Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16/05/2024, 01:38
General
-
Target
73c91b6ad96ba89d3cec053c74a3eb20_NeikiAnalytics.exe
-
Size
56KB
-
MD5
73c91b6ad96ba89d3cec053c74a3eb20
-
SHA1
61223e2901d8f06be29b5afa4aba3b46f2ce2e23
-
SHA256
f5b48a39b32c914af616b0e10bd4c1d8495577c096598257fdca316d157027cb
-
SHA512
8a1c0e43ef114058f9cf017172658ad6d475f402aa1ea7bd1362a211e05cbca7978e6c9afbce3c098b88765e896ffc0ea7f9e33ddab02d644c21312ce0df3db4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chVh:ymb3NkkiQ3mdBjF0crh
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\73c91b6ad96ba89d3cec053c74a3eb20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\73c91b6ad96ba89d3cec053c74a3eb20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjj.exec:\jjjjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfffrf.exec:\9xfffrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthtbb.exec:\tthtbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvpp.exec:\jjvpp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppjd.exec:\7ppjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlffff.exec:\frlffff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7btthh.exec:\7btthh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhbb.exec:\ttnhbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdd.exec:\vjjdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdjj.exec:\jvdjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnhh.exec:\nnnnhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddd.exec:\jpddd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrfff.exec:\rxxrfff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrlff.exec:\xxxrlff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbhh.exec:\hbhbhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvv.exec:\ppvvv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdd.exec:\jdjdd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlfff.exec:\lfrlfff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ttttb.exec:\7ttttb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbb.exec:\nhnhbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppp.exec:\ppppp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rllflx.exec:\3rllflx.exe23⤵
- Executes dropped EXE
-
\??\c:\xrrlxxx.exec:\xrrlxxx.exe24⤵
- Executes dropped EXE
-
\??\c:\bhbtbn.exec:\bhbtbn.exe25⤵
- Executes dropped EXE
-
\??\c:\7djdd.exec:\7djdd.exe26⤵
- Executes dropped EXE
-
\??\c:\rffxrxr.exec:\rffxrxr.exe27⤵
- Executes dropped EXE
-
\??\c:\1xxrllf.exec:\1xxrllf.exe28⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe29⤵
- Executes dropped EXE
-
\??\c:\dpddv.exec:\dpddv.exe30⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe31⤵
- Executes dropped EXE
-
\??\c:\3rrlxxx.exec:\3rrlxxx.exe32⤵
- Executes dropped EXE
-
\??\c:\fxxrlll.exec:\fxxrlll.exe33⤵
- Executes dropped EXE
-
\??\c:\dppvp.exec:\dppvp.exe34⤵
- Executes dropped EXE
-
\??\c:\rxxxxxx.exec:\rxxxxxx.exe35⤵
- Executes dropped EXE
-
\??\c:\btnnnn.exec:\btnnnn.exe36⤵
- Executes dropped EXE
-
\??\c:\bntbnn.exec:\bntbnn.exe37⤵
- Executes dropped EXE
-
\??\c:\ddvvv.exec:\ddvvv.exe38⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe39⤵
- Executes dropped EXE
-
\??\c:\nbnnhh.exec:\nbnnhh.exe40⤵
- Executes dropped EXE
-
\??\c:\1ntnhb.exec:\1ntnhb.exe41⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe42⤵
- Executes dropped EXE
-
\??\c:\vjddd.exec:\vjddd.exe43⤵
- Executes dropped EXE
-
\??\c:\rllfffx.exec:\rllfffx.exe44⤵
- Executes dropped EXE
-
\??\c:\tbhbbt.exec:\tbhbbt.exe45⤵
- Executes dropped EXE
-
