Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
157s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10/05/2024, 12:56
General
-
Target
e73fbfa78b18ee5d50d7ec84814b8c50_NeikiAnalytics.exe
-
Size
164KB
-
MD5
e73fbfa78b18ee5d50d7ec84814b8c50
-
SHA1
fc041e578425a06161fd018861c595627fe3f09f
-
SHA256
e5ff830526b266bc7d4879e3c9e0577c5917f623d38792bbf79830503f5d31d5
-
SHA512
8889ef62c5365d6ba880ce7a24a0dd6a36c59836dec314244197e4fffe4fd16e5949cafbe1b65efa251661b0f5496ec9272c9538294596fab9ce83f425b5915c
-
SSDEEP
3072:khOmTsF93UYfwC6GIoutpYcvrqrE66kropO6BWlPFH4t6NDWOH148BH15v4:kcm4FmowdHoSphraHcpOFltH4ttj8BH0
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e73fbfa78b18ee5d50d7ec84814b8c50_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\e73fbfa78b18ee5d50d7ec84814b8c50_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\6i6gis.exec:\6i6gis.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9s143l8.exec:\9s143l8.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x50e3.exec:\x50e3.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q0w01th.exec:\q0w01th.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dn253.exec:\dn253.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\uun333.exec:\uun333.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p3n1xv5.exec:\p3n1xv5.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\72wka.exec:\72wka.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9oo79r.exec:\9oo79r.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\193p8.exec:\193p8.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4eoc33h.exec:\4eoc33h.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ja3125m.exec:\ja3125m.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhrbi.exec:\rhrbi.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\41xol8t.exec:\41xol8t.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\be4tb5.exec:\be4tb5.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kolg7.exec:\kolg7.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lg1l7.exec:\lg1l7.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4hud5qc.exec:\4hud5qc.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fi1ppb1.exec:\fi1ppb1.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xf33i9m.exec:\xf33i9m.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\091f4cl.exec:\091f4cl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\17q09i.exec:\17q09i.exe23⤵
- Executes dropped EXE
-
\??\c:\9o502.exec:\9o502.exe24⤵
- Executes dropped EXE
-
\??\c:\4s0817.exec:\4s0817.exe25⤵
- Executes dropped EXE
-
\??\c:\8138tq.exec:\8138tq.exe26⤵
- Executes dropped EXE
-
\??\c:\37k9j5.exec:\37k9j5.exe27⤵
- Executes dropped EXE
-
\??\c:\muwi16m.exec:\muwi16m.exe28⤵
- Executes dropped EXE
-
\??\c:\5i123.exec:\5i123.exe29⤵
- Executes dropped EXE
-
\??\c:\p0a157b.exec:\p0a157b.exe30⤵
- Executes dropped EXE
-
\??\c:\q667d.exec:\q667d.exe31⤵
- Executes dropped EXE
-
\??\c:\svmpk.exec:\svmpk.exe32⤵
- Executes dropped EXE
-
\??\c:\ur4qc.exec:\ur4qc.exe33⤵
- Executes dropped EXE
-
\??\c:\q655pm.exec:\q655pm.exe34⤵
- Executes dropped EXE
-
\??\c:\ovb4r3.exec:\ovb4r3.exe35⤵
- Executes dropped EXE
-
\??\c:\0drs52r.exec:\0drs52r.exe36⤵
- Executes dropped EXE
-
\??\c:\mqtuh.exec:\mqtuh.exe37⤵
- Executes dropped EXE
-
\??\c:\abn8u.exec:\abn8u.exe38⤵
- Executes dropped EXE
-
\??\c:\wlv53q4.exec:\wlv53q4.exe39⤵
- Executes dropped EXE
-
\??\c:\9nufdb9.exec:\9nufdb9.exe40⤵
- Executes dropped EXE
-
\??\c:\dbt6971.exec:\dbt6971.exe41⤵
- Executes dropped EXE
-
