Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
14/05/2024, 22:49
General
-
Target
3bba46ae74145985f6dbdd6f15dc4fc0_NeikiAnalytics.exe
-
Size
492KB
-
MD5
3bba46ae74145985f6dbdd6f15dc4fc0
-
SHA1
e90e93452cd80b2932eec666f30da5341354165f
-
SHA256
705588bb761a841f1c2759bcb821cccdd35fb32b5ac8a827cba6e7475eea54a6
-
SHA512
4103bb630a48555a974a3a88123bbde5e7bf80589fe59aa0ace5af6595c1312ec788ca433d465fee9935c9faf1b26c790919bfa212eadc40f238486e96e849f3
-
SSDEEP
6144:n3C9BRo7MlrWKo+lS0Le4xRSAoq78yoyfx93svqTbWL5wEpOQ9DRRi:n3C9yMo+S0L9xRnoq7H9QYcmeN9D6
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3bba46ae74145985f6dbdd6f15dc4fc0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3bba46ae74145985f6dbdd6f15dc4fc0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dtttld.exec:\dtttld.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flnhn.exec:\flnhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phpfhl.exec:\phpfhl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phfxtt.exec:\phfxtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hddxjxb.exec:\hddxjxb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxtdv.exec:\pxtdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fhhdnfl.exec:\fhhdnfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ltdxlx.exec:\ltdxlx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jnjvn.exec:\jnjvn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fbbrhrx.exec:\fbbrhrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bvbpbtp.exec:\bvbpbtp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvlvp.exec:\pvlvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rtdbrfr.exec:\rtdbrfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fdhhf.exec:\fdhhf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nfbxp.exec:\nfbxp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hblfrjt.exec:\hblfrjt.exe17⤵
- Executes dropped EXE
-
\??\c:\pblll.exec:\pblll.exe18⤵
- Executes dropped EXE
-
\??\c:\hjjld.exec:\hjjld.exe19⤵
- Executes dropped EXE
-
\??\c:\bxvll.exec:\bxvll.exe20⤵
- Executes dropped EXE
-
\??\c:\bttbddd.exec:\bttbddd.exe21⤵
- Executes dropped EXE
-
\??\c:\fpjttr.exec:\fpjttr.exe22⤵
- Executes dropped EXE
-
\??\c:\vdrxrh.exec:\vdrxrh.exe23⤵
- Executes dropped EXE
-
\??\c:\nbjhj.exec:\nbjhj.exe24⤵
- Executes dropped EXE
-
\??\c:\htdrlnl.exec:\htdrlnl.exe25⤵
- Executes dropped EXE
-
\??\c:\nphnjvf.exec:\nphnjvf.exe26⤵
- Executes dropped EXE
-
\??\c:\htnph.exec:\htnph.exe27⤵
- Executes dropped EXE
-
\??\c:\bvbfrj.exec:\bvbfrj.exe28⤵
- Executes dropped EXE
-
\??\c:\bbtfp.exec:\bbtfp.exe29⤵
- Executes dropped EXE
-
\??\c:\fnrpv.exec:\fnrpv.exe30⤵
- Executes dropped EXE
-
\??\c:\htnhj.exec:\htnhj.exe31⤵
- Executes dropped EXE
-
\??\c:\vrnrxph.exec:\vrnrxph.exe32⤵
- Executes dropped EXE
-
\??\c:\fpxdl.exec:\fpxdl.exe33⤵
- Executes dropped EXE
-
\??\c:\jpdhvhl.exec:\jpdhvhl.exe34⤵
- Executes dropped EXE
-
\??\c:\hrvbrp.exec:\hrvbrp.exe35⤵
- Executes dropped EXE
-
\??\c:\tfjrdx.exec:\tfjrdx.exe36⤵
-
\??\c:\rlnblx.exec:\rlnblx.exe37⤵
- Executes dropped EXE
-
\??\c:\hpfvr.exec:\hpfvr.exe38⤵
- Executes dropped EXE
-
\??\c:\tjvjld.exec:\tjvjld.exe39⤵
- Executes dropped EXE
-
\??\c:\prvpdnx.exec:\prvpdnx.exe40⤵
- Executes dropped EXE
-
\??\c:\pxtdhjf.exec:\pxtdhjf.exe41⤵
- Executes dropped EXE
-
\??\c:\xpxnn.exec:\xpxnn.exe42⤵
- Executes dropped EXE
-
\??\c:\ttjvh.exec:\ttjvh.exe43⤵
- Executes dropped EXE
-
