Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
16/05/2024, 01:00
General
-
Target
6b0285e52aed5874b68f0e3f1b6385d0_NeikiAnalytics.exe
-
Size
54KB
-
MD5
6b0285e52aed5874b68f0e3f1b6385d0
-
SHA1
3f146da5132d476f644518ca0a45380e712e4608
-
SHA256
2fbdf44a3ee3ff8d9c2367e2e09fe797283bc7f5531b40c15467b45615bb9b28
-
SHA512
a219e3d1c7aa81692170556ea5b1f15e61571b6124b1bb29c67a2d03a27d7d64c72ce21f27253df620e21eab7e1847467c76ecd551824157623c1f5592037a41
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI57Bd:ymb3NkkiQ3mdBjFIVBd
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 16 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 17 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6b0285e52aed5874b68f0e3f1b6385d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6b0285e52aed5874b68f0e3f1b6385d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\llflxfl.exec:\llflxfl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlrrf.exec:\xrrlrrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhtn.exec:\bthhtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpv.exec:\jvjpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxffr.exec:\rlxxffr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbnn.exec:\btnbnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthtnn.exec:\tthtnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxffflx.exec:\lxffflx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrlxl.exec:\rllrlxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjp.exec:\djpjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvd.exec:\ddpvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xrxfrf.exec:\5xrxfrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrffll.exec:\frrffll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnn.exec:\bthhnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvj.exec:\jdpvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jpvj.exec:\3jpvj.exe17⤵
- Executes dropped EXE
-
\??\c:\fllxrfr.exec:\fllxrfr.exe18⤵
- Executes dropped EXE
-
\??\c:\3bnthh.exec:\3bnthh.exe19⤵
- Executes dropped EXE
-
\??\c:\3tnbnn.exec:\3tnbnn.exe20⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe21⤵
- Executes dropped EXE
-
\??\c:\rlfrflx.exec:\rlfrflx.exe22⤵
- Executes dropped EXE
-
\??\c:\frllrrf.exec:\frllrrf.exe23⤵
- Executes dropped EXE
-
\??\c:\nhtbnn.exec:\nhtbnn.exe24⤵
- Executes dropped EXE
-
\??\c:\jpdvd.exec:\jpdvd.exe25⤵
- Executes dropped EXE
-
\??\c:\jvpvd.exec:\jvpvd.exe26⤵
- Executes dropped EXE
-
\??\c:\rlrrflr.exec:\rlrrflr.exe27⤵
- Executes dropped EXE
-
\??\c:\nbtbhh.exec:\nbtbhh.exe28⤵
- Executes dropped EXE
-
\??\c:\xrxfxxl.exec:\xrxfxxl.exe29⤵
- Executes dropped EXE
-
\??\c:\ntntbt.exec:\ntntbt.exe30⤵
- Executes dropped EXE
-
\??\c:\hhbhth.exec:\hhbhth.exe31⤵
- Executes dropped EXE
-
\??\c:\1pjpd.exec:\1pjpd.exe32⤵
- Executes dropped EXE
-
\??\c:\jppvd.exec:\jppvd.exe33⤵
- Executes dropped EXE
-
\??\c:\fxllrxf.exec:\fxllrxf.exe34⤵
- Executes dropped EXE
-
\??\c:\lllxfrr.exec:\lllxfrr.exe35⤵
- Executes dropped EXE
-
\??\c:\nnhtth.exec:\nnhtth.exe36⤵
- Executes dropped EXE
-
\??\c:\3nntbt.exec:\3nntbt.exe37⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe38⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe39⤵
- Executes dropped EXE
-
\??\c:\xxrflrx.exec:\xxrflrx.exe40⤵
- Executes dropped EXE
-
\??\c:\fllfrxf.exec:\fllfrxf.exe41⤵
- Executes dropped EXE
-
\??\c:\ntbntt.exec:\ntbntt.exe42⤵
- Executes dropped EXE
-
\??\c:\dvvjv.exec:\dvvjv.exe43⤵
- Executes dropped EXE
-
\??\c:\1dddv.exec:\1dddv.exe44⤵
- Executes dropped EXE
-
\??\c:\xrrlfxl.exec:\xrrlfxl.exe45⤵
