Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
10/05/2024, 21:04
General
-
Target
04126c7ea86c6e4bd4eeb1c1bb76ab20_NeikiAnalytics.exe
-
Size
386KB
-
MD5
04126c7ea86c6e4bd4eeb1c1bb76ab20
-
SHA1
32a03d9db20f3f9882e3ebff7eb312eef0cba6ca
-
SHA256
787be39de0f4656ebb9786c640468107462e1bae0e7c5e2765d6fa11d0ab0991
-
SHA512
9401fb71cf37e28e37083bb579f9024171899f8ea729406ea38564571f2057a5c1080d53c3cc8d60102c904de9fbdd1cc15f947dd3c899b2dc8d91838093d519
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwthl:n3C9uYA7okVqdKwaO5CVMhl
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\04126c7ea86c6e4bd4eeb1c1bb76ab20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\04126c7ea86c6e4bd4eeb1c1bb76ab20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tththb.exec:\tththb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvd.exec:\ppjvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9htntn.exec:\9htntn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpd.exec:\dvjpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rlxlxl.exec:\9rlxlxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjp.exec:\dvdjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxrrf.exec:\xfxxrrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnthn.exec:\ttnthn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jpvd.exec:\1jpvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthnt.exec:\hhthnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhbh.exec:\hhbhbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jjpv.exec:\3jjpv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbtb.exec:\hthbtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppp.exec:\jdppp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlfrl.exec:\rxrlfrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vjvj.exec:\9vjvj.exe17⤵
- Executes dropped EXE
-
\??\c:\ddvvd.exec:\ddvvd.exe18⤵
- Executes dropped EXE
-
\??\c:\3vpdp.exec:\3vpdp.exe19⤵
- Executes dropped EXE
-
\??\c:\jpppv.exec:\jpppv.exe20⤵
- Executes dropped EXE
-
\??\c:\tthtbt.exec:\tthtbt.exe21⤵
- Executes dropped EXE
-
\??\c:\5pddj.exec:\5pddj.exe22⤵
- Executes dropped EXE
-
\??\c:\1frlrrf.exec:\1frlrrf.exe23⤵
- Executes dropped EXE
-
\??\c:\1tnthn.exec:\1tnthn.exe24⤵
- Executes dropped EXE
-
\??\c:\1rrrxfl.exec:\1rrrxfl.exe25⤵
- Executes dropped EXE
-
\??\c:\1tthnn.exec:\1tthnn.exe26⤵
- Executes dropped EXE
-
\??\c:\7dvvd.exec:\7dvvd.exe27⤵
- Executes dropped EXE
-
\??\c:\xfxlrxx.exec:\xfxlrxx.exe28⤵
- Executes dropped EXE
-
\??\c:\hbntbb.exec:\hbntbb.exe29⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe30⤵
- Executes dropped EXE
-
\??\c:\xxxfrrf.exec:\xxxfrrf.exe31⤵
- Executes dropped EXE
-
\??\c:\bthtbh.exec:\bthtbh.exe32⤵
- Executes dropped EXE
-
\??\c:\9vjpp.exec:\9vjpp.exe33⤵
- Executes dropped EXE
-
\??\c:\rxrlrlx.exec:\rxrlrlx.exe34⤵
-
\??\c:\btnntt.exec:\btnntt.exe35⤵
- Executes dropped EXE
-
\??\c:\5pddj.exec:\5pddj.exe36⤵
- Executes dropped EXE
-
\??\c:\ffrlfll.exec:\ffrlfll.exe37⤵
- Executes dropped EXE
-
\??\c:\xrlfrxf.exec:\xrlfrxf.exe38⤵
- Executes dropped EXE
-
\??\c:\nbnbbt.exec:\nbnbbt.exe39⤵
- Executes dropped EXE
-
\??\c:\5jpvv.exec:\5jpvv.exe40⤵
- Executes dropped EXE
-
\??\c:\5lrflrr.exec:\5lrflrr.exe41⤵
- Executes dropped EXE
-
\??\c:\nnbthn.exec:\nnbthn.exe42⤵
- Executes dropped EXE
-
\??\c:\nttnnh.exec:\nttnnh.exe43⤵
- Executes dropped EXE
-
\??\c:\djddp.exec:\djddp.exe44⤵
- Executes dropped EXE
-
\??\c:\3lfrffr.exec:\3lfrffr.exe45⤵
- Executes dropped EXE
-
\??\c:\tnbttn.exec:\tnbttn.exe46⤵
