Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
11/05/2024, 14:00
General
-
Target
0b71e2a0a6110584b9c634ea86e5b9d0_NeikiAnalytics.exe
-
Size
83KB
-
MD5
0b71e2a0a6110584b9c634ea86e5b9d0
-
SHA1
2d7efa1693c016d3799de886f6b6a6a2d56af258
-
SHA256
a3359f519c180bb0023c79db5a1543990ba80d5759b45ce70d40fec85351d0a9
-
SHA512
851968e66dc2c3fc524e562ecb6e3ac17c5b1bfa99df81ad98a51f634ba5b408c9be9367e1b1d6f21bc55f4715a545c23815c305c85b8aa8956f586daba2cb9b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJSLCBCO+HlMO7s0yOy:ymb3NkkiQ3mdBjFIwLMoHW8y7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0b71e2a0a6110584b9c634ea86e5b9d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0b71e2a0a6110584b9c634ea86e5b9d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\0224024.exec:\0224024.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffrlx.exec:\rlffrlx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhnt.exec:\nhbhnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0800668.exec:\0800668.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48408.exec:\48408.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfllr.exec:\xrxfllr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2202442.exec:\2202442.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthhhh.exec:\nthhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vddj.exec:\5vddj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6260046.exec:\6260046.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllxxr.exec:\xrllxxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\40080.exec:\40080.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8822488.exec:\8822488.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvd.exec:\vjdvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnbhn.exec:\tbnbhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjd.exec:\vpjjd.exe17⤵
- Executes dropped EXE
-
\??\c:\o446624.exec:\o446624.exe18⤵
- Executes dropped EXE
-
\??\c:\00482.exec:\00482.exe19⤵
- Executes dropped EXE
-
\??\c:\7hnbnt.exec:\7hnbnt.exe20⤵
- Executes dropped EXE
-
\??\c:\824622.exec:\824622.exe21⤵
- Executes dropped EXE
-
\??\c:\4244068.exec:\4244068.exe22⤵
- Executes dropped EXE
-
\??\c:\6422402.exec:\6422402.exe23⤵
- Executes dropped EXE
-
\??\c:\640440.exec:\640440.exe24⤵
- Executes dropped EXE
-
\??\c:\4222228.exec:\4222228.exe25⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe26⤵
- Executes dropped EXE
-
\??\c:\fxxxffl.exec:\fxxxffl.exe27⤵
- Executes dropped EXE
-
\??\c:\4206828.exec:\4206828.exe28⤵
- Executes dropped EXE
-
\??\c:\i840006.exec:\i840006.exe29⤵
- Executes dropped EXE
-
\??\c:\06062.exec:\06062.exe30⤵
- Executes dropped EXE
-
\??\c:\fxlflfr.exec:\fxlflfr.exe31⤵
- Executes dropped EXE
-
\??\c:\42800.exec:\42800.exe32⤵
- Executes dropped EXE
-
\??\c:\w46240.exec:\w46240.exe33⤵
- Executes dropped EXE
-
\??\c:\5dpdd.exec:\5dpdd.exe34⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe35⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe36⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe37⤵
- Executes dropped EXE
-
\??\c:\7pdjj.exec:\7pdjj.exe38⤵
- Executes dropped EXE
-
\??\c:\hthnhh.exec:\hthnhh.exe39⤵
- Executes dropped EXE
-
\??\c:\6424464.exec:\6424464.exe40⤵
- Executes dropped EXE
-
\??\c:\7jpjp.exec:\7jpjp.exe41⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe42⤵
- Executes dropped EXE
-
\??\c:\m8086.exec:\m8086.exe43⤵
- Executes dropped EXE
-
\??\c:\a2442.exec:\a2442.exe44⤵
