Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
22/05/2024, 05:45
General
-
Target
20c2ae1adf98979e676e81903e75a800_NeikiAnalytics.exe
-
Size
75KB
-
MD5
20c2ae1adf98979e676e81903e75a800
-
SHA1
90a9e1d227a8f2734fce9e66ce95a9d13125c822
-
SHA256
066e197becd04e501bb1faf937568c4b021aaac23b7765ee6b7f911fda05e686
-
SHA512
4bcad320fece15228c96188cebb7d8bfff8f69bc66fdee5138dcd48afc5746b29eb0f882c792528726bd8579e37b30b70a73dacf125fc7cf0eb609d6e22aa8dc
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAh2QpUnX1A2:ymb3NkkiQ3mdBjFIsIVbpUH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\20c2ae1adf98979e676e81903e75a800_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\20c2ae1adf98979e676e81903e75a800_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrfxx.exec:\rxxrfxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhhnn.exec:\1hhhnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhhh.exec:\nhhhhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vddv.exec:\3vddv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxlflf.exec:\5lxlflf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnthn.exec:\1bnthn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnbbh.exec:\7tnbbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrfff.exec:\rlxrfff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frffxff.exec:\frffxff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvv.exec:\pvdvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffflr.exec:\rrffflr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlxfxx.exec:\rxlxfxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjjj.exec:\5vjjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ffxrrl.exec:\1ffxrrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhbb.exec:\btbhbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnhh.exec:\bttnhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjj.exec:\dppjj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrlf.exec:\fxfxrlf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbnbt.exec:\1hbnbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddd.exec:\pjddd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lfxrrl.exec:\7lfxrrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntbn.exec:\bbntbn.exe23⤵
- Executes dropped EXE
-
\??\c:\vvdjj.exec:\vvdjj.exe24⤵
- Executes dropped EXE
-
\??\c:\rflfrrl.exec:\rflfrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\nnhthh.exec:\nnhthh.exe26⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe27⤵
- Executes dropped EXE
-
\??\c:\rrxxrxr.exec:\rrxxrxr.exe28⤵
- Executes dropped EXE
-
\??\c:\tbtnhh.exec:\tbtnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe30⤵
- Executes dropped EXE
-
\??\c:\lfrlrrr.exec:\lfrlrrr.exe31⤵
- Executes dropped EXE
-
\??\c:\xlrrrrr.exec:\xlrrrrr.exe32⤵
- Executes dropped EXE
-
\??\c:\hbnnbh.exec:\hbnnbh.exe33⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe34⤵
- Executes dropped EXE
-
\??\c:\ffffllr.exec:\ffffllr.exe35⤵
- Executes dropped EXE
-
\??\c:\fxllfll.exec:\fxllfll.exe36⤵
- Executes dropped EXE
-
\??\c:\9tnnnt.exec:\9tnnnt.exe37⤵
- Executes dropped EXE
-
\??\c:\jjvvd.exec:\jjvvd.exe38⤵
- Executes dropped EXE
-
\??\c:\5pvvv.exec:\5pvvv.exe39⤵
- Executes dropped EXE
-
\??\c:\xxlflfl.exec:\xxlflfl.exe40⤵
- Executes dropped EXE
-
\??\c:\7ntttt.exec:\7ntttt.exe41⤵
- Executes dropped EXE
-
\??\c:\1nbbbb.exec:\1nbbbb.exe42⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe43⤵
- Executes dropped EXE
-
\??\c:\vvvvd.exec:\vvvvd.exe44⤵
- Executes dropped EXE
-
\??\c:\llxrrlf.exec:\llxrrlf.exe45⤵
- Executes dropped EXE
-
