Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
17/05/2024, 00:43
General
-
Target
6c1381517c4540ec3eea864fefd62100_NeikiAnalytics.exe
-
Size
67KB
-
MD5
6c1381517c4540ec3eea864fefd62100
-
SHA1
a7fc3cd1ddc597df3425f06e82896a93b136e57b
-
SHA256
9110b671c34043162139d93d7954e811e3fc4e2ae41dd07b29591e750af8d6c8
-
SHA512
ce9fb1b26cd64381a9f45ff1bbf888ac082cad631143fac8384ef709f19159ca02a56e2a56a0b56cf57fea484500ad90532f2196441ce590713f9a301d841570
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZF:ymb3NkkiQ3mdBjF0yUmr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6c1381517c4540ec3eea864fefd62100_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6c1381517c4540ec3eea864fefd62100_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtnhh.exec:\bhtnhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvjd.exec:\pdvjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdp.exec:\vvpdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxff.exec:\rfffxff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbhb.exec:\bntbhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbnb.exec:\nhhbnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpd.exec:\dvdpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrlf.exec:\fxfxrlf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflrllf.exec:\xflrllf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjd.exec:\vjjjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvp.exec:\dvdvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrffxf.exec:\xlrffxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbhtt.exec:\ttbhtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vddj.exec:\7vddj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvj.exec:\ppdvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrrlrr.exec:\rxrrlrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtttt.exec:\hbtttt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddv.exec:\jdddv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlffx.exec:\lfrlffx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfllff.exec:\rxfllff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbnbb.exec:\nbbnbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjv.exec:\pjjjv.exe23⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe24⤵
- Executes dropped EXE
-
\??\c:\xlffrrl.exec:\xlffrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\3bhbtn.exec:\3bhbtn.exe26⤵
- Executes dropped EXE
-
\??\c:\tbtnhb.exec:\tbtnhb.exe27⤵
- Executes dropped EXE
-
\??\c:\xrxrrlr.exec:\xrxrrlr.exe28⤵
- Executes dropped EXE
-
\??\c:\xrfffll.exec:\xrfffll.exe29⤵
- Executes dropped EXE
-
\??\c:\hbhbtt.exec:\hbhbtt.exe30⤵
- Executes dropped EXE
-
\??\c:\tnnbtn.exec:\tnnbtn.exe31⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe32⤵
- Executes dropped EXE
-
\??\c:\lxlfxff.exec:\lxlfxff.exe33⤵
- Executes dropped EXE
-
\??\c:\hbhbbh.exec:\hbhbbh.exe34⤵
- Executes dropped EXE
-
\??\c:\btttnn.exec:\btttnn.exe35⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe36⤵
- Executes dropped EXE
-
\??\c:\xflfffx.exec:\xflfffx.exe37⤵
- Executes dropped EXE
-
\??\c:\lfllrff.exec:\lfllrff.exe38⤵
- Executes dropped EXE
-
\??\c:\nhhtth.exec:\nhhtth.exe39⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe40⤵
- Executes dropped EXE
-
\??\c:\9jjdv.exec:\9jjdv.exe41⤵
- Executes dropped EXE
-
\??\c:\frrlxrf.exec:\frrlxrf.exe42⤵
- Executes dropped EXE
-
\??\c:\1lffxxr.exec:\1lffxxr.exe43⤵
- Executes dropped EXE
-
\??\c:\5bhhhn.exec:\5bhhhn.exe44⤵
- Executes dropped EXE
-
