Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
15/05/2024, 21:23
General
-
Target
38d95353709f8b18cebd1657f425eb10_NeikiAnalytics.exe
-
Size
119KB
-
MD5
38d95353709f8b18cebd1657f425eb10
-
SHA1
3fc9d074a3b22c3f2bffb7211fc6b78cb549923f
-
SHA256
5068c6eea3b268cdef54771b5b2049b8a49b003b07c7870861eec7d239fc01d8
-
SHA512
35bfbd2afab02816d0bbe4a348355e8fe449a8e1e33642bb711588435e6a25966b722ceb4e743f41b8dd99d4a5f53e4678e9ec519852f518d0c6e6c843727328
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDomRGApSuLAR2yPBCQ1nDFu1Q8so:ymb3NkkiQ3mdBjFomR7UsyJC+n0Gsgcl
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\38d95353709f8b18cebd1657f425eb10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\38d95353709f8b18cebd1657f425eb10_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\446826.exec:\446826.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\80268.exec:\80268.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxrrlr.exec:\5rxrrlr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjv.exec:\ddjjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvj.exec:\dpjvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvjv.exec:\1dvjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s6284.exec:\s6284.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\040426.exec:\040426.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhtn.exec:\nnnhtn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrrlll.exec:\frrrlll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4822226.exec:\4822226.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\08460.exec:\08460.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e40482.exec:\e40482.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\062066.exec:\062066.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\828864.exec:\828864.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppv.exec:\vjppv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\82208.exec:\82208.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\086282.exec:\086282.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0826442.exec:\0826442.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrffxx.exec:\lfrffxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m6648.exec:\m6648.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxfxxx.exec:\rfxfxxx.exe23⤵
- Executes dropped EXE
-
\??\c:\bhbntn.exec:\bhbntn.exe24⤵
- Executes dropped EXE
-
\??\c:\248222.exec:\248222.exe25⤵
- Executes dropped EXE
-
\??\c:\0026404.exec:\0026404.exe26⤵
- Executes dropped EXE
-
\??\c:\20226.exec:\20226.exe27⤵
- Executes dropped EXE
-
\??\c:\266628.exec:\266628.exe28⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe29⤵
- Executes dropped EXE
-
\??\c:\2464882.exec:\2464882.exe30⤵
- Executes dropped EXE
-
\??\c:\664866.exec:\664866.exe31⤵
- Executes dropped EXE
-
\??\c:\s6466.exec:\s6466.exe32⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe33⤵
- Executes dropped EXE
-
\??\c:\44288.exec:\44288.exe34⤵
- Executes dropped EXE
-
\??\c:\644422.exec:\644422.exe35⤵
- Executes dropped EXE
-
\??\c:\04844.exec:\04844.exe36⤵
- Executes dropped EXE
-
\??\c:\8460888.exec:\8460888.exe37⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe38⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe39⤵
- Executes dropped EXE
-
\??\c:\bhtnhb.exec:\bhtnhb.exe40⤵
- Executes dropped EXE
-
\??\c:\206666.exec:\206666.exe41⤵
- Executes dropped EXE
-
\??\c:\1ntnbh.exec:\1ntnbh.exe42⤵
- Executes dropped EXE
-
\??\c:\ttbhnt.exec:\ttbhnt.exe43⤵
- Executes dropped EXE
