Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16/05/2024, 17:58
General
-
Target
06f88265a733f75cedcaeb50850c8d90_NeikiAnalytics.exe
-
Size
146KB
-
MD5
06f88265a733f75cedcaeb50850c8d90
-
SHA1
13f968519506945875652a3de8a4faaf0d3bb3e3
-
SHA256
6ceeee70db37f7108b06b1065dbd0d99fd4120d1972f50654c2486f8cf148f27
-
SHA512
bf83b9e2c34a0df32c97a5f66b41b3523c8cf9209a5b2ad0924112413aeb8820b0a0083251c8eed5afd2afe1ca933cb59c815a6e523a65b4fd6b7e6bbec90d08
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp9gFbctg0IyAyhZvjDUOy/nmPmT9seH:n3C9BRo7tvnJ9oH0IRgZvjDhy+PmxseH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\06f88265a733f75cedcaeb50850c8d90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\06f88265a733f75cedcaeb50850c8d90_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffrxx.exec:\xrffrxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnnt.exec:\hthnnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ddvv.exec:\5ddvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrrrrf.exec:\lrrrrrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtttb.exec:\hbtttb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhtn.exec:\tthhtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrxrr.exec:\frlrxrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnnt.exec:\bbnnnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppjj.exec:\5ppjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbntbb.exec:\tbntbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjj.exec:\vdjjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxxxx.exec:\rrfxxxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thhhh.exec:\5thhhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5djdd.exec:\5djdd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrrlr.exec:\rlxrrlr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnhh.exec:\hnnnhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvv.exec:\ddvvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxfff.exec:\lxlxfff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddj.exec:\dvddj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjd.exec:\pdjjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrrrr.exec:\rllrrrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnnh.exec:\tntnnh.exe23⤵
- Executes dropped EXE
-
\??\c:\ppppd.exec:\ppppd.exe24⤵
- Executes dropped EXE
-
\??\c:\xxfllxr.exec:\xxfllxr.exe25⤵
- Executes dropped EXE
-
\??\c:\7htntb.exec:\7htntb.exe26⤵
- Executes dropped EXE
-
\??\c:\jjjdp.exec:\jjjdp.exe27⤵
- Executes dropped EXE
-
\??\c:\3rxrlff.exec:\3rxrlff.exe28⤵
- Executes dropped EXE
-
\??\c:\hbttbh.exec:\hbttbh.exe29⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe30⤵
- Executes dropped EXE
-
\??\c:\rfrlfll.exec:\rfrlfll.exe31⤵
- Executes dropped EXE
-
\??\c:\3bbttt.exec:\3bbttt.exe32⤵
- Executes dropped EXE
-
\??\c:\tththt.exec:\tththt.exe33⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe34⤵
- Executes dropped EXE
-
\??\c:\3ffxxxr.exec:\3ffxxxr.exe35⤵
- Executes dropped EXE
-
\??\c:\lfflflf.exec:\lfflflf.exe36⤵
- Executes dropped EXE
-
\??\c:\hnhnbt.exec:\hnhnbt.exe37⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe38⤵
-
\??\c:\rlffxff.exec:\rlffxff.exe39⤵
- Executes dropped EXE
-
\??\c:\lflllrr.exec:\lflllrr.exe40⤵
- Executes dropped EXE
-
\??\c:\hbttbh.exec:\hbttbh.exe41⤵
- Executes dropped EXE
-
\??\c:\jpvdd.exec:\jpvdd.exe42⤵
- Executes dropped EXE
-
\??\c:\5pjjj.exec:\5pjjj.exe43⤵
- Executes dropped EXE
-
\??\c:\xrlrrrr.exec:\xrlrrrr.exe44⤵
- Executes dropped EXE
-
\??\c:\5rlllrr.exec:\5rlllrr.exe45⤵
- Executes dropped EXE
-
