Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
157s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
11/05/2024, 04:18
General
-
Target
7ae66d6d27607ddbb8e1fa885a6b5bd0_NeikiAnalytics.exe
-
Size
210KB
-
MD5
7ae66d6d27607ddbb8e1fa885a6b5bd0
-
SHA1
4d89a67232429ee882bbd556892c53fb38eb4bfb
-
SHA256
c4c9872760cd660d0c47330b67e908cafab8fbee9b5c83eaa2b6f9ab808119f5
-
SHA512
030f0caa8ec2b0dfb82c5a3ce2ddd713fa5c7fefb63410d4440bac0b9dbe7458367779109f85d0ec875e082cc5f964f52be6c7d2e4483b0ea810951bdcc2a18e
-
SSDEEP
1536:wvQBeOGtrYSSsrc93UBIfdC67m6AJiqQfg3Cip8iXAsG5M0h:whOm2sI93UufdC67cizfmCiiiXAd
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 63 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7ae66d6d27607ddbb8e1fa885a6b5bd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7ae66d6d27607ddbb8e1fa885a6b5bd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\w29qhc.exec:\w29qhc.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a3985.exec:\a3985.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\30oum.exec:\30oum.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x975eeh.exec:\x975eeh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h6p1x13.exec:\h6p1x13.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\761c5v.exec:\761c5v.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\76mmko4.exec:\76mmko4.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\162lani.exec:\162lani.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\125g75.exec:\125g75.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i0q0qs8.exec:\i0q0qs8.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w0xqu.exec:\w0xqu.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7wngb63.exec:\7wngb63.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9430kbp.exec:\9430kbp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f3o849.exec:\f3o849.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hh5n03.exec:\hh5n03.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k5bu1u9.exec:\k5bu1u9.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0tb66.exec:\0tb66.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ajs8i2.exec:\ajs8i2.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\92f3d.exec:\92f3d.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0sa41.exec:\0sa41.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0x5tu0s.exec:\0x5tu0s.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ecv07n3.exec:\ecv07n3.exe23⤵
- Executes dropped EXE
-
\??\c:\381838d.exec:\381838d.exe24⤵
- Executes dropped EXE
-
\??\c:\i9751o.exec:\i9751o.exe25⤵
- Executes dropped EXE
-
\??\c:\pa21fi3.exec:\pa21fi3.exe26⤵
- Executes dropped EXE
-
\??\c:\9s6n6h.exec:\9s6n6h.exe27⤵
- Executes dropped EXE
-
\??\c:\u77019s.exec:\u77019s.exe28⤵
- Executes dropped EXE
-
\??\c:\gpgpq.exec:\gpgpq.exe29⤵
- Executes dropped EXE
-
\??\c:\7mb3nd.exec:\7mb3nd.exe30⤵
- Executes dropped EXE
-
\??\c:\dueov.exec:\dueov.exe31⤵
- Executes dropped EXE
-
\??\c:\17gmp.exec:\17gmp.exe32⤵
- Executes dropped EXE
-
\??\c:\53r3d1.exec:\53r3d1.exe33⤵
- Executes dropped EXE
-
\??\c:\00ox3.exec:\00ox3.exe34⤵
- Executes dropped EXE
-
\??\c:\5ri11.exec:\5ri11.exe35⤵
- Executes dropped EXE
-
\??\c:\69q00.exec:\69q00.exe36⤵
-
\??\c:\07p6e6l.exec:\07p6e6l.exe37⤵
- Executes dropped EXE
-
\??\c:\x9out3o.exec:\x9out3o.exe38⤵
- Executes dropped EXE
-
\??\c:\7m31el.exec:\7m31el.exe39⤵
- Executes dropped EXE
-
\??\c:\9w141.exec:\9w141.exe40⤵
- Executes dropped EXE
-
\??\c:\t90fs10.exec:\t90fs10.exe41⤵
- Executes dropped EXE
-