\??\c:\jppjv.exec:\jppjv.exe45⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe46⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe47⤵
- Executes dropped EXE
-
\??\c:\fxfrxrx.exec:\fxfrxrx.exe48⤵
- Executes dropped EXE
-
\??\c:\9llfxxx.exec:\9llfxxx.exe49⤵
- Executes dropped EXE
-
\??\c:\5htttn.exec:\5htttn.exe50⤵
- Executes dropped EXE
-
\??\c:\dvdvj.exec:\dvdvj.exe51⤵
- Executes dropped EXE
-
\??\c:\dvdpp.exec:\dvdpp.exe52⤵
- Executes dropped EXE
-
\??\c:\rflfxxx.exec:\rflfxxx.exe53⤵
- Executes dropped EXE
-
\??\c:\9lrlllf.exec:\9lrlllf.exe54⤵
- Executes dropped EXE
-
\??\c:\5bbbtn.exec:\5bbbtn.exe55⤵
- Executes dropped EXE
-
\??\c:\5ddpj.exec:\5ddpj.exe56⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe57⤵
- Executes dropped EXE
-
\??\c:\9frlffl.exec:\9frlffl.exe58⤵
- Executes dropped EXE
-
\??\c:\9lrlfxx.exec:\9lrlfxx.exe59⤵
- Executes dropped EXE
-
\??\c:\htttnh.exec:\htttnh.exe60⤵
- Executes dropped EXE
-
\??\c:\tnhhhh.exec:\tnhhhh.exe61⤵
- Executes dropped EXE
-
\??\c:\jvvpv.exec:\jvvpv.exe62⤵
- Executes dropped EXE
-
\??\c:\1jppj.exec:\1jppj.exe63⤵
- Executes dropped EXE
-
\??\c:\rllfxxx.exec:\rllfxxx.exe64⤵
- Executes dropped EXE
-
\??\c:\lfflflf.exec:\lfflflf.exe65⤵
- Executes dropped EXE
-
\??\c:\7nnhtt.exec:\7nnhtt.exe66⤵
-
\??\c:\ttnnnn.exec:\ttnnnn.exe67⤵
-
\??\c:\vppjv.exec:\vppjv.exe68⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe69⤵
-
\??\c:\frrlffx.exec:\frrlffx.exe70⤵
-
\??\c:\7xfrrrx.exec:\7xfrrrx.exe71⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe72⤵
-
\??\c:\3bnhtt.exec:\3bnhtt.exe73⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe74⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe75⤵
-
\??\c:\lflllfr.exec:\lflllfr.exe76⤵
-
\??\c:\1hnttb.exec:\1hnttb.exe77⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe78⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe79⤵
-
\??\c:\lxffxff.exec:\lxffxff.exe80⤵
-
\??\c:\tnnhhb.exec:\tnnhhb.exe81⤵
-
\??\c:\1nttbb.exec:\1nttbb.exe82⤵
-
\??\c:\djppp.exec:\djppp.exe83⤵
-
\??\c:\rxxrllf.exec:\rxxrllf.exe84⤵
-
\??\c:\frxxxxx.exec:\frxxxxx.exe85⤵
-
\??\c:\7tttnn.exec:\7tttnn.exe86⤵
-
\??\c:\djvvd.exec:\djvvd.exe87⤵
-
\??\c:\xrfrxxl.exec:\xrfrxxl.exe88⤵
-
\??\c:\9bbbtt.exec:\9bbbtt.exe89⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe90⤵
-
\??\c:\xxflffl.exec:\xxflffl.exe91⤵
-
\??\c:\thnntn.exec:\thnntn.exe92⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe93⤵
-
\??\c:\lrlxrlf.exec:\lrlxrlf.exe94⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe95⤵
-
\??\c:\djjvp.exec:\djjvp.exe96⤵
-
\??\c:\jpddd.exec:\jpddd.exe97⤵
-
\??\c:\flrlfxr.exec:\flrlfxr.exe98⤵
-
\??\c:\tnhhbn.exec:\tnhhbn.exe99⤵
-
\??\c:\3jvpj.exec:\3jvpj.exe100⤵
-
\??\c:\xrlfffx.exec:\xrlfffx.exe101⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe102⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe103⤵
-
\??\c:\rffrlfx.exec:\rffrlfx.exe104⤵
-
\??\c:\xrrrlfx.exec:\xrrrlfx.exe105⤵
-
\??\c:\tbhbbb.exec:\tbhbbb.exe106⤵
-
\??\c:\1tbbtt.exec:\1tbbtt.exe107⤵
-
\??\c:\3djpv.exec:\3djpv.exe108⤵
-
\??\c:\pdjvv.exec:\pdjvv.exe109⤵
-
\??\c:\xlffrrx.exec:\xlffrrx.exe110⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe111⤵
-
\??\c:\9jpdv.exec:\9jpdv.exe112⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe113⤵
-
\??\c:\lxxrrrr.exec:\lxxrrrr.exe114⤵
-
\??\c:\ffrlffr.exec:\ffrlffr.exe115⤵
-
\??\c:\nnnbth.exec:\nnnbth.exe116⤵
-
\??\c:\5hhhbb.exec:\5hhhbb.exe117⤵
-
\??\c:\jpdpd.exec:\jpdpd.exe118⤵
-
\??\c:\xlrlxrl.exec:\xlrlxrl.exe119⤵
-
\??\c:\lrffxrl.exec:\lrffxrl.exe120⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-