Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
23/05/2024, 01:50
General
-
Target
7172126158ab77902e0f68a0eadba970_NeikiAnalytics.exe
-
Size
365KB
-
MD5
7172126158ab77902e0f68a0eadba970
-
SHA1
0c935d475865024cfc7541a6472eccbb85e68e6a
-
SHA256
0754ec5a288c358ddd09cb7d9bac10492a38f649aca7e20ca24ed2e795661caf
-
SHA512
3a89f25de3f5c569ace4d9010a9dde7f741a9396fbea5d9b05cd3d18a3bbdd9da9fe7a8e5712bcf799f0ddd181583b14f6e7021baac8cbfe7a2076de45fada22
-
SSDEEP
6144:Lcm4FmowdHoSHt251UriZFwu1b26X1wjdgyPPBR:R4wFHoSHYHUrAwqzQ7PPr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7172126158ab77902e0f68a0eadba970_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7172126158ab77902e0f68a0eadba970_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfrxf.exec:\fxlfrxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtbnt.exec:\tbtbnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrffr.exec:\rlfrffr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbntbn.exec:\hbntbn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlflrf.exec:\rrlflrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbnb.exec:\btnbnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvdp.exec:\9dvdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ththn.exec:\5ththn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxflx.exec:\fflxflx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrxrf.exec:\rlfrxrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbhth.exec:\hnbhth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthtt.exec:\bbthtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjp.exec:\dvdjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxfffl.exec:\lxxfffl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hthnn.exec:\9hthnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppv.exec:\vjppv.exe17⤵
- Executes dropped EXE
-
\??\c:\hbtbth.exec:\hbtbth.exe18⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe19⤵
- Executes dropped EXE
-
\??\c:\xxxlflx.exec:\xxxlflx.exe20⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe21⤵
- Executes dropped EXE
-
\??\c:\rlfflfl.exec:\rlfflfl.exe22⤵
- Executes dropped EXE
-
\??\c:\xrflxfr.exec:\xrflxfr.exe23⤵
- Executes dropped EXE
-
\??\c:\dvpdd.exec:\dvpdd.exe24⤵
- Executes dropped EXE
-
\??\c:\fxrlrxx.exec:\fxrlrxx.exe25⤵
- Executes dropped EXE
-
\??\c:\hbbhnt.exec:\hbbhnt.exe26⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe27⤵
- Executes dropped EXE
-
\??\c:\5fflxfx.exec:\5fflxfx.exe28⤵
- Executes dropped EXE
-
\??\c:\bbbtnt.exec:\bbbtnt.exe29⤵
- Executes dropped EXE
-
\??\c:\hbbnbn.exec:\hbbnbn.exe30⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe31⤵
- Executes dropped EXE
-
\??\c:\hbbbnn.exec:\hbbbnn.exe32⤵
- Executes dropped EXE
-
\??\c:\djjpp.exec:\djjpp.exe33⤵
- Executes dropped EXE
-
\??\c:\fflrfxf.exec:\fflrfxf.exe34⤵
- Executes dropped EXE
-
\??\c:\tnntnt.exec:\tnntnt.exe35⤵
- Executes dropped EXE
-
\??\c:\bbtbtt.exec:\bbtbtt.exe36⤵
- Executes dropped EXE
-
\??\c:\dpddd.exec:\dpddd.exe37⤵
- Executes dropped EXE
-
\??\c:\fflrxfl.exec:\fflrxfl.exe38⤵
- Executes dropped EXE
-
\??\c:\rfrlrll.exec:\rfrlrll.exe39⤵
- Executes dropped EXE
-
\??\c:\tnhntt.exec:\tnhntt.exe40⤵
- Executes dropped EXE
-
\??\c:\vppvj.exec:\vppvj.exe41⤵
- Executes dropped EXE
-
\??\c:\xfxrfrl.exec:\xfxrfrl.exe42⤵
- Executes dropped EXE
-
\??\c:\fflrlxx.exec:\fflrlxx.exe43⤵
- Executes dropped EXE
-
\??\c:\hntbbh.exec:\hntbbh.exe44⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe45⤵
