Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
16/05/2024, 02:23
General
-
Target
7f434b431e89b8ecac1176379a78abd0_NeikiAnalytics.exe
-
Size
145KB
-
MD5
7f434b431e89b8ecac1176379a78abd0
-
SHA1
1df15181f3de4979f9ac54682d3f88583dc8a078
-
SHA256
6a05593454675174bf1868f1cd715305f47d3ad77af307b6f007240132f73f4a
-
SHA512
ba21a2dd9e6c4b2893631dd113fe5bc73be2d4c0d4c8e7af15ce968e6dac773442731240c3a0d03e63503fbe11d08ed7a219e2fd8a87dbb76b4ea27ca2029634
-
SSDEEP
3072:ymb3NkkiQ3mdBjFosxXGPXbXQMFHLgDWSmklgQI:n3C9BRosxW8MFHLMW7QI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f434b431e89b8ecac1176379a78abd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7f434b431e89b8ecac1176379a78abd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjdj.exec:\3pjdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllxxrl.exec:\fllxxrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thhhn.exec:\3thhhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddd.exec:\jvddd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdvv.exec:\3jdvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrxrx.exec:\xrlrxrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtnn.exec:\htbtnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vjdd.exec:\9vjdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfflxf.exec:\xrfflxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxrxfr.exec:\3rxrxfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhnt.exec:\hbhhnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hntbt.exec:\1hntbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflrlr.exec:\xrflrlr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxfff.exec:\rrfxfff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhtnb.exec:\hhhtnb.exe17⤵
- Executes dropped EXE
-
\??\c:\7pjjp.exec:\7pjjp.exe18⤵
- Executes dropped EXE
-
\??\c:\9xfxlxr.exec:\9xfxlxr.exe19⤵
- Executes dropped EXE
-
\??\c:\lfrxrrl.exec:\lfrxrrl.exe20⤵
- Executes dropped EXE
-
\??\c:\5hhnbb.exec:\5hhnbb.exe21⤵
- Executes dropped EXE
-
\??\c:\djjpv.exec:\djjpv.exe22⤵
- Executes dropped EXE
-
\??\c:\lxrlxxr.exec:\lxrlxxr.exe23⤵
- Executes dropped EXE
-
\??\c:\bnhhbb.exec:\bnhhbb.exe24⤵
- Executes dropped EXE
-
\??\c:\bbhhbb.exec:\bbhhbb.exe25⤵
- Executes dropped EXE
-
\??\c:\5pdvv.exec:\5pdvv.exe26⤵
- Executes dropped EXE
-
\??\c:\fflrrlf.exec:\fflrrlf.exe27⤵
- Executes dropped EXE
-
\??\c:\tnbbnt.exec:\tnbbnt.exe28⤵
- Executes dropped EXE
-
\??\c:\pdpdd.exec:\pdpdd.exe29⤵
- Executes dropped EXE
-
\??\c:\xrxflrf.exec:\xrxflrf.exe30⤵
- Executes dropped EXE
-
\??\c:\9fxflrr.exec:\9fxflrr.exe31⤵
- Executes dropped EXE
-
\??\c:\hbnnnn.exec:\hbnnnn.exe32⤵
- Executes dropped EXE
-
\??\c:\pdjvv.exec:\pdjvv.exe33⤵
- Executes dropped EXE
-
\??\c:\1lxfflr.exec:\1lxfflr.exe34⤵
-
\??\c:\lxfflfx.exec:\lxfflfx.exe35⤵
- Executes dropped EXE
-
\??\c:\bnnntt.exec:\bnnntt.exe36⤵
- Executes dropped EXE
-
\??\c:\tnnhnn.exec:\tnnhnn.exe37⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe38⤵
- Executes dropped EXE
-
\??\c:\pdpvv.exec:\pdpvv.exe39⤵
- Executes dropped EXE
-
\??\c:\7nbttt.exec:\7nbttt.exe40⤵
- Executes dropped EXE
-
\??\c:\nbthht.exec:\nbthht.exe41⤵
- Executes dropped EXE
-
\??\c:\1jppv.exec:\1jppv.exe42⤵
- Executes dropped EXE
-
\??\c:\frrfrlf.exec:\frrfrlf.exe43⤵
- Executes dropped EXE
-
\??\c:\3xrxlrf.exec:\3xrxlrf.exe44⤵
- Executes dropped EXE
-
\??\c:\1tnthn.exec:\1tnthn.exe45⤵
- Executes dropped EXE
-
\??\c:\9nntht.exec:\9nntht.exe46⤵
- Executes dropped EXE
-
