Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
20/05/2024, 07:35
General
-
Target
d38573a15be7abde854f49ac976ad280_NeikiAnalytics.exe
-
Size
64KB
-
MD5
d38573a15be7abde854f49ac976ad280
-
SHA1
957cf4f1f928e4fecd75b4b73e35a031930d55bf
-
SHA256
b8f821774c575f933a31879f6489a0ab71680c162248bbdd8b02b9f708041c6e
-
SHA512
0373dc23ff8278cf935abbc1104293befb6a3270e1f02f8514b49ff84bd8396f47d5de82a5707d020b0ae69259b038dec2e18a9a88c54e53b2be5251aefb6d3d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+Luvf:ymb3NkkiQ3mdBjF0yMlc
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d38573a15be7abde854f49ac976ad280_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d38573a15be7abde854f49ac976ad280_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhnb.exec:\thnhnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppp.exec:\jjppp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrrrf.exec:\xlrrrrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnnnh.exec:\1bnnnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjj.exec:\jpjjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjp.exec:\jdvjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxxll.exec:\rrfxxll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1htthh.exec:\1htthh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjd.exec:\jppjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffxxx.exec:\xrffxxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffffll.exec:\rffffll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjjj.exec:\1jjjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflffff.exec:\rflffff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxlrl.exec:\lffxlrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthnh.exec:\ttthnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jpjj.exec:\5jpjj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xflfll.exec:\7xflfll.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhbh.exec:\hbhhbh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pjdv.exec:\7pjdv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rflrxr.exec:\3rflrxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hnhhh.exec:\3hnhhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvp.exec:\jvdvp.exe23⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe24⤵
- Executes dropped EXE
-
\??\c:\rxlfrrr.exec:\rxlfrrr.exe25⤵
- Executes dropped EXE
-
\??\c:\tnbhbh.exec:\tnbhbh.exe26⤵
- Executes dropped EXE
-
\??\c:\dvjdd.exec:\dvjdd.exe27⤵
- Executes dropped EXE
-
\??\c:\lxxxxfx.exec:\lxxxxfx.exe28⤵
- Executes dropped EXE
-
\??\c:\bttnhn.exec:\bttnhn.exe29⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe30⤵
- Executes dropped EXE
-
\??\c:\flrrlll.exec:\flrrlll.exe31⤵
- Executes dropped EXE
-
\??\c:\lxfrrxf.exec:\lxfrrxf.exe32⤵
- Executes dropped EXE
-
\??\c:\htnbnt.exec:\htnbnt.exe33⤵
- Executes dropped EXE
-
\??\c:\7vdvp.exec:\7vdvp.exe34⤵
- Executes dropped EXE
-
\??\c:\rlrrlxf.exec:\rlrrlxf.exe35⤵
- Executes dropped EXE
-
\??\c:\rflfxlr.exec:\rflfxlr.exe36⤵
- Executes dropped EXE
-
\??\c:\nnhnhh.exec:\nnhnhh.exe37⤵
- Executes dropped EXE
-
\??\c:\tbhtht.exec:\tbhtht.exe38⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe39⤵
- Executes dropped EXE
-
\??\c:\3llflxx.exec:\3llflxx.exe40⤵
- Executes dropped EXE
-
\??\c:\nhtnhh.exec:\nhtnhh.exe41⤵
- Executes dropped EXE
-
\??\c:\nbbhtn.exec:\nbbhtn.exe42⤵
- Executes dropped EXE
-
\??\c:\rxrlxrr.exec:\rxrlxrr.exe43⤵
- Executes dropped EXE
-
\??\c:\rxxllfx.exec:\rxxllfx.exe44⤵
- Executes dropped EXE
-
\??\c:\ntbbnt.exec:\ntbbnt.exe45⤵
