Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
13/05/2024, 21:40
General
-
Target
211fdfa0c83483cf93bdc96aa7babdd0_NeikiAnalytics.exe
-
Size
457KB
-
MD5
211fdfa0c83483cf93bdc96aa7babdd0
-
SHA1
dd556a7911e3e16c203aa3a72eb895073d403f57
-
SHA256
75490944d21db57835c022f685420f79cacc632f0617540dd45dc6539237a8d8
-
SHA512
db932474ba8a1aca04d92d46602ef17eb9530981fd7f0da5a18057639807821616158157c784ee31fc538ede24f75fb171e1261183d9a9c89da59a16def3f91d
-
SSDEEP
12288:n3C9uDIPh2kkkkK4kXkkkkkkkkl888888888888888888nQR:ShPh2kkkkK4kXkkkkkkkkSR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 38 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\211fdfa0c83483cf93bdc96aa7babdd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\211fdfa0c83483cf93bdc96aa7babdd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\4b747.exec:\4b747.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2pawn.exec:\2pawn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\krp5k92.exec:\krp5k92.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h6oa7.exec:\h6oa7.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\sd62j5.exec:\sd62j5.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a1415.exec:\a1415.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q7e18.exec:\q7e18.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7g79j02.exec:\7g79j02.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\27fxd2.exec:\27fxd2.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\08o3v4h.exec:\08o3v4h.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8xq157.exec:\8xq157.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\54385ul.exec:\54385ul.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e31334p.exec:\e31334p.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\oebd3.exec:\oebd3.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c3vqi.exec:\c3vqi.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x660m6.exec:\x660m6.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t32o5k.exec:\t32o5k.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r73580i.exec:\r73580i.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3kdec.exec:\3kdec.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\uxvecp.exec:\uxvecp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5s9p7i.exec:\5s9p7i.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\whwl74f.exec:\whwl74f.exe23⤵
- Executes dropped EXE
-
\??\c:\r3m4o.exec:\r3m4o.exe24⤵
- Executes dropped EXE
-
\??\c:\54vg411.exec:\54vg411.exe25⤵
- Executes dropped EXE
-
\??\c:\440u11.exec:\440u11.exe26⤵
- Executes dropped EXE
-
\??\c:\cgp10xd.exec:\cgp10xd.exe27⤵
- Executes dropped EXE
-
\??\c:\gsjvh3k.exec:\gsjvh3k.exe28⤵
- Executes dropped EXE
-
\??\c:\11c31.exec:\11c31.exe29⤵
- Executes dropped EXE
-
\??\c:\o6s8ul.exec:\o6s8ul.exe30⤵
- Executes dropped EXE
-
\??\c:\7rom8.exec:\7rom8.exe31⤵
- Executes dropped EXE
-
\??\c:\d54ig.exec:\d54ig.exe32⤵
- Executes dropped EXE
-
\??\c:\xuf38.exec:\xuf38.exe33⤵
- Executes dropped EXE
-
\??\c:\rrsg313.exec:\rrsg313.exe34⤵
- Executes dropped EXE
-
\??\c:\igmt62.exec:\igmt62.exe35⤵
- Executes dropped EXE
-
\??\c:\06h7uq5.exec:\06h7uq5.exe36⤵
- Executes dropped EXE
-
\??\c:\8a351x.exec:\8a351x.exe37⤵
- Executes dropped EXE
-
\??\c:\96pq3.exec:\96pq3.exe38⤵
- Executes dropped EXE
-
\??\c:\f8u32.exec:\f8u32.exe39⤵
- Executes dropped EXE
-
\??\c:\w36p74.exec:\w36p74.exe40⤵
- Executes dropped EXE
-
\??\c:\gtb0x.exec:\gtb0x.exe41⤵
- Executes dropped EXE
-
\??\c:\x96sm.exec:\x96sm.exe42⤵
