Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
13/05/2024, 22:52
General
-
Target
2f1d4728c2b3de6ce52345da42eca630_NeikiAnalytics.exe
-
Size
122KB
-
MD5
2f1d4728c2b3de6ce52345da42eca630
-
SHA1
02c16126652fa0071038f8bf594d021fb50e13bf
-
SHA256
6b258e4a75493e5c3c68e0ff1102e6a1e627406edc4f2f23f57512ee620746c5
-
SHA512
cb263825bbe01353967d64620324fc164109bfd35fa66d0dec4ae6dc6a66fa5eceeddb82064f72a415d42839d27e77c4526edb3b466840f11359e404a6e28043
-
SSDEEP
3072:9hOmTsF93UYfwC6GIoutz5yLpcka62c+8+dRN1Gw:9cm4FmowdHoSZ6lCX9
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2f1d4728c2b3de6ce52345da42eca630_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2f1d4728c2b3de6ce52345da42eca630_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhbtt.exec:\1hhbtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpv.exec:\dvdpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvpj.exec:\1jvpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflffxl.exec:\lflffxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhtnb.exec:\9nhtnb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjj.exec:\vdjjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpj.exec:\dpvpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxrx.exec:\fxlrxrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbbtt.exec:\hnbbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdv.exec:\jjjdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfxfr.exec:\rrlfxfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllfff.exec:\flllfff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbt.exec:\nhnhbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdd.exec:\dvvdd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffrxr.exec:\rlffrxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflxrrl.exec:\xflxrrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbtt.exec:\bnhbtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dpjp.exec:\5dpjp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhht.exec:\htnhht.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbttn.exec:\bhbttn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvp.exec:\jvdvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjd.exec:\vdpjd.exe23⤵
- Executes dropped EXE
-
\??\c:\9lfrxrr.exec:\9lfrxrr.exe24⤵
- Executes dropped EXE
-
\??\c:\nbthbb.exec:\nbthbb.exe25⤵
- Executes dropped EXE
-
\??\c:\vpjjj.exec:\vpjjj.exe26⤵
- Executes dropped EXE
-
\??\c:\7vppd.exec:\7vppd.exe27⤵
- Executes dropped EXE
-
\??\c:\fxrxffl.exec:\fxrxffl.exe28⤵
- Executes dropped EXE
-
\??\c:\bbtnbt.exec:\bbtnbt.exe29⤵
- Executes dropped EXE
-
\??\c:\nbtnbb.exec:\nbtnbb.exe30⤵
- Executes dropped EXE
-
\??\c:\jjppv.exec:\jjppv.exe31⤵
- Executes dropped EXE
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe32⤵
- Executes dropped EXE
-
\??\c:\9ntntt.exec:\9ntntt.exe33⤵
- Executes dropped EXE
-
\??\c:\3vvjj.exec:\3vvjj.exe34⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe35⤵
- Executes dropped EXE
-
\??\c:\fxlfllr.exec:\fxlfllr.exe36⤵
- Executes dropped EXE
-
\??\c:\hbnhhh.exec:\hbnhhh.exe37⤵
- Executes dropped EXE
-
\??\c:\hbtnhh.exec:\hbtnhh.exe38⤵
- Executes dropped EXE
-
\??\c:\pvddv.exec:\pvddv.exe39⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe40⤵
- Executes dropped EXE
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe41⤵
- Executes dropped EXE
-
\??\c:\fxfflrl.exec:\fxfflrl.exe42⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe43⤵
- Executes dropped EXE
-
\??\c:\nhhbbb.exec:\nhhbbb.exe44⤵
- Executes dropped EXE
-
\??\c:\jppjj.exec:\jppjj.exe45⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe46⤵
