Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
12/05/2024, 04:21
General
-
Target
696479e55adbfcd873153783ecfb2650_NeikiAnalytics.exe
-
Size
155KB
-
MD5
696479e55adbfcd873153783ecfb2650
-
SHA1
7b80c41aa8414d74ebb89bc73f20133f3df31dfa
-
SHA256
55787e16f63030ab08fa5995ed9a1cbecba61387a6ea005363fa1ce066388506
-
SHA512
406725dd9652d9eaaeb539a79973002000a94bd06983e8d4bcd9fdd0c4ad86c86a11a06870b8cd095c424ea395db2ca4db49706866ac49540c7d568ecabfa2a1
-
SSDEEP
3072:khOmTsF93UYfwC6GIoutpYcvrqrE66kropO6BWlPFH4oGPwJwJEj:kcm4FmowdHoSphraHcpOFltH4oGPjJEj
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\696479e55adbfcd873153783ecfb2650_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\696479e55adbfcd873153783ecfb2650_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlrrf.exec:\fxxlrrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvpp.exec:\1vvpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddd.exec:\vdddd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbbb.exec:\btnbbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pdvd.exec:\5pdvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrlfl.exec:\rlxrlfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlllf.exec:\llrlllf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpp.exec:\dpvpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffllf.exec:\rrffllf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhhh.exec:\hbhhhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppv.exec:\jpppv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbbb.exec:\htbbbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pdvp.exec:\9pdvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxxflf.exec:\5lxxflf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttnn.exec:\hbttnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdjj.exec:\jvdjj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxxfx.exec:\xrxxxfx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbbb.exec:\btbbbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddv.exec:\vvddv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflflff.exec:\lflflff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbb.exec:\nhttbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvvp.exec:\9jvvp.exe23⤵
- Executes dropped EXE
-
\??\c:\xrffxxx.exec:\xrffxxx.exe24⤵
- Executes dropped EXE
-
\??\c:\7tttnn.exec:\7tttnn.exe25⤵
- Executes dropped EXE
-
\??\c:\dvdpp.exec:\dvdpp.exe26⤵
- Executes dropped EXE
-
\??\c:\jjpvv.exec:\jjpvv.exe27⤵
- Executes dropped EXE
-
\??\c:\3bhbtt.exec:\3bhbtt.exe28⤵
- Executes dropped EXE
-
\??\c:\jvjjd.exec:\jvjjd.exe29⤵
- Executes dropped EXE
-
\??\c:\ffffxrl.exec:\ffffxrl.exe30⤵
- Executes dropped EXE
-
\??\c:\rrxxxxr.exec:\rrxxxxr.exe31⤵
- Executes dropped EXE
-
\??\c:\jvjpp.exec:\jvjpp.exe32⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe33⤵
- Executes dropped EXE
-
\??\c:\1llfflf.exec:\1llfflf.exe34⤵
- Executes dropped EXE
-
\??\c:\lffxrrf.exec:\lffxrrf.exe35⤵
- Executes dropped EXE
-
\??\c:\tnttth.exec:\tnttth.exe36⤵
- Executes dropped EXE
-
\??\c:\1vdjd.exec:\1vdjd.exe37⤵
- Executes dropped EXE
-
\??\c:\ddjdj.exec:\ddjdj.exe38⤵
- Executes dropped EXE
-
\??\c:\lfllllr.exec:\lfllllr.exe39⤵
- Executes dropped EXE
-
\??\c:\nnhnnh.exec:\nnhnnh.exe40⤵
- Executes dropped EXE
-
\??\c:\9hntbn.exec:\9hntbn.exe41⤵
- Executes dropped EXE
-
\??\c:\3pvvd.exec:\3pvvd.exe42⤵
- Executes dropped EXE
-
\??\c:\djdvj.exec:\djdvj.exe43⤵
- Executes dropped EXE
-
\??\c:\xllfflx.exec:\xllfflx.exe44⤵
- Executes dropped EXE
-
\??\c:\nnttnn.exec:\nnttnn.exe45⤵