\??\c:\x1126.exec:\x1126.exe42⤵
- Executes dropped EXE
-
\??\c:\x297i01.exec:\x297i01.exe43⤵
- Executes dropped EXE
-
\??\c:\fsh11m.exec:\fsh11m.exe44⤵
- Executes dropped EXE
-
\??\c:\i35ti1a.exec:\i35ti1a.exe45⤵
- Executes dropped EXE
-
\??\c:\rx3g30.exec:\rx3g30.exe46⤵
- Executes dropped EXE
-
\??\c:\9t7rb.exec:\9t7rb.exe47⤵
- Executes dropped EXE
-
\??\c:\e1d4q7a.exec:\e1d4q7a.exe48⤵
- Executes dropped EXE
-
\??\c:\5295s.exec:\5295s.exe49⤵
- Executes dropped EXE
-
\??\c:\a3d0h8.exec:\a3d0h8.exe50⤵
- Executes dropped EXE
-
\??\c:\420301r.exec:\420301r.exe51⤵
- Executes dropped EXE
-
\??\c:\i377bp.exec:\i377bp.exe52⤵
- Executes dropped EXE
-
\??\c:\8ca4to.exec:\8ca4to.exe53⤵
- Executes dropped EXE
-
\??\c:\wdbo681.exec:\wdbo681.exe54⤵
- Executes dropped EXE
-
\??\c:\asmd53j.exec:\asmd53j.exe55⤵
- Executes dropped EXE
-
\??\c:\7uw2i79.exec:\7uw2i79.exe56⤵
- Executes dropped EXE
-
\??\c:\savj9n.exec:\savj9n.exe57⤵
- Executes dropped EXE
-
\??\c:\h6tc3q.exec:\h6tc3q.exe58⤵
- Executes dropped EXE
-
\??\c:\w65h05v.exec:\w65h05v.exe59⤵
- Executes dropped EXE
-
\??\c:\27uo9qw.exec:\27uo9qw.exe60⤵
- Executes dropped EXE
-
\??\c:\dnl22.exec:\dnl22.exe61⤵
- Executes dropped EXE
-
\??\c:\uc53o33.exec:\uc53o33.exe62⤵
- Executes dropped EXE
-
\??\c:\14oq9.exec:\14oq9.exe63⤵
- Executes dropped EXE
-
\??\c:\627rc17.exec:\627rc17.exe64⤵
- Executes dropped EXE
-
\??\c:\71793.exec:\71793.exe65⤵
- Executes dropped EXE
-
\??\c:\1t2c8.exec:\1t2c8.exe66⤵
-
\??\c:\23q3v6.exec:\23q3v6.exe67⤵
-
\??\c:\2br24.exec:\2br24.exe68⤵
-
\??\c:\g5dk32.exec:\g5dk32.exe69⤵
-
\??\c:\e1c9d.exec:\e1c9d.exe70⤵
-
\??\c:\0plske.exec:\0plske.exe71⤵
-
\??\c:\873r58.exec:\873r58.exe72⤵
-
\??\c:\be42ku7.exec:\be42ku7.exe73⤵
-
\??\c:\x9e6ia5.exec:\x9e6ia5.exe74⤵
-
\??\c:\83qbim5.exec:\83qbim5.exe75⤵
-
\??\c:\x65cf5l.exec:\x65cf5l.exe76⤵
-
\??\c:\o1mgs8.exec:\o1mgs8.exe77⤵
-
\??\c:\k197ove.exec:\k197ove.exe78⤵
-
\??\c:\458rd9.exec:\458rd9.exe79⤵
-
\??\c:\tnx68r.exec:\tnx68r.exe80⤵
-
\??\c:\qs2h4.exec:\qs2h4.exe81⤵
-
\??\c:\1r2swme.exec:\1r2swme.exe82⤵
-
\??\c:\b241h.exec:\b241h.exe83⤵
-
\??\c:\1jp6gg3.exec:\1jp6gg3.exe84⤵
-
\??\c:\e278qq.exec:\e278qq.exe85⤵
-
\??\c:\wf5a1.exec:\wf5a1.exe86⤵
-
\??\c:\oc5keti.exec:\oc5keti.exe87⤵
-
\??\c:\ud96ru.exec:\ud96ru.exe88⤵
-
\??\c:\5so7u5v.exec:\5so7u5v.exe89⤵
-
\??\c:\1a6pb.exec:\1a6pb.exe90⤵
-
\??\c:\623g72g.exec:\623g72g.exe91⤵
-
\??\c:\v5pae.exec:\v5pae.exe92⤵
-
\??\c:\8359t99.exec:\8359t99.exe93⤵
-
\??\c:\66hjxm.exec:\66hjxm.exe94⤵
-
\??\c:\9b1507.exec:\9b1507.exe95⤵
-
\??\c:\417ud.exec:\417ud.exe96⤵
-
\??\c:\2w7hk.exec:\2w7hk.exe97⤵
-
\??\c:\la7pv.exec:\la7pv.exe98⤵
-
\??\c:\8116wr7.exec:\8116wr7.exe99⤵
-
\??\c:\4iq5x.exec:\4iq5x.exe100⤵
-
\??\c:\n4o0nvv.exec:\n4o0nvv.exe101⤵
-
\??\c:\547dd5.exec:\547dd5.exe102⤵
-
\??\c:\h8cf1g5.exec:\h8cf1g5.exe103⤵
-
\??\c:\0018o.exec:\0018o.exe104⤵
-
\??\c:\nxu21m.exec:\nxu21m.exe105⤵
-
\??\c:\f6ios1.exec:\f6ios1.exe106⤵
-
\??\c:\0b55r.exec:\0b55r.exe107⤵
-
\??\c:\rpa738.exec:\rpa738.exe108⤵
-
\??\c:\3ff22x.exec:\3ff22x.exe109⤵
-
\??\c:\8650j.exec:\8650j.exe110⤵
-
\??\c:\cw35c7b.exec:\cw35c7b.exe111⤵
-
\??\c:\h5opj.exec:\h5opj.exe112⤵
-
\??\c:\lnc776x.exec:\lnc776x.exe113⤵
-
\??\c:\837s9eq.exec:\837s9eq.exe114⤵
-
\??\c:\xj4ck6w.exec:\xj4ck6w.exe115⤵
-
\??\c:\mm6q7a.exec:\mm6q7a.exe116⤵
-
\??\c:\dwg5p.exec:\dwg5p.exe117⤵
-
\??\c:\31fl5l9.exec:\31fl5l9.exe118⤵
-
\??\c:\r26xl0.exec:\r26xl0.exe119⤵
-
\??\c:\359pb7.exec:\359pb7.exe120⤵
-
\??\c:\wt50bcj.exec:\wt50bcj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-