes dropped EXE
-
\??\c:\lfrrxll.exec:\lfrrxll.exe37⤵
- Executes dropped EXE
-
\??\c:\btntbh.exec:\btntbh.exe38⤵
- Executes dropped EXE
-
\??\c:\jjdvv.exec:\jjdvv.exe39⤵
- Executes dropped EXE
-
\??\c:\5dpvj.exec:\5dpvj.exe40⤵
- Executes dropped EXE
-
\??\c:\frfrffl.exec:\frfrffl.exe41⤵
- Executes dropped EXE
-
\??\c:\llfxxrr.exec:\llfxxrr.exe42⤵
- Executes dropped EXE
-
\??\c:\thhthn.exec:\thhthn.exe43⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe44⤵
- Executes dropped EXE
-
\??\c:\1pddp.exec:\1pddp.exe45⤵
- Executes dropped EXE
-
\??\c:\7rrllrr.exec:\7rrllrr.exe46⤵
- Executes dropped EXE
-
\??\c:\hbbbtb.exec:\hbbbtb.exe47⤵
- Executes dropped EXE
-
\??\c:\1hbhnt.exec:\1hbhnt.exe48⤵
- Executes dropped EXE
-
\??\c:\3jvdv.exec:\3jvdv.exe49⤵
- Executes dropped EXE
-
\??\c:\rfrrrlx.exec:\rfrrrlx.exe50⤵
- Executes dropped EXE
-
\??\c:\hbtbnb.exec:\hbtbnb.exe51⤵
- Executes dropped EXE
-
\??\c:\hbhhbh.exec:\hbhhbh.exe52⤵
- Executes dropped EXE
-
\??\c:\pjdpd.exec:\pjdpd.exe53⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe54⤵
- Executes dropped EXE
-
\??\c:\rrlfrxr.exec:\rrlfrxr.exe55⤵
- Executes dropped EXE
-
\??\c:\ntbnnb.exec:\ntbnnb.exe56⤵
- Executes dropped EXE
-
\??\c:\5tbnbb.exec:\5tbnbb.exe57⤵
- Executes dropped EXE
-
\??\c:\5djpd.exec:\5djpd.exe58⤵
- Executes dropped EXE
-
\??\c:\fxfffxx.exec:\fxfffxx.exe59⤵
- Executes dropped EXE
-
\??\c:\flxrllr.exec:\flxrllr.exe60⤵
- Executes dropped EXE
-
\??\c:\tnntbh.exec:\tnntbh.exe61⤵
- Executes dropped EXE
-
\??\c:\vjvjv.exec:\vjvjv.exe62⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe63⤵
- Executes dropped EXE
-
\??\c:\1llffxr.exec:\1llffxr.exe64⤵
- Executes dropped EXE
-
\??\c:\bnnttb.exec:\bnnttb.exe65⤵
- Executes dropped EXE
-
\??\c:\vvpdd.exec:\vvpdd.exe66⤵
-
\??\c:\rflxfrl.exec:\rflxfrl.exe67⤵
-
\??\c:\xfxxllx.exec:\xfxxllx.exe68⤵
-
\??\c:\thnbbh.exec:\thnbbh.exe69⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe70⤵
-
\??\c:\xxrxlfx.exec:\xxrxlfx.exe71⤵
-
\??\c:\llfxlrl.exec:\llfxlrl.exe72⤵
-
\??\c:\bbthtt.exec:\bbthtt.exe73⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe74⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe75⤵
-
\??\c:\fflrfrx.exec:\fflrfrx.exe76⤵
-
\??\c:\7nbhnn.exec:\7nbhnn.exe77⤵
-
\??\c:\nhthbn.exec:\nhthbn.exe78⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe79⤵
-
\??\c:\lxxfrxl.exec:\lxxfrxl.exe80⤵
-
\??\c:\htthhn.exec:\htthhn.exe81⤵
-
\??\c:\bhtbnh.exec:\bhtbnh.exe82⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe83⤵
-
\??\c:\xxrfxll.exec:\xxrfxll.exe84⤵
-
\??\c:\rrfxflr.exec:\rrfxflr.exe85⤵
-
\??\c:\tnhtbb.exec:\tnhtbb.exe86⤵
-
\??\c:\pvjpd.exec:\pvjpd.exe87⤵
-
\??\c:\xxfrrxl.exec:\xxfrrxl.exe88⤵
-
\??\c:\xrlrffr.exec:\xrlrffr.exe89⤵
-
\??\c:\hnhhbh.exec:\hnhhbh.exe90⤵
-
\??\c:\jpppj.exec:\jpppj.exe91⤵
-
\??\c:\xfrxrlx.exec:\xfrxrlx.exe92⤵
-
\??\c:\fllxlxx.exec:\fllxlxx.exe93⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe94⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe95⤵
-
\??\c:\5dppj.exec:\5dppj.exe96⤵
-
\??\c:\frxxfxf.exec:\frxxfxf.exe97⤵
-
\??\c:\nhthtn.exec:\nhthtn.exe98⤵
-
\??\c:\1thhht.exec:\1thhht.exe99⤵
-
\??\c:\bnbnth.exec:\bnbnth.exe100⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe101⤵
-
\??\c:\xxrfrxl.exec:\xxrfrxl.exe102⤵
-
\??\c:\bbthbh.exec:\bbthbh.exe103⤵
-
\??\c:\ttnhtb.exec:\ttnhtb.exe104⤵
-
\??\c:\1vvpp.exec:\1vvpp.exe105⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe106⤵
-
\??\c:\rfflrxl.exec:\rfflrxl.exe107⤵
-
\??\c:\nbnntt.exec:\nbnntt.exe108⤵
-
\??\c:\hntbhn.exec:\hntbhn.exe109⤵
-
\??\c:\jvpvp.exec:\jvpvp.exe110⤵
-
\??\c:\llrfxfr.exec:\llrfxfr.exe111⤵
-
\??\c:\hbbhtb.exec:\hbbhtb.exe112⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe113⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe114⤵
-
\??\c:\lffrfrf.exec:\lffrfrf.exe115⤵
-
\??\c:\tbhhht.exec:\tbhhht.exe116⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe117⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe118⤵
-
\??\c:\1xrfflf.exec:\1xrfflf.exe119⤵
-
\??\c:\ntnbtb.exec:\ntnbtb.exe120⤵
-
\??\c:\nhhthn.exec:\nhhthn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-