Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
16/05/2024, 09:41
General
-
Target
d6fd7035ae058b0e0731719f6510b240_NeikiAnalytics.exe
-
Size
266KB
-
MD5
d6fd7035ae058b0e0731719f6510b240
-
SHA1
04286631bb983423b61886cc384d9c21d47702dc
-
SHA256
48beca7421cf915b3a04d14b7f0a5ba4a39913304e5754579fb9f5a91154c767
-
SHA512
e54bc2a2bbb50770cc1438be8c1bab64f933083567b8085f09d70bdf53f9d906d9224bc64b23d4a534b071c01578e2f218e7dc86b19393ed9c0efa789f6ca810
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmPzTkV2y/QTa9RBZydZbf83pnzgmmIMS:n3C9BRIG0asYFm71mPfkVB8dKwaWC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d6fd7035ae058b0e0731719f6510b240_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d6fd7035ae058b0e0731719f6510b240_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdpd.exec:\jpdpd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpp.exec:\jdvpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnnh.exec:\hnnnnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppdd.exec:\9ppdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrllf.exec:\xrfrllf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbtnn.exec:\nbbtnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvd.exec:\dvpvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfxrf.exec:\rlxfxrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhht.exec:\bnnhht.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvp.exec:\vjvvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnn.exec:\bntnnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjpp.exec:\dpjpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrxfr.exec:\xrrrxfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbthb.exec:\tnbthb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxlfx.exec:\rxxxlfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhttn.exec:\nnhttn.exe17⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe18⤵
- Executes dropped EXE
-
\??\c:\3xrfrfl.exec:\3xrfrfl.exe19⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe20⤵
- Executes dropped EXE
-
\??\c:\lfxlxfx.exec:\lfxlxfx.exe21⤵
- Executes dropped EXE
-
\??\c:\1pvdj.exec:\1pvdj.exe22⤵
- Executes dropped EXE
-
\??\c:\rlrlxrf.exec:\rlrlxrf.exe23⤵
- Executes dropped EXE
-
\??\c:\vvdjj.exec:\vvdjj.exe24⤵
- Executes dropped EXE
-
\??\c:\1rlrfxr.exec:\1rlrfxr.exe25⤵
- Executes dropped EXE
-
\??\c:\hnntnb.exec:\hnntnb.exe26⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe27⤵
- Executes dropped EXE
-
\??\c:\bbhnth.exec:\bbhnth.exe28⤵
- Executes dropped EXE
-
\??\c:\jjjdj.exec:\jjjdj.exe29⤵
- Executes dropped EXE
-
\??\c:\bhthhb.exec:\bhthhb.exe30⤵
- Executes dropped EXE
-
\??\c:\djdpd.exec:\djdpd.exe31⤵
- Executes dropped EXE
-
\??\c:\xflrrlf.exec:\xflrrlf.exe32⤵
- Executes dropped EXE
-
\??\c:\tbhtbb.exec:\tbhtbb.exe33⤵
- Executes dropped EXE
-
\??\c:\flxrxxx.exec:\flxrxxx.exe34⤵
- Executes dropped EXE
-
\??\c:\ntthhn.exec:\ntthhn.exe35⤵
- Executes dropped EXE
-
\??\c:\tbtnnn.exec:\tbtnnn.exe36⤵
- Executes dropped EXE
-
\??\c:\vjdjp.exec:\vjdjp.exe37⤵
- Executes dropped EXE
-
\??\c:\rffxxxx.exec:\rffxxxx.exe38⤵
- Executes dropped EXE
-
\??\c:\nnbtnt.exec:\nnbtnt.exe39⤵
- Executes dropped EXE
-
\??\c:\ppjpv.exec:\ppjpv.exe40⤵
- Executes dropped EXE
-
\??\c:\dppdj.exec:\dppdj.exe41⤵
- Executes dropped EXE
-
\??\c:\xxxlxll.exec:\xxxlxll.exe42⤵
- Executes dropped EXE
-
\??\c:\btnnhn.exec:\btnnhn.exe43⤵
- Executes dropped EXE
-
