Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
17/05/2024, 11:43
General
-
Target
eb0d5802013db668be9c89585d10f940_NeikiAnalytics.exe
-
Size
61KB
-
MD5
eb0d5802013db668be9c89585d10f940
-
SHA1
ab80ad62580d795cbfe08bc46158f25f975f83dd
-
SHA256
814fad9d538970814edfab2489098ad61ed10fcec27b3208155226cbf7f6fd58
-
SHA512
19b7952b33fa5da56434838994902948886e0b879547cfd9e3b501a756da7fd580db039501fb81f1f545463f5b1af8551a5d4365991ca4c06143b721e396d5db
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIug6b+:ymb3NkkiQ3mdBjFIugR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\eb0d5802013db668be9c89585d10f940_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\eb0d5802013db668be9c89585d10f940_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lnttvp.exec:\lnttvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\njnnrh.exec:\njnnrh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prxxlr.exec:\prxxlr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddbvbbr.exec:\ddbvbbr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bfhpv.exec:\bfhpv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nlxrj.exec:\nlxrj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vbvvh.exec:\vbvvh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fhtlp.exec:\fhtlp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vnpnl.exec:\vnpnl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjxrpht.exec:\hjxrpht.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfvpx.exec:\rfvpx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phfpphf.exec:\phfpphf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhvppv.exec:\lhvppv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\njtxp.exec:\njtxp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbthxdl.exec:\rbthxdl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pnrjxb.exec:\pnrjxb.exe17⤵
- Executes dropped EXE
-
\??\c:\hhfln.exec:\hhfln.exe18⤵
- Executes dropped EXE
-
\??\c:\jjrhtp.exec:\jjrhtp.exe19⤵
- Executes dropped EXE
-
\??\c:\nhfvlpt.exec:\nhfvlpt.exe20⤵
- Executes dropped EXE
-
\??\c:\jrlxbbn.exec:\jrlxbbn.exe21⤵
- Executes dropped EXE
-
\??\c:\rrttdr.exec:\rrttdr.exe22⤵
- Executes dropped EXE
-
\??\c:\xrjxbrv.exec:\xrjxbrv.exe23⤵
- Executes dropped EXE
-
\??\c:\jpvntx.exec:\jpvntx.exe24⤵
- Executes dropped EXE
-
\??\c:\fpjjj.exec:\fpjjj.exe25⤵
- Executes dropped EXE
-
\??\c:\jxbhbhr.exec:\jxbhbhr.exe26⤵
- Executes dropped EXE
-
\??\c:\drfrfd.exec:\drfrfd.exe27⤵
- Executes dropped EXE
-
\??\c:\tbnrrr.exec:\tbnrrr.exe28⤵
- Executes dropped EXE
-
\??\c:\pbnxbrx.exec:\pbnxbrx.exe29⤵
- Executes dropped EXE
-
\??\c:\rpnrfph.exec:\rpnrfph.exe30⤵
- Executes dropped EXE
-
\??\c:\nvxnf.exec:\nvxnf.exe31⤵
- Executes dropped EXE
-
\??\c:\nbpjpbt.exec:\nbpjpbt.exe32⤵
- Executes dropped EXE
-
\??\c:\rnxrdvx.exec:\rnxrdvx.exe33⤵
- Executes dropped EXE
-
\??\c:\nbxttp.exec:\nbxttp.exe34⤵
- Executes dropped EXE
-
\??\c:\hxfhbph.exec:\hxfhbph.exe35⤵
- Executes dropped EXE
-
\??\c:\ptdphjh.exec:\ptdphjh.exe36⤵
- Executes dropped EXE
-
\??\c:\pjxrjd.exec:\pjxrjd.exe37⤵
- Executes dropped EXE
-
\??\c:\ddffv.exec:\ddffv.exe38⤵
- Executes dropped EXE
-
\??\c:\vnxfxjf.exec:\vnxfxjf.exe39⤵
- Executes dropped EXE
-
\??\c:\ppxtf.exec:\ppxtf.exe40⤵
- Executes dropped EXE
-
\??\c:\xrdbhr.exec:\xrdbhr.exe41⤵
- Executes dropped EXE
-
\??\c:\hvtxjvn.exec:\hvtxjvn.exe42⤵
- Executes dropped EXE
-
\??\c:\drrjnnx.exec:\drrjnnx.exe43⤵
