Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
12/05/2024, 04:21
General
-
Target
696479e55adbfcd873153783ecfb2650_NeikiAnalytics.exe
-
Size
155KB
-
MD5
696479e55adbfcd873153783ecfb2650
-
SHA1
7b80c41aa8414d74ebb89bc73f20133f3df31dfa
-
SHA256
55787e16f63030ab08fa5995ed9a1cbecba61387a6ea005363fa1ce066388506
-
SHA512
406725dd9652d9eaaeb539a79973002000a94bd06983e8d4bcd9fdd0c4ad86c86a11a06870b8cd095c424ea395db2ca4db49706866ac49540c7d568ecabfa2a1
-
SSDEEP
3072:khOmTsF93UYfwC6GIoutpYcvrqrE66kropO6BWlPFH4oGPwJwJEj:kcm4FmowdHoSphraHcpOFltH4oGPjJEj
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\696479e55adbfcd873153783ecfb2650_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\696479e55adbfcd873153783ecfb2650_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpp.exec:\dvjpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffrxl.exec:\rrffrxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\204044.exec:\204044.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a8024.exec:\a8024.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbnnt.exec:\btbnnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpvj.exec:\9vpvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxflrf.exec:\xrxflrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u084266.exec:\u084266.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfflx.exec:\xxrfflx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdvj.exec:\7pdvj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflffxl.exec:\lflffxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdj.exec:\pjvdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxrxff.exec:\1fxrxff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hbbtt.exec:\5hbbtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllrrf.exec:\xrllrrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlrlr.exec:\xlrlrlr.exe17⤵
- Executes dropped EXE
-
\??\c:\0604408.exec:\0604408.exe18⤵
- Executes dropped EXE
-
\??\c:\2088000.exec:\2088000.exe19⤵
- Executes dropped EXE
-
\??\c:\4880664.exec:\4880664.exe20⤵
- Executes dropped EXE
-
\??\c:\42440.exec:\42440.exe21⤵
- Executes dropped EXE
-
\??\c:\20464.exec:\20464.exe22⤵
- Executes dropped EXE
-
\??\c:\e42848.exec:\e42848.exe23⤵
- Executes dropped EXE
-
\??\c:\9tbttn.exec:\9tbttn.exe24⤵
- Executes dropped EXE
-
\??\c:\3rxxfxx.exec:\3rxxfxx.exe25⤵
- Executes dropped EXE
-
\??\c:\646262.exec:\646262.exe26⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe27⤵
- Executes dropped EXE
-
\??\c:\8062222.exec:\8062222.exe28⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe29⤵
- Executes dropped EXE
-
\??\c:\08006.exec:\08006.exe30⤵
- Executes dropped EXE
-
\??\c:\w06060.exec:\w06060.exe31⤵
- Executes dropped EXE
-
\??\c:\s8040.exec:\s8040.exe32⤵
- Executes dropped EXE
-
\??\c:\c422600.exec:\c422600.exe33⤵
- Executes dropped EXE
-
\??\c:\s8028.exec:\s8028.exe34⤵
- Executes dropped EXE
-
\??\c:\3ffffff.exec:\3ffffff.exe35⤵
- Executes dropped EXE
-
\??\c:\3jvvj.exec:\3jvvj.exe36⤵
- Executes dropped EXE
-
\??\c:\u444608.exec:\u444608.exe37⤵
- Executes dropped EXE
-
\??\c:\xrxxxrr.exec:\xrxxxrr.exe38⤵
- Executes dropped EXE
-
\??\c:\s4624.exec:\s4624.exe39⤵
- Executes dropped EXE
-
\??\c:\5rffrrx.exec:\5rffrrx.exe40⤵
- Executes dropped EXE
-
\??\c:\rfrxlfl.exec:\rfrxlfl.exe41⤵
- Executes dropped EXE
-
\??\c:\3hhnhn.exec:\3hhnhn.exe42⤵
- Executes dropped EXE
-
\??\c:\vjjdj.exec:\vjjdj.exe43⤵
- Executes dropped EXE
-
