Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
14/05/2024, 13:00
General
-
Target
c7941ddb367c6d18dfeda0aa2f38e3b0_NeikiAnalytics.exe
-
Size
66KB
-
MD5
c7941ddb367c6d18dfeda0aa2f38e3b0
-
SHA1
cfec0f7d77e4660f041b49f1b4bcf8d594f6c1b0
-
SHA256
b85cf426b273c087d5da9ed474d7aea16b546d5f42fab4a199f63a6240b0a50d
-
SHA512
60ccbba71070f5e053cbe20343fefe343ba17b6c87139e5f2cf04ca4f758cf593b7c0f2d318a65f83ecfa010087d4c2983db5ac2d6608ba4aeab3d3c7097f710
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZh:ymb3NkkiQ3mdBjF0yUm/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c7941ddb367c6d18dfeda0aa2f38e3b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c7941ddb367c6d18dfeda0aa2f38e3b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\wd2s6.exec:\wd2s6.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4nc063f.exec:\4nc063f.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q7d48d8.exec:\q7d48d8.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4m1fc8k.exec:\4m1fc8k.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mhn953t.exec:\mhn953t.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q6m0000.exec:\q6m0000.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\90q9942.exec:\90q9942.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b34r5j.exec:\b34r5j.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m80u167.exec:\m80u167.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wq8946.exec:\wq8946.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0o1e8xr.exec:\0o1e8xr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0i3128u.exec:\0i3128u.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\807c32i.exec:\807c32i.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gb8a7.exec:\gb8a7.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2147w.exec:\2147w.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r97wkcm.exec:\r97wkcm.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a7a33e.exec:\a7a33e.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p0xg4.exec:\p0xg4.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x16o3.exec:\x16o3.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6975x.exec:\6975x.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\08l558.exec:\08l558.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ht831du.exec:\ht831du.exe23⤵
- Executes dropped EXE
-
\??\c:\6s37w07.exec:\6s37w07.exe24⤵
- Executes dropped EXE
-
\??\c:\981iir.exec:\981iir.exe25⤵
- Executes dropped EXE
-
\??\c:\kth7bo3.exec:\kth7bo3.exe26⤵
- Executes dropped EXE
-
\??\c:\gam2h4.exec:\gam2h4.exe27⤵
- Executes dropped EXE
-
\??\c:\eis77.exec:\eis77.exe28⤵
- Executes dropped EXE
-
\??\c:\xls12.exec:\xls12.exe29⤵
- Executes dropped EXE
-
\??\c:\7eq9ii8.exec:\7eq9ii8.exe30⤵
- Executes dropped EXE
-
\??\c:\p4m30.exec:\p4m30.exe31⤵
- Executes dropped EXE
-
\??\c:\j13e6km.exec:\j13e6km.exe32⤵
- Executes dropped EXE
-
\??\c:\36581.exec:\36581.exe33⤵
- Executes dropped EXE
-
\??\c:\d3a5i18.exec:\d3a5i18.exe34⤵
- Executes dropped EXE
-
\??\c:\517h06c.exec:\517h06c.exe35⤵
- Executes dropped EXE
-
\??\c:\8a33a.exec:\8a33a.exe36⤵
- Executes dropped EXE
-
\??\c:\pk80g2.exec:\pk80g2.exe37⤵
- Executes dropped EXE
-
\??\c:\w1is73i.exec:\w1is73i.exe38⤵
- Executes dropped EXE
-
\??\c:\u514717.exec:\u514717.exe39⤵
- Executes dropped EXE
-
\??\c:\1c12d.exec:\1c12d.exe40⤵
- Executes dropped EXE
-
\??\c:\3gpq3.exec:\3gpq3.exe41⤵
- Executes dropped EXE
-
\??\c:\71nf1.exec:\71nf1.exe42⤵