\??\c:\7kt1lc7.exec:\7kt1lc7.exe42⤵
- Executes dropped EXE
-
\??\c:\x190x11.exec:\x190x11.exe43⤵
- Executes dropped EXE
-
\??\c:\iuk55n.exec:\iuk55n.exe44⤵
- Executes dropped EXE
-
\??\c:\68646.exec:\68646.exe45⤵
- Executes dropped EXE
-
\??\c:\15t8rc.exec:\15t8rc.exe46⤵
- Executes dropped EXE
-
\??\c:\t5413.exec:\t5413.exe47⤵
- Executes dropped EXE
-
\??\c:\26wxt.exec:\26wxt.exe48⤵
- Executes dropped EXE
-
\??\c:\4knu69.exec:\4knu69.exe49⤵
- Executes dropped EXE
-
\??\c:\e2t1m1.exec:\e2t1m1.exe50⤵
- Executes dropped EXE
-
\??\c:\im980.exec:\im980.exe51⤵
- Executes dropped EXE
-
\??\c:\90u72f.exec:\90u72f.exe52⤵
- Executes dropped EXE
-
\??\c:\sbw7k.exec:\sbw7k.exe53⤵
- Executes dropped EXE
-
\??\c:\8d2m9.exec:\8d2m9.exe54⤵
- Executes dropped EXE
-
\??\c:\834ihk9.exec:\834ihk9.exe55⤵
- Executes dropped EXE
-
\??\c:\2pk1q.exec:\2pk1q.exe56⤵
- Executes dropped EXE
-
\??\c:\i668617.exec:\i668617.exe57⤵
- Executes dropped EXE
-
\??\c:\6uo479o.exec:\6uo479o.exe58⤵
- Executes dropped EXE
-
\??\c:\4k7u1.exec:\4k7u1.exe59⤵
- Executes dropped EXE
-
\??\c:\pbbr3.exec:\pbbr3.exe60⤵
- Executes dropped EXE
-
\??\c:\3r7foi.exec:\3r7foi.exe61⤵
- Executes dropped EXE
-
\??\c:\7173w5n.exec:\7173w5n.exe62⤵
- Executes dropped EXE
-
\??\c:\rj09h3.exec:\rj09h3.exe63⤵
- Executes dropped EXE
-
\??\c:\42o87.exec:\42o87.exe64⤵
- Executes dropped EXE
-
\??\c:\644e79.exec:\644e79.exe65⤵
- Executes dropped EXE
-
\??\c:\n5qkd96.exec:\n5qkd96.exe66⤵
- Executes dropped EXE
-
\??\c:\j2thc7.exec:\j2thc7.exe67⤵
-
\??\c:\4bnipkc.exec:\4bnipkc.exe68⤵
-
\??\c:\uhrx3.exec:\uhrx3.exe69⤵
-
\??\c:\869w93.exec:\869w93.exe70⤵
-
\??\c:\271u6.exec:\271u6.exe71⤵
-
\??\c:\6fc79n.exec:\6fc79n.exe72⤵
-
\??\c:\036e3p.exec:\036e3p.exe73⤵
-
\??\c:\8f0xl.exec:\8f0xl.exe74⤵
-
\??\c:\w5am90.exec:\w5am90.exe75⤵
-
\??\c:\e5k279g.exec:\e5k279g.exe76⤵
-
\??\c:\636l41i.exec:\636l41i.exe77⤵
-
\??\c:\6ha8k.exec:\6ha8k.exe78⤵
-
\??\c:\i5u0d.exec:\i5u0d.exe79⤵
-
\??\c:\276p117.exec:\276p117.exe80⤵
-
\??\c:\5355w1.exec:\5355w1.exe81⤵
-
\??\c:\9n220r.exec:\9n220r.exe82⤵
-
\??\c:\sqw6261.exec:\sqw6261.exe83⤵
-
\??\c:\vt2646.exec:\vt2646.exe84⤵
-
\??\c:\gn853.exec:\gn853.exe85⤵
-
\??\c:\3sa857.exec:\3sa857.exe86⤵
-
\??\c:\k27h79k.exec:\k27h79k.exe87⤵
-
\??\c:\w01791.exec:\w01791.exe88⤵
-
\??\c:\ok7d0hd.exec:\ok7d0hd.exe89⤵
-
\??\c:\2huv1ee.exec:\2huv1ee.exe90⤵
-
\??\c:\aj9jrg.exec:\aj9jrg.exe91⤵
-
\??\c:\qw41nk.exec:\qw41nk.exe92⤵
-
\??\c:\4agug1.exec:\4agug1.exe93⤵
-
\??\c:\wu37s.exec:\wu37s.exe94⤵
-
\??\c:\a54015.exec:\a54015.exe95⤵
-
\??\c:\j0mm1iu.exec:\j0mm1iu.exe96⤵
-
\??\c:\v9181m8.exec:\v9181m8.exe97⤵
-
\??\c:\5g5d94m.exec:\5g5d94m.exe98⤵
-
\??\c:\vs7ci95.exec:\vs7ci95.exe99⤵
-
\??\c:\2jgnr.exec:\2jgnr.exe100⤵
-
\??\c:\72g2l2.exec:\72g2l2.exe101⤵
-
\??\c:\6b5p73.exec:\6b5p73.exe102⤵
-
\??\c:\4q7ef4.exec:\4q7ef4.exe103⤵
-
\??\c:\f2u8ni0.exec:\f2u8ni0.exe104⤵
-
\??\c:\9wdw768.exec:\9wdw768.exe105⤵
-
\??\c:\tu2t854.exec:\tu2t854.exe106⤵
-
\??\c:\0829r.exec:\0829r.exe107⤵
-
\??\c:\23un294.exec:\23un294.exe108⤵
-
\??\c:\qw2nqo4.exec:\qw2nqo4.exe109⤵
-
\??\c:\uskmeg4.exec:\uskmeg4.exe110⤵
-
\??\c:\390f17.exec:\390f17.exe111⤵
-
\??\c:\db7w33f.exec:\db7w33f.exe112⤵
-
\??\c:\h1107.exec:\h1107.exe113⤵
-
\??\c:\dor2h.exec:\dor2h.exe114⤵
-
\??\c:\49k1a92.exec:\49k1a92.exe115⤵
-
\??\c:\o68gkdb.exec:\o68gkdb.exe116⤵
-
\??\c:\11c42.exec:\11c42.exe117⤵
-
\??\c:\0c197i.exec:\0c197i.exe118⤵
-
\??\c:\vj1dwq.exec:\vj1dwq.exe119⤵
-
\??\c:\9m05w.exec:\9m05w.exe120⤵
-
\??\c:\a430q59.exec:\a430q59.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-