Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
16/05/2024, 00:56
General
-
Target
6a1e3d17615b8623fceed72ca9a4a300_NeikiAnalytics.exe
-
Size
63KB
-
MD5
6a1e3d17615b8623fceed72ca9a4a300
-
SHA1
b2f84f6cacfa23e5397dab8cb99545c111894a34
-
SHA256
82a5ec6481688837741cb774d8fb5099c37fe854fddfda4ca90a6e321b65e551
-
SHA512
faf5b8fa73ab68d175d890c70880fc600668f868d324c3c258b8ebf396b51e92941282a7bf1fe471ceab679d6b3c78b82b2c96a1046e04e0b14fc2a9f0c71081
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUwco5:ymb3NkkiQ3mdBjF0yjco5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a1e3d17615b8623fceed72ca9a4a300_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6a1e3d17615b8623fceed72ca9a4a300_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlfff.exec:\xlrlfff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbtb.exec:\bthbtb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbnn.exec:\btbbnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjd.exec:\vjpjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjd.exec:\vdjjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbttn.exec:\tbbttn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhthn.exec:\hhhthn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvv.exec:\jvdvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrrl.exec:\lffxrrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntthh.exec:\tntthh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlrxf.exec:\ffrlrxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnnt.exec:\thnnnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjd.exec:\vjjjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrfxr.exec:\fxxrfxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrllll.exec:\rlrllll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtntb.exec:\nhtntb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ddvp.exec:\5ddvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrrffl.exec:\7lrrffl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhht.exec:\hbnhht.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbtnh.exec:\9hbtnh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppv.exec:\dpppv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxxf.exec:\lflfxxf.exe23⤵
- Executes dropped EXE
-
\??\c:\bbhhbb.exec:\bbhhbb.exe24⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe25⤵
- Executes dropped EXE
-
\??\c:\3pjdj.exec:\3pjdj.exe26⤵
- Executes dropped EXE
-
\??\c:\rfxrlxx.exec:\rfxrlxx.exe27⤵
- Executes dropped EXE
-
\??\c:\hnntbh.exec:\hnntbh.exe28⤵
- Executes dropped EXE
-
\??\c:\7bttnh.exec:\7bttnh.exe29⤵
- Executes dropped EXE
-
\??\c:\jpjvj.exec:\jpjvj.exe30⤵
- Executes dropped EXE
-
\??\c:\rxxxrrr.exec:\rxxxrrr.exe31⤵
- Executes dropped EXE
-
\??\c:\rrrrllf.exec:\rrrrllf.exe32⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe33⤵
- Executes dropped EXE
-
\??\c:\jpvjv.exec:\jpvjv.exe34⤵
- Executes dropped EXE
-
\??\c:\frlfxxr.exec:\frlfxxr.exe35⤵
- Executes dropped EXE
-
\??\c:\fxllllf.exec:\fxllllf.exe36⤵
- Executes dropped EXE
-
\??\c:\1bbtnn.exec:\1bbtnn.exe37⤵
- Executes dropped EXE
-
\??\c:\tbbbtb.exec:\tbbbtb.exe38⤵
- Executes dropped EXE
-
\??\c:\vdjvp.exec:\vdjvp.exe39⤵
- Executes dropped EXE
-
\??\c:\1jjpd.exec:\1jjpd.exe40⤵
- Executes dropped EXE
-
\??\c:\flxrxxr.exec:\flxrxxr.exe41⤵
- Executes dropped EXE
-
\??\c:\bbtttt.exec:\bbtttt.exe42⤵
- Executes dropped EXE
-
\??\c:\jjppj.exec:\jjppj.exe43⤵
- Executes dropped EXE
-
\??\c:\7pddp.exec:\7pddp.exe44⤵
- Executes dropped EXE
-
\??\c:\9flfrrr.exec:\9flfrrr.exe45⤵
