Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
14/05/2024, 13:00
General
-
Target
c7941ddb367c6d18dfeda0aa2f38e3b0_NeikiAnalytics.exe
-
Size
66KB
-
MD5
c7941ddb367c6d18dfeda0aa2f38e3b0
-
SHA1
cfec0f7d77e4660f041b49f1b4bcf8d594f6c1b0
-
SHA256
b85cf426b273c087d5da9ed474d7aea16b546d5f42fab4a199f63a6240b0a50d
-
SHA512
60ccbba71070f5e053cbe20343fefe343ba17b6c87139e5f2cf04ca4f758cf593b7c0f2d318a65f83ecfa010087d4c2983db5ac2d6608ba4aeab3d3c7097f710
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZh:ymb3NkkiQ3mdBjF0yUm/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c7941ddb367c6d18dfeda0aa2f38e3b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c7941ddb367c6d18dfeda0aa2f38e3b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtvd.exec:\hbtvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pnplr.exec:\pnplr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnrfd.exec:\ttnrfd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ndjdj.exec:\ndjdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lltnt.exec:\lltnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\plrbtf.exec:\plrbtf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxrrlrh.exec:\pxrrlrh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vfbpp.exec:\vfbpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlx.exec:\lrrlx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpnvjpn.exec:\vpnvjpn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dllbdl.exec:\dllbdl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thrhht.exec:\thrhht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lbbvn.exec:\lbbvn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrbnlh.exec:\rfrbnlh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlrvf.exec:\lxlrvf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\drnbxp.exec:\drnbxp.exe17⤵
- Executes dropped EXE
-
\??\c:\rpxnp.exec:\rpxnp.exe18⤵
- Executes dropped EXE
-
\??\c:\pbjhvf.exec:\pbjhvf.exe19⤵
- Executes dropped EXE
-
\??\c:\lpdvtl.exec:\lpdvtl.exe20⤵
- Executes dropped EXE
-
\??\c:\prpxvxn.exec:\prpxvxn.exe21⤵
- Executes dropped EXE
-
\??\c:\fpbvfpf.exec:\fpbvfpf.exe22⤵
- Executes dropped EXE
-
\??\c:\xhbpn.exec:\xhbpn.exe23⤵
- Executes dropped EXE
-
\??\c:\dbtbrvj.exec:\dbtbrvj.exe24⤵
- Executes dropped EXE
-
\??\c:\nlxxv.exec:\nlxxv.exe25⤵
- Executes dropped EXE
-
\??\c:\ntvnl.exec:\ntvnl.exe26⤵
- Executes dropped EXE
-
\??\c:\hpptxd.exec:\hpptxd.exe27⤵
- Executes dropped EXE
-
\??\c:\tbtxj.exec:\tbtxj.exe28⤵
- Executes dropped EXE
-
\??\c:\rxvbfv.exec:\rxvbfv.exe29⤵
- Executes dropped EXE
-
\??\c:\xnvxrh.exec:\xnvxrh.exe30⤵
- Executes dropped EXE
-
\??\c:\ltjbp.exec:\ltjbp.exe31⤵
- Executes dropped EXE
-
\??\c:\trdrb.exec:\trdrb.exe32⤵
- Executes dropped EXE
-
\??\c:\tnnjd.exec:\tnnjd.exe33⤵
- Executes dropped EXE
-
\??\c:\nrjhtb.exec:\nrjhtb.exe34⤵
- Executes dropped EXE
-
\??\c:\nvhfxxx.exec:\nvhfxxx.exe35⤵
- Executes dropped EXE
-
\??\c:\lpjvvrd.exec:\lpjvvrd.exe36⤵
- Executes dropped EXE
-
\??\c:\jjtxx.exec:\jjtxx.exe37⤵
- Executes dropped EXE
-
\??\c:\tnprxpf.exec:\tnprxpf.exe38⤵
- Executes dropped EXE
-
\??\c:\ftvnl.exec:\ftvnl.exe39⤵
- Executes dropped EXE
-
\??\c:\ljbjptf.exec:\ljbjptf.exe40⤵
- Executes dropped EXE
-
\??\c:\txhvlt.exec:\txhvlt.exe41⤵
- Executes dropped EXE
-
\??\c:\drxrf.exec:\drxrf.exe42⤵
- Executes dropped EXE
-
\??\c:\htxrnph.exec:\htxrnph.exe43⤵
- Executes dropped EXE