- Executes dropped EXE
-
\??\c:\jfhpj.exec:\jfhpj.exe44⤵
- Executes dropped EXE
-
\??\c:\bvjxpv.exec:\bvjxpv.exe45⤵
- Executes dropped EXE
-
\??\c:\lbjhp.exec:\lbjhp.exe46⤵
- Executes dropped EXE
-
\??\c:\rlndpp.exec:\rlndpp.exe47⤵
- Executes dropped EXE
-
\??\c:\jxvxpb.exec:\jxvxpb.exe48⤵
- Executes dropped EXE
-
\??\c:\rpjrpd.exec:\rpjrpd.exe49⤵
- Executes dropped EXE
-
\??\c:\xdlnhld.exec:\xdlnhld.exe50⤵
- Executes dropped EXE
-
\??\c:\rtxhl.exec:\rtxhl.exe51⤵
- Executes dropped EXE
-
\??\c:\hxrxtt.exec:\hxrxtt.exe52⤵
- Executes dropped EXE
-
\??\c:\xjpxb.exec:\xjpxb.exe53⤵
- Executes dropped EXE
-
\??\c:\bpnxtf.exec:\bpnxtf.exe54⤵
- Executes dropped EXE
-
\??\c:\blvtff.exec:\blvtff.exe55⤵
- Executes dropped EXE
-
\??\c:\drjvfl.exec:\drjvfl.exe56⤵
- Executes dropped EXE
-
\??\c:\jxnthdp.exec:\jxnthdp.exe57⤵
- Executes dropped EXE
-
\??\c:\tjphbbj.exec:\tjphbbj.exe58⤵
- Executes dropped EXE
-
\??\c:\vhdxvl.exec:\vhdxvl.exe59⤵
- Executes dropped EXE
-
\??\c:\dnbftht.exec:\dnbftht.exe60⤵
- Executes dropped EXE
-
\??\c:\bfvbjt.exec:\bfvbjt.exe61⤵
- Executes dropped EXE
-
\??\c:\nxxbvn.exec:\nxxbvn.exe62⤵
- Executes dropped EXE
-
\??\c:\tjpxxd.exec:\tjpxxd.exe63⤵
- Executes dropped EXE
-
\??\c:\fljrvpt.exec:\fljrvpt.exe64⤵
- Executes dropped EXE
-
\??\c:\hlrvx.exec:\hlrvx.exe65⤵
- Executes dropped EXE
-
\??\c:\pfxfb.exec:\pfxfb.exe66⤵
-
\??\c:\jpphlrp.exec:\jpphlrp.exe67⤵
-
\??\c:\brprbp.exec:\brprbp.exe68⤵
-
\??\c:\rjtvvvb.exec:\rjtvvvb.exe69⤵
-
\??\c:\ltlbp.exec:\ltlbp.exe70⤵
-
\??\c:\vthbpbh.exec:\vthbpbh.exe71⤵
-
\??\c:\dxnnh.exec:\dxnnh.exe72⤵
-
\??\c:\lblbl.exec:\lblbl.exe73⤵
-
\??\c:\fdtbppl.exec:\fdtbppl.exe74⤵
-
\??\c:\ljbbxr.exec:\ljbbxr.exe75⤵
-
\??\c:\prhlvh.exec:\prhlvh.exe76⤵
-
\??\c:\hvlpdd.exec:\hvlpdd.exe77⤵
-
\??\c:\rxfxrj.exec:\rxfxrj.exe78⤵
-
\??\c:\btvjr.exec:\btvjr.exe79⤵
-
\??\c:\vrlntb.exec:\vrlntb.exe80⤵
-
\??\c:\bfrtvd.exec:\bfrtvd.exe81⤵
-
\??\c:\nrfpd.exec:\nrfpd.exe82⤵
-
\??\c:\vrlrljh.exec:\vrlrljh.exe83⤵
-
\??\c:\xnxfr.exec:\xnxfr.exe84⤵
-
\??\c:\bvhfl.exec:\bvhfl.exe85⤵
-
\??\c:\lvjjp.exec:\lvjjp.exe86⤵
-
\??\c:\jfvbtnd.exec:\jfvbtnd.exe87⤵
-
\??\c:\dvphlfv.exec:\dvphlfv.exe88⤵
-
\??\c:\pjdjfvj.exec:\pjdjfvj.exe89⤵
-
\??\c:\xlrvd.exec:\xlrvd.exe90⤵
-
\??\c:\xvpjrlv.exec:\xvpjrlv.exe91⤵
-
\??\c:\rvvxlfn.exec:\rvvxlfn.exe92⤵
-
\??\c:\thhnhp.exec:\thhnhp.exe93⤵
-
\??\c:\hndfh.exec:\hndfh.exe94⤵
-
\??\c:\rbbjjx.exec:\rbbjjx.exe95⤵
-
\??\c:\brhbb.exec:\brhbb.exe96⤵
-
\??\c:\fdhjjjj.exec:\fdhjjjj.exe97⤵
-
\??\c:\btpvrl.exec:\btpvrl.exe98⤵
-
\??\c:\rvpdt.exec:\rvpdt.exe99⤵
-
\??\c:\xtrpb.exec:\xtrpb.exe100⤵
-
\??\c:\vprhrp.exec:\vprhrp.exe101⤵
-
\??\c:\jvbppj.exec:\jvbppj.exe102⤵
-
\??\c:\vvvjrvj.exec:\vvvjrvj.exe103⤵
-
\??\c:\hppnjl.exec:\hppnjl.exe104⤵
-
\??\c:\brjpbbr.exec:\brjpbbr.exe105⤵
-
\??\c:\bpdrbn.exec:\bpdrbn.exe106⤵
-
\??\c:\pttxvrl.exec:\pttxvrl.exe107⤵
-
\??\c:\xtdlv.exec:\xtdlv.exe108⤵
-
\??\c:\jfdhddn.exec:\jfdhddn.exe109⤵
-
\??\c:\ddrdr.exec:\ddrdr.exe110⤵
-
\??\c:\prlvdhl.exec:\prlvdhl.exe111⤵
-
\??\c:\jlldn.exec:\jlldn.exe112⤵
-
\??\c:\trvlxr.exec:\trvlxr.exe113⤵
-
\??\c:\bxndhp.exec:\bxndhp.exe114⤵
-
\??\c:\rxvhnf.exec:\rxvhnf.exe115⤵
-
\??\c:\jhrxj.exec:\jhrxj.exe116⤵
-
\??\c:\pbbxxth.exec:\pbbxxth.exe117⤵
-
\??\c:\fjvlbv.exec:\fjvlbv.exe118⤵
-
\??\c:\nptvt.exec:\nptvt.exe119⤵
-
\??\c:\tntrpxf.exec:\tntrpxf.exe120⤵
-
\??\c:\xlnthr.exec:\xlnthr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-