Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
15/05/2024, 18:54
General
-
Target
17e05df9d9ee584cfea2c3cfdef02020_NeikiAnalytics.exe
-
Size
453KB
-
MD5
17e05df9d9ee584cfea2c3cfdef02020
-
SHA1
3a966810076f4d28a0f79bda51672545cb755633
-
SHA256
bc483cb6e41a05ad89bcdd351126161cb4ae8822544e2bddcb04fe2344c5423b
-
SHA512
f9bafcdf900389260dcb87dad7ace8cd2c174f8d988ce87dcb9b42bdd9e1456a35a77f0619d50d66542a8abdacfc1356c0fba08d073e12df8bd142dbbd7af859
-
SSDEEP
6144:rcm4FmowdHoSphraHcpOaKHpXfRo0V8JcgE+ezpg1xrloBNTNm8:x4wFHoS3eFaKHpv/VycgE81lgx
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\17e05df9d9ee584cfea2c3cfdef02020_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\17e05df9d9ee584cfea2c3cfdef02020_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdd.exec:\vppdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbbb.exec:\bntbbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdp.exec:\jvjdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbttnn.exec:\tbttnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjj.exec:\jjpjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppd.exec:\vvppd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xllfff.exec:\3xllfff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhbth.exec:\9hhbth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnnnn.exec:\9tnnnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfxxf.exec:\frlfxxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxlfxr.exec:\xrxlfxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddpp.exec:\dddpp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnth.exec:\htnnth.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbhb.exec:\thbbhb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pppp.exec:\3pppp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjp.exec:\jpjjp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllrrr.exec:\fxllrrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrfxl.exec:\xrlrfxl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvvp.exec:\vdvvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnnn.exec:\tnnnnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxffl.exec:\llxxffl.exe23⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe24⤵
- Executes dropped EXE
-
\??\c:\rflllrx.exec:\rflllrx.exe25⤵
- Executes dropped EXE
-
\??\c:\jpvpd.exec:\jpvpd.exe26⤵
- Executes dropped EXE
-
\??\c:\fxrlfxx.exec:\fxrlfxx.exe27⤵
- Executes dropped EXE
-
\??\c:\fxrrfxr.exec:\fxrrfxr.exe28⤵
- Executes dropped EXE
-
\??\c:\nntnnn.exec:\nntnnn.exe29⤵
- Executes dropped EXE
-
\??\c:\1vjjj.exec:\1vjjj.exe30⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe31⤵
- Executes dropped EXE
-
\??\c:\3djdv.exec:\3djdv.exe32⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe33⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe34⤵
- Executes dropped EXE
-
\??\c:\dpjdd.exec:\dpjdd.exe35⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe36⤵
- Executes dropped EXE
-
\??\c:\9bthbt.exec:\9bthbt.exe37⤵
- Executes dropped EXE
-
\??\c:\7jddv.exec:\7jddv.exe38⤵
- Executes dropped EXE
-
\??\c:\ffxrlfx.exec:\ffxrlfx.exe39⤵
- Executes dropped EXE
-
\??\c:\vvpvv.exec:\vvpvv.exe40⤵
- Executes dropped EXE
-
\??\c:\nthhnn.exec:\nthhnn.exe41⤵
- Executes dropped EXE
-
\??\c:\jjdvv.exec:\jjdvv.exe42⤵
- Executes dropped EXE
-
\??\c:\lrrlfxr.exec:\lrrlfxr.exe43⤵
- Executes dropped EXE
-
\??\c:\nhhbbb.exec:\nhhbbb.exe44⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe45⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe46⤵