- Executes dropped EXE
-
\??\c:\9lxfxxl.exec:\9lxfxxl.exe46⤵
- Executes dropped EXE
-
\??\c:\bttnhn.exec:\bttnhn.exe47⤵
- Executes dropped EXE
-
\??\c:\nhbbht.exec:\nhbbht.exe48⤵
- Executes dropped EXE
-
\??\c:\dvvvd.exec:\dvvvd.exe49⤵
- Executes dropped EXE
-
\??\c:\xfrffff.exec:\xfrffff.exe50⤵
- Executes dropped EXE
-
\??\c:\lflrllr.exec:\lflrllr.exe51⤵
- Executes dropped EXE
-
\??\c:\hbttbh.exec:\hbttbh.exe52⤵
- Executes dropped EXE
-
\??\c:\nhhhtt.exec:\nhhhtt.exe53⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe54⤵
- Executes dropped EXE
-
\??\c:\7vjdp.exec:\7vjdp.exe55⤵
- Executes dropped EXE
-
\??\c:\lxlxllx.exec:\lxlxllx.exe56⤵
- Executes dropped EXE
-
\??\c:\5xflrxf.exec:\5xflrxf.exe57⤵
- Executes dropped EXE
-
\??\c:\tnnnbb.exec:\tnnnbb.exe58⤵
- Executes dropped EXE
-
\??\c:\9nbbnt.exec:\9nbbnt.exe59⤵
- Executes dropped EXE
-
\??\c:\3dpvj.exec:\3dpvj.exe60⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe61⤵
- Executes dropped EXE
-
\??\c:\rlflflx.exec:\rlflflx.exe62⤵
- Executes dropped EXE
-
\??\c:\7rxllfl.exec:\7rxllfl.exe63⤵
- Executes dropped EXE
-
\??\c:\nhnhbh.exec:\nhnhbh.exe64⤵
- Executes dropped EXE
-
\??\c:\vvvjj.exec:\vvvjj.exe65⤵
- Executes dropped EXE
-
\??\c:\rlxxffl.exec:\rlxxffl.exe66⤵
-
\??\c:\5fflxxl.exec:\5fflxxl.exe67⤵
-
\??\c:\htnttb.exec:\htnttb.exe68⤵
-
\??\c:\9pdjp.exec:\9pdjp.exe69⤵
-
\??\c:\jddpp.exec:\jddpp.exe70⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe71⤵
-
\??\c:\lflrffr.exec:\lflrffr.exe72⤵
-
\??\c:\btnbhn.exec:\btnbhn.exe73⤵
-
\??\c:\3nhntt.exec:\3nhntt.exe74⤵
-
\??\c:\btbntb.exec:\btbntb.exe75⤵
-
\??\c:\5jdjp.exec:\5jdjp.exe76⤵
-
\??\c:\7vpvp.exec:\7vpvp.exe77⤵
-
\??\c:\rfxxffl.exec:\rfxxffl.exe78⤵
-
\??\c:\fxxlxfx.exec:\fxxlxfx.exe79⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe80⤵
-
\??\c:\1jjdp.exec:\1jjdp.exe81⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe82⤵
-
\??\c:\lxrxflx.exec:\lxrxflx.exe83⤵
-
\??\c:\xlxlxff.exec:\xlxlxff.exe84⤵
-
\??\c:\hbthhn.exec:\hbthhn.exe85⤵
-
\??\c:\hbnbtt.exec:\hbnbtt.exe86⤵
-
\??\c:\jjppv.exec:\jjppv.exe87⤵
-
\??\c:\9pjjp.exec:\9pjjp.exe88⤵
-
\??\c:\pjddp.exec:\pjddp.exe89⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe90⤵
-
\??\c:\rllrfrf.exec:\rllrfrf.exe91⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe92⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe93⤵
-
\??\c:\nbbhbh.exec:\nbbhbh.exe94⤵
-
\??\c:\1pjjp.exec:\1pjjp.exe95⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe96⤵
-
\??\c:\9rrflll.exec:\9rrflll.exe97⤵
-
\??\c:\fxlfrxl.exec:\fxlfrxl.exe98⤵
-
\??\c:\nhbnbt.exec:\nhbnbt.exe99⤵
-
\??\c:\bbbbnt.exec:\bbbbnt.exe100⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe101⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe102⤵
-
\??\c:\xrrrxxl.exec:\xrrrxxl.exe103⤵
-
\??\c:\lxlxffr.exec:\lxlxffr.exe104⤵
-
\??\c:\7hbnth.exec:\7hbnth.exe105⤵
-
\??\c:\nhnthn.exec:\nhnthn.exe106⤵
-
\??\c:\hbhtth.exec:\hbhtth.exe107⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe108⤵
-
\??\c:\7xrrxxr.exec:\7xrrxxr.exe109⤵
-
\??\c:\lfxlrfl.exec:\lfxlrfl.exe110⤵
-
\??\c:\bhtntn.exec:\bhtntn.exe111⤵
-
\??\c:\htbntb.exec:\htbntb.exe112⤵
-
\??\c:\xrlrrrf.exec:\xrlrrrf.exe113⤵
-
\??\c:\frxlxrx.exec:\frxlxrx.exe114⤵
-
\??\c:\3rlrlfl.exec:\3rlrlfl.exe115⤵
-
\??\c:\ntbttb.exec:\ntbttb.exe116⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe117⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe118⤵
-
\??\c:\jddjv.exec:\jddjv.exe119⤵
-
\??\c:\xxlrxfx.exec:\xxlrxfx.exe120⤵
-
\??\c:\fxrlxxl.exec:\fxrlxxl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-