Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
23/05/2024, 01:32
General
-
Target
6e1b8d80fc75dfc92364fc9fc73bbec0_NeikiAnalytics.exe
-
Size
164KB
-
MD5
6e1b8d80fc75dfc92364fc9fc73bbec0
-
SHA1
bcc4b9b909e233dea2eada661ef6f275929d290c
-
SHA256
90cf4049488b01928353a1532bd34f5912f57d767f95199281104c05d42e339a
-
SHA512
3adaf765b7383d7acd6ae1a51a2915a34418224f08561597f3f10c995779544d0744cef82ce657d9f5b5f7f420c2e156af31f40d70e3f23095ae60ac0800de3d
-
SSDEEP
3072:0hOmTsF93UYfwC6GIoutXEnkeBahPmSBPt7ZY16E:0cm4FmowdHoSet4hPhTlY4E
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6e1b8d80fc75dfc92364fc9fc73bbec0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6e1b8d80fc75dfc92364fc9fc73bbec0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrflrx.exec:\xxrflrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhbtt.exec:\1nhbtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbnh.exec:\nhhbnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjv.exec:\jppjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvv.exec:\dvpvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrllxxx.exec:\lrllxxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnhn.exec:\nnnnhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbhtn.exec:\5tbhtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjdv.exec:\5pjdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhhb.exec:\htnhhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffflll.exec:\xffflll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrrrx.exec:\fxrrrrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpv.exec:\dvdpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrlll.exec:\rxxrlll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjd.exec:\ppjjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxlffx.exec:\lrxlffx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhtt.exec:\hhnhtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjv.exec:\ddpjv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrrll.exec:\rlrrrll.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hnnnn.exec:\1hnnnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvvv.exec:\9vvvv.exe23⤵
- Executes dropped EXE
-
\??\c:\7fllfrl.exec:\7fllfrl.exe24⤵
- Executes dropped EXE
-
\??\c:\ttnnnt.exec:\ttnnnt.exe25⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe26⤵
- Executes dropped EXE
-
\??\c:\xrlffff.exec:\xrlffff.exe27⤵
- Executes dropped EXE
-
\??\c:\nhtttt.exec:\nhtttt.exe28⤵
- Executes dropped EXE
-
\??\c:\nbtnnn.exec:\nbtnnn.exe29⤵
- Executes dropped EXE
-
\??\c:\ppppd.exec:\ppppd.exe30⤵
- Executes dropped EXE
-
\??\c:\lxlrrfl.exec:\lxlrrfl.exe31⤵
- Executes dropped EXE
-
\??\c:\nnhhhn.exec:\nnhhhn.exe32⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe33⤵
- Executes dropped EXE
-
\??\c:\pdvvv.exec:\pdvvv.exe34⤵
- Executes dropped EXE
-
\??\c:\lfxxfxf.exec:\lfxxfxf.exe35⤵
- Executes dropped EXE
-
\??\c:\hhnnnt.exec:\hhnnnt.exe36⤵
- Executes dropped EXE
-
\??\c:\ppvpp.exec:\ppvpp.exe37⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe38⤵
- Executes dropped EXE
-
\??\c:\1fllrxf.exec:\1fllrxf.exe39⤵
- Executes dropped EXE
-
\??\c:\bbnnnt.exec:\bbnnnt.exe40⤵
- Executes dropped EXE
-
\??\c:\nnnnnt.exec:\nnnnnt.exe41⤵
- Executes dropped EXE
-
\??\c:\9djvp.exec:\9djvp.exe42⤵
- Executes dropped EXE
-
\??\c:\fflrxfl.exec:\fflrxfl.exe43⤵
- Executes dropped EXE
-
\??\c:\9nhhhn.exec:\9nhhhn.exe44⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe45⤵
- Executes dropped EXE
-