\??\c:\pjvvp.exec:\pjvvp.exe44⤵
- Executes dropped EXE
-
\??\c:\tntbtn.exec:\tntbtn.exe45⤵
- Executes dropped EXE
-
\??\c:\httttn.exec:\httttn.exe46⤵
- Executes dropped EXE
-
\??\c:\dpdjv.exec:\dpdjv.exe47⤵
- Executes dropped EXE
-
\??\c:\3lxxlfr.exec:\3lxxlfr.exe48⤵
- Executes dropped EXE
-
\??\c:\thnntt.exec:\thnntt.exe49⤵
- Executes dropped EXE
-
\??\c:\nbbbbh.exec:\nbbbbh.exe50⤵
- Executes dropped EXE
-
\??\c:\o468440.exec:\o468440.exe51⤵
- Executes dropped EXE
-
\??\c:\hbhbbh.exec:\hbhbbh.exe52⤵
- Executes dropped EXE
-
\??\c:\0462440.exec:\0462440.exe53⤵
- Executes dropped EXE
-
\??\c:\pdjpd.exec:\pdjpd.exe54⤵
- Executes dropped EXE
-
\??\c:\6466840.exec:\6466840.exe55⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe56⤵
- Executes dropped EXE
-
\??\c:\lxrxxfr.exec:\lxrxxfr.exe57⤵
- Executes dropped EXE
-
\??\c:\hnnttn.exec:\hnnttn.exe58⤵
- Executes dropped EXE
-
\??\c:\2022440.exec:\2022440.exe59⤵
- Executes dropped EXE
-
\??\c:\hhthnn.exec:\hhthnn.exe60⤵
- Executes dropped EXE
-
\??\c:\tnbhtt.exec:\tnbhtt.exe61⤵
- Executes dropped EXE
-
\??\c:\hbhbhh.exec:\hbhbhh.exe62⤵
- Executes dropped EXE
-
\??\c:\0844446.exec:\0844446.exe63⤵
- Executes dropped EXE
-
\??\c:\lllrxxl.exec:\lllrxxl.exe64⤵
- Executes dropped EXE
-
\??\c:\480260.exec:\480260.exe65⤵
- Executes dropped EXE
-
\??\c:\86464.exec:\86464.exe66⤵
-
\??\c:\0806284.exec:\0806284.exe67⤵
-
\??\c:\w40444.exec:\w40444.exe68⤵
-
\??\c:\202224.exec:\202224.exe69⤵
-
\??\c:\nbthhn.exec:\nbthhn.exe70⤵
-
\??\c:\9ddjd.exec:\9ddjd.exe71⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe72⤵
-
\??\c:\5thbnb.exec:\5thbnb.exe73⤵
-
\??\c:\k42840.exec:\k42840.exe74⤵
-
\??\c:\nbbtbh.exec:\nbbtbh.exe75⤵
-
\??\c:\ttnhhn.exec:\ttnhhn.exe76⤵
-
\??\c:\nbhhtn.exec:\nbhhtn.exe77⤵
-
\??\c:\826840.exec:\826840.exe78⤵
-
\??\c:\nnhnht.exec:\nnhnht.exe79⤵
-
\??\c:\9jddp.exec:\9jddp.exe80⤵
-
\??\c:\0868080.exec:\0868080.exe81⤵
-
\??\c:\7frxlrx.exec:\7frxlrx.exe82⤵
-
\??\c:\vjppv.exec:\vjppv.exe83⤵
-
\??\c:\8644002.exec:\8644002.exe84⤵
-
\??\c:\btnbnn.exec:\btnbnn.exe85⤵
-
\??\c:\868062.exec:\868062.exe86⤵
-
\??\c:\240628.exec:\240628.exe87⤵
-
\??\c:\m2064.exec:\m2064.exe88⤵
-
\??\c:\64440.exec:\64440.exe89⤵
-
\??\c:\tntttb.exec:\tntttb.exe90⤵
-
\??\c:\frxxxrx.exec:\frxxxrx.exe91⤵
-
\??\c:\xfllfxl.exec:\xfllfxl.exe92⤵
-
\??\c:\8464482.exec:\8464482.exe93⤵
-
\??\c:\e08066.exec:\e08066.exe94⤵
-
\??\c:\60868.exec:\60868.exe95⤵
-
\??\c:\3nhtnn.exec:\3nhtnn.exe96⤵
-
\??\c:\6080406.exec:\6080406.exe97⤵
-
\??\c:\204062.exec:\204062.exe98⤵
-
\??\c:\48046.exec:\48046.exe99⤵
-
\??\c:\vjppd.exec:\vjppd.exe100⤵
-
\??\c:\642884.exec:\642884.exe101⤵
-
\??\c:\428488.exec:\428488.exe102⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe103⤵
-
\??\c:\dpddp.exec:\dpddp.exe104⤵
-
\??\c:\04806.exec:\04806.exe105⤵
-
\??\c:\xrrrxxl.exec:\xrrrxxl.exe106⤵
-
\??\c:\1pvdv.exec:\1pvdv.exe107⤵
-
\??\c:\5pjpp.exec:\5pjpp.exe108⤵
-
\??\c:\bbhhnt.exec:\bbhhnt.exe109⤵
-
\??\c:\m8620.exec:\m8620.exe110⤵
-
\??\c:\e04400.exec:\e04400.exe111⤵
-
\??\c:\bthbnh.exec:\bthbnh.exe112⤵
-
\??\c:\868406.exec:\868406.exe113⤵
-
\??\c:\4288884.exec:\4288884.exe114⤵
-
\??\c:\lxffllr.exec:\lxffllr.exe115⤵
-
\??\c:\fxlxlrx.exec:\fxlxlrx.exe116⤵
-
\??\c:\8240828.exec:\8240828.exe117⤵
-
\??\c:\rlrfxfr.exec:\rlrfxfr.exe118⤵
-
\??\c:\i848006.exec:\i848006.exe119⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe120⤵
-
\??\c:\e68806.exec:\e68806.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-