Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
13/05/2024, 17:27
General
-
Target
bfcc09368ed99958968933ed3065fa40_NeikiAnalytics.exe
-
Size
94KB
-
MD5
bfcc09368ed99958968933ed3065fa40
-
SHA1
c3ea9a6c8ba17149e1ee83e4f6fdae6c46ef03b1
-
SHA256
79c73d8395a231a586d5e6b8c144a021443d4ef1a4e8335a1eceb1d1dc982021
-
SHA512
691ebdda08f6d48bbe0dcc77f260bd7864690f98c33dfff251e487cf15566094e93bca8c5c12d7f0ad1607ef3878336fc880267014c4cad38b6ec1bce310f152
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxEPOfPrA2:ymb3NkkiQ3mdBjFo73PYP1lri3KuOnrL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bfcc09368ed99958968933ed3065fa40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\bfcc09368ed99958968933ed3065fa40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bnjttd.exec:\bnjttd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lttflrp.exec:\lttflrp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xphvh.exec:\xphvh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxpxvl.exec:\pxpxvl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thdrdvb.exec:\thdrdvb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frttv.exec:\frttv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\drnppxr.exec:\drnppxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fbbjtt.exec:\fbbjtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lbhbt.exec:\lbhbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntdrfvn.exec:\ntdrfvn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prlvnb.exec:\prlvnb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rblrvdh.exec:\rblrvdh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvxjnlr.exec:\xvxjnlr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\plxrbt.exec:\plxrbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xtjjvhd.exec:\xtjjvhd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fntbpdr.exec:\fntbpdr.exe17⤵
- Executes dropped EXE
-
\??\c:\nxdxrf.exec:\nxdxrf.exe18⤵
- Executes dropped EXE
-
\??\c:\dvxhr.exec:\dvxhr.exe19⤵
- Executes dropped EXE
-
\??\c:\jfljhnp.exec:\jfljhnp.exe20⤵
- Executes dropped EXE
-
\??\c:\fldprvh.exec:\fldprvh.exe21⤵
- Executes dropped EXE
-
\??\c:\hfnhln.exec:\hfnhln.exe22⤵
- Executes dropped EXE
-
\??\c:\bhbblb.exec:\bhbblb.exe23⤵
- Executes dropped EXE
-
\??\c:\lpxdv.exec:\lpxdv.exe24⤵
- Executes dropped EXE
-
\??\c:\bhffv.exec:\bhffv.exe25⤵
- Executes dropped EXE
-
\??\c:\rfhdhx.exec:\rfhdhx.exe26⤵
- Executes dropped EXE
-
\??\c:\vlbtpvf.exec:\vlbtpvf.exe27⤵
- Executes dropped EXE
-
\??\c:\xnfhnrj.exec:\xnfhnrj.exe28⤵
- Executes dropped EXE
-
\??\c:\rjhnht.exec:\rjhnht.exe29⤵
- Executes dropped EXE
-
\??\c:\jblvnnp.exec:\jblvnnp.exe30⤵
- Executes dropped EXE
-
\??\c:\phxttpt.exec:\phxttpt.exe31⤵
- Executes dropped EXE
-
\??\c:\blvllt.exec:\blvllt.exe32⤵
- Executes dropped EXE
-
\??\c:\pxddtxl.exec:\pxddtxl.exe33⤵
- Executes dropped EXE
-
\??\c:\brvtvp.exec:\brvtvp.exe34⤵
- Executes dropped EXE
-
\??\c:\ltphn.exec:\ltphn.exe35⤵
-
\??\c:\xbnfdlf.exec:\xbnfdlf.exe36⤵
- Executes dropped EXE
-
\??\c:\bnlrjdl.exec:\bnlrjdl.exe37⤵
- Executes dropped EXE
-
\??\c:\ndffvv.exec:\ndffvv.exe38⤵
- Executes dropped EXE
-
\??\c:\xpnhh.exec:\xpnhh.exe39⤵
- Executes dropped EXE
-
\??\c:\rrhhxnh.exec:\rrhhxnh.exe40⤵
- Executes dropped EXE
-
\??\c:\djllv.exec:\djllv.exe41⤵
- Executes dropped EXE
-
\??\c:\pjrdl.exec:\pjrdl.exe42⤵
- Executes dropped EXE
-
\??\c:\rbdrjjb.exec:\rbdrjjb.exe43⤵
- Executes dropped EXE