- Executes dropped EXE
-
\??\c:\3l595.exec:\3l595.exe43⤵
- Executes dropped EXE
-
\??\c:\6gd20ww.exec:\6gd20ww.exe44⤵
- Executes dropped EXE
-
\??\c:\4q5x9lv.exec:\4q5x9lv.exe45⤵
- Executes dropped EXE
-
\??\c:\d13fjbu.exec:\d13fjbu.exe46⤵
- Executes dropped EXE
-
\??\c:\x5a8t.exec:\x5a8t.exe47⤵
- Executes dropped EXE
-
\??\c:\mm22nb5.exec:\mm22nb5.exe48⤵
- Executes dropped EXE
-
\??\c:\2g51rrl.exec:\2g51rrl.exe49⤵
- Executes dropped EXE
-
\??\c:\b2or7s.exec:\b2or7s.exe50⤵
- Executes dropped EXE
-
\??\c:\xga40.exec:\xga40.exe51⤵
- Executes dropped EXE
-
\??\c:\fo9f1.exec:\fo9f1.exe52⤵
- Executes dropped EXE
-
\??\c:\84fm7k.exec:\84fm7k.exe53⤵
- Executes dropped EXE
-
\??\c:\uim1a.exec:\uim1a.exe54⤵
- Executes dropped EXE
-
\??\c:\51m172.exec:\51m172.exe55⤵
- Executes dropped EXE
-
\??\c:\4e1fl.exec:\4e1fl.exe56⤵
- Executes dropped EXE
-
\??\c:\ss3ql69.exec:\ss3ql69.exe57⤵
- Executes dropped EXE
-
\??\c:\8enlk6h.exec:\8enlk6h.exe58⤵
- Executes dropped EXE
-
\??\c:\97uhc6.exec:\97uhc6.exe59⤵
- Executes dropped EXE
-
\??\c:\j487eq9.exec:\j487eq9.exe60⤵
- Executes dropped EXE
-
\??\c:\53449q.exec:\53449q.exe61⤵
- Executes dropped EXE
-
\??\c:\j7g9ti.exec:\j7g9ti.exe62⤵
- Executes dropped EXE
-
\??\c:\fwiuf.exec:\fwiuf.exe63⤵
- Executes dropped EXE
-
\??\c:\up8n0as.exec:\up8n0as.exe64⤵
- Executes dropped EXE
-
\??\c:\d393i.exec:\d393i.exe65⤵
- Executes dropped EXE
-
\??\c:\s28h5.exec:\s28h5.exe66⤵
-
\??\c:\9dp2aw.exec:\9dp2aw.exe67⤵
-
\??\c:\6ub87.exec:\6ub87.exe68⤵
-
\??\c:\058xg85.exec:\058xg85.exe69⤵
-
\??\c:\73j2vw5.exec:\73j2vw5.exe70⤵
-
\??\c:\8bq237x.exec:\8bq237x.exe71⤵
-
\??\c:\jmswcx.exec:\jmswcx.exe72⤵
-
\??\c:\fmnhoge.exec:\fmnhoge.exe73⤵
-
\??\c:\sab4ki.exec:\sab4ki.exe74⤵
-
\??\c:\jb95v.exec:\jb95v.exe75⤵
-
\??\c:\m7b6as.exec:\m7b6as.exe76⤵
-
\??\c:\1q01b.exec:\1q01b.exe77⤵
-
\??\c:\jwnimaw.exec:\jwnimaw.exe78⤵
-
\??\c:\7mp1d.exec:\7mp1d.exe79⤵
-
\??\c:\oa17e.exec:\oa17e.exe80⤵
-
\??\c:\h3u019.exec:\h3u019.exe81⤵
-
\??\c:\dhkopq.exec:\dhkopq.exe82⤵
-
\??\c:\8215kmx.exec:\8215kmx.exe83⤵
-
\??\c:\ani4ud.exec:\ani4ud.exe84⤵
-
\??\c:\3b70944.exec:\3b70944.exe85⤵
-
\??\c:\cgga31b.exec:\cgga31b.exe86⤵
-
\??\c:\83ovq9q.exec:\83ovq9q.exe87⤵
-
\??\c:\4dq918.exec:\4dq918.exe88⤵
-
\??\c:\a3bm1.exec:\a3bm1.exe89⤵
-
\??\c:\5twt8.exec:\5twt8.exe90⤵
-
\??\c:\u81e53.exec:\u81e53.exe91⤵
-
\??\c:\o1001d.exec:\o1001d.exe92⤵
-
\??\c:\0j3t1qb.exec:\0j3t1qb.exe93⤵
-
\??\c:\75wr0p7.exec:\75wr0p7.exe94⤵
-
\??\c:\w5e6xj0.exec:\w5e6xj0.exe95⤵
-
\??\c:\ma5mp3.exec:\ma5mp3.exe96⤵
-
\??\c:\95weu9.exec:\95weu9.exe97⤵
-
\??\c:\b664l0d.exec:\b664l0d.exe98⤵
-
\??\c:\i0r2i.exec:\i0r2i.exe99⤵
-
\??\c:\h5640.exec:\h5640.exe100⤵
-
\??\c:\g94fh65.exec:\g94fh65.exe101⤵
-
\??\c:\w6t2k.exec:\w6t2k.exe102⤵
-
\??\c:\49qk6u.exec:\49qk6u.exe103⤵
-
\??\c:\qrf8hlc.exec:\qrf8hlc.exe104⤵
-
\??\c:\8k3i7hw.exec:\8k3i7hw.exe105⤵
-
\??\c:\1lu05.exec:\1lu05.exe106⤵
-
\??\c:\710vm.exec:\710vm.exe107⤵
-
\??\c:\j72jh3.exec:\j72jh3.exe108⤵
-
\??\c:\2271utd.exec:\2271utd.exe109⤵
-
\??\c:\fadqo8v.exec:\fadqo8v.exe110⤵
-
\??\c:\v2bcvc.exec:\v2bcvc.exe111⤵
-
\??\c:\98w3pmb.exec:\98w3pmb.exe112⤵
-
\??\c:\4k84e7m.exec:\4k84e7m.exe113⤵
-
\??\c:\fd03e.exec:\fd03e.exe114⤵
-
\??\c:\p19c87u.exec:\p19c87u.exe115⤵
-
\??\c:\js564su.exec:\js564su.exe116⤵
-
\??\c:\ch74kqi.exec:\ch74kqi.exe117⤵
-
\??\c:\96qk7.exec:\96qk7.exe118⤵
-
\??\c:\751kn3.exec:\751kn3.exe119⤵
-
\??\c:\1k4po.exec:\1k4po.exe120⤵
-
\??\c:\v319h.exec:\v319h.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-