- Executes dropped EXE
-
\??\c:\nbhntb.exec:\nbhntb.exe47⤵
- Executes dropped EXE
-
\??\c:\pppvd.exec:\pppvd.exe48⤵
- Executes dropped EXE
-
\??\c:\lflrxfr.exec:\lflrxfr.exe49⤵
- Executes dropped EXE
-
\??\c:\tntthn.exec:\tntthn.exe50⤵
- Executes dropped EXE
-
\??\c:\7ttbnt.exec:\7ttbnt.exe51⤵
- Executes dropped EXE
-
\??\c:\jpjjv.exec:\jpjjv.exe52⤵
- Executes dropped EXE
-
\??\c:\7fxlrxl.exec:\7fxlrxl.exe53⤵
- Executes dropped EXE
-
\??\c:\nbnnnt.exec:\nbnnnt.exe54⤵
- Executes dropped EXE
-
\??\c:\vddvj.exec:\vddvj.exe55⤵
- Executes dropped EXE
-
\??\c:\frflffl.exec:\frflffl.exe56⤵
- Executes dropped EXE
-
\??\c:\lfxfrxl.exec:\lfxfrxl.exe57⤵
- Executes dropped EXE
-
\??\c:\7tntbb.exec:\7tntbb.exe58⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe59⤵
- Executes dropped EXE
-
\??\c:\lllrflx.exec:\lllrflx.exe60⤵
- Executes dropped EXE
-
\??\c:\hbnbht.exec:\hbnbht.exe61⤵
- Executes dropped EXE
-
\??\c:\1bbntb.exec:\1bbntb.exe62⤵
- Executes dropped EXE
-
\??\c:\5dppd.exec:\5dppd.exe63⤵
- Executes dropped EXE
-
\??\c:\rlflxfx.exec:\rlflxfx.exe64⤵
- Executes dropped EXE
-
\??\c:\nnnthn.exec:\nnnthn.exe65⤵
- Executes dropped EXE
-
\??\c:\hbthnt.exec:\hbthnt.exe66⤵
- Executes dropped EXE
-
\??\c:\jvvdd.exec:\jvvdd.exe67⤵
-
\??\c:\5rflrrx.exec:\5rflrrx.exe68⤵
-
\??\c:\xxflxxl.exec:\xxflxxl.exe69⤵
-
\??\c:\ththnt.exec:\ththnt.exe70⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe71⤵
-
\??\c:\fxrxllx.exec:\fxrxllx.exe72⤵
-
\??\c:\fxrfxxl.exec:\fxrfxxl.exe73⤵
-
\??\c:\bbhtth.exec:\bbhtth.exe74⤵
-
\??\c:\7pjjp.exec:\7pjjp.exe75⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe76⤵
-
\??\c:\5xrxflr.exec:\5xrxflr.exe77⤵
-
\??\c:\ttnhtb.exec:\ttnhtb.exe78⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe79⤵
-
\??\c:\xxlrrff.exec:\xxlrrff.exe80⤵
-
\??\c:\llrlxll.exec:\llrlxll.exe81⤵
-
\??\c:\1hhnbb.exec:\1hhnbb.exe82⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe83⤵
-
\??\c:\fxxlrxf.exec:\fxxlrxf.exe84⤵
-
\??\c:\hhbbhh.exec:\hhbbhh.exe85⤵
-
\??\c:\ttnthh.exec:\ttnthh.exe86⤵
-
\??\c:\1pddd.exec:\1pddd.exe87⤵
-
\??\c:\rrfflrx.exec:\rrfflrx.exe88⤵
-
\??\c:\thbhtb.exec:\thbhtb.exe89⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe90⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe91⤵
-
\??\c:\lrrlxlf.exec:\lrrlxlf.exe92⤵
-
\??\c:\hhnntb.exec:\hhnntb.exe93⤵
-
\??\c:\vppvp.exec:\vppvp.exe94⤵
-
\??\c:\xrrrffr.exec:\xrrrffr.exe95⤵
-
\??\c:\5ntbnn.exec:\5ntbnn.exe96⤵
-
\??\c:\5djjp.exec:\5djjp.exe97⤵
-
\??\c:\dddpj.exec:\dddpj.exe98⤵
-
\??\c:\xrfrflx.exec:\xrfrflx.exe99⤵
-
\??\c:\fxxfrxr.exec:\fxxfrxr.exe100⤵
-
\??\c:\hbthtt.exec:\hbthtt.exe101⤵
-
\??\c:\vpddp.exec:\vpddp.exe102⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe103⤵
-
\??\c:\fxlrxxl.exec:\fxlrxxl.exe104⤵
-
\??\c:\hnhhnt.exec:\hnhhnt.exe105⤵
-
\??\c:\5hnhtb.exec:\5hnhtb.exe106⤵
-
\??\c:\7vjvd.exec:\7vjvd.exe107⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe108⤵
-
\??\c:\ffxfxfx.exec:\ffxfxfx.exe109⤵
-
\??\c:\nnbbnt.exec:\nnbbnt.exe110⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe111⤵
-
\??\c:\9jdpd.exec:\9jdpd.exe112⤵
-
\??\c:\rlxfrrf.exec:\rlxfrrf.exe113⤵
-
\??\c:\tnhtnn.exec:\tnhtnn.exe114⤵
-
\??\c:\tbbhbh.exec:\tbbhbh.exe115⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe116⤵
-
\??\c:\fffrfxl.exec:\fffrfxl.exe117⤵
-
\??\c:\1rllrfl.exec:\1rllrfl.exe118⤵
-
\??\c:\bbhnbh.exec:\bbhnbh.exe119⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe120⤵
-
\??\c:\5pjdj.exec:\5pjdj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-