Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
10/05/2024, 14:56
General
-
Target
074de6b01aefbaa8d83a92f615f44b40_NeikiAnalytics.exe
-
Size
471KB
-
MD5
074de6b01aefbaa8d83a92f615f44b40
-
SHA1
e6afd542b2a935c418be0c88085cf0e8147280ef
-
SHA256
4425403f4353542e1596e3726eae7eb68475cb9a2ca4089ca7067ac98a0762c3
-
SHA512
e823aeb8a2c33a725b3d8ec557415df080962546de1aeef88337494b11d8fbae1a7ac53ce43fdf3dd9bef91308faa680de951cc357a35acb60ebb8aaf9ee43d5
-
SSDEEP
6144:n3C9BRo7MlrWKo+lS0Le4xRSAoq78yoyfx93sY0AJq4mZAx5y:n3C9yMo+S0L9xRnoq7H9pmoq
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\074de6b01aefbaa8d83a92f615f44b40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\074de6b01aefbaa8d83a92f615f44b40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7htbbb.exec:\7htbbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddp.exec:\vpddp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxrxf.exec:\rllxrxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bthnt.exec:\5bthnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vpvv.exec:\5vpvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbttbh.exec:\bbttbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvdv.exec:\9dvdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lxrffl.exec:\3lxrffl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdp.exec:\ddvdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlrxf.exec:\xxxlrxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbtb.exec:\nnhbtb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxlrl.exec:\lllxlrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhthh.exec:\thhthh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflflrf.exec:\lflflrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbnt.exec:\hhtbnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lxxffl.exec:\3lxxffl.exe17⤵
- Executes dropped EXE
-
\??\c:\vvjvd.exec:\vvjvd.exe18⤵
- Executes dropped EXE
-
\??\c:\xfxfxxf.exec:\xfxfxxf.exe19⤵
- Executes dropped EXE
-
\??\c:\btthbn.exec:\btthbn.exe20⤵
- Executes dropped EXE
-
\??\c:\9htbnt.exec:\9htbnt.exe21⤵
- Executes dropped EXE
-
\??\c:\tnhnbh.exec:\tnhnbh.exe22⤵
- Executes dropped EXE
-
\??\c:\lrlfxll.exec:\lrlfxll.exe23⤵
- Executes dropped EXE
-
\??\c:\nnhtbh.exec:\nnhtbh.exe24⤵
- Executes dropped EXE
-
\??\c:\xfrfffr.exec:\xfrfffr.exe25⤵
- Executes dropped EXE
-
\??\c:\btbhnb.exec:\btbhnb.exe26⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe27⤵
- Executes dropped EXE
-
\??\c:\5hnntb.exec:\5hnntb.exe28⤵
- Executes dropped EXE
-
\??\c:\xxrxlxr.exec:\xxrxlxr.exe29⤵
- Executes dropped EXE
-
\??\c:\1nbnth.exec:\1nbnth.exe30⤵
- Executes dropped EXE
-
\??\c:\rxxfrrl.exec:\rxxfrrl.exe31⤵
- Executes dropped EXE
-
\??\c:\7hhbhh.exec:\7hhbhh.exe32⤵
- Executes dropped EXE
-
\??\c:\5lflxxl.exec:\5lflxxl.exe33⤵
- Executes dropped EXE
-
\??\c:\hhhnnb.exec:\hhhnnb.exe34⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe35⤵
- Executes dropped EXE
-
\??\c:\ffffxxr.exec:\ffffxxr.exe36⤵
- Executes dropped EXE
-
\??\c:\hhtbnn.exec:\hhtbnn.exe37⤵
- Executes dropped EXE
-
\??\c:\jjvdj.exec:\jjvdj.exe38⤵
- Executes dropped EXE
-
\??\c:\7fxrlxr.exec:\7fxrlxr.exe39⤵
- Executes dropped EXE
-
\??\c:\lllxlrf.exec:\lllxlrf.exe40⤵
- Executes dropped EXE
-
\??\c:\1bhnhb.exec:\1bhnhb.exe41⤵
- Executes dropped EXE
-
\??\c:\7jvvd.exec:\7jvvd.exe42⤵
- Executes dropped EXE
-
\??\c:\5fxlrrx.exec:\5fxlrrx.exe43⤵
- Executes dropped EXE
-
\??\c:\nnhhnn.exec:\nnhhnn.exe44⤵
- Executes dropped EXE
-
\??\c:\9dpjj.exec:\9dpjj.exe45⤵
- Executes dropped EXE
