Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
11/05/2024, 21:33
General
-
Target
3cd22027ffacbd5314c1cfc65c654930_NeikiAnalytics.exe
-
Size
79KB
-
MD5
3cd22027ffacbd5314c1cfc65c654930
-
SHA1
fc165859ee79d09e83d4e9a98b294e5048da7c80
-
SHA256
ec65aea2d1c57d693cc39b9658f44fa3e507f5099ce2d7a5ae63aa8648707ca8
-
SHA512
c288659a13c57065a62cab294740f715aaae9aa7c5ee6edd74dc7d3cd48b67889484d36a4f138e867adedb22f27a1c189c02692f5fd25eed74a7588ac6e055b8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDWiekja1br3GGBxfot3e2ke:ymb3NkkiQ3mdBjFWXkj7afoI2r
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3cd22027ffacbd5314c1cfc65c654930_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3cd22027ffacbd5314c1cfc65c654930_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhnbt.exec:\bhhnbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a8600.exec:\a8600.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\028480.exec:\028480.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s6204.exec:\s6204.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnntt.exec:\tnnntt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbth.exec:\nbhbth.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbtb.exec:\hthbtb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4622888.exec:\4622888.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhhh.exec:\thhhhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\262822.exec:\262822.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\284828.exec:\284828.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvp.exec:\ppvvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m2826.exec:\m2826.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjd.exec:\vjjjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a2444.exec:\a2444.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllxfx.exec:\rfllxfx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrflr.exec:\xxxrflr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6426042.exec:\6426042.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxrlfx.exec:\7fxrlfx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllrrff.exec:\lllrrff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbb.exec:\nhhhbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\240044.exec:\240044.exe23⤵
- Executes dropped EXE
-
\??\c:\868282.exec:\868282.exe24⤵
- Executes dropped EXE
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe25⤵
- Executes dropped EXE
-
\??\c:\4288260.exec:\4288260.exe26⤵
- Executes dropped EXE
-
\??\c:\40260.exec:\40260.exe27⤵
- Executes dropped EXE
-
\??\c:\44420.exec:\44420.exe28⤵
- Executes dropped EXE
-
\??\c:\8680220.exec:\8680220.exe29⤵
- Executes dropped EXE
-
\??\c:\8848600.exec:\8848600.exe30⤵
- Executes dropped EXE
-
\??\c:\s6604.exec:\s6604.exe31⤵
- Executes dropped EXE
-
\??\c:\pjdpv.exec:\pjdpv.exe32⤵
- Executes dropped EXE
-
\??\c:\7bbthb.exec:\7bbthb.exe33⤵
- Executes dropped EXE
-
\??\c:\1xxrffx.exec:\1xxrffx.exe34⤵
- Executes dropped EXE
-
\??\c:\tbhhtt.exec:\tbhhtt.exe35⤵
- Executes dropped EXE
-
\??\c:\e28266.exec:\e28266.exe36⤵
- Executes dropped EXE
-
\??\c:\k02260.exec:\k02260.exe37⤵
- Executes dropped EXE
-
\??\c:\ddjdj.exec:\ddjdj.exe38⤵
- Executes dropped EXE
-
\??\c:\vjjvj.exec:\vjjvj.exe39⤵
- Executes dropped EXE
-
\??\c:\pdvvj.exec:\pdvvj.exe40⤵
- Executes dropped EXE
-
\??\c:\3ffxfxr.exec:\3ffxfxr.exe41⤵
- Executes dropped EXE
-
\??\c:\flllxxr.exec:\flllxxr.exe42⤵
- Executes dropped EXE
-
\??\c:\9btnbt.exec:\9btnbt.exe43⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe44⤵
