Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
12/05/2024, 02:23
General
-
Target
5cb0d450d7fd92027c25253ab302a620_NeikiAnalytics.exe
-
Size
81KB
-
MD5
5cb0d450d7fd92027c25253ab302a620
-
SHA1
4ad4fb3741a00afd67f522bf7b52843c068ba3e9
-
SHA256
06435a78e67131cb48c0ed5383459395b4ac498d49b45995edebe32b6c2eeb15
-
SHA512
47d9a8352453c467bebf78d28e7fa74f26c22f49e89e3c12413250f39bb8366291bba406da1837e55bffd72faa35d54394b5eaf07972300fc8e70c3a76118533
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JkZPsvX:ymb3NkkiQ3mdBjFIWeFGyA9Pc
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 18 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5cb0d450d7fd92027c25253ab302a620_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5cb0d450d7fd92027c25253ab302a620_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbn.exec:\nhhhbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djjd.exec:\1djjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbtbb.exec:\thbtbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbnb.exec:\nnhbnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjd.exec:\jvjjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvjj.exec:\vjvjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxxfl.exec:\xlxxxfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbhtn.exec:\bnbhtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdjd.exec:\djdjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvj.exec:\vvjvj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlflxfl.exec:\xlflxfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbbh.exec:\bttbbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnbt.exec:\hbnnbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppvv.exec:\vppvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xlxflx.exec:\5xlxflx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhhn.exec:\bbhhhn.exe17⤵
- Executes dropped EXE
-
\??\c:\ttbhnt.exec:\ttbhnt.exe18⤵
- Executes dropped EXE
-
\??\c:\1jjpd.exec:\1jjpd.exe19⤵
- Executes dropped EXE
-
\??\c:\7lxllxr.exec:\7lxllxr.exe20⤵
- Executes dropped EXE
-
\??\c:\hbttbh.exec:\hbttbh.exe21⤵
- Executes dropped EXE
-
\??\c:\nhbhhn.exec:\nhbhhn.exe22⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe23⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe24⤵
- Executes dropped EXE
-
\??\c:\flxfxff.exec:\flxfxff.exe25⤵
- Executes dropped EXE
-
\??\c:\tnhnnn.exec:\tnhnnn.exe26⤵
- Executes dropped EXE
-
\??\c:\hthnnn.exec:\hthnnn.exe27⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe28⤵
- Executes dropped EXE
-
\??\c:\pppjp.exec:\pppjp.exe29⤵
- Executes dropped EXE
-
\??\c:\rrrlflf.exec:\rrrlflf.exe30⤵
- Executes dropped EXE
-
\??\c:\ttbnnn.exec:\ttbnnn.exe31⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe32⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe33⤵
- Executes dropped EXE
-
\??\c:\llfrrrf.exec:\llfrrrf.exe34⤵
- Executes dropped EXE
-
\??\c:\7xrxffr.exec:\7xrxffr.exe35⤵
- Executes dropped EXE
-
\??\c:\3htbhh.exec:\3htbhh.exe36⤵
- Executes dropped EXE
-
\??\c:\ntntbh.exec:\ntntbh.exe37⤵
- Executes dropped EXE
-
\??\c:\jpvvv.exec:\jpvvv.exe38⤵
- Executes dropped EXE
-
\??\c:\1lflxfl.exec:\1lflxfl.exe39⤵
- Executes dropped EXE
-
\??\c:\5xxrflx.exec:\5xxrflx.exe40⤵
- Executes dropped EXE
-
\??\c:\3nbhnt.exec:\3nbhnt.exe41⤵
- Executes dropped EXE
-
\??\c:\tnhnbb.exec:\tnhnbb.exe42⤵
- Executes dropped EXE
-
\??\c:\pdjpv.exec:\pdjpv.exe43⤵
- Executes dropped EXE
-
\??\c:\ppdjp.exec:\ppdjp.exe44⤵
- Executes dropped EXE
-
\??\c:\fxxflxf.exec:\fxxflxf.exe45⤵
- Executes dropped EXE
-