\??\c:\1jpvd.exec:\1jpvd.exe47⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe48⤵
- Executes dropped EXE
-
\??\c:\lxllrll.exec:\lxllrll.exe49⤵
- Executes dropped EXE
-
\??\c:\nhtttb.exec:\nhtttb.exe50⤵
- Executes dropped EXE
-
\??\c:\5hbbnn.exec:\5hbbnn.exe51⤵
- Executes dropped EXE
-
\??\c:\5dpjj.exec:\5dpjj.exe52⤵
- Executes dropped EXE
-
\??\c:\1vjdj.exec:\1vjdj.exe53⤵
- Executes dropped EXE
-
\??\c:\lrxllxl.exec:\lrxllxl.exe54⤵
- Executes dropped EXE
-
\??\c:\7hhnbb.exec:\7hhnbb.exe55⤵
- Executes dropped EXE
-
\??\c:\bbntnb.exec:\bbntnb.exe56⤵
- Executes dropped EXE
-
\??\c:\jvdvj.exec:\jvdvj.exe57⤵
- Executes dropped EXE
-
\??\c:\jppdv.exec:\jppdv.exe58⤵
- Executes dropped EXE
-
\??\c:\xrxfllr.exec:\xrxfllr.exe59⤵
- Executes dropped EXE
-
\??\c:\tbhtbt.exec:\tbhtbt.exe60⤵
- Executes dropped EXE
-
\??\c:\hbttbh.exec:\hbttbh.exe61⤵
- Executes dropped EXE
-
\??\c:\dpdjj.exec:\dpdjj.exe62⤵
- Executes dropped EXE
-
\??\c:\vppjp.exec:\vppjp.exe63⤵
- Executes dropped EXE
-
\??\c:\fxxxffr.exec:\fxxxffr.exe64⤵
- Executes dropped EXE
-
\??\c:\7xrfrxx.exec:\7xrfrxx.exe65⤵
- Executes dropped EXE
-
\??\c:\bnthhh.exec:\bnthhh.exe66⤵
- Executes dropped EXE
-
\??\c:\1djdj.exec:\1djdj.exe67⤵
-
\??\c:\5pjdv.exec:\5pjdv.exe68⤵
-
\??\c:\rflflfl.exec:\rflflfl.exe69⤵
-
\??\c:\1lflxff.exec:\1lflxff.exe70⤵
-
\??\c:\bthhnb.exec:\bthhnb.exe71⤵
-
\??\c:\bbthnn.exec:\bbthnn.exe72⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe73⤵
-
\??\c:\9jdpp.exec:\9jdpp.exe74⤵
-
\??\c:\xrfxxxx.exec:\xrfxxxx.exe75⤵
-
\??\c:\xfxllxf.exec:\xfxllxf.exe76⤵
-
\??\c:\nhthnn.exec:\nhthnn.exe77⤵
-
\??\c:\1nnbbt.exec:\1nnbbt.exe78⤵
-
\??\c:\dpvdj.exec:\dpvdj.exe79⤵
-
\??\c:\1pppp.exec:\1pppp.exe80⤵
-
\??\c:\rlxfffl.exec:\rlxfffl.exe81⤵
-
\??\c:\xfffrrr.exec:\xfffrrr.exe82⤵
-
\??\c:\thtntt.exec:\thtntt.exe83⤵
-
\??\c:\nbbtbt.exec:\nbbtbt.exe84⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe85⤵
-
\??\c:\jvppp.exec:\jvppp.exe86⤵
-
\??\c:\fffllrr.exec:\fffllrr.exe87⤵
-
\??\c:\3bthnb.exec:\3bthnb.exe88⤵
-
\??\c:\bntttt.exec:\bntttt.exe89⤵
-
\??\c:\1ddjp.exec:\1ddjp.exe90⤵
-
\??\c:\9xrrxfl.exec:\9xrrxfl.exe91⤵
-
\??\c:\xrffrxr.exec:\xrffrxr.exe92⤵
-
\??\c:\7hnntb.exec:\7hnntb.exe93⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe94⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe95⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe96⤵
-
\??\c:\rfxxffl.exec:\rfxxffl.exe97⤵
-
\??\c:\7frrflx.exec:\7frrflx.exe98⤵
-
\??\c:\nhbhnt.exec:\nhbhnt.exe99⤵
-
\??\c:\hthhtn.exec:\hthhtn.exe100⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe101⤵
-
\??\c:\7vppv.exec:\7vppv.exe102⤵
-
\??\c:\7lfflfl.exec:\7lfflfl.exe103⤵
-
\??\c:\lfrxllr.exec:\lfrxllr.exe104⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe105⤵
-
\??\c:\nhntnb.exec:\nhntnb.exe106⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe107⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe108⤵
-
\??\c:\xrxfrxr.exec:\xrxfrxr.exe109⤵
-
\??\c:\lffflrx.exec:\lffflrx.exe110⤵
-
\??\c:\hntnnt.exec:\hntnnt.exe111⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe112⤵
-
\??\c:\vpddv.exec:\vpddv.exe113⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe114⤵
-
\??\c:\rrlfllf.exec:\rrlfllf.exe115⤵
-
\??\c:\7rlfxrl.exec:\7rlfxrl.exe116⤵
-
\??\c:\bbbbtb.exec:\bbbbtb.exe117⤵
-
\??\c:\9nbhnn.exec:\9nbhnn.exe118⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe119⤵
-
\??\c:\frlrxxf.exec:\frlrxxf.exe120⤵
-
\??\c:\1fxlllx.exec:\1fxlllx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-