\??\c:\5tbbhn.exec:\5tbbhn.exe46⤵
- Executes dropped EXE
-
\??\c:\hhnhhn.exec:\hhnhhn.exe47⤵
- Executes dropped EXE
-
\??\c:\ppdjj.exec:\ppdjj.exe48⤵
- Executes dropped EXE
-
\??\c:\3dpjj.exec:\3dpjj.exe49⤵
- Executes dropped EXE
-
\??\c:\1rfffll.exec:\1rfffll.exe50⤵
- Executes dropped EXE
-
\??\c:\bthhhn.exec:\bthhhn.exe51⤵
- Executes dropped EXE
-
\??\c:\ttbbbh.exec:\ttbbbh.exe52⤵
- Executes dropped EXE
-
\??\c:\9jdpv.exec:\9jdpv.exe53⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe54⤵
- Executes dropped EXE
-
\??\c:\lfxrrff.exec:\lfxrrff.exe55⤵
- Executes dropped EXE
-
\??\c:\xrrrffx.exec:\xrrrffx.exe56⤵
- Executes dropped EXE
-
\??\c:\hbhbhh.exec:\hbhbhh.exe57⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe58⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe59⤵
- Executes dropped EXE
-
\??\c:\ffllfll.exec:\ffllfll.exe60⤵
- Executes dropped EXE
-
\??\c:\xlxxrxx.exec:\xlxxrxx.exe61⤵
- Executes dropped EXE
-
\??\c:\nhbhtt.exec:\nhbhtt.exe62⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe63⤵
- Executes dropped EXE
-
\??\c:\9xffflf.exec:\9xffflf.exe64⤵
- Executes dropped EXE
-
\??\c:\hhttnn.exec:\hhttnn.exe65⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe66⤵
- Executes dropped EXE
-
\??\c:\jpvjd.exec:\jpvjd.exe67⤵
-
\??\c:\lflfxrl.exec:\lflfxrl.exe68⤵
-
\??\c:\3lxxxfl.exec:\3lxxxfl.exe69⤵
-
\??\c:\tbtbtb.exec:\tbtbtb.exe70⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe71⤵
-
\??\c:\rllxxxf.exec:\rllxxxf.exe72⤵
-
\??\c:\thbhnn.exec:\thbhnn.exe73⤵
-
\??\c:\dvddv.exec:\dvddv.exe74⤵
-
\??\c:\1lrxxlr.exec:\1lrxxlr.exe75⤵
-
\??\c:\thbhbh.exec:\thbhbh.exe76⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe77⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe78⤵
-
\??\c:\5flffff.exec:\5flffff.exe79⤵
-
\??\c:\lxflrxx.exec:\lxflrxx.exe80⤵
-
\??\c:\nhthhh.exec:\nhthhh.exe81⤵
-
\??\c:\bnntnt.exec:\bnntnt.exe82⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe83⤵
-
\??\c:\xrflrlr.exec:\xrflrlr.exe84⤵
-
\??\c:\xrfffff.exec:\xrfffff.exe85⤵
-
\??\c:\hbnnnt.exec:\hbnnnt.exe86⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe87⤵
-
\??\c:\9frxxfx.exec:\9frxxfx.exe88⤵
-
\??\c:\xfffflr.exec:\xfffflr.exe89⤵
-
\??\c:\tbbbbh.exec:\tbbbbh.exe90⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe91⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe92⤵
-
\??\c:\djjpp.exec:\djjpp.exe93⤵
-
\??\c:\xrxffll.exec:\xrxffll.exe94⤵
-
\??\c:\lxrxflf.exec:\lxrxflf.exe95⤵
-
\??\c:\bbbthh.exec:\bbbthh.exe96⤵
-
\??\c:\hhttbh.exec:\hhttbh.exe97⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe98⤵
-
\??\c:\5pvvp.exec:\5pvvp.exe99⤵
-
\??\c:\3fllrrr.exec:\3fllrrr.exe100⤵
-
\??\c:\tthnnn.exec:\tthnnn.exe101⤵
-
\??\c:\7tbbhn.exec:\7tbbhn.exe102⤵
-
\??\c:\jpdjp.exec:\jpdjp.exe103⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe104⤵
-
\??\c:\xxxxflr.exec:\xxxxflr.exe105⤵
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe106⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe107⤵
-
\??\c:\5hhnhn.exec:\5hhnhn.exe108⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe109⤵
-
\??\c:\xrrxxff.exec:\xrrxxff.exe110⤵
-
\??\c:\rrxflrx.exec:\rrxflrx.exe111⤵
-
\??\c:\hhtttb.exec:\hhtttb.exe112⤵
-
\??\c:\tntbhh.exec:\tntbhh.exe113⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe114⤵
-
\??\c:\fxxrlll.exec:\fxxrlll.exe115⤵
-
\??\c:\rfxrlrl.exec:\rfxrlrl.exe116⤵
-
\??\c:\hhttbh.exec:\hhttbh.exe117⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe118⤵
-
\??\c:\hhthnt.exec:\hhthnt.exe119⤵
-
\??\c:\vjppj.exec:\vjppj.exe120⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-