\??\c:\fflfrxl.exec:\fflfrxl.exe46⤵
- Executes dropped EXE
-
\??\c:\hbhthn.exec:\hbhthn.exe47⤵
- Executes dropped EXE
-
\??\c:\9bbtbn.exec:\9bbtbn.exe48⤵
- Executes dropped EXE
-
\??\c:\7btbnb.exec:\7btbnb.exe49⤵
- Executes dropped EXE
-
\??\c:\vjjvd.exec:\vjjvd.exe50⤵
- Executes dropped EXE
-
\??\c:\3rfxlff.exec:\3rfxlff.exe51⤵
- Executes dropped EXE
-
\??\c:\fxfxllf.exec:\fxfxllf.exe52⤵
- Executes dropped EXE
-
\??\c:\bbthth.exec:\bbthth.exe53⤵
- Executes dropped EXE
-
\??\c:\tttttt.exec:\tttttt.exe54⤵
- Executes dropped EXE
-
\??\c:\jddpj.exec:\jddpj.exe55⤵
- Executes dropped EXE
-
\??\c:\ppjpp.exec:\ppjpp.exe56⤵
- Executes dropped EXE
-
\??\c:\rlrxfrl.exec:\rlrxfrl.exe57⤵
- Executes dropped EXE
-
\??\c:\nhbnnt.exec:\nhbnnt.exe58⤵
- Executes dropped EXE
-
\??\c:\hbnbbh.exec:\hbnbbh.exe59⤵
- Executes dropped EXE
-
\??\c:\dvvdv.exec:\dvvdv.exe60⤵
- Executes dropped EXE
-
\??\c:\dvppp.exec:\dvppp.exe61⤵
- Executes dropped EXE
-
\??\c:\lxxxlfr.exec:\lxxxlfr.exe62⤵
- Executes dropped EXE
-
\??\c:\fxlflrx.exec:\fxlflrx.exe63⤵
- Executes dropped EXE
-
\??\c:\3hnnnn.exec:\3hnnnn.exe64⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe65⤵
- Executes dropped EXE
-
\??\c:\pvjpp.exec:\pvjpp.exe66⤵
-
\??\c:\rfflfrr.exec:\rfflfrr.exe67⤵
-
\??\c:\xlrrxxl.exec:\xlrrxxl.exe68⤵
-
\??\c:\tbthbn.exec:\tbthbn.exe69⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe70⤵
-
\??\c:\5dvjj.exec:\5dvjj.exe71⤵
-
\??\c:\3pdjv.exec:\3pdjv.exe72⤵
-
\??\c:\3lfrxlx.exec:\3lfrxlx.exe73⤵
-
\??\c:\lfxxxxx.exec:\lfxxxxx.exe74⤵
-
\??\c:\thtttb.exec:\thtttb.exe75⤵
-
\??\c:\thhnbb.exec:\thhnbb.exe76⤵
-
\??\c:\djdjp.exec:\djdjp.exe77⤵
-
\??\c:\vjjpj.exec:\vjjpj.exe78⤵
-
\??\c:\7rxrrxr.exec:\7rxrrxr.exe79⤵
-
\??\c:\lllxrff.exec:\lllxrff.exe80⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe81⤵
-
\??\c:\tnhnbn.exec:\tnhnbn.exe82⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe83⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe84⤵
-
\??\c:\lllffxr.exec:\lllffxr.exe85⤵
-
\??\c:\frfxfxf.exec:\frfxfxf.exe86⤵
-
\??\c:\1nbnnb.exec:\1nbnnb.exe87⤵
-
\??\c:\hhbnbn.exec:\hhbnbn.exe88⤵
-
\??\c:\hhbtbb.exec:\hhbtbb.exe89⤵
-
\??\c:\pppvj.exec:\pppvj.exe90⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe91⤵
-
\??\c:\1llxflr.exec:\1llxflr.exe92⤵
-
\??\c:\lffrrxf.exec:\lffrrxf.exe93⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe94⤵
-
\??\c:\hbbhhn.exec:\hbbhhn.exe95⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe96⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe97⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe98⤵
-
\??\c:\lffrllx.exec:\lffrllx.exe99⤵
-
\??\c:\1rlrxfr.exec:\1rlrxfr.exe100⤵
-
\??\c:\thtbnt.exec:\thtbnt.exe101⤵
-
\??\c:\nnntbh.exec:\nnntbh.exe102⤵
-
\??\c:\7jdjp.exec:\7jdjp.exe103⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe104⤵
-
\??\c:\rfflfff.exec:\rfflfff.exe105⤵
-
\??\c:\9xrlrxl.exec:\9xrlrxl.exe106⤵
-
\??\c:\lfrfflx.exec:\lfrfflx.exe107⤵
-
\??\c:\5nnbhn.exec:\5nnbhn.exe108⤵
-
\??\c:\9bthnt.exec:\9bthnt.exe109⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe110⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe111⤵
-
\??\c:\xlrxrxl.exec:\xlrxrxl.exe112⤵
-
\??\c:\xllllrx.exec:\xllllrx.exe113⤵
-
\??\c:\3ttttt.exec:\3ttttt.exe114⤵
-
\??\c:\ttttbh.exec:\ttttbh.exe115⤵
-
\??\c:\9dpvv.exec:\9dpvv.exe116⤵
-
\??\c:\dvddd.exec:\dvddd.exe117⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe118⤵
-
\??\c:\rfrlxrf.exec:\rfrlxrf.exe119⤵
-
\??\c:\5tnnnt.exec:\5tnnnt.exe120⤵
-
\??\c:\1dddj.exec:\1dddj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-