-
\??\c:\hpnlv.exec:\hpnlv.exe44⤵
- Executes dropped EXE
-
\??\c:\tlvfhx.exec:\tlvfhx.exe45⤵
- Executes dropped EXE
-
\??\c:\jplrxx.exec:\jplrxx.exe46⤵
- Executes dropped EXE
-
\??\c:\xlrnr.exec:\xlrnr.exe47⤵
- Executes dropped EXE
-
\??\c:\lbhphb.exec:\lbhphb.exe48⤵
- Executes dropped EXE
-
\??\c:\rxhdjl.exec:\rxhdjl.exe49⤵
- Executes dropped EXE
-
\??\c:\hjxjf.exec:\hjxjf.exe50⤵
- Executes dropped EXE
-
\??\c:\fhbhp.exec:\fhbhp.exe51⤵
- Executes dropped EXE
-
\??\c:\flnvrht.exec:\flnvrht.exe52⤵
- Executes dropped EXE
-
\??\c:\ffnnnl.exec:\ffnnnl.exe53⤵
- Executes dropped EXE
-
\??\c:\ffxfrth.exec:\ffxfrth.exe54⤵
- Executes dropped EXE
-
\??\c:\ntddfj.exec:\ntddfj.exe55⤵
- Executes dropped EXE
-
\??\c:\fxhjv.exec:\fxhjv.exe56⤵
- Executes dropped EXE
-
\??\c:\ndhjtx.exec:\ndhjtx.exe57⤵
- Executes dropped EXE
-
\??\c:\jvjtl.exec:\jvjtl.exe58⤵
- Executes dropped EXE
-
\??\c:\plbnvj.exec:\plbnvj.exe59⤵
- Executes dropped EXE
-
\??\c:\rbrtrhx.exec:\rbrtrhx.exe60⤵
- Executes dropped EXE
-
\??\c:\rhtnvj.exec:\rhtnvj.exe61⤵
- Executes dropped EXE
-
\??\c:\nbdvxp.exec:\nbdvxp.exe62⤵
- Executes dropped EXE
-
\??\c:\xhrtj.exec:\xhrtj.exe63⤵
- Executes dropped EXE
-
\??\c:\xhbtd.exec:\xhbtd.exe64⤵
- Executes dropped EXE
-
\??\c:\pfjrhbv.exec:\pfjrhbv.exe65⤵
- Executes dropped EXE
-
\??\c:\hvxhp.exec:\hvxhp.exe66⤵
-
\??\c:\dtnjrpv.exec:\dtnjrpv.exe67⤵
-
\??\c:\jrjhx.exec:\jrjhx.exe68⤵
-
\??\c:\bjhfbl.exec:\bjhfbl.exe69⤵
-
\??\c:\pbjdtpv.exec:\pbjdtpv.exe70⤵
-
\??\c:\blxhbf.exec:\blxhbf.exe71⤵
-
\??\c:\pxpdlnx.exec:\pxpdlnx.exe72⤵
-
\??\c:\hrvdlht.exec:\hrvdlht.exe73⤵
-
\??\c:\xhphv.exec:\xhphv.exe74⤵
-
\??\c:\xrpfxb.exec:\xrpfxb.exe75⤵
-
\??\c:\xxndj.exec:\xxndj.exe76⤵
-
\??\c:\blrtbjl.exec:\blrtbjl.exe77⤵
-
\??\c:\pxhjrx.exec:\pxhjrx.exe78⤵
-
\??\c:\rxprhdx.exec:\rxprhdx.exe79⤵
-
\??\c:\dhvdr.exec:\dhvdr.exe80⤵
-
\??\c:\bbvrlfl.exec:\bbvrlfl.exe81⤵
-
\??\c:\bvpdff.exec:\bvpdff.exe82⤵
-
\??\c:\njxhjx.exec:\njxhjx.exe83⤵
-
\??\c:\pfhvtfl.exec:\pfhvtfl.exe84⤵
-
\??\c:\xnlplv.exec:\xnlplv.exe85⤵
-
\??\c:\ftljh.exec:\ftljh.exe86⤵
-
\??\c:\rvhvh.exec:\rvhvh.exe87⤵
-
\??\c:\tdbhvxx.exec:\tdbhvxx.exe88⤵
-
\??\c:\lvrlnxt.exec:\lvrlnxt.exe89⤵
-
\??\c:\vhhdt.exec:\vhhdt.exe90⤵
-
\??\c:\xhtbvtd.exec:\xhtbvtd.exe91⤵
-
\??\c:\ltrdhb.exec:\ltrdhb.exe92⤵
-
\??\c:\pjtlfr.exec:\pjtlfr.exe93⤵
-
\??\c:\hrjrfb.exec:\hrjrfb.exe94⤵
-
\??\c:\fbpxn.exec:\fbpxn.exe95⤵
-
\??\c:\xrvpd.exec:\xrvpd.exe96⤵
-
\??\c:\llbvj.exec:\llbvj.exe97⤵
-
\??\c:\rttrxl.exec:\rttrxl.exe98⤵
-
\??\c:\ftvtnt.exec:\ftvtnt.exe99⤵
-
\??\c:\rbxppfx.exec:\rbxppfx.exe100⤵
-
\??\c:\brlbf.exec:\brlbf.exe101⤵
-
\??\c:\vtbhltd.exec:\vtbhltd.exe102⤵
-
\??\c:\jxjttl.exec:\jxjttl.exe103⤵
-
\??\c:\jbpdxfd.exec:\jbpdxfd.exe104⤵
-
\??\c:\dhjbdrd.exec:\dhjbdrd.exe105⤵
-
\??\c:\rbrxd.exec:\rbrxd.exe106⤵
-
\??\c:\xjddjjn.exec:\xjddjjn.exe107⤵
-
\??\c:\dbdxn.exec:\dbdxn.exe108⤵
-
\??\c:\vdbnhjb.exec:\vdbnhjb.exe109⤵
-
\??\c:\hfrxrxp.exec:\hfrxrxp.exe110⤵
-
\??\c:\bdnbhlr.exec:\bdnbhlr.exe111⤵
-
\??\c:\ddxvfjh.exec:\ddxvfjh.exe112⤵
-
\??\c:\rrhbn.exec:\rrhbn.exe113⤵
-
\??\c:\drflntl.exec:\drflntl.exe114⤵
-
\??\c:\lbbhxdx.exec:\lbbhxdx.exe115⤵
-
\??\c:\httdb.exec:\httdb.exe116⤵
-
\??\c:\hnxjdtr.exec:\hnxjdtr.exe117⤵
-
\??\c:\tjrxvn.exec:\tjrxvn.exe118⤵
-
\??\c:\vpvvrf.exec:\vpvvrf.exe119⤵
-
\??\c:\hfvrpp.exec:\hfvrpp.exe120⤵
-
\??\c:\xllbd.exec:\xllbd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-