Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
14/05/2024, 19:53 UTC
General
-
Target
1962c2d255ddda41f20c413cdcbe4110_NeikiAnalytics.exe
-
Size
55KB
-
MD5
1962c2d255ddda41f20c413cdcbe4110
-
SHA1
b23ff4331c1051ce6405cac6df102bf41b5f80e3
-
SHA256
ef9db928876eb3d34dd614934c87cebb26b0302bcf332ed21c34fe6a68be0764
-
SHA512
45c1477e07f8bf56f0c72ae38bb590d125e435e660e1dc6d15c485e124309cbbb4a14bfbfd3e8ac26cfddc1492a326e12634277ad1005ff0016c2d1d697398d1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFes:ymb3NkkiQ3mdBjFIFes
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1962c2d255ddda41f20c413cdcbe4110_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1962c2d255ddda41f20c413cdcbe4110_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxllrx.exec:\xfxllrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnntb.exec:\ttnntb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddj.exec:\jjddj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pddd.exec:\5pddd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrlxxr.exec:\9xrlxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrfxfx.exec:\9xrfxfx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbhnn.exec:\ntbhnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbttbb.exec:\bbttbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjd.exec:\jvpjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjp.exec:\pdpjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlfrff.exec:\rxlfrff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrfl.exec:\rlfxrfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbhnb.exec:\ttbhnb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhtt.exec:\bbbhtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddv.exec:\jjddv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpv.exec:\pvdpv.exe17⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe18⤵
- Executes dropped EXE
-
\??\c:\llfrrlr.exec:\llfrrlr.exe19⤵
- Executes dropped EXE
-
\??\c:\rlxfllx.exec:\rlxfllx.exe20⤵
- Executes dropped EXE
-
\??\c:\htntnn.exec:\htntnn.exe21⤵
- Executes dropped EXE
-
\??\c:\htnhtn.exec:\htnhtn.exe22⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe23⤵
- Executes dropped EXE
-
\??\c:\7jjpv.exec:\7jjpv.exe24⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe25⤵
- Executes dropped EXE
-
\??\c:\ffxlxfx.exec:\ffxlxfx.exe26⤵
- Executes dropped EXE
-
\??\c:\lrxrxrr.exec:\lrxrxrr.exe27⤵
- Executes dropped EXE
-
\??\c:\btnthh.exec:\btnthh.exe28⤵
- Executes dropped EXE
-
\??\c:\dpdpv.exec:\dpdpv.exe29⤵
- Executes dropped EXE
-
\??\c:\pddjv.exec:\pddjv.exe30⤵
- Executes dropped EXE
-
\??\c:\7rxlfrf.exec:\7rxlfrf.exe31⤵
- Executes dropped EXE
-
\??\c:\xxxlfrl.exec:\xxxlfrl.exe32⤵
- Executes dropped EXE
-
\??\c:\hhnnhn.exec:\hhnnhn.exe33⤵
- Executes dropped EXE
-
\??\c:\bhtbhh.exec:\bhtbhh.exe34⤵
- Executes dropped EXE
-
\??\c:\jvpdj.exec:\jvpdj.exe35⤵
- Executes dropped EXE
-
\??\c:\9vddd.exec:\9vddd.exe36⤵
- Executes dropped EXE
-
\??\c:\fxfxffl.exec:\fxfxffl.exe37⤵
- Executes dropped EXE
-
\??\c:\7lffffl.exec:\7lffffl.exe38⤵
- Executes dropped EXE
-
\??\c:\5bbhhn.exec:\5bbhhn.exe39⤵
- Executes dropped EXE
-
\??\c:\5bnntb.exec:\5bnntb.exe40⤵
- Executes dropped EXE
-
\??\c:\5tbbhb.exec:\5tbbhb.exe41⤵
- Executes dropped EXE
-
\??\c:\jjpvp.exec:\jjpvp.exe42⤵
- Executes dropped EXE
-
\??\c:\3pjdj.exec:\3pjdj.exe43⤵
- Executes dropped EXE
-
\??\c:\7xlllxf.exec:\7xlllxf.exe44⤵
- Executes dropped EXE
-
\??\c:\xffllff.exec:\xffllff.exe45⤵
