Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
17/05/2024, 11:43
General
-
Target
eb0d5802013db668be9c89585d10f940_NeikiAnalytics.exe
-
Size
61KB
-
MD5
eb0d5802013db668be9c89585d10f940
-
SHA1
ab80ad62580d795cbfe08bc46158f25f975f83dd
-
SHA256
814fad9d538970814edfab2489098ad61ed10fcec27b3208155226cbf7f6fd58
-
SHA512
19b7952b33fa5da56434838994902948886e0b879547cfd9e3b501a756da7fd580db039501fb81f1f545463f5b1af8551a5d4365991ca4c06143b721e396d5db
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIug6b+:ymb3NkkiQ3mdBjFIugR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\eb0d5802013db668be9c89585d10f940_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\eb0d5802013db668be9c89585d10f940_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjj.exec:\vpdjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfrlf.exec:\fxrfrlf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntttn.exec:\tntttn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnhtt.exec:\5hnhtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpd.exec:\jdvpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppd.exec:\vvppd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlfllx.exec:\xxlfllx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbtb.exec:\nbnbtb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdvd.exec:\1jdvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxlfxr.exec:\7lxlfxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhtn.exec:\hbnhtn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jjdd.exec:\7jjdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddp.exec:\vdddp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxlff.exec:\lffxlff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlxrl.exec:\lrrlxrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbnbb.exec:\1bbnbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvp.exec:\pjvvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxrfxl.exec:\xfxrfxl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxxrx.exec:\fxfxxrx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhtt.exec:\bnnhtt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxrxrf.exec:\5lxrxrf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvp.exec:\pjjvp.exe23⤵
- Executes dropped EXE
-
\??\c:\lrxrfxl.exec:\lrxrfxl.exe24⤵
- Executes dropped EXE
-
\??\c:\lflflff.exec:\lflflff.exe25⤵
- Executes dropped EXE
-
\??\c:\1bhttn.exec:\1bhttn.exe26⤵
- Executes dropped EXE
-
\??\c:\3dvjd.exec:\3dvjd.exe27⤵
- Executes dropped EXE
-
\??\c:\1jdpd.exec:\1jdpd.exe28⤵
- Executes dropped EXE
-
\??\c:\xllfrlf.exec:\xllfrlf.exe29⤵
- Executes dropped EXE
-
\??\c:\5rfxlfx.exec:\5rfxlfx.exe30⤵
- Executes dropped EXE
-
\??\c:\hnnhbb.exec:\hnnhbb.exe31⤵
- Executes dropped EXE
-
\??\c:\vdddj.exec:\vdddj.exe32⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe33⤵
- Executes dropped EXE
-
\??\c:\ffxrxxx.exec:\ffxrxxx.exe34⤵
- Executes dropped EXE
-
\??\c:\3xrrlff.exec:\3xrrlff.exe35⤵
- Executes dropped EXE
-
\??\c:\bttbtn.exec:\bttbtn.exe36⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe37⤵
- Executes dropped EXE
-
\??\c:\1jpjj.exec:\1jpjj.exe38⤵
- Executes dropped EXE
-
\??\c:\7lffrll.exec:\7lffrll.exe39⤵
- Executes dropped EXE
-
\??\c:\xlrlrlx.exec:\xlrlrlx.exe40⤵
- Executes dropped EXE
-
\??\c:\tthtth.exec:\tthtth.exe41⤵
- Executes dropped EXE
-
\??\c:\bnthtt.exec:\bnthtt.exe42⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe43⤵
- Executes dropped EXE
-
\??\c:\frrrlrf.exec:\frrrlrf.exe44⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe45⤵