- Executes dropped EXE
-
\??\c:\dppjp.exec:\dppjp.exe46⤵
- Executes dropped EXE
-
\??\c:\9jjjd.exec:\9jjjd.exe47⤵
- Executes dropped EXE
-
\??\c:\xfflrxl.exec:\xfflrxl.exe48⤵
- Executes dropped EXE
-
\??\c:\hbhhnn.exec:\hbhhnn.exe49⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe50⤵
- Executes dropped EXE
-
\??\c:\5vvdv.exec:\5vvdv.exe51⤵
- Executes dropped EXE
-
\??\c:\xrllrxl.exec:\xrllrxl.exe52⤵
- Executes dropped EXE
-
\??\c:\xrrlllf.exec:\xrrlllf.exe53⤵
- Executes dropped EXE
-
\??\c:\nhbthb.exec:\nhbthb.exe54⤵
- Executes dropped EXE
-
\??\c:\3vddv.exec:\3vddv.exe55⤵
- Executes dropped EXE
-
\??\c:\1ddvp.exec:\1ddvp.exe56⤵
- Executes dropped EXE
-
\??\c:\flxxrrx.exec:\flxxrrx.exe57⤵
- Executes dropped EXE
-
\??\c:\tbbbtb.exec:\tbbbtb.exe58⤵
- Executes dropped EXE
-
\??\c:\hhtbbb.exec:\hhtbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\9fxxrrr.exec:\9fxxrrr.exe60⤵
- Executes dropped EXE
-
\??\c:\fxffrxx.exec:\fxffrxx.exe61⤵
- Executes dropped EXE
-
\??\c:\hbbttt.exec:\hbbttt.exe62⤵
- Executes dropped EXE
-
\??\c:\3dpdj.exec:\3dpdj.exe63⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe64⤵
- Executes dropped EXE
-
\??\c:\hbhbtn.exec:\hbhbtn.exe65⤵
- Executes dropped EXE
-
\??\c:\thnhhh.exec:\thnhhh.exe66⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe67⤵
-
\??\c:\xffxrlf.exec:\xffxrlf.exe68⤵
-
\??\c:\htbhth.exec:\htbhth.exe69⤵
-
\??\c:\pvddv.exec:\pvddv.exe70⤵
-
\??\c:\frrrlll.exec:\frrrlll.exe71⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe72⤵
-
\??\c:\jjddd.exec:\jjddd.exe73⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe74⤵
-
\??\c:\xrrllrl.exec:\xrrllrl.exe75⤵
-
\??\c:\ntnbnb.exec:\ntnbnb.exe76⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe77⤵
-
\??\c:\rrrlxfl.exec:\rrrlxfl.exe78⤵
-
\??\c:\thbttt.exec:\thbttt.exe79⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe80⤵
-
\??\c:\7jpdd.exec:\7jpdd.exe81⤵
-
\??\c:\rlrrrfl.exec:\rlrrrfl.exe82⤵
-
\??\c:\xrlllrl.exec:\xrlllrl.exe83⤵
-
\??\c:\hnhhhh.exec:\hnhhhh.exe84⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe85⤵
-
\??\c:\fxffrrl.exec:\fxffrrl.exe86⤵
-
\??\c:\xrfffll.exec:\xrfffll.exe87⤵
-
\??\c:\bntntb.exec:\bntntb.exe88⤵
-
\??\c:\thnhtb.exec:\thnhtb.exe89⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe90⤵
-
\??\c:\fxrrrfl.exec:\fxrrrfl.exe91⤵
-
\??\c:\xlrxffr.exec:\xlrxffr.exe92⤵
-
\??\c:\nnnthn.exec:\nnnthn.exe93⤵
-
\??\c:\bthhbh.exec:\bthhbh.exe94⤵
-
\??\c:\pvjvj.exec:\pvjvj.exe95⤵
-
\??\c:\xffxlxr.exec:\xffxlxr.exe96⤵
-
\??\c:\rrlrxrf.exec:\rrlrxrf.exe97⤵
-
\??\c:\httnbt.exec:\httnbt.exe98⤵
-
\??\c:\bvvvpv.exec:\bvvvpv.exe99⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe100⤵
-
\??\c:\tbtbth.exec:\tbtbth.exe101⤵
-
\??\c:\pvvjj.exec:\pvvjj.exe102⤵
-
\??\c:\llllrrr.exec:\llllrrr.exe103⤵
-
\??\c:\lfrrxfr.exec:\lfrrxfr.exe104⤵
-
\??\c:\bbbbtb.exec:\bbbbtb.exe105⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe106⤵
-
\??\c:\jpjjj.exec:\jpjjj.exe107⤵
-
\??\c:\vdddd.exec:\vdddd.exe108⤵
-
\??\c:\xllfxff.exec:\xllfxff.exe109⤵
-
\??\c:\xlllrrr.exec:\xlllrrr.exe110⤵
-
\??\c:\ttnnnb.exec:\ttnnnb.exe111⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe112⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe113⤵
-
\??\c:\xxrrrrr.exec:\xxrrrrr.exe114⤵
-
\??\c:\lfrxflr.exec:\lfrxflr.exe115⤵
-
\??\c:\nbhnbt.exec:\nbhnbt.exe116⤵
-
\??\c:\ttbttt.exec:\ttbttt.exe117⤵
-
\??\c:\djpjj.exec:\djpjj.exe118⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe119⤵
-
\??\c:\1rllfff.exec:\1rllfff.exe120⤵
-
\??\c:\lxrrrrr.exec:\lxrrrrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-