Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15/05/2024, 21:23
General
-
Target
38d95353709f8b18cebd1657f425eb10_NeikiAnalytics.exe
-
Size
119KB
-
MD5
38d95353709f8b18cebd1657f425eb10
-
SHA1
3fc9d074a3b22c3f2bffb7211fc6b78cb549923f
-
SHA256
5068c6eea3b268cdef54771b5b2049b8a49b003b07c7870861eec7d239fc01d8
-
SHA512
35bfbd2afab02816d0bbe4a348355e8fe449a8e1e33642bb711588435e6a25966b722ceb4e743f41b8dd99d4a5f53e4678e9ec519852f518d0c6e6c843727328
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDomRGApSuLAR2yPBCQ1nDFu1Q8so:ymb3NkkiQ3mdBjFomR7UsyJC+n0Gsgcl
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\38d95353709f8b18cebd1657f425eb10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\38d95353709f8b18cebd1657f425eb10_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvvj.exec:\5jvvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frrllr.exec:\3frrllr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhtt.exec:\bthhtt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddj.exec:\vpddj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxflx.exec:\rlxxflx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbnbh.exec:\1bbnbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjv.exec:\jvpjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvdd.exec:\vjvdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffrfl.exec:\rrffrfl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllflf.exec:\fxllflf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnthh.exec:\bbnthh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdp.exec:\dvvdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlxrr.exec:\flrlxrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxflrl.exec:\lfxflrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nntht.exec:\1nntht.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dpvp.exec:\1dpvp.exe17⤵
- Executes dropped EXE
-
\??\c:\3vddp.exec:\3vddp.exe18⤵
- Executes dropped EXE
-
\??\c:\7lxxfxf.exec:\7lxxfxf.exe19⤵
- Executes dropped EXE
-
\??\c:\bnttbb.exec:\bnttbb.exe20⤵
- Executes dropped EXE
-
\??\c:\hbnnbb.exec:\hbnnbb.exe21⤵
- Executes dropped EXE
-
\??\c:\vjpvj.exec:\vjpvj.exe22⤵
- Executes dropped EXE
-
\??\c:\xrlxllx.exec:\xrlxllx.exe23⤵
- Executes dropped EXE
-
\??\c:\fxffflx.exec:\fxffflx.exe24⤵
- Executes dropped EXE
-
\??\c:\btbhhn.exec:\btbhhn.exe25⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe26⤵
- Executes dropped EXE
-
\??\c:\rrfrrlf.exec:\rrfrrlf.exe27⤵
- Executes dropped EXE
-
\??\c:\hbhnhn.exec:\hbhnhn.exe28⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe29⤵
- Executes dropped EXE
-
\??\c:\jvjpd.exec:\jvjpd.exe30⤵
- Executes dropped EXE
-
\??\c:\3lflrxl.exec:\3lflrxl.exe31⤵
- Executes dropped EXE
-
\??\c:\hhbbtt.exec:\hhbbtt.exe32⤵
- Executes dropped EXE
-
\??\c:\hhbnhb.exec:\hhbnhb.exe33⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe34⤵
- Executes dropped EXE
-
\??\c:\3jdvv.exec:\3jdvv.exe35⤵
- Executes dropped EXE
-
\??\c:\rxxrxrf.exec:\rxxrxrf.exe36⤵
- Executes dropped EXE
-
\??\c:\tntthn.exec:\tntthn.exe37⤵
- Executes dropped EXE
-
\??\c:\nthtbh.exec:\nthtbh.exe38⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe39⤵
- Executes dropped EXE
-
\??\c:\llxxfxl.exec:\llxxfxl.exe40⤵
- Executes dropped EXE
-
\??\c:\lllrxfr.exec:\lllrxfr.exe41⤵
- Executes dropped EXE
-
\??\c:\tnbtbh.exec:\tnbtbh.exe42⤵
- Executes dropped EXE
-
\??\c:\9htbnt.exec:\9htbnt.exe43⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe44⤵
- Executes dropped EXE
-
\??\c:\lrlrflx.exec:\lrlrflx.exe45⤵
- Executes dropped EXE
-
