Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
13/05/2024, 22:52
General
-
Target
2f1d4728c2b3de6ce52345da42eca630_NeikiAnalytics.exe
-
Size
122KB
-
MD5
2f1d4728c2b3de6ce52345da42eca630
-
SHA1
02c16126652fa0071038f8bf594d021fb50e13bf
-
SHA256
6b258e4a75493e5c3c68e0ff1102e6a1e627406edc4f2f23f57512ee620746c5
-
SHA512
cb263825bbe01353967d64620324fc164109bfd35fa66d0dec4ae6dc6a66fa5eceeddb82064f72a415d42839d27e77c4526edb3b466840f11359e404a6e28043
-
SSDEEP
3072:9hOmTsF93UYfwC6GIoutz5yLpcka62c+8+dRN1Gw:9cm4FmowdHoSZ6lCX9
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2f1d4728c2b3de6ce52345da42eca630_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2f1d4728c2b3de6ce52345da42eca630_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbnn.exec:\bbtbnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjv.exec:\ddvjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxxfrl.exec:\7rxxfrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvdv.exec:\dpvdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrlff.exec:\rfrrlff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbbb.exec:\bbtbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpd.exec:\vpdpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrlllx.exec:\3lrlllx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnth.exec:\tnhnth.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvdp.exec:\jjvdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dpjv.exec:\7dpjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlrflr.exec:\3rlrflr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbbn.exec:\bthbbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddp.exec:\jjddp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxxlx.exec:\fflxxlx.exe17⤵
- Executes dropped EXE
-
\??\c:\rlfrxfr.exec:\rlfrxfr.exe18⤵
- Executes dropped EXE
-
\??\c:\ntnnhb.exec:\ntnnhb.exe19⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe20⤵
- Executes dropped EXE
-
\??\c:\llrrflx.exec:\llrrflx.exe21⤵
- Executes dropped EXE
-
\??\c:\tnhhnt.exec:\tnhhnt.exe22⤵
- Executes dropped EXE
-
\??\c:\bnttth.exec:\bnttth.exe23⤵
- Executes dropped EXE
-
\??\c:\3rrflrx.exec:\3rrflrx.exe24⤵
- Executes dropped EXE
-
\??\c:\rrlrrfx.exec:\rrlrrfx.exe25⤵
- Executes dropped EXE
-
\??\c:\nnbhbb.exec:\nnbhbb.exe26⤵
- Executes dropped EXE
-
\??\c:\tbhnhb.exec:\tbhnhb.exe27⤵
- Executes dropped EXE
-
\??\c:\lfxrxlx.exec:\lfxrxlx.exe28⤵
- Executes dropped EXE
-
\??\c:\xxxllrr.exec:\xxxllrr.exe29⤵
- Executes dropped EXE
-
\??\c:\pdjdj.exec:\pdjdj.exe30⤵
- Executes dropped EXE
-
\??\c:\5pddj.exec:\5pddj.exe31⤵
- Executes dropped EXE
-
\??\c:\frfxflx.exec:\frfxflx.exe32⤵
- Executes dropped EXE
-
\??\c:\btthtt.exec:\btthtt.exe33⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe34⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe35⤵
- Executes dropped EXE
-
\??\c:\7flxllx.exec:\7flxllx.exe36⤵
- Executes dropped EXE
-
\??\c:\lxflxxr.exec:\lxflxxr.exe37⤵
- Executes dropped EXE
-
\??\c:\hbthtb.exec:\hbthtb.exe38⤵
- Executes dropped EXE
-
\??\c:\7thbhn.exec:\7thbhn.exe39⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe40⤵
- Executes dropped EXE
-
\??\c:\ppjvp.exec:\ppjvp.exe41⤵
- Executes dropped EXE
-
\??\c:\lflrflr.exec:\lflrflr.exe42⤵
- Executes dropped EXE
-
\??\c:\3bhbtb.exec:\3bhbtb.exe43⤵
- Executes dropped EXE
-
\??\c:\1hbhnb.exec:\1hbhnb.exe44⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe45⤵
- Executes dropped EXE
-
\??\c:\7xrrflr.exec:\7xrrflr.exe46⤵
- Executes dropped EXE
