Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
11/05/2024, 10:21
General
-
Target
acc861445e790fc70af211a6a4667690_NeikiAnalytics.exe
-
Size
55KB
-
MD5
acc861445e790fc70af211a6a4667690
-
SHA1
4fdab77dc296262dc6a5b3e1a5dc2017a10a0532
-
SHA256
d43ee8db0c00cf4f6fd95be4090150de1ef4aeb6a29ed36e8aa5e590962e6719
-
SHA512
d869597dabd334ef95ed1a1204cec3b13b08f78b681954510e20ec25ad00524a70efc3cc51903d9383a40a70f8e90ef7e6e2d247b3da2ff56982e557093d511d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb6tZ9bm:ymb3NkkiQ3mdBjFIb6tZNm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\acc861445e790fc70af211a6a4667690_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\acc861445e790fc70af211a6a4667690_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5thbbt.exec:\5thbbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppd.exec:\vvppd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrllfl.exec:\7xrllfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3htbht.exec:\3htbht.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddj.exec:\vvddj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfxrfr.exec:\9xfxrfr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlffllr.exec:\xlffllr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhnb.exec:\ttnhnb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnbh.exec:\nnhnbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvp.exec:\dddvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvj.exec:\jjdvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxfrf.exec:\xxrxfrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rlfllr.exec:\7rlfllr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhtnb.exec:\3hhtnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhnb.exec:\nnhhnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvp.exec:\ddpvp.exe17⤵
- Executes dropped EXE
-
\??\c:\xrlxlxl.exec:\xrlxlxl.exe18⤵
- Executes dropped EXE
-
\??\c:\fxxlxfr.exec:\fxxlxfr.exe19⤵
- Executes dropped EXE
-
\??\c:\ttnnbb.exec:\ttnnbb.exe20⤵
- Executes dropped EXE
-
\??\c:\thnnhh.exec:\thnnhh.exe21⤵
- Executes dropped EXE
-
\??\c:\pjdpv.exec:\pjdpv.exe22⤵
- Executes dropped EXE
-
\??\c:\7jjpd.exec:\7jjpd.exe23⤵
- Executes dropped EXE
-
\??\c:\lfxlrxf.exec:\lfxlrxf.exe24⤵
- Executes dropped EXE
-
\??\c:\lrxxxrr.exec:\lrxxxrr.exe25⤵
- Executes dropped EXE
-
\??\c:\hbnnbb.exec:\hbnnbb.exe26⤵
- Executes dropped EXE
-
\??\c:\nhntnh.exec:\nhntnh.exe27⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe28⤵
- Executes dropped EXE
-
\??\c:\vvpvd.exec:\vvpvd.exe29⤵
- Executes dropped EXE
-
\??\c:\xrfxxlr.exec:\xrfxxlr.exe30⤵
- Executes dropped EXE
-
\??\c:\lffrxrf.exec:\lffrxrf.exe31⤵
- Executes dropped EXE
-
\??\c:\hbhtbn.exec:\hbhtbn.exe32⤵
- Executes dropped EXE
-
\??\c:\ppvjv.exec:\ppvjv.exe33⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe34⤵
- Executes dropped EXE
-
\??\c:\fxxfxxl.exec:\fxxfxxl.exe35⤵
- Executes dropped EXE
-
\??\c:\xfrlxrl.exec:\xfrlxrl.exe36⤵
- Executes dropped EXE
-
\??\c:\ttttnb.exec:\ttttnb.exe37⤵
- Executes dropped EXE
-
\??\c:\hbhhtt.exec:\hbhhtt.exe38⤵
- Executes dropped EXE
-
\??\c:\9vdjp.exec:\9vdjp.exe39⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe40⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe41⤵
- Executes dropped EXE
-
\??\c:\7fxrfrf.exec:\7fxrfrf.exe42⤵
- Executes dropped EXE
-
\??\c:\rrffrrl.exec:\rrffrrl.exe43⤵
- Executes dropped EXE
-
\??\c:\bbhthn.exec:\bbhthn.exe44⤵
- Executes dropped EXE
-
\??\c:\nhhbnn.exec:\nhhbnn.exe45⤵