\??\c:\xrxxffr.exec:\xrxxffr.exe46⤵
- Executes dropped EXE
-
\??\c:\tnhnbh.exec:\tnhnbh.exe47⤵
- Executes dropped EXE
-
\??\c:\nhbhhn.exec:\nhbhhn.exe48⤵
- Executes dropped EXE
-
\??\c:\1jvpd.exec:\1jvpd.exe49⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe50⤵
- Executes dropped EXE
-
\??\c:\5rflxlf.exec:\5rflxlf.exe51⤵
- Executes dropped EXE
-
\??\c:\rxrxrfl.exec:\rxrxrfl.exe52⤵
- Executes dropped EXE
-
\??\c:\ntnhnt.exec:\ntnhnt.exe53⤵
- Executes dropped EXE
-
\??\c:\jpvjp.exec:\jpvjp.exe54⤵
- Executes dropped EXE
-
\??\c:\jjjpd.exec:\jjjpd.exe55⤵
- Executes dropped EXE
-
\??\c:\rrfxffx.exec:\rrfxffx.exe56⤵
- Executes dropped EXE
-
\??\c:\rllrfrl.exec:\rllrfrl.exe57⤵
- Executes dropped EXE
-
\??\c:\thhhht.exec:\thhhht.exe58⤵
- Executes dropped EXE
-
\??\c:\bbnthh.exec:\bbnthh.exe59⤵
- Executes dropped EXE
-
\??\c:\jpppj.exec:\jpppj.exe60⤵
- Executes dropped EXE
-
\??\c:\pdjjd.exec:\pdjjd.exe61⤵
- Executes dropped EXE
-
\??\c:\lxlxrlx.exec:\lxlxrlx.exe62⤵
- Executes dropped EXE
-
\??\c:\lfxxlrx.exec:\lfxxlrx.exe63⤵
- Executes dropped EXE
-
\??\c:\thtntt.exec:\thtntt.exe64⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe65⤵
- Executes dropped EXE
-
\??\c:\1vvdv.exec:\1vvdv.exe66⤵
-
\??\c:\lxlxxff.exec:\lxlxxff.exe67⤵
-
\??\c:\rlrrxrf.exec:\rlrrxrf.exe68⤵
-
\??\c:\bntbnn.exec:\bntbnn.exe69⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe70⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe71⤵
-
\??\c:\lrfrfrr.exec:\lrfrfrr.exe72⤵
-
\??\c:\xlxffxx.exec:\xlxffxx.exe73⤵
-
\??\c:\1htnnn.exec:\1htnnn.exe74⤵
-
\??\c:\nhthnn.exec:\nhthnn.exe75⤵
-
\??\c:\dvppv.exec:\dvppv.exe76⤵
-
\??\c:\dddpp.exec:\dddpp.exe77⤵
-
\??\c:\lffrrxx.exec:\lffrrxx.exe78⤵
-
\??\c:\3flffrr.exec:\3flffrr.exe79⤵
-
\??\c:\nhbbnt.exec:\nhbbnt.exe80⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe81⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe82⤵
-
\??\c:\5lrlrlr.exec:\5lrlrlr.exe83⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe84⤵
-
\??\c:\nbhbhn.exec:\nbhbhn.exe85⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe86⤵
-
\??\c:\pddvd.exec:\pddvd.exe87⤵
-
\??\c:\lxllrxx.exec:\lxllrxx.exe88⤵
-
\??\c:\3flrrfx.exec:\3flrrfx.exe89⤵
-
\??\c:\tnntth.exec:\tnntth.exe90⤵
-
\??\c:\nbttbn.exec:\nbttbn.exe91⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe92⤵
-
\??\c:\rflfxxx.exec:\rflfxxx.exe93⤵
-
\??\c:\frrxxfl.exec:\frrxxfl.exe94⤵
-
\??\c:\hbtbnh.exec:\hbtbnh.exe95⤵
-
\??\c:\tbhtbb.exec:\tbhtbb.exe96⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe97⤵
-
\??\c:\frlllrf.exec:\frlllrf.exe98⤵
-
\??\c:\xrrrfff.exec:\xrrrfff.exe99⤵
-
\??\c:\thnthb.exec:\thnthb.exe100⤵
-
\??\c:\nbhhnn.exec:\nbhhnn.exe101⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe102⤵
-
\??\c:\1jdjd.exec:\1jdjd.exe103⤵
-
\??\c:\ffrlrfr.exec:\ffrlrfr.exe104⤵
-
\??\c:\9lxxflr.exec:\9lxxflr.exe105⤵
-
\??\c:\htbbhn.exec:\htbbhn.exe106⤵
-
\??\c:\hhthnb.exec:\hhthnb.exe107⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe108⤵
-
\??\c:\3vvdp.exec:\3vvdp.exe109⤵
-
\??\c:\1rllflx.exec:\1rllflx.exe110⤵
-
\??\c:\xrllrlx.exec:\xrllrlx.exe111⤵
-
\??\c:\3hnhhh.exec:\3hnhhh.exe112⤵
-
\??\c:\tnbbnb.exec:\tnbbnb.exe113⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe114⤵
-
\??\c:\fffxflf.exec:\fffxflf.exe115⤵
-
\??\c:\lxllxxf.exec:\lxllxxf.exe116⤵
-
\??\c:\bttbth.exec:\bttbth.exe117⤵
-
\??\c:\nnbnbn.exec:\nnbnbn.exe118⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe119⤵
-
\??\c:\frflxfr.exec:\frflxfr.exe120⤵
-
\??\c:\rrfxlrf.exec:\rrfxlrf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-