- Executes dropped EXE
-
\??\c:\7lrrlrl.exec:\7lrrlrl.exe46⤵
- Executes dropped EXE
-
\??\c:\thhhhh.exec:\thhhhh.exe47⤵
- Executes dropped EXE
-
\??\c:\hhttnn.exec:\hhttnn.exe48⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe49⤵
- Executes dropped EXE
-
\??\c:\rrxrlrl.exec:\rrxrlrl.exe50⤵
- Executes dropped EXE
-
\??\c:\bnnttb.exec:\bnnttb.exe51⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe52⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe53⤵
- Executes dropped EXE
-
\??\c:\rxffrxf.exec:\rxffrxf.exe54⤵
- Executes dropped EXE
-
\??\c:\nntttt.exec:\nntttt.exe55⤵
- Executes dropped EXE
-
\??\c:\hbhhtb.exec:\hbhhtb.exe56⤵
- Executes dropped EXE
-
\??\c:\dpvjd.exec:\dpvjd.exe57⤵
- Executes dropped EXE
-
\??\c:\5llfxfx.exec:\5llfxfx.exe58⤵
- Executes dropped EXE
-
\??\c:\fxffrrf.exec:\fxffrrf.exe59⤵
- Executes dropped EXE
-
\??\c:\bhntbt.exec:\bhntbt.exe60⤵
- Executes dropped EXE
-
\??\c:\3bnhhn.exec:\3bnhhn.exe61⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe62⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe63⤵
- Executes dropped EXE
-
\??\c:\lfxrrxr.exec:\lfxrrxr.exe64⤵
- Executes dropped EXE
-
\??\c:\lfxxrrr.exec:\lfxxrrr.exe65⤵
- Executes dropped EXE
-
\??\c:\9ntbtt.exec:\9ntbtt.exe66⤵
-
\??\c:\bbbbhn.exec:\bbbbhn.exe67⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe68⤵
-
\??\c:\7djjd.exec:\7djjd.exe69⤵
-
\??\c:\9xlffxl.exec:\9xlffxl.exe70⤵
-
\??\c:\9xffxxx.exec:\9xffxxx.exe71⤵
-
\??\c:\ttbbhh.exec:\ttbbhh.exe72⤵
-
\??\c:\1ntnbb.exec:\1ntnbb.exe73⤵
-
\??\c:\7vvvp.exec:\7vvvp.exe74⤵
-
\??\c:\xxxrrrr.exec:\xxxrrrr.exe75⤵
-
\??\c:\3lxxrrx.exec:\3lxxrrx.exe76⤵
-
\??\c:\nthhtb.exec:\nthhtb.exe77⤵
-
\??\c:\tnbhhn.exec:\tnbhhn.exe78⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe79⤵
-
\??\c:\1lrlfff.exec:\1lrlfff.exe80⤵
-
\??\c:\7ffffxx.exec:\7ffffxx.exe81⤵
-
\??\c:\9ttnnn.exec:\9ttnnn.exe82⤵
-
\??\c:\nntnth.exec:\nntnth.exe83⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe84⤵
-
\??\c:\lrfxflx.exec:\lrfxflx.exe85⤵
-
\??\c:\lxxxxxf.exec:\lxxxxxf.exe86⤵
-
\??\c:\5xrllrr.exec:\5xrllrr.exe87⤵
-
\??\c:\nhbnht.exec:\nhbnht.exe88⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe89⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe90⤵
-
\??\c:\rlfxlll.exec:\rlfxlll.exe91⤵
-
\??\c:\lrxxxxx.exec:\lrxxxxx.exe92⤵
-
\??\c:\nbtntb.exec:\nbtntb.exe93⤵
-
\??\c:\3dvvj.exec:\3dvvj.exe94⤵
-
\??\c:\ddddd.exec:\ddddd.exe95⤵
-
\??\c:\lxrrlll.exec:\lxrrlll.exe96⤵
-
\??\c:\hhthnn.exec:\hhthnn.exe97⤵
-
\??\c:\bbhhhb.exec:\bbhhhb.exe98⤵
-
\??\c:\9ppjd.exec:\9ppjd.exe99⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe100⤵
-
\??\c:\lllfxff.exec:\lllfxff.exe101⤵
-
\??\c:\1ntttt.exec:\1ntttt.exe102⤵
-
\??\c:\bhbthb.exec:\bhbthb.exe103⤵
-
\??\c:\jpddj.exec:\jpddj.exe104⤵
-
\??\c:\frrxfxr.exec:\frrxfxr.exe105⤵
-
\??\c:\ffrffxr.exec:\ffrffxr.exe106⤵
-
\??\c:\httnnt.exec:\httnnt.exe107⤵
-
\??\c:\5vvvv.exec:\5vvvv.exe108⤵
-
\??\c:\lxxrllf.exec:\lxxrllf.exe109⤵
-
\??\c:\nbhttb.exec:\nbhttb.exe110⤵
-
\??\c:\5ntbht.exec:\5ntbht.exe111⤵
-
\??\c:\pjppj.exec:\pjppj.exe112⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe113⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe114⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe115⤵
-
\??\c:\7rxxflx.exec:\7rxxflx.exe116⤵
-
\??\c:\nbbnnh.exec:\nbbnnh.exe117⤵
-
\??\c:\bbbttb.exec:\bbbttb.exe118⤵
-
\??\c:\pvjvp.exec:\pvjvp.exe119⤵
-
\??\c:\frxrfxr.exec:\frxrfxr.exe120⤵
-
\??\c:\5xrllrr.exec:\5xrllrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-