\??\c:\dpddv.exec:\dpddv.exe46⤵
- Executes dropped EXE
-
\??\c:\frfrlrr.exec:\frfrlrr.exe47⤵
- Executes dropped EXE
-
\??\c:\tbnhth.exec:\tbnhth.exe48⤵
- Executes dropped EXE
-
\??\c:\vvpjj.exec:\vvpjj.exe49⤵
- Executes dropped EXE
-
\??\c:\7rrlfxr.exec:\7rrlfxr.exe50⤵
- Executes dropped EXE
-
\??\c:\tntttb.exec:\tntttb.exe51⤵
- Executes dropped EXE
-
\??\c:\vvvjp.exec:\vvvjp.exe52⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe53⤵
- Executes dropped EXE
-
\??\c:\5rlllrr.exec:\5rlllrr.exe54⤵
- Executes dropped EXE
-
\??\c:\bhnntt.exec:\bhnntt.exe55⤵
- Executes dropped EXE
-
\??\c:\pppjp.exec:\pppjp.exe56⤵
- Executes dropped EXE
-
\??\c:\9djvd.exec:\9djvd.exe57⤵
- Executes dropped EXE
-
\??\c:\fxrrffr.exec:\fxrrffr.exe58⤵
- Executes dropped EXE
-
\??\c:\hhhnnn.exec:\hhhnnn.exe59⤵
- Executes dropped EXE
-
\??\c:\hthntn.exec:\hthntn.exe60⤵
- Executes dropped EXE
-
\??\c:\7djjj.exec:\7djjj.exe61⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe62⤵
- Executes dropped EXE
-
\??\c:\1flfrrl.exec:\1flfrrl.exe63⤵
- Executes dropped EXE
-
\??\c:\5hhhtb.exec:\5hhhtb.exe64⤵
- Executes dropped EXE
-
\??\c:\nnnntt.exec:\nnnntt.exe65⤵
- Executes dropped EXE
-
\??\c:\rrfffll.exec:\rrfffll.exe66⤵
-
\??\c:\5xrrlll.exec:\5xrrlll.exe67⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe68⤵
-
\??\c:\nbhhhn.exec:\nbhhhn.exe69⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe70⤵
-
\??\c:\xrflfxx.exec:\xrflfxx.exe71⤵
-
\??\c:\fflllrr.exec:\fflllrr.exe72⤵
-
\??\c:\hhhhhb.exec:\hhhhhb.exe73⤵
-
\??\c:\bbtnnt.exec:\bbtnnt.exe74⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe75⤵
-
\??\c:\rfllrxf.exec:\rfllrxf.exe76⤵
-
\??\c:\flflrxx.exec:\flflrxx.exe77⤵
-
\??\c:\1hbhhn.exec:\1hbhhn.exe78⤵
-
\??\c:\nbnnbt.exec:\nbnnbt.exe79⤵
-
\??\c:\vdppv.exec:\vdppv.exe80⤵
-
\??\c:\7frxflx.exec:\7frxflx.exe81⤵
-
\??\c:\tnbbtt.exec:\tnbbtt.exe82⤵
-
\??\c:\7bnnnn.exec:\7bnnnn.exe83⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe84⤵
-
\??\c:\frxffll.exec:\frxffll.exe85⤵
-
\??\c:\5hhnbn.exec:\5hhnbn.exe86⤵
-
\??\c:\dvddd.exec:\dvddd.exe87⤵
-
\??\c:\dvddd.exec:\dvddd.exe88⤵
-
\??\c:\llfffll.exec:\llfffll.exe89⤵
-
\??\c:\htbbbh.exec:\htbbbh.exe90⤵
-
\??\c:\ppvdj.exec:\ppvdj.exe91⤵
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe92⤵
-
\??\c:\nnttnh.exec:\nnttnh.exe93⤵
-
\??\c:\ntnnbh.exec:\ntnnbh.exe94⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe95⤵
-
\??\c:\vpppv.exec:\vpppv.exe96⤵
-
\??\c:\9rlllff.exec:\9rlllff.exe97⤵
-
\??\c:\tbhhnt.exec:\tbhhnt.exe98⤵
-
\??\c:\hhhttt.exec:\hhhttt.exe99⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe100⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe101⤵
-
\??\c:\lrfxffx.exec:\lrfxffx.exe102⤵
-
\??\c:\llfxxxx.exec:\llfxxxx.exe103⤵
-
\??\c:\jpvvj.exec:\jpvvj.exe104⤵
-
\??\c:\jpdpv.exec:\jpdpv.exe105⤵
-
\??\c:\5xxflxr.exec:\5xxflxr.exe106⤵
-
\??\c:\7bttnt.exec:\7bttnt.exe107⤵
-
\??\c:\thnttt.exec:\thnttt.exe108⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe109⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe110⤵
-
\??\c:\9jjdd.exec:\9jjdd.exe111⤵
-
\??\c:\5vddj.exec:\5vddj.exe112⤵
-
\??\c:\xxffxll.exec:\xxffxll.exe113⤵
-
\??\c:\bbtnhb.exec:\bbtnhb.exe114⤵
-
\??\c:\nthhhh.exec:\nthhhh.exe115⤵
-
\??\c:\fxxxllf.exec:\fxxxllf.exe116⤵
-
\??\c:\1rxrrxr.exec:\1rxrrxr.exe117⤵
-
\??\c:\tbhhhh.exec:\tbhhhh.exe118⤵
-
\??\c:\1dddd.exec:\1dddd.exe119⤵
-
\??\c:\xxfllrr.exec:\xxfllrr.exe120⤵
-
\??\c:\llrxrlf.exec:\llrxrlf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-