-
\??\c:\vvvdp.exec:\vvvdp.exe46⤵
- Executes dropped EXE
-
\??\c:\lrlxlrf.exec:\lrlxlrf.exe47⤵
- Executes dropped EXE
-
\??\c:\bbnnbh.exec:\bbnnbh.exe48⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe49⤵
- Executes dropped EXE
-
\??\c:\ppjvp.exec:\ppjvp.exe50⤵
- Executes dropped EXE
-
\??\c:\lllrlrf.exec:\lllrlrf.exe51⤵
- Executes dropped EXE
-
\??\c:\7htnbh.exec:\7htnbh.exe52⤵
- Executes dropped EXE
-
\??\c:\jddpv.exec:\jddpv.exe53⤵
- Executes dropped EXE
-
\??\c:\jjjpd.exec:\jjjpd.exe54⤵
- Executes dropped EXE
-
\??\c:\llxlxll.exec:\llxlxll.exe55⤵
- Executes dropped EXE
-
\??\c:\ttnthh.exec:\ttnthh.exe56⤵
- Executes dropped EXE
-
\??\c:\3dpjp.exec:\3dpjp.exe57⤵
- Executes dropped EXE
-
\??\c:\3rxfllr.exec:\3rxfllr.exe58⤵
- Executes dropped EXE
-
\??\c:\xfxlrxl.exec:\xfxlrxl.exe59⤵
- Executes dropped EXE
-
\??\c:\9bbhnt.exec:\9bbhnt.exe60⤵
- Executes dropped EXE
-
\??\c:\dvjvj.exec:\dvjvj.exe61⤵
- Executes dropped EXE
-
\??\c:\rfflrrf.exec:\rfflrrf.exe62⤵
- Executes dropped EXE
-
\??\c:\hhbhhn.exec:\hhbhhn.exe63⤵
- Executes dropped EXE
-
\??\c:\3btbhh.exec:\3btbhh.exe64⤵
- Executes dropped EXE
-
\??\c:\vvppp.exec:\vvppp.exe65⤵
- Executes dropped EXE
-
\??\c:\lrrxlxr.exec:\lrrxlxr.exe66⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe67⤵
-
\??\c:\tnhtnt.exec:\tnhtnt.exe68⤵
-
\??\c:\djvjv.exec:\djvjv.exe69⤵
-
\??\c:\1lrlrrx.exec:\1lrlrrx.exe70⤵
-
\??\c:\3nnthh.exec:\3nnthh.exe71⤵
-
\??\c:\9bbhbt.exec:\9bbhbt.exe72⤵
-
\??\c:\9vvjv.exec:\9vvjv.exe73⤵
-
\??\c:\xffllxx.exec:\xffllxx.exe74⤵
-
\??\c:\1bthtn.exec:\1bthtn.exe75⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe76⤵
-
\??\c:\3vddd.exec:\3vddd.exe77⤵
-
\??\c:\xrlrxff.exec:\xrlrxff.exe78⤵
-
\??\c:\ttbtbb.exec:\ttbtbb.exe79⤵
-
\??\c:\hhthtb.exec:\hhthtb.exe80⤵
-
\??\c:\9jpdd.exec:\9jpdd.exe81⤵
-
\??\c:\7rrlxfx.exec:\7rrlxfx.exe82⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe83⤵
-
\??\c:\3htbnt.exec:\3htbnt.exe84⤵
-
\??\c:\vjjjp.exec:\vjjjp.exe85⤵
-
\??\c:\rxxxrxx.exec:\rxxxrxx.exe86⤵
-
\??\c:\hbhhbh.exec:\hbhhbh.exe87⤵
-
\??\c:\tnnthn.exec:\tnnthn.exe88⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe89⤵
-
\??\c:\rlxfrrf.exec:\rlxfrrf.exe90⤵
-
\??\c:\9fllrrf.exec:\9fllrrf.exe91⤵
-
\??\c:\3bhntb.exec:\3bhntb.exe92⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe93⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe94⤵
-
\??\c:\5rlxflx.exec:\5rlxflx.exe95⤵
-
\??\c:\hbbnht.exec:\hbbnht.exe96⤵
-
\??\c:\nnhhhn.exec:\nnhhhn.exe97⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe98⤵
-
\??\c:\3rffxlx.exec:\3rffxlx.exe99⤵
-
\??\c:\3bbhtb.exec:\3bbhtb.exe100⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe101⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe102⤵
-
\??\c:\3xrlxrf.exec:\3xrlxrf.exe103⤵
-
\??\c:\hbnbnn.exec:\hbnbnn.exe104⤵
-
\??\c:\nnhnhh.exec:\nnhnhh.exe105⤵
-
\??\c:\dddpd.exec:\dddpd.exe106⤵
-
\??\c:\3lxfrff.exec:\3lxfrff.exe107⤵
-
\??\c:\lfflffr.exec:\lfflffr.exe108⤵
-
\??\c:\5nhhnt.exec:\5nhhnt.exe109⤵
-
\??\c:\pppvp.exec:\pppvp.exe110⤵
-
\??\c:\7lflxlx.exec:\7lflxlx.exe111⤵
-
\??\c:\xrflxll.exec:\xrflxll.exe112⤵
-
\??\c:\ntbtnb.exec:\ntbtnb.exe113⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe114⤵
-
\??\c:\llfrlrf.exec:\llfrlrf.exe115⤵
-
\??\c:\bnhnbb.exec:\bnhnbb.exe116⤵
-
\??\c:\hhbtbh.exec:\hhbtbh.exe117⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe118⤵
-
\??\c:\xxrrffr.exec:\xxrrffr.exe119⤵
-
\??\c:\bbtbtt.exec:\bbtbtt.exe120⤵
-
\??\c:\bbnbnn.exec:\bbnbnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-