- Executes dropped EXE
-
\??\c:\huos3.exec:\huos3.exe43⤵
- Executes dropped EXE
-
\??\c:\889q50o.exec:\889q50o.exe44⤵
- Executes dropped EXE
-
\??\c:\09xg000.exec:\09xg000.exe45⤵
- Executes dropped EXE
-
\??\c:\ck99944.exec:\ck99944.exe46⤵
- Executes dropped EXE
-
\??\c:\2k1m7.exec:\2k1m7.exe47⤵
- Executes dropped EXE
-
\??\c:\27w42b.exec:\27w42b.exe48⤵
- Executes dropped EXE
-
\??\c:\94x74p.exec:\94x74p.exe49⤵
- Executes dropped EXE
-
\??\c:\66ouv2.exec:\66ouv2.exe50⤵
- Executes dropped EXE
-
\??\c:\o32p4.exec:\o32p4.exe51⤵
- Executes dropped EXE
-
\??\c:\a23enh7.exec:\a23enh7.exe52⤵
- Executes dropped EXE
-
\??\c:\5o1l7.exec:\5o1l7.exe53⤵
- Executes dropped EXE
-
\??\c:\0s273.exec:\0s273.exe54⤵
- Executes dropped EXE
-
\??\c:\w3gjb3.exec:\w3gjb3.exe55⤵
- Executes dropped EXE
-
\??\c:\eebg827.exec:\eebg827.exe56⤵
- Executes dropped EXE
-
\??\c:\4s4d0dn.exec:\4s4d0dn.exe57⤵
- Executes dropped EXE
-
\??\c:\8313f.exec:\8313f.exe58⤵
- Executes dropped EXE
-
\??\c:\gww6103.exec:\gww6103.exe59⤵
- Executes dropped EXE
-
\??\c:\fu51ag.exec:\fu51ag.exe60⤵
- Executes dropped EXE
-
\??\c:\40er0.exec:\40er0.exe61⤵
- Executes dropped EXE
-
\??\c:\a15s6.exec:\a15s6.exe62⤵
- Executes dropped EXE
-
\??\c:\t54ej1w.exec:\t54ej1w.exe63⤵
- Executes dropped EXE
-
\??\c:\x8172.exec:\x8172.exe64⤵
- Executes dropped EXE
-
\??\c:\j4d28pv.exec:\j4d28pv.exe65⤵
- Executes dropped EXE
-
\??\c:\4s1h5m.exec:\4s1h5m.exe66⤵
-
\??\c:\0c1s1kh.exec:\0c1s1kh.exe67⤵
-
\??\c:\2d3or1.exec:\2d3or1.exe68⤵
-
\??\c:\9r1ee.exec:\9r1ee.exe69⤵
-
\??\c:\d27x1.exec:\d27x1.exe70⤵
-
\??\c:\8522tl.exec:\8522tl.exe71⤵
-
\??\c:\l3ss8.exec:\l3ss8.exe72⤵
-
\??\c:\u8cde97.exec:\u8cde97.exe73⤵
-
\??\c:\9u93m3.exec:\9u93m3.exe74⤵
-
\??\c:\ghk790.exec:\ghk790.exe75⤵
-
\??\c:\9d6uco6.exec:\9d6uco6.exe76⤵
-
\??\c:\3w9os9.exec:\3w9os9.exe77⤵
-
\??\c:\5ii09.exec:\5ii09.exe78⤵
-
\??\c:\707b2ur.exec:\707b2ur.exe79⤵
-
\??\c:\lg7v7x.exec:\lg7v7x.exe80⤵
-
\??\c:\8s1e88q.exec:\8s1e88q.exe81⤵
-
\??\c:\58417j8.exec:\58417j8.exe82⤵
-
\??\c:\06lf5.exec:\06lf5.exe83⤵
-
\??\c:\9kee3.exec:\9kee3.exe84⤵
-
\??\c:\nda37f.exec:\nda37f.exe85⤵
-
\??\c:\mrb1bbh.exec:\mrb1bbh.exe86⤵
-
\??\c:\ppv104.exec:\ppv104.exe87⤵
-
\??\c:\75gm38.exec:\75gm38.exe88⤵
-
\??\c:\qqqk4.exec:\qqqk4.exe89⤵
-
\??\c:\06or3ua.exec:\06or3ua.exe90⤵
-
\??\c:\lci14.exec:\lci14.exe91⤵
-
\??\c:\96xf33.exec:\96xf33.exe92⤵
-
\??\c:\e252b.exec:\e252b.exe93⤵
-
\??\c:\cuf86.exec:\cuf86.exe94⤵
-
\??\c:\3f5qd6p.exec:\3f5qd6p.exe95⤵
-
\??\c:\23041.exec:\23041.exe96⤵
-
\??\c:\30cf27.exec:\30cf27.exe97⤵
-
\??\c:\8qos3.exec:\8qos3.exe98⤵
-
\??\c:\4s1mk.exec:\4s1mk.exe99⤵
-
\??\c:\h4491.exec:\h4491.exe100⤵
-
\??\c:\k50lv7.exec:\k50lv7.exe101⤵
-
\??\c:\1aei1.exec:\1aei1.exe102⤵
-
\??\c:\6s9dr.exec:\6s9dr.exe103⤵
-
\??\c:\05vd1.exec:\05vd1.exe104⤵
-
\??\c:\17w21q.exec:\17w21q.exe105⤵
-
\??\c:\47k59u.exec:\47k59u.exe106⤵
-
\??\c:\54a06.exec:\54a06.exe107⤵
-
\??\c:\6aa6k.exec:\6aa6k.exe108⤵
-
\??\c:\wecti3x.exec:\wecti3x.exe109⤵
-
\??\c:\59ixa.exec:\59ixa.exe110⤵
-
\??\c:\vw49rm.exec:\vw49rm.exe111⤵
-
\??\c:\t23l311.exec:\t23l311.exe112⤵
-
\??\c:\95mm3.exec:\95mm3.exe113⤵
-
\??\c:\57r6f8.exec:\57r6f8.exe114⤵
-
\??\c:\874gdex.exec:\874gdex.exe115⤵
-
\??\c:\eb2of7.exec:\eb2of7.exe116⤵
-
\??\c:\647e9ol.exec:\647e9ol.exe117⤵
-
\??\c:\s985c.exec:\s985c.exe118⤵
-
\??\c:\441w3.exec:\441w3.exe119⤵
-
\??\c:\k3o89.exec:\k3o89.exe120⤵
-
\??\c:\7lra494.exec:\7lra494.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-