- Executes dropped EXE
-
\??\c:\hhttth.exec:\hhttth.exe46⤵
- Executes dropped EXE
-
\??\c:\pvdvj.exec:\pvdvj.exe47⤵
- Executes dropped EXE
-
\??\c:\rlflxfl.exec:\rlflxfl.exe48⤵
- Executes dropped EXE
-
\??\c:\lflffff.exec:\lflffff.exe49⤵
- Executes dropped EXE
-
\??\c:\btnbbb.exec:\btnbbb.exe50⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe51⤵
- Executes dropped EXE
-
\??\c:\1ddvj.exec:\1ddvj.exe52⤵
- Executes dropped EXE
-
\??\c:\rrlfrrl.exec:\rrlfrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\1nbbnb.exec:\1nbbnb.exe54⤵
- Executes dropped EXE
-
\??\c:\7jdvj.exec:\7jdvj.exe55⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe56⤵
- Executes dropped EXE
-
\??\c:\fflfrlf.exec:\fflfrlf.exe57⤵
- Executes dropped EXE
-
\??\c:\tbbhnb.exec:\tbbhnb.exe58⤵
- Executes dropped EXE
-
\??\c:\pvvjv.exec:\pvvjv.exe59⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe60⤵
- Executes dropped EXE
-
\??\c:\lxfrxlf.exec:\lxfrxlf.exe61⤵
- Executes dropped EXE
-
\??\c:\5ffxrll.exec:\5ffxrll.exe62⤵
- Executes dropped EXE
-
\??\c:\frlxrlf.exec:\frlxrlf.exe63⤵
- Executes dropped EXE
-
\??\c:\bhhbtt.exec:\bhhbtt.exe64⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe65⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe66⤵
-
\??\c:\rffxlfx.exec:\rffxlfx.exe67⤵
-
\??\c:\rrxrlfr.exec:\rrxrlfr.exe68⤵
-
\??\c:\thntnn.exec:\thntnn.exe69⤵
-
\??\c:\hnthht.exec:\hnthht.exe70⤵
-
\??\c:\5dvdp.exec:\5dvdp.exe71⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe72⤵
-
\??\c:\xffrxxl.exec:\xffrxxl.exe73⤵
-
\??\c:\xxxxrrx.exec:\xxxxrrx.exe74⤵
-
\??\c:\7nnhtn.exec:\7nnhtn.exe75⤵
-
\??\c:\hbbtht.exec:\hbbtht.exe76⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe77⤵
-
\??\c:\lrlfllf.exec:\lrlfllf.exe78⤵
-
\??\c:\fxfrrlr.exec:\fxfrrlr.exe79⤵
-
\??\c:\ttnhbb.exec:\ttnhbb.exe80⤵
-
\??\c:\nttbnn.exec:\nttbnn.exe81⤵
-
\??\c:\vddvj.exec:\vddvj.exe82⤵
-
\??\c:\lxfrflf.exec:\lxfrflf.exe83⤵
-
\??\c:\7fxrlfx.exec:\7fxrlfx.exe84⤵
-
\??\c:\tbbthb.exec:\tbbthb.exe85⤵
-
\??\c:\thbnbt.exec:\thbnbt.exe86⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe87⤵
-
\??\c:\jvjvd.exec:\jvjvd.exe88⤵
-
\??\c:\fflfrrf.exec:\fflfrrf.exe89⤵
-
\??\c:\bnhntt.exec:\bnhntt.exe90⤵
-
\??\c:\hnnbtt.exec:\hnnbtt.exe91⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe92⤵
-
\??\c:\fxxrffx.exec:\fxxrffx.exe93⤵
-
\??\c:\lxxfxxx.exec:\lxxfxxx.exe94⤵
-
\??\c:\btbbth.exec:\btbbth.exe95⤵
-
\??\c:\1bbbtt.exec:\1bbbtt.exe96⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe97⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe98⤵
-
\??\c:\xfrlffx.exec:\xfrlffx.exe99⤵
-
\??\c:\5xxfxrr.exec:\5xxfxrr.exe100⤵
-
\??\c:\thnnhb.exec:\thnnhb.exe101⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe102⤵
-
\??\c:\5vvpj.exec:\5vvpj.exe103⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe104⤵
-
\??\c:\rrlfflr.exec:\rrlfflr.exe105⤵
-
\??\c:\thtnhb.exec:\thtnhb.exe106⤵
-
\??\c:\5vvjj.exec:\5vvjj.exe107⤵
-
\??\c:\pvpjp.exec:\pvpjp.exe108⤵
-
\??\c:\fxfxlfr.exec:\fxfxlfr.exe109⤵
-
\??\c:\5bnhbt.exec:\5bnhbt.exe110⤵
-
\??\c:\tbbtnh.exec:\tbbtnh.exe111⤵
-
\??\c:\jpvdd.exec:\jpvdd.exe112⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe113⤵
-
\??\c:\frxrfxr.exec:\frxrfxr.exe114⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe115⤵
-
\??\c:\vppjd.exec:\vppjd.exe116⤵
-
\??\c:\3dvpj.exec:\3dvpj.exe117⤵
-
\??\c:\lllxlfx.exec:\lllxlfx.exe118⤵
-
\??\c:\thhthb.exec:\thhthb.exe119⤵
-
\??\c:\9jdvd.exec:\9jdvd.exe120⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-