-
\??\c:\rlrffrf.exec:\rlrffrf.exe47⤵
- Executes dropped EXE
-
\??\c:\7bbhht.exec:\7bbhht.exe48⤵
- Executes dropped EXE
-
\??\c:\tnhtth.exec:\tnhtth.exe49⤵
- Executes dropped EXE
-
\??\c:\jjjvj.exec:\jjjvj.exe50⤵
- Executes dropped EXE
-
\??\c:\5pjjp.exec:\5pjjp.exe51⤵
- Executes dropped EXE
-
\??\c:\lxlrxfr.exec:\lxlrxfr.exe52⤵
- Executes dropped EXE
-
\??\c:\bnhnbh.exec:\bnhnbh.exe53⤵
- Executes dropped EXE
-
\??\c:\tnbhbt.exec:\tnbhbt.exe54⤵
- Executes dropped EXE
-
\??\c:\7dvpv.exec:\7dvpv.exe55⤵
- Executes dropped EXE
-
\??\c:\9pjvd.exec:\9pjvd.exe56⤵
- Executes dropped EXE
-
\??\c:\xrrlxff.exec:\xrrlxff.exe57⤵
- Executes dropped EXE
-
\??\c:\lfffxfl.exec:\lfffxfl.exe58⤵
- Executes dropped EXE
-
\??\c:\btbhtn.exec:\btbhtn.exe59⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe60⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe61⤵
- Executes dropped EXE
-
\??\c:\fxflrfl.exec:\fxflrfl.exe62⤵
- Executes dropped EXE
-
\??\c:\fxfflxf.exec:\fxfflxf.exe63⤵
- Executes dropped EXE
-
\??\c:\nhhbbb.exec:\nhhbbb.exe64⤵
- Executes dropped EXE
-
\??\c:\1dvjj.exec:\1dvjj.exe65⤵
- Executes dropped EXE
-
\??\c:\7dvdj.exec:\7dvdj.exe66⤵
-
\??\c:\fxllffr.exec:\fxllffr.exe67⤵
-
\??\c:\lfxfllf.exec:\lfxfllf.exe68⤵
-
\??\c:\nhtbbt.exec:\nhtbbt.exe69⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe70⤵
-
\??\c:\1pjpp.exec:\1pjpp.exe71⤵
-
\??\c:\rrlfrxl.exec:\rrlfrxl.exe72⤵
-
\??\c:\rlxfrlr.exec:\rlxfrlr.exe73⤵
-
\??\c:\5hhnhb.exec:\5hhnhb.exe74⤵
-
\??\c:\nbhnbh.exec:\nbhnbh.exe75⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe76⤵
-
\??\c:\1vjvj.exec:\1vjvj.exe77⤵
-
\??\c:\lfflrll.exec:\lfflrll.exe78⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe79⤵
-
\??\c:\tttbnn.exec:\tttbnn.exe80⤵
-
\??\c:\pvvdj.exec:\pvvdj.exe81⤵
-
\??\c:\ddppp.exec:\ddppp.exe82⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe83⤵
-
\??\c:\rfrxfxf.exec:\rfrxfxf.exe84⤵
-
\??\c:\tbbbhh.exec:\tbbbhh.exe85⤵
-
\??\c:\nbtthn.exec:\nbtthn.exe86⤵
-
\??\c:\7vvvj.exec:\7vvvj.exe87⤵
-
\??\c:\lfxrrxl.exec:\lfxrrxl.exe88⤵
-
\??\c:\xrrfrrf.exec:\xrrfrrf.exe89⤵
-
\??\c:\7bbntb.exec:\7bbntb.exe90⤵
-
\??\c:\tbnhht.exec:\tbnhht.exe91⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe92⤵
-
\??\c:\1jjdj.exec:\1jjdj.exe93⤵
-
\??\c:\lfxxlff.exec:\lfxxlff.exe94⤵
-
\??\c:\5frrxxl.exec:\5frrxxl.exe95⤵
-
\??\c:\hthnhn.exec:\hthnhn.exe96⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe97⤵
-
\??\c:\pjddv.exec:\pjddv.exe98⤵
-
\??\c:\lfrxllx.exec:\lfrxllx.exe99⤵
-
\??\c:\xrllrxf.exec:\xrllrxf.exe100⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe101⤵
-
\??\c:\hbhtnb.exec:\hbhtnb.exe102⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe103⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe104⤵
-
\??\c:\xrlxfrx.exec:\xrlxfrx.exe105⤵
-
\??\c:\fxfflfr.exec:\fxfflfr.exe106⤵
-
\??\c:\9tthnt.exec:\9tthnt.exe107⤵
-
\??\c:\thtntt.exec:\thtntt.exe108⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe109⤵
-
\??\c:\xxxrlrf.exec:\xxxrlrf.exe110⤵
-
\??\c:\ffflrxx.exec:\ffflrxx.exe111⤵
-
\??\c:\hbttht.exec:\hbttht.exe112⤵
-
\??\c:\vppjd.exec:\vppjd.exe113⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe114⤵
-
\??\c:\xrffrrx.exec:\xrffrrx.exe115⤵
-
\??\c:\5hbthh.exec:\5hbthh.exe116⤵
-
\??\c:\hbbnhh.exec:\hbbnhh.exe117⤵
-
\??\c:\3dppv.exec:\3dppv.exe118⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe119⤵
-
\??\c:\xrxrffl.exec:\xrxrffl.exe120⤵
-
\??\c:\7xxlrxf.exec:\7xxlrxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-