- Executes dropped EXE
-
\??\c:\bbbnbt.exec:\bbbnbt.exe45⤵
- Executes dropped EXE
-
\??\c:\llrrflr.exec:\llrrflr.exe46⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe47⤵
- Executes dropped EXE
-
\??\c:\5nthbb.exec:\5nthbb.exe48⤵
- Executes dropped EXE
-
\??\c:\20806.exec:\20806.exe49⤵
- Executes dropped EXE
-
\??\c:\8262880.exec:\8262880.exe50⤵
- Executes dropped EXE
-
\??\c:\btbtbb.exec:\btbtbb.exe51⤵
- Executes dropped EXE
-
\??\c:\tnhtbt.exec:\tnhtbt.exe52⤵
- Executes dropped EXE
-
\??\c:\400448.exec:\400448.exe53⤵
- Executes dropped EXE
-
\??\c:\82402.exec:\82402.exe54⤵
- Executes dropped EXE
-
\??\c:\28440.exec:\28440.exe55⤵
- Executes dropped EXE
-
\??\c:\e00684.exec:\e00684.exe56⤵
- Executes dropped EXE
-
\??\c:\i428484.exec:\i428484.exe57⤵
- Executes dropped EXE
-
\??\c:\rrlrfrf.exec:\rrlrfrf.exe58⤵
- Executes dropped EXE
-
\??\c:\04628.exec:\04628.exe59⤵
- Executes dropped EXE
-
\??\c:\hbtthn.exec:\hbtthn.exe60⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe61⤵
- Executes dropped EXE
-
\??\c:\3ddpd.exec:\3ddpd.exe62⤵
- Executes dropped EXE
-
\??\c:\1xxlfrf.exec:\1xxlfrf.exe63⤵
- Executes dropped EXE
-
\??\c:\ddvvv.exec:\ddvvv.exe64⤵
- Executes dropped EXE
-
\??\c:\44286.exec:\44286.exe65⤵
- Executes dropped EXE
-
\??\c:\i646268.exec:\i646268.exe66⤵
-
\??\c:\424404.exec:\424404.exe67⤵
-
\??\c:\tttbth.exec:\tttbth.exe68⤵
-
\??\c:\rlllrrl.exec:\rlllrrl.exe69⤵
-
\??\c:\7dpvp.exec:\7dpvp.exe70⤵
-
\??\c:\86440.exec:\86440.exe71⤵
-
\??\c:\820622.exec:\820622.exe72⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe73⤵
-
\??\c:\0488008.exec:\0488008.exe74⤵
-
\??\c:\s8668.exec:\s8668.exe75⤵
-
\??\c:\8202846.exec:\8202846.exe76⤵
-
\??\c:\0668240.exec:\0668240.exe77⤵
-
\??\c:\6084668.exec:\6084668.exe78⤵
-
\??\c:\fxxxffr.exec:\fxxxffr.exe79⤵
-
\??\c:\0466880.exec:\0466880.exe80⤵
-
\??\c:\e42244.exec:\e42244.exe81⤵
-
\??\c:\rxrxfrl.exec:\rxrxfrl.exe82⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe83⤵
-
\??\c:\tnhhnt.exec:\tnhhnt.exe84⤵
-
\??\c:\xxrfflf.exec:\xxrfflf.exe85⤵
-
\??\c:\60280.exec:\60280.exe86⤵
-
\??\c:\262888.exec:\262888.exe87⤵
-
\??\c:\042844.exec:\042844.exe88⤵
-
\??\c:\dpddj.exec:\dpddj.exe89⤵
-
\??\c:\q86626.exec:\q86626.exe90⤵
-
\??\c:\jjddv.exec:\jjddv.exe91⤵
-
\??\c:\1bnhhh.exec:\1bnhhh.exe92⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe93⤵
-
\??\c:\m4622.exec:\m4622.exe94⤵
-
\??\c:\rlxxlrf.exec:\rlxxlrf.exe95⤵
-
\??\c:\428066.exec:\428066.exe96⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe97⤵
-
\??\c:\82002.exec:\82002.exe98⤵
-
\??\c:\20662.exec:\20662.exe99⤵
-
\??\c:\1llfxfl.exec:\1llfxfl.exe100⤵
-
\??\c:\hbhhnt.exec:\hbhhnt.exe101⤵
-
\??\c:\rllxfxl.exec:\rllxfxl.exe102⤵
-
\??\c:\vjppj.exec:\vjppj.exe103⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe104⤵
-
\??\c:\jvjvj.exec:\jvjvj.exe105⤵
-
\??\c:\2080668.exec:\2080668.exe106⤵
-
\??\c:\a2440.exec:\a2440.exe107⤵
-
\??\c:\42840.exec:\42840.exe108⤵
-
\??\c:\6262620.exec:\6262620.exe109⤵
-
\??\c:\q86622.exec:\q86622.exe110⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe111⤵
-
\??\c:\vjppp.exec:\vjppp.exe112⤵
-
\??\c:\thtnnh.exec:\thtnnh.exe113⤵
-
\??\c:\g2282.exec:\g2282.exe114⤵
-
\??\c:\a0406.exec:\a0406.exe115⤵
-
\??\c:\60804.exec:\60804.exe116⤵
-
\??\c:\42440.exec:\42440.exe117⤵
-
\??\c:\4200688.exec:\4200688.exe118⤵
-
\??\c:\600842.exec:\600842.exe119⤵
-
\??\c:\6848488.exec:\6848488.exe120⤵
-
\??\c:\60840.exec:\60840.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-