Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
10/05/2024, 21:04
General
-
Target
04126c7ea86c6e4bd4eeb1c1bb76ab20_NeikiAnalytics.exe
-
Size
386KB
-
MD5
04126c7ea86c6e4bd4eeb1c1bb76ab20
-
SHA1
32a03d9db20f3f9882e3ebff7eb312eef0cba6ca
-
SHA256
787be39de0f4656ebb9786c640468107462e1bae0e7c5e2765d6fa11d0ab0991
-
SHA512
9401fb71cf37e28e37083bb579f9024171899f8ea729406ea38564571f2057a5c1080d53c3cc8d60102c904de9fbdd1cc15f947dd3c899b2dc8d91838093d519
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwthl:n3C9uYA7okVqdKwaO5CVMhl
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\04126c7ea86c6e4bd4eeb1c1bb76ab20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\04126c7ea86c6e4bd4eeb1c1bb76ab20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjv.exec:\vppjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntttt.exec:\tntttt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pdjj.exec:\9pdjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lfxrxf.exec:\3lfxrxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbtn.exec:\nntbtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjd.exec:\jddjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlrflx.exec:\lrlrflx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnhh.exec:\nhnnhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdv.exec:\djjdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxflllf.exec:\lxflllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpdd.exec:\pvpdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fffllf.exec:\7fffllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llfxxr.exec:\9llfxxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nnhbt.exec:\7nnhbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpdv.exec:\jjpdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfffff.exec:\lxfffff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxxxx.exec:\rxfxxxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttbtn.exec:\tttbtn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddv.exec:\jvddv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrxlxf.exec:\lxrxlxf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btntnn.exec:\btntnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbbh.exec:\bthbbh.exe23⤵
- Executes dropped EXE
-
\??\c:\jjjdj.exec:\jjjdj.exe24⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe25⤵
- Executes dropped EXE
-
\??\c:\5lrffll.exec:\5lrffll.exe26⤵
- Executes dropped EXE
-
\??\c:\3ddvv.exec:\3ddvv.exe27⤵
- Executes dropped EXE
-
\??\c:\flrllll.exec:\flrllll.exe28⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe29⤵
- Executes dropped EXE
-
\??\c:\fffxrrl.exec:\fffxrrl.exe30⤵
- Executes dropped EXE
-
\??\c:\bbbtnh.exec:\bbbtnh.exe31⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe32⤵
- Executes dropped EXE
-
\??\c:\rlxrrrl.exec:\rlxrrrl.exe33⤵
- Executes dropped EXE
-
\??\c:\nnnnnn.exec:\nnnnnn.exe34⤵
- Executes dropped EXE
-
\??\c:\jjjjd.exec:\jjjjd.exe35⤵
- Executes dropped EXE
-
\??\c:\frffllf.exec:\frffllf.exe36⤵
- Executes dropped EXE
-
\??\c:\7bnhtt.exec:\7bnhtt.exe37⤵
- Executes dropped EXE
-
\??\c:\pvjpp.exec:\pvjpp.exe38⤵
- Executes dropped EXE
-
\??\c:\3xxrfxr.exec:\3xxrfxr.exe39⤵
- Executes dropped EXE
-
\??\c:\rllxfrr.exec:\rllxfrr.exe40⤵
- Executes dropped EXE
-
\??\c:\1thtth.exec:\1thtth.exe41⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe42⤵
- Executes dropped EXE
-
\??\c:\7ffxffl.exec:\7ffxffl.exe43⤵
- Executes dropped EXE
-
\??\c:\fxxxrrf.exec:\fxxxrrf.exe44⤵
- Executes dropped EXE
-
\??\c:\nhnnhh.exec:\nhnnhh.exe45⤵
- Executes dropped EXE