- Executes dropped EXE
-
\??\c:\bttttt.exec:\bttttt.exe46⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe47⤵
- Executes dropped EXE
-
\??\c:\lfrrrrr.exec:\lfrrrrr.exe48⤵
- Executes dropped EXE
-
\??\c:\xrrllrr.exec:\xrrllrr.exe49⤵
- Executes dropped EXE
-
\??\c:\tnbttt.exec:\tnbttt.exe50⤵
- Executes dropped EXE
-
\??\c:\nbhhhh.exec:\nbhhhh.exe51⤵
- Executes dropped EXE
-
\??\c:\vdjjp.exec:\vdjjp.exe52⤵
- Executes dropped EXE
-
\??\c:\xlrllxr.exec:\xlrllxr.exe53⤵
- Executes dropped EXE
-
\??\c:\tntttb.exec:\tntttb.exe54⤵
- Executes dropped EXE
-
\??\c:\hntbbb.exec:\hntbbb.exe55⤵
- Executes dropped EXE
-
\??\c:\7jddd.exec:\7jddd.exe56⤵
- Executes dropped EXE
-
\??\c:\xlrrlrr.exec:\xlrrlrr.exe57⤵
- Executes dropped EXE
-
\??\c:\rrrrxfl.exec:\rrrrxfl.exe58⤵
- Executes dropped EXE
-
\??\c:\ttnnhb.exec:\ttnnhb.exe59⤵
- Executes dropped EXE
-
\??\c:\jvdjj.exec:\jvdjj.exe60⤵
- Executes dropped EXE
-
\??\c:\rfrlrll.exec:\rfrlrll.exe61⤵
- Executes dropped EXE
-
\??\c:\7hnntn.exec:\7hnntn.exe62⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe63⤵
- Executes dropped EXE
-
\??\c:\lfxrxff.exec:\lfxrxff.exe64⤵
- Executes dropped EXE
-
\??\c:\ttnhtt.exec:\ttnhtt.exe65⤵
- Executes dropped EXE
-
\??\c:\ddddj.exec:\ddddj.exe66⤵
-
\??\c:\djvvv.exec:\djvvv.exe67⤵
-
\??\c:\xflllrr.exec:\xflllrr.exe68⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe69⤵
-
\??\c:\1djpp.exec:\1djpp.exe70⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe71⤵
-
\??\c:\lxflfxx.exec:\lxflfxx.exe72⤵
-
\??\c:\3httbh.exec:\3httbh.exe73⤵
-
\??\c:\vvddv.exec:\vvddv.exe74⤵
-
\??\c:\xfrrlll.exec:\xfrrlll.exe75⤵
-
\??\c:\lrfxxxr.exec:\lrfxxxr.exe76⤵
-
\??\c:\nbbbbh.exec:\nbbbbh.exe77⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe78⤵
-
\??\c:\hhbtbh.exec:\hhbtbh.exe79⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe80⤵
-
\??\c:\1vjdp.exec:\1vjdp.exe81⤵
-
\??\c:\xrfllrr.exec:\xrfllrr.exe82⤵
-
\??\c:\bhtnnn.exec:\bhtnnn.exe83⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe84⤵
-
\??\c:\dddvp.exec:\dddvp.exe85⤵
-
\??\c:\rlrllff.exec:\rlrllff.exe86⤵
-
\??\c:\7nttnn.exec:\7nttnn.exe87⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe88⤵
-
\??\c:\vppdd.exec:\vppdd.exe89⤵
-
\??\c:\xrllrlx.exec:\xrllrlx.exe90⤵
-
\??\c:\xxllrxl.exec:\xxllrxl.exe91⤵
-
\??\c:\hbhhhb.exec:\hbhhhb.exe92⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe93⤵
-
\??\c:\fxlllff.exec:\fxlllff.exe94⤵
-
\??\c:\rlrlffx.exec:\rlrlffx.exe95⤵
-
\??\c:\bttbhh.exec:\bttbhh.exe96⤵
-
\??\c:\vjvdp.exec:\vjvdp.exe97⤵
-
\??\c:\rrfxrxl.exec:\rrfxrxl.exe98⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe99⤵
-
\??\c:\9dvdp.exec:\9dvdp.exe100⤵
-
\??\c:\7bnhbn.exec:\7bnhbn.exe101⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe102⤵
-
\??\c:\xrlfxrr.exec:\xrlfxrr.exe103⤵
-
\??\c:\rlfrfxl.exec:\rlfrfxl.exe104⤵
-
\??\c:\7hbnhh.exec:\7hbnhh.exe105⤵
-
\??\c:\pvddv.exec:\pvddv.exe106⤵
-
\??\c:\9vjjd.exec:\9vjjd.exe107⤵
-
\??\c:\3xffffx.exec:\3xffffx.exe108⤵
-
\??\c:\7ntbhh.exec:\7ntbhh.exe109⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe110⤵
-
\??\c:\9djdj.exec:\9djdj.exe111⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe112⤵
-
\??\c:\1xfxrxf.exec:\1xfxrxf.exe113⤵
-
\??\c:\5ntntn.exec:\5ntntn.exe114⤵
-
\??\c:\5tbtbb.exec:\5tbtbb.exe115⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe116⤵
-
\??\c:\7xfxrrr.exec:\7xfxrrr.exe117⤵
-
\??\c:\rxxrlff.exec:\rxxrlff.exe118⤵
-
\??\c:\hhbnnn.exec:\hhbnnn.exe119⤵
-
\??\c:\1bnhbb.exec:\1bnhbb.exe120⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-