Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
14/05/2024, 22:49
General
-
Target
3bba46ae74145985f6dbdd6f15dc4fc0_NeikiAnalytics.exe
-
Size
492KB
-
MD5
3bba46ae74145985f6dbdd6f15dc4fc0
-
SHA1
e90e93452cd80b2932eec666f30da5341354165f
-
SHA256
705588bb761a841f1c2759bcb821cccdd35fb32b5ac8a827cba6e7475eea54a6
-
SHA512
4103bb630a48555a974a3a88123bbde5e7bf80589fe59aa0ace5af6595c1312ec788ca433d465fee9935c9faf1b26c790919bfa212eadc40f238486e96e849f3
-
SSDEEP
6144:n3C9BRo7MlrWKo+lS0Le4xRSAoq78yoyfx93svqTbWL5wEpOQ9DRRi:n3C9yMo+S0L9xRnoq7H9QYcmeN9D6
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3bba46ae74145985f6dbdd6f15dc4fc0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3bba46ae74145985f6dbdd6f15dc4fc0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnntn.exec:\hhnntn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjp.exec:\vpjjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppp.exec:\pjppp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vdvv.exec:\7vdvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvpj.exec:\9dvpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbbn.exec:\thhbbn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhnn.exec:\ttnhnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlffx.exec:\fxrlffx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbtt.exec:\hthbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxrxx.exec:\lfxxrxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhntb.exec:\tnhntb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vpvp.exec:\1vpvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxrlfx.exec:\flxrlfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjvv.exec:\jvjvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdv.exec:\dpjdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlffx.exec:\rfrlffx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpv.exec:\pvdpv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrflxf.exec:\fxrflxf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnnnn.exec:\7bnnnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffflxxl.exec:\ffflxxl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdj.exec:\pvjdj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfxxr.exec:\fflfxxr.exe23⤵
- Executes dropped EXE
-
\??\c:\vppdv.exec:\vppdv.exe24⤵
- Executes dropped EXE
-
\??\c:\7ffxrll.exec:\7ffxrll.exe25⤵
- Executes dropped EXE
-
\??\c:\rlrxrxr.exec:\rlrxrxr.exe26⤵
- Executes dropped EXE
-
\??\c:\tnhbhh.exec:\tnhbhh.exe27⤵
- Executes dropped EXE
-
\??\c:\htbtbt.exec:\htbtbt.exe28⤵
- Executes dropped EXE
-
\??\c:\bbtbnt.exec:\bbtbnt.exe29⤵
- Executes dropped EXE
-
\??\c:\5rlfxlr.exec:\5rlfxlr.exe30⤵
- Executes dropped EXE
-
\??\c:\xfllfrl.exec:\xfllfrl.exe31⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe32⤵
- Executes dropped EXE
-
\??\c:\pvvdv.exec:\pvvdv.exe33⤵
- Executes dropped EXE
-
\??\c:\3hnhbb.exec:\3hnhbb.exe34⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe35⤵
- Executes dropped EXE
-
\??\c:\lrrlfrf.exec:\lrrlfrf.exe36⤵
- Executes dropped EXE
-
\??\c:\nnbbtb.exec:\nnbbtb.exe37⤵
- Executes dropped EXE
-
\??\c:\vdjjj.exec:\vdjjj.exe38⤵
- Executes dropped EXE
-
\??\c:\frrlxrx.exec:\frrlxrx.exe39⤵
- Executes dropped EXE
-
\??\c:\hbttnb.exec:\hbttnb.exe40⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe41⤵
- Executes dropped EXE
-
\??\c:\thbnnt.exec:\thbnnt.exe42⤵
- Executes dropped EXE
-
\??\c:\djvjj.exec:\djvjj.exe43⤵
- Executes dropped EXE
-
\??\c:\rrrfxrr.exec:\rrrfxrr.exe44⤵
- Executes dropped EXE
-