- Executes dropped EXE
-
\??\c:\ppppv.exec:\ppppv.exe46⤵
- Executes dropped EXE
-
\??\c:\vvpdj.exec:\vvpdj.exe47⤵
- Executes dropped EXE
-
\??\c:\jjdpv.exec:\jjdpv.exe48⤵
- Executes dropped EXE
-
\??\c:\xxlfrrf.exec:\xxlfrrf.exe49⤵
- Executes dropped EXE
-
\??\c:\frxrllr.exec:\frxrllr.exe50⤵
- Executes dropped EXE
-
\??\c:\nnnbnb.exec:\nnnbnb.exe51⤵
- Executes dropped EXE
-
\??\c:\hhbbhh.exec:\hhbbhh.exe52⤵
- Executes dropped EXE
-
\??\c:\vdvpd.exec:\vdvpd.exe53⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe54⤵
- Executes dropped EXE
-
\??\c:\lrlfrrf.exec:\lrlfrrf.exe55⤵
- Executes dropped EXE
-
\??\c:\7dvdd.exec:\7dvdd.exe56⤵
- Executes dropped EXE
-
\??\c:\ddvpv.exec:\ddvpv.exe57⤵
- Executes dropped EXE
-
\??\c:\lxxlxxf.exec:\lxxlxxf.exe58⤵
- Executes dropped EXE
-
\??\c:\rrfrxxr.exec:\rrfrxxr.exe59⤵
- Executes dropped EXE
-
\??\c:\tbhnnn.exec:\tbhnnn.exe60⤵
- Executes dropped EXE
-
\??\c:\tttbbh.exec:\tttbbh.exe61⤵
- Executes dropped EXE
-
\??\c:\vppjp.exec:\vppjp.exe62⤵
- Executes dropped EXE
-
\??\c:\vjjvv.exec:\vjjvv.exe63⤵
- Executes dropped EXE
-
\??\c:\ffxxflx.exec:\ffxxflx.exe64⤵
- Executes dropped EXE
-
\??\c:\xrrlrlr.exec:\xrrlrlr.exe65⤵
- Executes dropped EXE
-
\??\c:\nhtbbn.exec:\nhtbbn.exe66⤵
-
\??\c:\tthhbb.exec:\tthhbb.exe67⤵
-
\??\c:\jvvdd.exec:\jvvdd.exe68⤵
-
\??\c:\1ppjv.exec:\1ppjv.exe69⤵
-
\??\c:\lxlfrxr.exec:\lxlfrxr.exe70⤵
-
\??\c:\nbbbnn.exec:\nbbbnn.exe71⤵
-
\??\c:\htbtnh.exec:\htbtnh.exe72⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe73⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe74⤵
-
\??\c:\llflllx.exec:\llflllx.exe75⤵
-
\??\c:\hthhnt.exec:\hthhnt.exe76⤵
-
\??\c:\hbnbbh.exec:\hbnbbh.exe77⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe78⤵
-
\??\c:\dddpp.exec:\dddpp.exe79⤵
-
\??\c:\xrllxxl.exec:\xrllxxl.exe80⤵
-
\??\c:\1xllxrx.exec:\1xllxrx.exe81⤵
-
\??\c:\nhhthb.exec:\nhhthb.exe82⤵
-
\??\c:\ddjvp.exec:\ddjvp.exe83⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe84⤵
-
\??\c:\xxrxxff.exec:\xxrxxff.exe85⤵
-
\??\c:\xrllxrx.exec:\xrllxrx.exe86⤵
-
\??\c:\1bthnb.exec:\1bthnb.exe87⤵
-
\??\c:\djdpd.exec:\djdpd.exe88⤵
-
\??\c:\5jjdp.exec:\5jjdp.exe89⤵
-
\??\c:\xxrxflr.exec:\xxrxflr.exe90⤵
-
\??\c:\9ffxflr.exec:\9ffxflr.exe91⤵
-
\??\c:\bhnthh.exec:\bhnthh.exe92⤵
-
\??\c:\hhbnbn.exec:\hhbnbn.exe93⤵
-
\??\c:\btntbh.exec:\btntbh.exe94⤵
-
\??\c:\jdddv.exec:\jdddv.exe95⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe96⤵
-
\??\c:\rlxlllr.exec:\rlxlllr.exe97⤵
-
\??\c:\xrrrrrx.exec:\xrrrrrx.exe98⤵
-
\??\c:\tbbnth.exec:\tbbnth.exe99⤵
-
\??\c:\3tnbbh.exec:\3tnbbh.exe100⤵
-
\??\c:\vddjd.exec:\vddjd.exe101⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe102⤵
-
\??\c:\9rlxlrl.exec:\9rlxlrl.exe103⤵
-
\??\c:\llrfrxl.exec:\llrfrxl.exe104⤵
-
\??\c:\bbttnb.exec:\bbttnb.exe105⤵
-
\??\c:\ttnbhn.exec:\ttnbhn.exe106⤵
-
\??\c:\7dppp.exec:\7dppp.exe107⤵
-
\??\c:\pppjv.exec:\pppjv.exe108⤵
-
\??\c:\fxxxfxl.exec:\fxxxfxl.exe109⤵
-
\??\c:\rrrlfrf.exec:\rrrlfrf.exe110⤵
-
\??\c:\3lffrxl.exec:\3lffrxl.exe111⤵
-
\??\c:\ttnbth.exec:\ttnbth.exe112⤵
-
\??\c:\hhttth.exec:\hhttth.exe113⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe114⤵
-
\??\c:\3vvdj.exec:\3vvdj.exe115⤵
-
\??\c:\xxxrflx.exec:\xxxrflx.exe116⤵
-
\??\c:\llrrxrx.exec:\llrrxrx.exe117⤵
-
\??\c:\rxxrxlr.exec:\rxxrxlr.exe118⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe119⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe120⤵
-
\??\c:\9jdpv.exec:\9jdpv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-