- Executes dropped EXE
-
\??\c:\ddpdp.exec:\ddpdp.exe46⤵
- Executes dropped EXE
-
\??\c:\rfxflrx.exec:\rfxflrx.exe47⤵
- Executes dropped EXE
-
\??\c:\tnbtbh.exec:\tnbtbh.exe48⤵
- Executes dropped EXE
-
\??\c:\9dpvv.exec:\9dpvv.exe49⤵
- Executes dropped EXE
-
\??\c:\ppdvp.exec:\ppdvp.exe50⤵
- Executes dropped EXE
-
\??\c:\fxrxflr.exec:\fxrxflr.exe51⤵
- Executes dropped EXE
-
\??\c:\hbnhtb.exec:\hbnhtb.exe52⤵
- Executes dropped EXE
-
\??\c:\ttthtb.exec:\ttthtb.exe53⤵
- Executes dropped EXE
-
\??\c:\9vpvv.exec:\9vpvv.exe54⤵
- Executes dropped EXE
-
\??\c:\xlxrlrf.exec:\xlxrlrf.exe55⤵
- Executes dropped EXE
-
\??\c:\flflflx.exec:\flflflx.exe56⤵
- Executes dropped EXE
-
\??\c:\nhhbnt.exec:\nhhbnt.exe57⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe58⤵
- Executes dropped EXE
-
\??\c:\rrlxrxl.exec:\rrlxrxl.exe59⤵
- Executes dropped EXE
-
\??\c:\fffxrfx.exec:\fffxrfx.exe60⤵
- Executes dropped EXE
-
\??\c:\5ttbhh.exec:\5ttbhh.exe61⤵
- Executes dropped EXE
-
\??\c:\pdvdd.exec:\pdvdd.exe62⤵
- Executes dropped EXE
-
\??\c:\llrlxlf.exec:\llrlxlf.exe63⤵
- Executes dropped EXE
-
\??\c:\rllfrff.exec:\rllfrff.exe64⤵
- Executes dropped EXE
-
\??\c:\ntnhnt.exec:\ntnhnt.exe65⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe66⤵
-
\??\c:\xrlrlrx.exec:\xrlrlrx.exe67⤵
-
\??\c:\3nhtbh.exec:\3nhtbh.exe68⤵
-
\??\c:\tbbtbt.exec:\tbbtbt.exe69⤵
-
\??\c:\7vpjp.exec:\7vpjp.exe70⤵
-
\??\c:\lflrrlr.exec:\lflrrlr.exe71⤵
-
\??\c:\nnnbbh.exec:\nnnbbh.exe72⤵
-
\??\c:\1dpvj.exec:\1dpvj.exe73⤵
-
\??\c:\xxrxrxl.exec:\xxrxrxl.exe74⤵
-
\??\c:\nhnntb.exec:\nhnntb.exe75⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe76⤵
-
\??\c:\jvdjd.exec:\jvdjd.exe77⤵
-
\??\c:\rlflrrr.exec:\rlflrrr.exe78⤵
-
\??\c:\7bnbbb.exec:\7bnbbb.exe79⤵
-
\??\c:\5jjvd.exec:\5jjvd.exe80⤵
-
\??\c:\lxrrlxf.exec:\lxrrlxf.exe81⤵
-
\??\c:\nbtbht.exec:\nbtbht.exe82⤵
-
\??\c:\hhhhbn.exec:\hhhhbn.exe83⤵
-
\??\c:\9pjpd.exec:\9pjpd.exe84⤵
-
\??\c:\3lfxlrf.exec:\3lfxlrf.exe85⤵
-
\??\c:\3lxflxf.exec:\3lxflxf.exe86⤵
-
\??\c:\nbntnb.exec:\nbntnb.exe87⤵
-
\??\c:\jjpdp.exec:\jjpdp.exe88⤵
-
\??\c:\fxlxfrf.exec:\fxlxfrf.exe89⤵
-
\??\c:\5xxxxxf.exec:\5xxxxxf.exe90⤵
-
\??\c:\tntnbt.exec:\tntnbt.exe91⤵
-
\??\c:\vvvdj.exec:\vvvdj.exe92⤵
-
\??\c:\7xxfrlr.exec:\7xxfrlr.exe93⤵
-
\??\c:\rrrxllx.exec:\rrrxllx.exe94⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe95⤵
-
\??\c:\1vjvv.exec:\1vjvv.exe96⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe97⤵
-
\??\c:\rlxrrlx.exec:\rlxrrlx.exe98⤵
-
\??\c:\nthbbn.exec:\nthbbn.exe99⤵
-
\??\c:\nhtnbh.exec:\nhtnbh.exe100⤵
-
\??\c:\jdppd.exec:\jdppd.exe101⤵
-
\??\c:\fxrfxlx.exec:\fxrfxlx.exe102⤵
-
\??\c:\7tthnb.exec:\7tthnb.exe103⤵
-
\??\c:\ntthbn.exec:\ntthbn.exe104⤵
-
\??\c:\9dvvd.exec:\9dvvd.exe105⤵
-
\??\c:\rlflllx.exec:\rlflllx.exe106⤵
-
\??\c:\nhbbnt.exec:\nhbbnt.exe107⤵
-
\??\c:\hhhthn.exec:\hhhthn.exe108⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe109⤵
-
\??\c:\fxrrffl.exec:\fxrrffl.exe110⤵
-
\??\c:\ttbbhn.exec:\ttbbhn.exe111⤵
-
\??\c:\hhbnth.exec:\hhbnth.exe112⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe113⤵
-
\??\c:\1ffxlrx.exec:\1ffxlrx.exe114⤵
-
\??\c:\htnntt.exec:\htnntt.exe115⤵
-
\??\c:\pvjpj.exec:\pvjpj.exe116⤵
-
\??\c:\5vpjv.exec:\5vpjv.exe117⤵
-
\??\c:\lllrflx.exec:\lllrflx.exe118⤵
-
\??\c:\bthtbn.exec:\bthtbn.exe119⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe120⤵
-
\??\c:\nnnnbn.exec:\nnnnbn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-