\??\c:\hnhhbn.exec:\hnhhbn.exe45⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe46⤵
- Executes dropped EXE
-
\??\c:\rrfxllf.exec:\rrfxllf.exe47⤵
- Executes dropped EXE
-
\??\c:\thbtbn.exec:\thbtbn.exe48⤵
- Executes dropped EXE
-
\??\c:\7vppj.exec:\7vppj.exe49⤵
- Executes dropped EXE
-
\??\c:\lrfffxx.exec:\lrfffxx.exe50⤵
- Executes dropped EXE
-
\??\c:\hntbtt.exec:\hntbtt.exe51⤵
- Executes dropped EXE
-
\??\c:\xxllflx.exec:\xxllflx.exe52⤵
- Executes dropped EXE
-
\??\c:\ttbhhn.exec:\ttbhhn.exe53⤵
- Executes dropped EXE
-
\??\c:\dvdjd.exec:\dvdjd.exe54⤵
- Executes dropped EXE
-
\??\c:\tnntnb.exec:\tnntnb.exe55⤵
- Executes dropped EXE
-
\??\c:\jppvd.exec:\jppvd.exe56⤵
- Executes dropped EXE
-
\??\c:\fxxrllx.exec:\fxxrllx.exe57⤵
- Executes dropped EXE
-
\??\c:\9hbnhh.exec:\9hbnhh.exe58⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe59⤵
- Executes dropped EXE
-
\??\c:\xflxrxf.exec:\xflxrxf.exe60⤵
- Executes dropped EXE
-
\??\c:\thhhbt.exec:\thhhbt.exe61⤵
- Executes dropped EXE
-
\??\c:\bbthtt.exec:\bbthtt.exe62⤵
- Executes dropped EXE
-
\??\c:\1ddjp.exec:\1ddjp.exe63⤵
- Executes dropped EXE
-
\??\c:\9lxxffl.exec:\9lxxffl.exe64⤵
- Executes dropped EXE
-
\??\c:\tbnnth.exec:\tbnnth.exe65⤵
- Executes dropped EXE
-
\??\c:\dpvvd.exec:\dpvvd.exe66⤵
-
\??\c:\xrxrfrf.exec:\xrxrfrf.exe67⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe68⤵
-
\??\c:\jppdv.exec:\jppdv.exe69⤵
-
\??\c:\xxflfxr.exec:\xxflfxr.exe70⤵
-
\??\c:\9tbbth.exec:\9tbbth.exe71⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe72⤵
-
\??\c:\3lxxrxl.exec:\3lxxrxl.exe73⤵
-
\??\c:\tnbtbh.exec:\tnbtbh.exe74⤵
-
\??\c:\7vdvd.exec:\7vdvd.exe75⤵
-
\??\c:\rrxxfll.exec:\rrxxfll.exe76⤵
-
\??\c:\5nbbtb.exec:\5nbbtb.exe77⤵
-
\??\c:\3jdjp.exec:\3jdjp.exe78⤵
-
\??\c:\nnnnbt.exec:\nnnnbt.exe79⤵
-
\??\c:\tnbhtn.exec:\tnbhtn.exe80⤵
-
\??\c:\xxrfxlx.exec:\xxrfxlx.exe81⤵
-
\??\c:\xxfxfxl.exec:\xxfxfxl.exe82⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe83⤵
-
\??\c:\3pvpp.exec:\3pvpp.exe84⤵
-
\??\c:\flxrxfr.exec:\flxrxfr.exe85⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe86⤵
-
\??\c:\3jpjv.exec:\3jpjv.exe87⤵
-
\??\c:\xrflfrf.exec:\xrflfrf.exe88⤵
-
\??\c:\bhhtht.exec:\bhhtht.exe89⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe90⤵
-
\??\c:\nbbbnh.exec:\nbbbnh.exe91⤵
-
\??\c:\5vppj.exec:\5vppj.exe92⤵
-
\??\c:\fxlrflf.exec:\fxlrflf.exe93⤵
-
\??\c:\thnhhn.exec:\thnhhn.exe94⤵
-
\??\c:\jjddp.exec:\jjddp.exe95⤵
-
\??\c:\frxxxff.exec:\frxxxff.exe96⤵
-
\??\c:\btttbb.exec:\btttbb.exe97⤵
-
\??\c:\jpvvj.exec:\jpvvj.exe98⤵
-
\??\c:\rrrrlrr.exec:\rrrrlrr.exe99⤵
-
\??\c:\bbnnnt.exec:\bbnnnt.exe100⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe101⤵
-
\??\c:\lrfrlfr.exec:\lrfrlfr.exe102⤵
-
\??\c:\hhthnh.exec:\hhthnh.exe103⤵
-
\??\c:\djdjv.exec:\djdjv.exe104⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe105⤵
-
\??\c:\vdvvj.exec:\vdvvj.exe106⤵
-
\??\c:\xllxllx.exec:\xllxllx.exe107⤵
-
\??\c:\nthhhn.exec:\nthhhn.exe108⤵
-
\??\c:\ddddj.exec:\ddddj.exe109⤵
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe110⤵
-
\??\c:\bbthht.exec:\bbthht.exe111⤵
-
\??\c:\5vddd.exec:\5vddd.exe112⤵
-
\??\c:\xxlrrrr.exec:\xxlrrrr.exe113⤵
-
\??\c:\htnnnt.exec:\htnnnt.exe114⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe115⤵
-
\??\c:\9rllrxf.exec:\9rllrxf.exe116⤵
-
\??\c:\btnhnh.exec:\btnhnh.exe117⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe118⤵
-
\??\c:\llffxxx.exec:\llffxxx.exe119⤵
-
\??\c:\bntttn.exec:\bntttn.exe120⤵
-
\??\c:\jpjvj.exec:\jpjvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-