- Executes dropped EXE
-
\??\c:\fxxllxx.exec:\fxxllxx.exe45⤵
- Executes dropped EXE
-
\??\c:\bhhntn.exec:\bhhntn.exe46⤵
- Executes dropped EXE
-
\??\c:\bntnbt.exec:\bntnbt.exe47⤵
- Executes dropped EXE
-
\??\c:\4464226.exec:\4464226.exe48⤵
- Executes dropped EXE
-
\??\c:\o404226.exec:\o404226.exe49⤵
- Executes dropped EXE
-
\??\c:\rrxlxlf.exec:\rrxlxlf.exe50⤵
- Executes dropped EXE
-
\??\c:\9hbtnn.exec:\9hbtnn.exe51⤵
- Executes dropped EXE
-
\??\c:\06260.exec:\06260.exe52⤵
- Executes dropped EXE
-
\??\c:\i008604.exec:\i008604.exe53⤵
- Executes dropped EXE
-
\??\c:\i242660.exec:\i242660.exe54⤵
- Executes dropped EXE
-
\??\c:\i804826.exec:\i804826.exe55⤵
- Executes dropped EXE
-
\??\c:\4888660.exec:\4888660.exe56⤵
- Executes dropped EXE
-
\??\c:\2048204.exec:\2048204.exe57⤵
- Executes dropped EXE
-
\??\c:\thbttn.exec:\thbttn.exe58⤵
- Executes dropped EXE
-
\??\c:\488268.exec:\488268.exe59⤵
- Executes dropped EXE
-
\??\c:\m0260.exec:\m0260.exe60⤵
- Executes dropped EXE
-
\??\c:\9hhtbb.exec:\9hhtbb.exe61⤵
- Executes dropped EXE
-
\??\c:\xxrlrlx.exec:\xxrlrlx.exe62⤵
- Executes dropped EXE
-
\??\c:\0860006.exec:\0860006.exe63⤵
- Executes dropped EXE
-
\??\c:\4226448.exec:\4226448.exe64⤵
- Executes dropped EXE
-
\??\c:\lrrfxxr.exec:\lrrfxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\bthhtt.exec:\bthhtt.exe66⤵
-
\??\c:\lrrlfxx.exec:\lrrlfxx.exe67⤵
-
\??\c:\c240642.exec:\c240642.exe68⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe69⤵
-
\??\c:\424426.exec:\424426.exe70⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe71⤵
-
\??\c:\e24804.exec:\e24804.exe72⤵
-
\??\c:\ddpdv.exec:\ddpdv.exe73⤵
-
\??\c:\fxxfxfr.exec:\fxxfxfr.exe74⤵
-
\??\c:\684600.exec:\684600.exe75⤵
-
\??\c:\ddddd.exec:\ddddd.exe76⤵
-
\??\c:\xxxrxxx.exec:\xxxrxxx.exe77⤵
-
\??\c:\nnnbht.exec:\nnnbht.exe78⤵
-
\??\c:\822884.exec:\822884.exe79⤵
-
\??\c:\q20048.exec:\q20048.exe80⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe81⤵
-
\??\c:\a6662.exec:\a6662.exe82⤵
-
\??\c:\xllfrrl.exec:\xllfrrl.exe83⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe84⤵
-
\??\c:\60424.exec:\60424.exe85⤵
-
\??\c:\tnhtnn.exec:\tnhtnn.exe86⤵
-
\??\c:\djpvp.exec:\djpvp.exe87⤵
-
\??\c:\w42846.exec:\w42846.exe88⤵
-
\??\c:\hhhtnn.exec:\hhhtnn.exe89⤵
-
\??\c:\httntt.exec:\httntt.exe90⤵
-
\??\c:\44264.exec:\44264.exe91⤵
-
\??\c:\280448.exec:\280448.exe92⤵
-
\??\c:\jjddp.exec:\jjddp.exe93⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe94⤵
-
\??\c:\k62626.exec:\k62626.exe95⤵
-
\??\c:\206022.exec:\206022.exe96⤵
-
\??\c:\4048608.exec:\4048608.exe97⤵
-
\??\c:\c448260.exec:\c448260.exe98⤵
-
\??\c:\26826.exec:\26826.exe99⤵
-
\??\c:\244266.exec:\244266.exe100⤵
-
\??\c:\xfxxxrx.exec:\xfxxxrx.exe101⤵
-
\??\c:\0842082.exec:\0842082.exe102⤵
-
\??\c:\a6260.exec:\a6260.exe103⤵
-
\??\c:\04620.exec:\04620.exe104⤵
-
\??\c:\lxfxxrf.exec:\lxfxxrf.exe105⤵
-
\??\c:\1ffxrrl.exec:\1ffxrrl.exe106⤵
-
\??\c:\pdppj.exec:\pdppj.exe107⤵
-
\??\c:\42604.exec:\42604.exe108⤵
-
\??\c:\w66046.exec:\w66046.exe109⤵
-
\??\c:\e08866.exec:\e08866.exe110⤵
-
\??\c:\00608.exec:\00608.exe111⤵
-
\??\c:\48486.exec:\48486.exe112⤵
-
\??\c:\422086.exec:\422086.exe113⤵
-
\??\c:\668644.exec:\668644.exe114⤵
-
\??\c:\bbthbb.exec:\bbthbb.exe115⤵
-
\??\c:\4004826.exec:\4004826.exe116⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe117⤵
-
\??\c:\08040.exec:\08040.exe118⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe119⤵
-
\??\c:\a6668.exec:\a6668.exe120⤵
-
\??\c:\428248.exec:\428248.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-