-
\??\c:\5vvpj.exec:\5vvpj.exe46⤵
- Executes dropped EXE
-
\??\c:\lffxrll.exec:\lffxrll.exe47⤵
- Executes dropped EXE
-
\??\c:\nnhtbn.exec:\nnhtbn.exe48⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe49⤵
- Executes dropped EXE
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe50⤵
- Executes dropped EXE
-
\??\c:\hbnhbb.exec:\hbnhbb.exe51⤵
- Executes dropped EXE
-
\??\c:\vvdpj.exec:\vvdpj.exe52⤵
- Executes dropped EXE
-
\??\c:\lrxlllf.exec:\lrxlllf.exe53⤵
- Executes dropped EXE
-
\??\c:\5rxrlfl.exec:\5rxrlfl.exe54⤵
- Executes dropped EXE
-
\??\c:\1bttnn.exec:\1bttnn.exe55⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe56⤵
- Executes dropped EXE
-
\??\c:\xxrllfr.exec:\xxrllfr.exe57⤵
- Executes dropped EXE
-
\??\c:\lrflrrx.exec:\lrflrrx.exe58⤵
- Executes dropped EXE
-
\??\c:\ttbbbb.exec:\ttbbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\vvjdd.exec:\vvjdd.exe60⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe61⤵
- Executes dropped EXE
-
\??\c:\fffxlrl.exec:\fffxlrl.exe62⤵
- Executes dropped EXE
-
\??\c:\9nhnnt.exec:\9nhnnt.exe63⤵
- Executes dropped EXE
-
\??\c:\hbnhbb.exec:\hbnhbb.exe64⤵
- Executes dropped EXE
-
\??\c:\9jjdv.exec:\9jjdv.exe65⤵
- Executes dropped EXE
-
\??\c:\rxlllll.exec:\rxlllll.exe66⤵
-
\??\c:\tnhhbh.exec:\tnhhbh.exe67⤵
-
\??\c:\nhhhbh.exec:\nhhhbh.exe68⤵
-
\??\c:\9djdj.exec:\9djdj.exe69⤵
-
\??\c:\rlxxlll.exec:\rlxxlll.exe70⤵
-
\??\c:\lxfxllf.exec:\lxfxllf.exe71⤵
-
\??\c:\7hnntb.exec:\7hnntb.exe72⤵
-
\??\c:\nnbtbb.exec:\nnbtbb.exe73⤵
-
\??\c:\3bnhhh.exec:\3bnhhh.exe74⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe75⤵
-
\??\c:\rrrlrff.exec:\rrrlrff.exe76⤵
-
\??\c:\bnnbbb.exec:\bnnbbb.exe77⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe78⤵
-
\??\c:\fxlfllf.exec:\fxlfllf.exe79⤵
-
\??\c:\xrlxlrl.exec:\xrlxlrl.exe80⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe81⤵
-
\??\c:\5vdvv.exec:\5vdvv.exe82⤵
-
\??\c:\fxxrxrr.exec:\fxxrxrr.exe83⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe84⤵
-
\??\c:\bnbbhn.exec:\bnbbhn.exe85⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe86⤵
-
\??\c:\frffffl.exec:\frffffl.exe87⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe88⤵
-
\??\c:\vdppj.exec:\vdppj.exe89⤵
-
\??\c:\pvjvd.exec:\pvjvd.exe90⤵
-
\??\c:\rrlfllx.exec:\rrlfllx.exe91⤵
-
\??\c:\btbbbt.exec:\btbbbt.exe92⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe93⤵
-
\??\c:\7pppj.exec:\7pppj.exe94⤵
-
\??\c:\5flxrrl.exec:\5flxrrl.exe95⤵
-
\??\c:\rrlfxrl.exec:\rrlfxrl.exe96⤵
-
\??\c:\9nbtnt.exec:\9nbtnt.exe97⤵
-
\??\c:\djvpp.exec:\djvpp.exe98⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe99⤵
-
\??\c:\rllflfr.exec:\rllflfr.exe100⤵
-
\??\c:\hhbbbt.exec:\hhbbbt.exe101⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe102⤵
-
\??\c:\5jpjd.exec:\5jpjd.exe103⤵
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe104⤵
-
\??\c:\bbtttt.exec:\bbtttt.exe105⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe106⤵
-
\??\c:\xxfxrlx.exec:\xxfxrlx.exe107⤵
-
\??\c:\3hthbt.exec:\3hthbt.exe108⤵
-
\??\c:\bnttnt.exec:\bnttnt.exe109⤵
-
\??\c:\vjppp.exec:\vjppp.exe110⤵
-
\??\c:\lfrlllf.exec:\lfrlllf.exe111⤵
-
\??\c:\tntnnh.exec:\tntnnh.exe112⤵
-
\??\c:\tbhhbn.exec:\tbhhbn.exe113⤵
-
\??\c:\djddd.exec:\djddd.exe114⤵
-
\??\c:\lrrxlxr.exec:\lrrxlxr.exe115⤵
-
\??\c:\bhhhbb.exec:\bhhhbb.exe116⤵
-
\??\c:\hbnbtb.exec:\hbnbtb.exe117⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe118⤵
-
\??\c:\rffxrlf.exec:\rffxrlf.exe119⤵
-
\??\c:\rfllffx.exec:\rfllffx.exe120⤵
-
\??\c:\tnbtnh.exec:\tnbtnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-