\??\c:\vppdp.exec:\vppdp.exe44⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe45⤵
- Executes dropped EXE
-
\??\c:\9ffrlxl.exec:\9ffrlxl.exe46⤵
- Executes dropped EXE
-
\??\c:\nhhnhn.exec:\nhhnhn.exe47⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe48⤵
- Executes dropped EXE
-
\??\c:\xflflfr.exec:\xflflfr.exe49⤵
- Executes dropped EXE
-
\??\c:\5lrxlrl.exec:\5lrxlrl.exe50⤵
- Executes dropped EXE
-
\??\c:\5nttht.exec:\5nttht.exe51⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe52⤵
- Executes dropped EXE
-
\??\c:\3xxfrxr.exec:\3xxfrxr.exe53⤵
- Executes dropped EXE
-
\??\c:\rfxrxlr.exec:\rfxrxlr.exe54⤵
- Executes dropped EXE
-
\??\c:\htthbh.exec:\htthbh.exe55⤵
- Executes dropped EXE
-
\??\c:\dppjp.exec:\dppjp.exe56⤵
- Executes dropped EXE
-
\??\c:\5lxxfff.exec:\5lxxfff.exe57⤵
- Executes dropped EXE
-
\??\c:\rxlrflf.exec:\rxlrflf.exe58⤵
- Executes dropped EXE
-
\??\c:\7tnthn.exec:\7tnthn.exe59⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe60⤵
- Executes dropped EXE
-
\??\c:\ffrlrll.exec:\ffrlrll.exe61⤵
- Executes dropped EXE
-
\??\c:\ntnbnn.exec:\ntnbnn.exe62⤵
- Executes dropped EXE
-
\??\c:\7btthn.exec:\7btthn.exe63⤵
- Executes dropped EXE
-
\??\c:\jjjpv.exec:\jjjpv.exe64⤵
- Executes dropped EXE
-
\??\c:\lrrrflr.exec:\lrrrflr.exe65⤵
- Executes dropped EXE
-
\??\c:\nhthbn.exec:\nhthbn.exe66⤵
-
\??\c:\tnhhhh.exec:\tnhhhh.exe67⤵
-
\??\c:\jddvj.exec:\jddvj.exe68⤵
-
\??\c:\3pjjv.exec:\3pjjv.exe69⤵
-
\??\c:\rrlrlxr.exec:\rrlrlxr.exe70⤵
-
\??\c:\tbbtbt.exec:\tbbtbt.exe71⤵
-
\??\c:\hhtnbh.exec:\hhtnbh.exe72⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe73⤵
-
\??\c:\lxxrrlf.exec:\lxxrrlf.exe74⤵
-
\??\c:\hhhthn.exec:\hhhthn.exe75⤵
-
\??\c:\3vjpd.exec:\3vjpd.exe76⤵
-
\??\c:\ffllrrx.exec:\ffllrrx.exe77⤵
-
\??\c:\fflrlrf.exec:\fflrlrf.exe78⤵
-
\??\c:\tbhnnt.exec:\tbhnnt.exe79⤵
-
\??\c:\tnbbbh.exec:\tnbbbh.exe80⤵
-
\??\c:\vvppj.exec:\vvppj.exe81⤵
-
\??\c:\lrlfffl.exec:\lrlfffl.exe82⤵
-
\??\c:\nbttnh.exec:\nbttnh.exe83⤵
-
\??\c:\nnhthb.exec:\nnhthb.exe84⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe85⤵
-
\??\c:\rxlrllx.exec:\rxlrllx.exe86⤵
-
\??\c:\7xrlxxf.exec:\7xrlxxf.exe87⤵
-
\??\c:\nnbhtn.exec:\nnbhtn.exe88⤵
-
\??\c:\pvpjj.exec:\pvpjj.exe89⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe90⤵
-
\??\c:\fxxrflx.exec:\fxxrflx.exe91⤵
-
\??\c:\bntttn.exec:\bntttn.exe92⤵
-
\??\c:\7ntthn.exec:\7ntthn.exe93⤵
-
\??\c:\vdjvv.exec:\vdjvv.exe94⤵
-
\??\c:\rxxxlrx.exec:\rxxxlrx.exe95⤵
-
\??\c:\1fflxfr.exec:\1fflxfr.exe96⤵
-
\??\c:\tnntnt.exec:\tnntnt.exe97⤵
-
\??\c:\jpjvd.exec:\jpjvd.exe98⤵
-
\??\c:\djdvp.exec:\djdvp.exe99⤵
-
\??\c:\llrfxlr.exec:\llrfxlr.exe100⤵
-
\??\c:\bhhbbn.exec:\bhhbbn.exe101⤵
-
\??\c:\7vjvp.exec:\7vjvp.exe102⤵
-
\??\c:\jpppd.exec:\jpppd.exe103⤵
-
\??\c:\fxrfxxx.exec:\fxrfxxx.exe104⤵
-
\??\c:\ntbbnt.exec:\ntbbnt.exe105⤵
-
\??\c:\1nntbh.exec:\1nntbh.exe106⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe107⤵
-
\??\c:\xrlxfxl.exec:\xrlxfxl.exe108⤵
-
\??\c:\nhtbth.exec:\nhtbth.exe109⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe110⤵
-
\??\c:\rxrlrff.exec:\rxrlrff.exe111⤵
-
\??\c:\nbnntt.exec:\nbnntt.exe112⤵
-
\??\c:\nntnnh.exec:\nntnnh.exe113⤵
-
\??\c:\djvvv.exec:\djvvv.exe114⤵
-
\??\c:\xrlfxxl.exec:\xrlfxxl.exe115⤵
-
\??\c:\tbnhnh.exec:\tbnhnh.exe116⤵
-
\??\c:\nthhnt.exec:\nthhnt.exe117⤵
-
\??\c:\9frfrlf.exec:\9frfrlf.exe118⤵
-
\??\c:\hhnnnb.exec:\hhnnnb.exe119⤵
-
\??\c:\nnhtht.exec:\nnhtht.exe120⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-