- Executes dropped EXE
-
\??\c:\3fxfxrl.exec:\3fxfxrl.exe47⤵
- Executes dropped EXE
-
\??\c:\fflfxxf.exec:\fflfxxf.exe48⤵
- Executes dropped EXE
-
\??\c:\nttnhb.exec:\nttnhb.exe49⤵
- Executes dropped EXE
-
\??\c:\7vjvp.exec:\7vjvp.exe50⤵
- Executes dropped EXE
-
\??\c:\dvdvj.exec:\dvdvj.exe51⤵
- Executes dropped EXE
-
\??\c:\xxrrxxl.exec:\xxrrxxl.exe52⤵
- Executes dropped EXE
-
\??\c:\hhnbtb.exec:\hhnbtb.exe53⤵
- Executes dropped EXE
-
\??\c:\hbhnhb.exec:\hbhnhb.exe54⤵
- Executes dropped EXE
-
\??\c:\pjvdv.exec:\pjvdv.exe55⤵
- Executes dropped EXE
-
\??\c:\fflllxx.exec:\fflllxx.exe56⤵
- Executes dropped EXE
-
\??\c:\ffxxflr.exec:\ffxxflr.exe57⤵
- Executes dropped EXE
-
\??\c:\nhnbhb.exec:\nhnbhb.exe58⤵
- Executes dropped EXE
-
\??\c:\5nhhbb.exec:\5nhhbb.exe59⤵
- Executes dropped EXE
-
\??\c:\dvvvv.exec:\dvvvv.exe60⤵
- Executes dropped EXE
-
\??\c:\5xrfxrl.exec:\5xrfxrl.exe61⤵
- Executes dropped EXE
-
\??\c:\bntntt.exec:\bntntt.exe62⤵
- Executes dropped EXE
-
\??\c:\bhhtnh.exec:\bhhtnh.exe63⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe64⤵
- Executes dropped EXE
-
\??\c:\xxrlfxr.exec:\xxrlfxr.exe65⤵
- Executes dropped EXE
-
\??\c:\vddvj.exec:\vddvj.exe66⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe67⤵
-
\??\c:\rlfrlff.exec:\rlfrlff.exe68⤵
-
\??\c:\btbttt.exec:\btbttt.exe69⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe70⤵
-
\??\c:\xrlffff.exec:\xrlffff.exe71⤵
-
\??\c:\ttnhbh.exec:\ttnhbh.exe72⤵
-
\??\c:\pdvdv.exec:\pdvdv.exe73⤵
-
\??\c:\9jpdp.exec:\9jpdp.exe74⤵
-
\??\c:\rrxlxrl.exec:\rrxlxrl.exe75⤵
-
\??\c:\bbbnth.exec:\bbbnth.exe76⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe77⤵
-
\??\c:\fffxrrl.exec:\fffxrrl.exe78⤵
-
\??\c:\9hhtnh.exec:\9hhtnh.exe79⤵
-
\??\c:\ddjvp.exec:\ddjvp.exe80⤵
-
\??\c:\nhtnnh.exec:\nhtnnh.exe81⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe82⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe83⤵
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe84⤵
-
\??\c:\ntbtnh.exec:\ntbtnh.exe85⤵
-
\??\c:\9xrlfff.exec:\9xrlfff.exe86⤵
-
\??\c:\9rrlxfx.exec:\9rrlxfx.exe87⤵
-
\??\c:\nhnnbt.exec:\nhnnbt.exe88⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe89⤵
-
\??\c:\xfxfrff.exec:\xfxfrff.exe90⤵
-
\??\c:\lfxlrfr.exec:\lfxlrfr.exe91⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe92⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe93⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe94⤵
-
\??\c:\vpddv.exec:\vpddv.exe95⤵
-
\??\c:\lllfxxf.exec:\lllfxxf.exe96⤵
-
\??\c:\bbhnhh.exec:\bbhnhh.exe97⤵
-
\??\c:\htttnh.exec:\htttnh.exe98⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe99⤵
-
\??\c:\djpjv.exec:\djpjv.exe100⤵
-
\??\c:\lllfrxr.exec:\lllfrxr.exe101⤵
-
\??\c:\1fffxxx.exec:\1fffxxx.exe102⤵
-
\??\c:\3rxrllx.exec:\3rxrllx.exe103⤵
-
\??\c:\3httbt.exec:\3httbt.exe104⤵
-
\??\c:\7tnhtb.exec:\7tnhtb.exe105⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe106⤵
-
\??\c:\1jdvp.exec:\1jdvp.exe107⤵
-
\??\c:\lfrrxfx.exec:\lfrrxfx.exe108⤵
-
\??\c:\rfrlfff.exec:\rfrlfff.exe109⤵
-
\??\c:\5ntnnn.exec:\5ntnnn.exe110⤵
-
\??\c:\5tnhbb.exec:\5tnhbb.exe111⤵
-
\??\c:\vpvjv.exec:\vpvjv.exe112⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe113⤵
-
\??\c:\xfxlffx.exec:\xfxlffx.exe114⤵
-
\??\c:\rfxxrlf.exec:\rfxxrlf.exe115⤵
-
\??\c:\hnbthh.exec:\hnbthh.exe116⤵
-
\??\c:\nhbbtn.exec:\nhbbtn.exe117⤵
-
\??\c:\7djdj.exec:\7djdj.exe118⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe119⤵
-
\??\c:\pjddv.exec:\pjddv.exe120⤵
-
\??\c:\9rlxrfr.exec:\9rlxrfr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-