\??\c:\xpnbbl.exec:\xpnbbl.exe44⤵
- Executes dropped EXE
-
\??\c:\hrnnjph.exec:\hrnnjph.exe45⤵
- Executes dropped EXE
-
\??\c:\bfffdtn.exec:\bfffdtn.exe46⤵
- Executes dropped EXE
-
\??\c:\pfjxv.exec:\pfjxv.exe47⤵
- Executes dropped EXE
-
\??\c:\prfhn.exec:\prfhn.exe48⤵
- Executes dropped EXE
-
\??\c:\jbdjppf.exec:\jbdjppf.exe49⤵
- Executes dropped EXE
-
\??\c:\rrndl.exec:\rrndl.exe50⤵
- Executes dropped EXE
-
\??\c:\btjrhnl.exec:\btjrhnl.exe51⤵
- Executes dropped EXE
-
\??\c:\pdfpb.exec:\pdfpb.exe52⤵
- Executes dropped EXE
-
\??\c:\nnrpjp.exec:\nnrpjp.exe53⤵
- Executes dropped EXE
-
\??\c:\htfpdbd.exec:\htfpdbd.exe54⤵
- Executes dropped EXE
-
\??\c:\tpvftrv.exec:\tpvftrv.exe55⤵
- Executes dropped EXE
-
\??\c:\bjvrxvn.exec:\bjvrxvn.exe56⤵
- Executes dropped EXE
-
\??\c:\nthnl.exec:\nthnl.exe57⤵
- Executes dropped EXE
-
\??\c:\llpjrhj.exec:\llpjrhj.exe58⤵
- Executes dropped EXE
-
\??\c:\xpntbtx.exec:\xpntbtx.exe59⤵
- Executes dropped EXE
-
\??\c:\jbjvvvv.exec:\jbjvvvv.exe60⤵
- Executes dropped EXE
-
\??\c:\xfdbfvn.exec:\xfdbfvn.exe61⤵
- Executes dropped EXE
-
\??\c:\tphffnp.exec:\tphffnp.exe62⤵
- Executes dropped EXE
-
\??\c:\fvbpj.exec:\fvbpj.exe63⤵
- Executes dropped EXE
-
\??\c:\vddvxr.exec:\vddvxr.exe64⤵
- Executes dropped EXE
-
\??\c:\hxfxfhv.exec:\hxfxfhv.exe65⤵
- Executes dropped EXE
-
\??\c:\tjnjrd.exec:\tjnjrd.exe66⤵
- Executes dropped EXE
-
\??\c:\blphrt.exec:\blphrt.exe67⤵
-
\??\c:\nbrff.exec:\nbrff.exe68⤵
-
\??\c:\llhxvrp.exec:\llhxvrp.exe69⤵
-
\??\c:\vxdlrx.exec:\vxdlrx.exe70⤵
-
\??\c:\bpxjj.exec:\bpxjj.exe71⤵
-
\??\c:\dhdlrpn.exec:\dhdlrpn.exe72⤵
-
\??\c:\ftblx.exec:\ftblx.exe73⤵
-
\??\c:\lbrvxf.exec:\lbrvxf.exe74⤵
-
\??\c:\xftbl.exec:\xftbl.exe75⤵
-
\??\c:\xnddlvn.exec:\xnddlvn.exe76⤵
-
\??\c:\flhnb.exec:\flhnb.exe77⤵
-
\??\c:\fjfjdrd.exec:\fjfjdrd.exe78⤵
-
\??\c:\pttnjhr.exec:\pttnjhr.exe79⤵
-
\??\c:\jjpfbp.exec:\jjpfbp.exe80⤵
-
\??\c:\llpxfnh.exec:\llpxfnh.exe81⤵
-
\??\c:\dbnrlp.exec:\dbnrlp.exe82⤵
-
\??\c:\jpbfbr.exec:\jpbfbr.exe83⤵
-
\??\c:\ntnrvt.exec:\ntnrvt.exe84⤵
-
\??\c:\jfnxbd.exec:\jfnxbd.exe85⤵
-
\??\c:\xpfnh.exec:\xpfnh.exe86⤵
-
\??\c:\fdnvjfn.exec:\fdnvjfn.exe87⤵
-
\??\c:\vjxldl.exec:\vjxldl.exe88⤵
-
\??\c:\rhbjht.exec:\rhbjht.exe89⤵
-
\??\c:\nxvthd.exec:\nxvthd.exe90⤵
-
\??\c:\vrfvlh.exec:\vrfvlh.exe91⤵
-
\??\c:\nxvhj.exec:\nxvhj.exe92⤵
-
\??\c:\dpbjlb.exec:\dpbjlb.exe93⤵
-
\??\c:\dbxrp.exec:\dbxrp.exe94⤵
-
\??\c:\nhxhvpr.exec:\nhxhvpr.exe95⤵
-
\??\c:\ndjnfx.exec:\ndjnfx.exe96⤵
-
\??\c:\vdbfjl.exec:\vdbfjl.exe97⤵
-
\??\c:\vlbjrd.exec:\vlbjrd.exe98⤵
-
\??\c:\jnxxnj.exec:\jnxxnj.exe99⤵
-
\??\c:\hvrlf.exec:\hvrlf.exe100⤵
-
\??\c:\bnjfjv.exec:\bnjfjv.exe101⤵
-
\??\c:\fdbhp.exec:\fdbhp.exe102⤵
-
\??\c:\djvjhjb.exec:\djvjhjb.exe103⤵
-
\??\c:\pnjjbv.exec:\pnjjbv.exe104⤵
-
\??\c:\ljbpj.exec:\ljbpj.exe105⤵
-
\??\c:\drndjrd.exec:\drndjrd.exe106⤵
-
\??\c:\xbnhf.exec:\xbnhf.exe107⤵
-
\??\c:\vtjbp.exec:\vtjbp.exe108⤵
-
\??\c:\hvlrln.exec:\hvlrln.exe109⤵
-
\??\c:\rttlx.exec:\rttlx.exe110⤵
-
\??\c:\fdpltn.exec:\fdpltn.exe111⤵
-
\??\c:\nhjhnft.exec:\nhjhnft.exe112⤵
-
\??\c:\nrvvbv.exec:\nrvvbv.exe113⤵
-
\??\c:\jfpjnjp.exec:\jfpjnjp.exe114⤵
-
\??\c:\ldnlhpv.exec:\ldnlhpv.exe115⤵
-
\??\c:\tfpfrjd.exec:\tfpfrjd.exe116⤵
-
\??\c:\rxtdb.exec:\rxtdb.exe117⤵
-
\??\c:\fjtlv.exec:\fjtlv.exe118⤵
-
\??\c:\vnjpl.exec:\vnjpl.exe119⤵
-
\??\c:\vhvtxt.exec:\vhvtxt.exe120⤵
-
\??\c:\rfjnfh.exec:\rfjnfh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-