-
\??\c:\thnntx.exec:\thnntx.exe44⤵
- Executes dropped EXE
-
\??\c:\rvpbr.exec:\rvpbr.exe45⤵
- Executes dropped EXE
-
\??\c:\pprpdf.exec:\pprpdf.exe46⤵
- Executes dropped EXE
-
\??\c:\nhdhd.exec:\nhdhd.exe47⤵
- Executes dropped EXE
-
\??\c:\jxtxvn.exec:\jxtxvn.exe48⤵
- Executes dropped EXE
-
\??\c:\vpftdhh.exec:\vpftdhh.exe49⤵
- Executes dropped EXE
-
\??\c:\pfhxb.exec:\pfhxb.exe50⤵
- Executes dropped EXE
-
\??\c:\djbbr.exec:\djbbr.exe51⤵
- Executes dropped EXE
-
\??\c:\pdbtld.exec:\pdbtld.exe52⤵
- Executes dropped EXE
-
\??\c:\lhtvdh.exec:\lhtvdh.exe53⤵
- Executes dropped EXE
-
\??\c:\bddlllb.exec:\bddlllb.exe54⤵
- Executes dropped EXE
-
\??\c:\xbpljhv.exec:\xbpljhv.exe55⤵
- Executes dropped EXE
-
\??\c:\hlhfnj.exec:\hlhfnj.exe56⤵
- Executes dropped EXE
-
\??\c:\dphvhj.exec:\dphvhj.exe57⤵
- Executes dropped EXE
-
\??\c:\rlpjf.exec:\rlpjf.exe58⤵
- Executes dropped EXE
-
\??\c:\rrfnn.exec:\rrfnn.exe59⤵
- Executes dropped EXE
-
\??\c:\nrlbpjp.exec:\nrlbpjp.exe60⤵
- Executes dropped EXE
-
\??\c:\nblrpr.exec:\nblrpr.exe61⤵
- Executes dropped EXE
-
\??\c:\hxvnjbl.exec:\hxvnjbl.exe62⤵
- Executes dropped EXE
-
\??\c:\ppltj.exec:\ppltj.exe63⤵
- Executes dropped EXE
-
\??\c:\jrhfhr.exec:\jrhfhr.exe64⤵
- Executes dropped EXE
-
\??\c:\vxltp.exec:\vxltp.exe65⤵
- Executes dropped EXE
-
\??\c:\pbbptt.exec:\pbbptt.exe66⤵
- Executes dropped EXE
-
\??\c:\vdjbpdp.exec:\vdjbpdp.exe67⤵
-
\??\c:\drhxrpd.exec:\drhxrpd.exe68⤵
-
\??\c:\fxtndr.exec:\fxtndr.exe69⤵
-
\??\c:\xpxtx.exec:\xpxtx.exe70⤵
-
\??\c:\lltphb.exec:\lltphb.exe71⤵
-
\??\c:\ptlhth.exec:\ptlhth.exe72⤵
-
\??\c:\vrtrffp.exec:\vrtrffp.exe73⤵
-
\??\c:\ptfdt.exec:\ptfdt.exe74⤵
-
\??\c:\bprxdh.exec:\bprxdh.exe75⤵
-
\??\c:\ptpnff.exec:\ptpnff.exe76⤵
-
\??\c:\vhtxphn.exec:\vhtxphn.exe77⤵
-
\??\c:\ndlrn.exec:\ndlrn.exe78⤵
-
\??\c:\tpdfrh.exec:\tpdfrh.exe79⤵
-
\??\c:\jlvbjd.exec:\jlvbjd.exe80⤵
-
\??\c:\lpjpfv.exec:\lpjpfv.exe81⤵
-
\??\c:\ndjhbtv.exec:\ndjhbtv.exe82⤵
-
\??\c:\fvldhdt.exec:\fvldhdt.exe83⤵
-
\??\c:\nrhnrp.exec:\nrhnrp.exe84⤵
-
\??\c:\lxpftbh.exec:\lxpftbh.exe85⤵
-
\??\c:\rvpndv.exec:\rvpndv.exe86⤵
-
\??\c:\bjflt.exec:\bjflt.exe87⤵
-
\??\c:\bfvtj.exec:\bfvtj.exe88⤵
-
\??\c:\blrft.exec:\blrft.exe89⤵
-
\??\c:\fjtvl.exec:\fjtvl.exe90⤵
-
\??\c:\rbnnlx.exec:\rbnnlx.exe91⤵
-
\??\c:\bjntltd.exec:\bjntltd.exe92⤵
-
\??\c:\drtfrrr.exec:\drtfrrr.exe93⤵
-
\??\c:\xjtxt.exec:\xjtxt.exe94⤵
-
\??\c:\ppnpj.exec:\ppnpj.exe95⤵
-
\??\c:\tfpfdfl.exec:\tfpfdfl.exe96⤵
-
\??\c:\hprjl.exec:\hprjl.exe97⤵
-
\??\c:\hrndvx.exec:\hrndvx.exe98⤵
-
\??\c:\lfdhtxn.exec:\lfdhtxn.exe99⤵
-
\??\c:\ljfllp.exec:\ljfllp.exe100⤵
-
\??\c:\hrbrjt.exec:\hrbrjt.exe101⤵
-
\??\c:\nfvtrbv.exec:\nfvtrbv.exe102⤵
-
\??\c:\lfhflf.exec:\lfhflf.exe103⤵
-
\??\c:\hthpd.exec:\hthpd.exe104⤵
-
\??\c:\xdllv.exec:\xdllv.exe105⤵
-
\??\c:\dfbnfv.exec:\dfbnfv.exe106⤵
-
\??\c:\xhfbrpl.exec:\xhfbrpl.exe107⤵
-
\??\c:\nxhfft.exec:\nxhfft.exe108⤵
-
\??\c:\rnbvbx.exec:\rnbvbx.exe109⤵
-
\??\c:\tllxplx.exec:\tllxplx.exe110⤵
-
\??\c:\blfdnd.exec:\blfdnd.exe111⤵
-
\??\c:\tlhptn.exec:\tlhptn.exe112⤵
-
\??\c:\xlvfflf.exec:\xlvfflf.exe113⤵
-
\??\c:\nxrvdj.exec:\nxrvdj.exe114⤵
-
\??\c:\jddhxtj.exec:\jddhxtj.exe115⤵
-
\??\c:\ttxhfjt.exec:\ttxhfjt.exe116⤵
-
\??\c:\rxnhxph.exec:\rxnhxph.exe117⤵
-
\??\c:\drfjrxj.exec:\drfjrxj.exe118⤵
-
\??\c:\lhthfn.exec:\lhthfn.exe119⤵
-
\??\c:\bxnvxpl.exec:\bxnvxpl.exe120⤵
-
\??\c:\pjphrt.exec:\pjphrt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-