-
\??\c:\4066668.exec:\4066668.exe44⤵
- Executes dropped EXE
-
\??\c:\880402.exec:\880402.exe45⤵
- Executes dropped EXE
-
\??\c:\46408.exec:\46408.exe46⤵
- Executes dropped EXE
-
\??\c:\6004226.exec:\6004226.exe47⤵
- Executes dropped EXE
-
\??\c:\xrrrllf.exec:\xrrrllf.exe48⤵
- Executes dropped EXE
-
\??\c:\86260.exec:\86260.exe49⤵
- Executes dropped EXE
-
\??\c:\a0888.exec:\a0888.exe50⤵
- Executes dropped EXE
-
\??\c:\dpjjj.exec:\dpjjj.exe51⤵
- Executes dropped EXE
-
\??\c:\42820.exec:\42820.exe52⤵
- Executes dropped EXE
-
\??\c:\8866000.exec:\8866000.exe53⤵
- Executes dropped EXE
-
\??\c:\422604.exec:\422604.exe54⤵
- Executes dropped EXE
-
\??\c:\rlrlrrr.exec:\rlrlrrr.exe55⤵
- Executes dropped EXE
-
\??\c:\602266.exec:\602266.exe56⤵
- Executes dropped EXE
-
\??\c:\xxrlllf.exec:\xxrlllf.exe57⤵
- Executes dropped EXE
-
\??\c:\22240.exec:\22240.exe58⤵
- Executes dropped EXE
-
\??\c:\280044.exec:\280044.exe59⤵
- Executes dropped EXE
-
\??\c:\8806626.exec:\8806626.exe60⤵
- Executes dropped EXE
-
\??\c:\02888.exec:\02888.exe61⤵
- Executes dropped EXE
-
\??\c:\dppdv.exec:\dppdv.exe62⤵
- Executes dropped EXE
-
\??\c:\hhnthb.exec:\hhnthb.exe63⤵
- Executes dropped EXE
-
\??\c:\46888.exec:\46888.exe64⤵
- Executes dropped EXE
-
\??\c:\26822.exec:\26822.exe65⤵
- Executes dropped EXE
-
\??\c:\4060448.exec:\4060448.exe66⤵
-
\??\c:\pppjd.exec:\pppjd.exe67⤵
-
\??\c:\1bbthh.exec:\1bbthh.exe68⤵
-
\??\c:\268282.exec:\268282.exe69⤵
-
\??\c:\hbhhtt.exec:\hbhhtt.exe70⤵
-
\??\c:\xflfxrr.exec:\xflfxrr.exe71⤵
-
\??\c:\xfffxfx.exec:\xfffxfx.exe72⤵
-
\??\c:\hbtntt.exec:\hbtntt.exe73⤵
-
\??\c:\m2000.exec:\m2000.exe74⤵
-
\??\c:\0282600.exec:\0282600.exe75⤵
-
\??\c:\u800004.exec:\u800004.exe76⤵
-
\??\c:\hbthth.exec:\hbthth.exe77⤵
-
\??\c:\628822.exec:\628822.exe78⤵
-
\??\c:\4624204.exec:\4624204.exe79⤵
-
\??\c:\882266.exec:\882266.exe80⤵
-
\??\c:\hbthbb.exec:\hbthbb.exe81⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe82⤵
-
\??\c:\u026444.exec:\u026444.exe83⤵
-
\??\c:\2666000.exec:\2666000.exe84⤵
-
\??\c:\hbtnhb.exec:\hbtnhb.exe85⤵
-
\??\c:\40266.exec:\40266.exe86⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe87⤵
-
\??\c:\ffrflfl.exec:\ffrflfl.exe88⤵
-
\??\c:\8442420.exec:\8442420.exe89⤵
-
\??\c:\xrxfrlx.exec:\xrxfrlx.exe90⤵
-
\??\c:\hbtttn.exec:\hbtttn.exe91⤵
-
\??\c:\0626060.exec:\0626060.exe92⤵
-
\??\c:\rfflffl.exec:\rfflffl.exe93⤵
-
\??\c:\0422884.exec:\0422884.exe94⤵
-
\??\c:\a6888.exec:\a6888.exe95⤵
-
\??\c:\3lrrrff.exec:\3lrrrff.exe96⤵
-
\??\c:\400660.exec:\400660.exe97⤵
-
\??\c:\fflfxxx.exec:\fflfxxx.exe98⤵
-
\??\c:\48444.exec:\48444.exe99⤵
-
\??\c:\llxrfff.exec:\llxrfff.exe100⤵
-
\??\c:\086286.exec:\086286.exe101⤵
-
\??\c:\4064448.exec:\4064448.exe102⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe103⤵
-
\??\c:\fxfffxx.exec:\fxfffxx.exe104⤵
-
\??\c:\jvppj.exec:\jvppj.exe105⤵
-
\??\c:\8262820.exec:\8262820.exe106⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe107⤵
-
\??\c:\464822.exec:\464822.exe108⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe109⤵
-
\??\c:\lrxrlll.exec:\lrxrlll.exe110⤵
-
\??\c:\llrrrrx.exec:\llrrrrx.exe111⤵
-
\??\c:\thttnh.exec:\thttnh.exe112⤵
-
\??\c:\828640.exec:\828640.exe113⤵
-
\??\c:\26826.exec:\26826.exe114⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe115⤵
-
\??\c:\o082600.exec:\o082600.exe116⤵
-
\??\c:\042884.exec:\042884.exe117⤵
-
\??\c:\m0604.exec:\m0604.exe118⤵
-
\??\c:\ffxrllf.exec:\ffxrllf.exe119⤵
-
\??\c:\82244.exec:\82244.exe120⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-