- Executes dropped EXE
-
\??\c:\rflrxrr.exec:\rflrxrr.exe46⤵
- Executes dropped EXE
-
\??\c:\nhtbhn.exec:\nhtbhn.exe47⤵
- Executes dropped EXE
-
\??\c:\tnhhnh.exec:\tnhhnh.exe48⤵
- Executes dropped EXE
-
\??\c:\1vjpp.exec:\1vjpp.exe49⤵
- Executes dropped EXE
-
\??\c:\djvvv.exec:\djvvv.exe50⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe51⤵
- Executes dropped EXE
-
\??\c:\5rrxfrf.exec:\5rrxfrf.exe52⤵
- Executes dropped EXE
-
\??\c:\frrxxfr.exec:\frrxxfr.exe53⤵
- Executes dropped EXE
-
\??\c:\fxxlxfl.exec:\fxxlxfl.exe54⤵
- Executes dropped EXE
-
\??\c:\tbnhnh.exec:\tbnhnh.exe55⤵
- Executes dropped EXE
-
\??\c:\3hhnbh.exec:\3hhnbh.exe56⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe57⤵
- Executes dropped EXE
-
\??\c:\fxxlxxr.exec:\fxxlxxr.exe58⤵
- Executes dropped EXE
-
\??\c:\thtthh.exec:\thtthh.exe59⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe60⤵
- Executes dropped EXE
-
\??\c:\9tnthh.exec:\9tnthh.exe61⤵
- Executes dropped EXE
-
\??\c:\jdpvp.exec:\jdpvp.exe62⤵
- Executes dropped EXE
-
\??\c:\vvpvp.exec:\vvpvp.exe63⤵
- Executes dropped EXE
-
\??\c:\fffxlrf.exec:\fffxlrf.exe64⤵
- Executes dropped EXE
-
\??\c:\frflfxf.exec:\frflfxf.exe65⤵
- Executes dropped EXE
-
\??\c:\xxrxrxl.exec:\xxrxrxl.exe66⤵
-
\??\c:\tnbhnh.exec:\tnbhnh.exe67⤵
-
\??\c:\thnttn.exec:\thnttn.exe68⤵
-
\??\c:\nttbhh.exec:\nttbhh.exe69⤵
-
\??\c:\7vppv.exec:\7vppv.exe70⤵
-
\??\c:\pdddj.exec:\pdddj.exe71⤵
-
\??\c:\3pvdv.exec:\3pvdv.exe72⤵
-
\??\c:\fxfxxxl.exec:\fxfxxxl.exe73⤵
-
\??\c:\lxxrrll.exec:\lxxrrll.exe74⤵
-
\??\c:\7nbtnn.exec:\7nbtnn.exe75⤵
-
\??\c:\hbnnnh.exec:\hbnnnh.exe76⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe77⤵
-
\??\c:\jdppv.exec:\jdppv.exe78⤵
-
\??\c:\1dppv.exec:\1dppv.exe79⤵
-
\??\c:\dpddv.exec:\dpddv.exe80⤵
-
\??\c:\rrxflxr.exec:\rrxflxr.exe81⤵
-
\??\c:\3frfxxx.exec:\3frfxxx.exe82⤵
-
\??\c:\fffffxf.exec:\fffffxf.exe83⤵
-
\??\c:\1bhhhh.exec:\1bhhhh.exe84⤵
-
\??\c:\tntbnh.exec:\tntbnh.exe85⤵
-
\??\c:\thttbh.exec:\thttbh.exe86⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe87⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe88⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe89⤵
-
\??\c:\xffrlfr.exec:\xffrlfr.exe90⤵
-
\??\c:\7rxlfxx.exec:\7rxlfxx.exe91⤵
-
\??\c:\rfllrrl.exec:\rfllrrl.exe92⤵
-
\??\c:\ttnbnn.exec:\ttnbnn.exe93⤵
-
\??\c:\nbnnbh.exec:\nbnnbh.exe94⤵
-
\??\c:\tnhhnh.exec:\tnhhnh.exe95⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe96⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe97⤵
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe98⤵
-
\??\c:\1llllrr.exec:\1llllrr.exe99⤵
-
\??\c:\3fxxflx.exec:\3fxxflx.exe100⤵
-
\??\c:\nhbnnb.exec:\nhbnnb.exe101⤵
-
\??\c:\thtbtt.exec:\thtbtt.exe102⤵
-
\??\c:\nbhhnn.exec:\nbhhnn.exe103⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe104⤵
-
\??\c:\djppj.exec:\djppj.exe105⤵
-
\??\c:\frffflr.exec:\frffflr.exe106⤵
-
\??\c:\5xlrrlr.exec:\5xlrrlr.exe107⤵
-
\??\c:\rffllrx.exec:\rffllrx.exe108⤵
-
\??\c:\hthnbt.exec:\hthnbt.exe109⤵
-
\??\c:\9bhbnn.exec:\9bhbnn.exe110⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe111⤵
-
\??\c:\pvpjp.exec:\pvpjp.exe112⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe113⤵
-
\??\c:\lrfxrfx.exec:\lrfxrfx.exe114⤵
-
\??\c:\1fflrlf.exec:\1fflrlf.exe115⤵
-
\??\c:\llflflx.exec:\llflflx.exe116⤵
-
\??\c:\lflllrx.exec:\lflllrx.exe117⤵
-
\??\c:\bthnbn.exec:\bthnbn.exe118⤵
-
\??\c:\ntthbn.exec:\ntthbn.exe119⤵
-
\??\c:\nnhthh.exec:\nnhthh.exe120⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-