Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
16/05/2024, 11:41
General
-
Target
dd15ef43c26b6c0e658631e4be968ab0_NeikiAnalytics.exe
-
Size
80KB
-
MD5
dd15ef43c26b6c0e658631e4be968ab0
-
SHA1
41fcd6bb63dccca9bb394f4abb56f73f00c60911
-
SHA256
4b689434af9e52fd367b995d8866290e413b9c5efb1f3ce911a01d8237393ec4
-
SHA512
fe5b0122220bb85860232fc4ed878e5c72d2bf77fe2cc54a181d1f8aa2469971f1c8f565935916c53857bc5ac2e28d997c51206b2108fe9b63f2ad3ad4c0a932
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1gxm1S3PQ7CnPRKiir5Qw:ymb3NkkiQ3mdBjFoLkmx/g8ZKzQw
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dd15ef43c26b6c0e658631e4be968ab0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\dd15ef43c26b6c0e658631e4be968ab0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxxrlr.exec:\9lxxrlr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjv.exec:\vpjjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlflf.exec:\lrrlflf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbnn.exec:\nhbbnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djddj.exec:\djddj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfxfr.exec:\fxrfxfr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnnh.exec:\bttnnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdp.exec:\pjvdp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5frrflx.exec:\5frrflx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxfrfl.exec:\xlxfrfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhnht.exec:\5hhnht.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvdv.exec:\9jvdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlrxrr.exec:\lxlrxrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xxxllx.exec:\9xxxllx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnthht.exec:\bnthht.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvj.exec:\vvvvj.exe17⤵
- Executes dropped EXE
-
\??\c:\lfrxffl.exec:\lfrxffl.exe18⤵
- Executes dropped EXE
-
\??\c:\lflxlff.exec:\lflxlff.exe19⤵
- Executes dropped EXE
-
\??\c:\bbnthn.exec:\bbnthn.exe20⤵
- Executes dropped EXE
-
\??\c:\tthnbn.exec:\tthnbn.exe21⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe22⤵
- Executes dropped EXE
-
\??\c:\rrlrfrf.exec:\rrlrfrf.exe23⤵
- Executes dropped EXE
-
\??\c:\lffffrl.exec:\lffffrl.exe24⤵
- Executes dropped EXE
-
\??\c:\dpdvj.exec:\dpdvj.exe25⤵
- Executes dropped EXE
-
\??\c:\3pjjp.exec:\3pjjp.exe26⤵
- Executes dropped EXE
-
\??\c:\rlrfxfr.exec:\rlrfxfr.exe27⤵
- Executes dropped EXE
-
\??\c:\7htbhh.exec:\7htbhh.exe28⤵
- Executes dropped EXE
-
\??\c:\ddpjp.exec:\ddpjp.exe29⤵
- Executes dropped EXE
-
\??\c:\xrllrxx.exec:\xrllrxx.exe30⤵
- Executes dropped EXE
-
\??\c:\xfrfxfr.exec:\xfrfxfr.exe31⤵
- Executes dropped EXE
-
\??\c:\hhnnnn.exec:\hhnnnn.exe32⤵
- Executes dropped EXE
-
\??\c:\dpdjj.exec:\dpdjj.exe33⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe34⤵
- Executes dropped EXE
-
\??\c:\lfxxlrf.exec:\lfxxlrf.exe35⤵
- Executes dropped EXE
-
\??\c:\7bthnt.exec:\7bthnt.exe36⤵
- Executes dropped EXE
-
\??\c:\5nnttb.exec:\5nnttb.exe37⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe38⤵
- Executes dropped EXE
-
\??\c:\5vjpj.exec:\5vjpj.exe39⤵
- Executes dropped EXE
-
\??\c:\fxflxrf.exec:\fxflxrf.exe40⤵
- Executes dropped EXE
-
\??\c:\ffrxxxl.exec:\ffrxxxl.exe41⤵
- Executes dropped EXE
-
\??\c:\nnhnbh.exec:\nnhnbh.exe42⤵
- Executes dropped EXE
-
\??\c:\hbnntb.exec:\hbnntb.exe43⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe44⤵
- Executes dropped EXE
-
\??\c:\lrxlrxx.exec:\lrxlrxx.exe45⤵
- Executes dropped EXE