- Executes dropped EXE
-
\??\c:\xxxrrrr.exec:\xxxrrrr.exe47⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe48⤵
- Executes dropped EXE
-
\??\c:\fxllffl.exec:\fxllffl.exe49⤵
- Executes dropped EXE
-
\??\c:\hhhbtt.exec:\hhhbtt.exe50⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe51⤵
- Executes dropped EXE
-
\??\c:\rlrxxrr.exec:\rlrxxrr.exe52⤵
- Executes dropped EXE
-
\??\c:\fxxxxfl.exec:\fxxxxfl.exe53⤵
- Executes dropped EXE
-
\??\c:\7bhhbb.exec:\7bhhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe55⤵
- Executes dropped EXE
-
\??\c:\nntnbb.exec:\nntnbb.exe56⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe57⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe58⤵
- Executes dropped EXE
-
\??\c:\jpddd.exec:\jpddd.exe59⤵
- Executes dropped EXE
-
\??\c:\nhtttb.exec:\nhtttb.exe60⤵
- Executes dropped EXE
-
\??\c:\9pdvv.exec:\9pdvv.exe61⤵
- Executes dropped EXE
-
\??\c:\5fxlxxl.exec:\5fxlxxl.exe62⤵
- Executes dropped EXE
-
\??\c:\1hnnnt.exec:\1hnnnt.exe63⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe64⤵
- Executes dropped EXE
-
\??\c:\rxrrrxf.exec:\rxrrrxf.exe65⤵
- Executes dropped EXE
-
\??\c:\thnttt.exec:\thnttt.exe66⤵
-
\??\c:\1jjjj.exec:\1jjjj.exe67⤵
-
\??\c:\rxlrfll.exec:\rxlrfll.exe68⤵
-
\??\c:\hhthbh.exec:\hhthbh.exe69⤵
-
\??\c:\bhhtnb.exec:\bhhtnb.exe70⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe71⤵
-
\??\c:\lxrxxfr.exec:\lxrxxfr.exe72⤵
-
\??\c:\llffflr.exec:\llffflr.exe73⤵
-
\??\c:\bnhthn.exec:\bnhthn.exe74⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe75⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe76⤵
-
\??\c:\3xrrrxl.exec:\3xrrrxl.exe77⤵
-
\??\c:\bhtthn.exec:\bhtthn.exe78⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe79⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe80⤵
-
\??\c:\fxrllll.exec:\fxrllll.exe81⤵
-
\??\c:\llfllfx.exec:\llfllfx.exe82⤵
-
\??\c:\5nntnt.exec:\5nntnt.exe83⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe84⤵
-
\??\c:\llrrlll.exec:\llrrlll.exe85⤵
-
\??\c:\lllrxxr.exec:\lllrxxr.exe86⤵
-
\??\c:\tntttt.exec:\tntttt.exe87⤵
-
\??\c:\ddppp.exec:\ddppp.exe88⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe89⤵
-
\??\c:\1rrrrxr.exec:\1rrrrxr.exe90⤵
-
\??\c:\tbhhhh.exec:\tbhhhh.exe91⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe92⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe93⤵
-
\??\c:\9dvvj.exec:\9dvvj.exe94⤵
-
\??\c:\lfrrrxx.exec:\lfrrrxx.exe95⤵
-
\??\c:\bbtbtt.exec:\bbtbtt.exe96⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe97⤵
-
\??\c:\xllllfx.exec:\xllllfx.exe98⤵
-
\??\c:\ttbhhh.exec:\ttbhhh.exe99⤵
-
\??\c:\3jvvv.exec:\3jvvv.exe100⤵
-
\??\c:\xfrflrr.exec:\xfrflrr.exe101⤵
-
\??\c:\rflrxxr.exec:\rflrxxr.exe102⤵
-
\??\c:\nntbht.exec:\nntbht.exe103⤵
-
\??\c:\djpvd.exec:\djpvd.exe104⤵
-
\??\c:\ffxrffx.exec:\ffxrffx.exe105⤵
-
\??\c:\nhttbn.exec:\nhttbn.exe106⤵
-
\??\c:\htbbbh.exec:\htbbbh.exe107⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe108⤵
-
\??\c:\rxxxxff.exec:\rxxxxff.exe109⤵
-
\??\c:\tntttt.exec:\tntttt.exe110⤵
-
\??\c:\htbnbh.exec:\htbnbh.exe111⤵
-
\??\c:\1jpjj.exec:\1jpjj.exe112⤵
-
\??\c:\rrlfxrl.exec:\rrlfxrl.exe113⤵
-
\??\c:\htbtnh.exec:\htbtnh.exe114⤵
-
\??\c:\9djjj.exec:\9djjj.exe115⤵
-
\??\c:\7rrlfff.exec:\7rrlfff.exe116⤵
-
\??\c:\nhtbbt.exec:\nhtbbt.exe117⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe118⤵
-
\??\c:\rrrrrrf.exec:\rrrrrrf.exe119⤵
-
\??\c:\tbbbtb.exec:\tbbbtb.exe120⤵
-
\??\c:\ntbbbh.exec:\ntbbbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-