\??\c:\7nhbhh.exec:\7nhbhh.exe46⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe47⤵
- Executes dropped EXE
-
\??\c:\5xlrrxx.exec:\5xlrrxx.exe48⤵
- Executes dropped EXE
-
\??\c:\nbbbhn.exec:\nbbbhn.exe49⤵
- Executes dropped EXE
-
\??\c:\pdddd.exec:\pdddd.exe50⤵
- Executes dropped EXE
-
\??\c:\3rxrllf.exec:\3rxrllf.exe51⤵
- Executes dropped EXE
-
\??\c:\xxlrffl.exec:\xxlrffl.exe52⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe53⤵
- Executes dropped EXE
-
\??\c:\hbtttt.exec:\hbtttt.exe54⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe55⤵
- Executes dropped EXE
-
\??\c:\lxxxrrr.exec:\lxxxrrr.exe56⤵
- Executes dropped EXE
-
\??\c:\5xlrrrr.exec:\5xlrrrr.exe57⤵
- Executes dropped EXE
-
\??\c:\thhhhh.exec:\thhhhh.exe58⤵
- Executes dropped EXE
-
\??\c:\jpjjj.exec:\jpjjj.exe59⤵
- Executes dropped EXE
-
\??\c:\fxlfflf.exec:\fxlfflf.exe60⤵
- Executes dropped EXE
-
\??\c:\xrffxxr.exec:\xrffxxr.exe61⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe62⤵
- Executes dropped EXE
-
\??\c:\jdpdd.exec:\jdpdd.exe63⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe64⤵
- Executes dropped EXE
-
\??\c:\lflfxxx.exec:\lflfxxx.exe65⤵
- Executes dropped EXE
-
\??\c:\xxllrxf.exec:\xxllrxf.exe66⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe67⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe68⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe69⤵
-
\??\c:\xrlxrrr.exec:\xrlxrrr.exe70⤵
-
\??\c:\9tttnt.exec:\9tttnt.exe71⤵
-
\??\c:\hhtnbt.exec:\hhtnbt.exe72⤵
-
\??\c:\lflllrf.exec:\lflllrf.exe73⤵
-
\??\c:\rllfffr.exec:\rllfffr.exe74⤵
-
\??\c:\bbhbnn.exec:\bbhbnn.exe75⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe76⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe77⤵
-
\??\c:\rlxxlrr.exec:\rlxxlrr.exe78⤵
-
\??\c:\xxxlffx.exec:\xxxlffx.exe79⤵
-
\??\c:\1tttnt.exec:\1tttnt.exe80⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe81⤵
-
\??\c:\fxlfxxx.exec:\fxlfxxx.exe82⤵
-
\??\c:\frrrlrl.exec:\frrrlrl.exe83⤵
-
\??\c:\htbtth.exec:\htbtth.exe84⤵
-
\??\c:\hhtttt.exec:\hhtttt.exe85⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe86⤵
-
\??\c:\ddppd.exec:\ddppd.exe87⤵
-
\??\c:\5xlfxxx.exec:\5xlfxxx.exe88⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe89⤵
-
\??\c:\hnbhbh.exec:\hnbhbh.exe90⤵
-
\??\c:\9jvvp.exec:\9jvvp.exe91⤵
-
\??\c:\7pvvd.exec:\7pvvd.exe92⤵
-
\??\c:\xxlflxl.exec:\xxlflxl.exe93⤵
-
\??\c:\rxxrllf.exec:\rxxrllf.exe94⤵
-
\??\c:\7bnntb.exec:\7bnntb.exe95⤵
-
\??\c:\ttnhbt.exec:\ttnhbt.exe96⤵
-
\??\c:\djjdv.exec:\djjdv.exe97⤵
-
\??\c:\xflrxxx.exec:\xflrxxx.exe98⤵
-
\??\c:\rlrxxrf.exec:\rlrxxrf.exe99⤵
-
\??\c:\nbhhbt.exec:\nbhhbt.exe100⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe101⤵
-
\??\c:\3dvvp.exec:\3dvvp.exe102⤵
-
\??\c:\vddvv.exec:\vddvv.exe103⤵
-
\??\c:\lflflff.exec:\lflflff.exe104⤵
-
\??\c:\lllfffx.exec:\lllfffx.exe105⤵
-
\??\c:\nhnhbh.exec:\nhnhbh.exe106⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe107⤵
-
\??\c:\7dppv.exec:\7dppv.exe108⤵
-
\??\c:\xlxlrll.exec:\xlxlrll.exe109⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe110⤵
-
\??\c:\llflxll.exec:\llflxll.exe111⤵
-
\??\c:\9hbtbb.exec:\9hbtbb.exe112⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe113⤵
-
\??\c:\5xffrxf.exec:\5xffrxf.exe114⤵
-
\??\c:\hnnttt.exec:\hnnttt.exe115⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe116⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe117⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe118⤵
-
\??\c:\lllxrxr.exec:\lllxrxr.exe119⤵
-
\??\c:\tbhbbt.exec:\tbhbbt.exe120⤵
-
\??\c:\vdpdd.exec:\vdpdd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-