\??\c:\nhhnnb.exec:\nhhnnb.exe46⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe47⤵
- Executes dropped EXE
-
\??\c:\9ppjd.exec:\9ppjd.exe48⤵
- Executes dropped EXE
-
\??\c:\rxrllll.exec:\rxrllll.exe49⤵
- Executes dropped EXE
-
\??\c:\flxxflx.exec:\flxxflx.exe50⤵
- Executes dropped EXE
-
\??\c:\flfxrrr.exec:\flfxrrr.exe51⤵
- Executes dropped EXE
-
\??\c:\9hnnnn.exec:\9hnnnn.exe52⤵
- Executes dropped EXE
-
\??\c:\nhnhtt.exec:\nhnhtt.exe53⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe54⤵
- Executes dropped EXE
-
\??\c:\djddd.exec:\djddd.exe55⤵
- Executes dropped EXE
-
\??\c:\rfrfxxx.exec:\rfrfxxx.exe56⤵
- Executes dropped EXE
-
\??\c:\xxfxffl.exec:\xxfxffl.exe57⤵
- Executes dropped EXE
-
\??\c:\bthnbn.exec:\bthnbn.exe58⤵
- Executes dropped EXE
-
\??\c:\ttnhhn.exec:\ttnhhn.exe59⤵
- Executes dropped EXE
-
\??\c:\dvvvj.exec:\dvvvj.exe60⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe61⤵
- Executes dropped EXE
-
\??\c:\lfxrrrx.exec:\lfxrrrx.exe62⤵
- Executes dropped EXE
-
\??\c:\xrrrrxx.exec:\xrrrrxx.exe63⤵
- Executes dropped EXE
-
\??\c:\bbnntt.exec:\bbnntt.exe64⤵
- Executes dropped EXE
-
\??\c:\hthbtt.exec:\hthbtt.exe65⤵
- Executes dropped EXE
-
\??\c:\5pvpj.exec:\5pvpj.exe66⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe67⤵
-
\??\c:\lflfflf.exec:\lflfflf.exe68⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe69⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe70⤵
-
\??\c:\1vpvp.exec:\1vpvp.exe71⤵
-
\??\c:\fxxrllx.exec:\fxxrllx.exe72⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe73⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe74⤵
-
\??\c:\7pppj.exec:\7pppj.exe75⤵
-
\??\c:\frrlllf.exec:\frrlllf.exe76⤵
-
\??\c:\hhbbtb.exec:\hhbbtb.exe77⤵
-
\??\c:\vpppv.exec:\vpppv.exe78⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe79⤵
-
\??\c:\3rxrlll.exec:\3rxrlll.exe80⤵
-
\??\c:\nhhtbb.exec:\nhhtbb.exe81⤵
-
\??\c:\btbbbn.exec:\btbbbn.exe82⤵
-
\??\c:\vpppd.exec:\vpppd.exe83⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe84⤵
-
\??\c:\5lllxrf.exec:\5lllxrf.exe85⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe86⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe87⤵
-
\??\c:\xrxfxlf.exec:\xrxfxlf.exe88⤵
-
\??\c:\tbhhtn.exec:\tbhhtn.exe89⤵
-
\??\c:\thnntt.exec:\thnntt.exe90⤵
-
\??\c:\1vvpj.exec:\1vvpj.exe91⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe92⤵
-
\??\c:\rlfxllf.exec:\rlfxllf.exe93⤵
-
\??\c:\hbhbnn.exec:\hbhbnn.exe94⤵
-
\??\c:\pjppv.exec:\pjppv.exe95⤵
-
\??\c:\9lrrffl.exec:\9lrrffl.exe96⤵
-
\??\c:\ffrrxfl.exec:\ffrrxfl.exe97⤵
-
\??\c:\tntbnb.exec:\tntbnb.exe98⤵
-
\??\c:\hthbnn.exec:\hthbnn.exe99⤵
-
\??\c:\1vvvj.exec:\1vvvj.exe100⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe101⤵
-
\??\c:\rllllxx.exec:\rllllxx.exe102⤵
-
\??\c:\lllllll.exec:\lllllll.exe103⤵
-
\??\c:\tbhhhb.exec:\tbhhhb.exe104⤵
-
\??\c:\ttttht.exec:\ttttht.exe105⤵
-
\??\c:\5jjjv.exec:\5jjjv.exe106⤵
-
\??\c:\lflflfl.exec:\lflflfl.exe107⤵
-
\??\c:\xfllfrr.exec:\xfllfrr.exe108⤵
-
\??\c:\bhthnn.exec:\bhthnn.exe109⤵
-
\??\c:\ntbtnh.exec:\ntbtnh.exe110⤵
-
\??\c:\djddv.exec:\djddv.exe111⤵
-
\??\c:\lfflxfr.exec:\lfflxfr.exe112⤵
-
\??\c:\thnbnh.exec:\thnbnh.exe113⤵
-
\??\c:\htthtt.exec:\htthtt.exe114⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe115⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe116⤵
-
\??\c:\pppvj.exec:\pppvj.exe117⤵
-
\??\c:\rrfrfrf.exec:\rrfrfrf.exe118⤵
-
\??\c:\rffxxrl.exec:\rffxxrl.exe119⤵
-
\??\c:\bbnnnt.exec:\bbnnnt.exe120⤵
-
\??\c:\ttnhbb.exec:\ttnhbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-