-
\??\c:\rfrxlrf.exec:\rfrxlrf.exe46⤵
- Executes dropped EXE
-
\??\c:\tnhtnb.exec:\tnhtnb.exe47⤵
- Executes dropped EXE
-
\??\c:\5tbntb.exec:\5tbntb.exe48⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe49⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe50⤵
- Executes dropped EXE
-
\??\c:\ffxlflx.exec:\ffxlflx.exe51⤵
- Executes dropped EXE
-
\??\c:\rlrxlxf.exec:\rlrxlxf.exe52⤵
- Executes dropped EXE
-
\??\c:\bbbhbh.exec:\bbbhbh.exe53⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe54⤵
- Executes dropped EXE
-
\??\c:\5pdjj.exec:\5pdjj.exe55⤵
- Executes dropped EXE
-
\??\c:\fxflxfx.exec:\fxflxfx.exe56⤵
- Executes dropped EXE
-
\??\c:\rlxlxfl.exec:\rlxlxfl.exe57⤵
- Executes dropped EXE
-
\??\c:\bnnthh.exec:\bnnthh.exe58⤵
- Executes dropped EXE
-
\??\c:\bbhhnt.exec:\bbhhnt.exe59⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe60⤵
- Executes dropped EXE
-
\??\c:\fxfllxx.exec:\fxfllxx.exe61⤵
- Executes dropped EXE
-
\??\c:\lxlrffx.exec:\lxlrffx.exe62⤵
- Executes dropped EXE
-
\??\c:\bntthh.exec:\bntthh.exe63⤵
- Executes dropped EXE
-
\??\c:\bbtbht.exec:\bbtbht.exe64⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe65⤵
- Executes dropped EXE
-
\??\c:\lffflrx.exec:\lffflrx.exe66⤵
-
\??\c:\9xrxrrl.exec:\9xrxrrl.exe67⤵
-
\??\c:\bbnbhh.exec:\bbnbhh.exe68⤵
-
\??\c:\hhbtbh.exec:\hhbtbh.exe69⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe70⤵
-
\??\c:\vdvpv.exec:\vdvpv.exe71⤵
-
\??\c:\rfxxrrr.exec:\rfxxrrr.exe72⤵
-
\??\c:\rfflxfx.exec:\rfflxfx.exe73⤵
-
\??\c:\1hhntb.exec:\1hhntb.exe74⤵
-
\??\c:\hnnntn.exec:\hnnntn.exe75⤵
-
\??\c:\vpppd.exec:\vpppd.exe76⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe77⤵
-
\??\c:\fxlrrrx.exec:\fxlrrrx.exe78⤵
-
\??\c:\frrllfr.exec:\frrllfr.exe79⤵
-
\??\c:\bnhthn.exec:\bnhthn.exe80⤵
-
\??\c:\9httbb.exec:\9httbb.exe81⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe82⤵
-
\??\c:\xlrlfxx.exec:\xlrlfxx.exe83⤵
-
\??\c:\fxrfrrf.exec:\fxrfrrf.exe84⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe85⤵
-
\??\c:\1bthbn.exec:\1bthbn.exe86⤵
-
\??\c:\vpddp.exec:\vpddp.exe87⤵
-
\??\c:\7djvj.exec:\7djvj.exe88⤵
-
\??\c:\lfrrxxx.exec:\lfrrxxx.exe89⤵
-
\??\c:\hbttbh.exec:\hbttbh.exe90⤵
-
\??\c:\nbhntt.exec:\nbhntt.exe91⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe92⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe93⤵
-
\??\c:\xxrrrxl.exec:\xxrrrxl.exe94⤵
-
\??\c:\rxrlrfl.exec:\rxrlrfl.exe95⤵
-
\??\c:\7tbhtb.exec:\7tbhtb.exe96⤵
-
\??\c:\nntbnn.exec:\nntbnn.exe97⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe98⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe99⤵
-
\??\c:\rxlrxfl.exec:\rxlrxfl.exe100⤵
-
\??\c:\lxlrllr.exec:\lxlrllr.exe101⤵
-
\??\c:\3hnnbb.exec:\3hnnbb.exe102⤵
-
\??\c:\9dvvj.exec:\9dvvj.exe103⤵
-
\??\c:\djpjv.exec:\djpjv.exe104⤵
-
\??\c:\xrffrfl.exec:\xrffrfl.exe105⤵
-
\??\c:\9rlrflr.exec:\9rlrflr.exe106⤵
-
\??\c:\nhbthn.exec:\nhbthn.exe107⤵
-
\??\c:\jjdpv.exec:\jjdpv.exe108⤵
-
\??\c:\dpdjd.exec:\dpdjd.exe109⤵
-
\??\c:\lxxrrxf.exec:\lxxrrxf.exe110⤵
-
\??\c:\hnthhn.exec:\hnthhn.exe111⤵
-
\??\c:\nbhtth.exec:\nbhtth.exe112⤵
-
\??\c:\3vdjv.exec:\3vdjv.exe113⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe114⤵
-
\??\c:\1ffffrf.exec:\1ffffrf.exe115⤵
-
\??\c:\rfrxxxf.exec:\rfrxxxf.exe116⤵
-
\??\c:\hbnhth.exec:\hbnhth.exe117⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe118⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe119⤵
-
\??\c:\rlfxlrx.exec:\rlfxlrx.exe120⤵
-
\??\c:\1rrfllr.exec:\1rrfllr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-