Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
23/05/2024, 02:00
General
-
Target
733e256ea2349a7e7546fa7a205ab280_NeikiAnalytics.exe
-
Size
54KB
-
MD5
733e256ea2349a7e7546fa7a205ab280
-
SHA1
8d2f1ae0eae614d18bdbe6830e510967e250ad8a
-
SHA256
bda02be31992ffd3c2737da30b1e35ea744aae0094b6a80320f404f9c4a66389
-
SHA512
834cdaa7ec6827d156174d8e3366fcfd5425354adc068e0ef892d4ccea1399b7e467f47a405050bbf5662326a623f73bc6ecb7eeef423f0b98fd319be42459ca
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFx:ymb3NkkiQ3mdBjFIFx
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\733e256ea2349a7e7546fa7a205ab280_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\733e256ea2349a7e7546fa7a205ab280_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbttnh.exec:\bbttnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrrxxx.exec:\lrrrxxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxxrl.exec:\xrxxxrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjjd.exec:\1vjjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvv.exec:\jjjvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rllflx.exec:\1rllflx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nntnb.exec:\3nntnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjd.exec:\jdpjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrfrx.exec:\rrlrfrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtbht.exec:\nbtbht.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjd.exec:\jvpjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxxrr.exec:\fffxxrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtntb.exec:\bbtntb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnbb.exec:\bbtnbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vddv.exec:\1vddv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlllll.exec:\xxlllll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbbt.exec:\bbhbbt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbtt.exec:\bbbbtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddd.exec:\jdddd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxffx.exec:\rfxxffx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtttn.exec:\hbtttn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpvd.exec:\vjpvd.exe23⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe24⤵
- Executes dropped EXE
-
\??\c:\thhhbh.exec:\thhhbh.exe25⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe26⤵
- Executes dropped EXE
-
\??\c:\3vddd.exec:\3vddd.exe27⤵
- Executes dropped EXE
-
\??\c:\lllfxxx.exec:\lllfxxx.exe28⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\vdddd.exec:\vdddd.exe30⤵
- Executes dropped EXE
-
\??\c:\rlrlffl.exec:\rlrlffl.exe31⤵
- Executes dropped EXE
-
\??\c:\tbtbbb.exec:\tbtbbb.exe32⤵
- Executes dropped EXE
-
\??\c:\nnhhhn.exec:\nnhhhn.exe33⤵
- Executes dropped EXE
-
\??\c:\vvddd.exec:\vvddd.exe34⤵
- Executes dropped EXE
-
\??\c:\nnhtnt.exec:\nnhtnt.exe35⤵
- Executes dropped EXE
-
\??\c:\5tnhnn.exec:\5tnhnn.exe36⤵
- Executes dropped EXE
-
\??\c:\7jdvd.exec:\7jdvd.exe37⤵
- Executes dropped EXE
-
\??\c:\xxllrxf.exec:\xxllrxf.exe38⤵
- Executes dropped EXE
-
\??\c:\nnbhht.exec:\nnbhht.exe39⤵
- Executes dropped EXE
-
\??\c:\3nbhht.exec:\3nbhht.exe40⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe41⤵
- Executes dropped EXE
-
\??\c:\ffrffrx.exec:\ffrffrx.exe42⤵
- Executes dropped EXE
-
\??\c:\5xffffl.exec:\5xffffl.exe43⤵
- Executes dropped EXE
-
\??\c:\bhhhbb.exec:\bhhhbb.exe44⤵
- Executes dropped EXE
-
\??\c:\vdppj.exec:\vdppj.exe45⤵
- Executes dropped EXE
-
\??\c:\jjvvp.exec:\jjvvp.exe46⤵
- Executes dropped EXE
-
\??\c:\lxxrrxf.exec:\lxxrrxf.exe47⤵
- Executes dropped EXE
-
\??\c:\1bhbbb.exec:\1bhbbb.exe48⤵
- Executes dropped EXE
-
\??\c:\3jpdd.exec:\3jpdd.exe49⤵
- Executes dropped EXE
-
\??\c:\jdpvp.exec:\jdpvp.exe50⤵
- Executes dropped EXE
-
\??\c:\rllfllr.exec:\rllfllr.exe51⤵
- Executes dropped EXE
-
\??\c:\nnnnnn.exec:\nnnnnn.exe52⤵
- Executes dropped EXE
-
\??\c:\hnnnnn.exec:\hnnnnn.exe53⤵
- Executes dropped EXE
-
\??\c:\tnthhb.exec:\tnthhb.exe54⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe55⤵
- Executes dropped EXE
-
\??\c:\lfffxff.exec:\lfffxff.exe56⤵
- Executes dropped EXE
-
\??\c:\xllffrr.exec:\xllffrr.exe57⤵
- Executes dropped EXE
-
\??\c:\btbhhn.exec:\btbhhn.exe58⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe59⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe60⤵
- Executes dropped EXE
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe61⤵
- Executes dropped EXE
-
\??\c:\rflllll.exec:\rflllll.exe62⤵
- Executes dropped EXE
-
\??\c:\bthnnh.exec:\bthnnh.exe63⤵
- Executes dropped EXE
-
\??\c:\ntbtth.exec:\ntbtth.exe64⤵
- Executes dropped EXE
-
\??\c:\ppvvj.exec:\ppvvj.exe65⤵
- Executes dropped EXE
-
\??\c:\7vdvp.exec:\7vdvp.exe66⤵
-
\??\c:\llxrlll.exec:\llxrlll.exe67⤵
-
\??\c:\hbbbtb.exec:\hbbbtb.exe68⤵
-
\??\c:\bbnttn.exec:\bbnttn.exe69⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe70⤵
-
\??\c:\flffxxx.exec:\flffxxx.exe71⤵
-
\??\c:\bhbbbh.exec:\bhbbbh.exe72⤵
-
\??\c:\lllllrf.exec:\lllllrf.exe73⤵
-
\??\c:\ffffxfx.exec:\ffffxfx.exe74⤵
-
\??\c:\nnbbth.exec:\nnbbth.exe75⤵
-
\??\c:\vppdj.exec:\vppdj.exe76⤵
-
\??\c:\pdjvp.exec:\pdjvp.exe77⤵
-
\??\c:\bnntbn.exec:\bnntbn.exe78⤵
-
\??\c:\jpjjj.exec:\jpjjj.exe79⤵
-
\??\c:\1lrlffx.exec:\1lrlffx.exe80⤵
-
\??\c:\rlxrrrr.exec:\rlxrrrr.exe81⤵
-
\??\c:\hnttnt.exec:\hnttnt.exe82⤵
-
\??\c:\7jjdd.exec:\7jjdd.exe83⤵
-
\??\c:\djvdd.exec:\djvdd.exe84⤵
-
\??\c:\flxxrxf.exec:\flxxrxf.exe85⤵
-
\??\c:\ffrfrrx.exec:\ffrfrrx.exe86⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe87⤵
-
\??\c:\hbhhnb.exec:\hbhhnb.exe88⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe89⤵
-
\??\c:\ppppp.exec:\ppppp.exe90⤵
-
\??\c:\5rrlxrf.exec:\5rrlxrf.exe91⤵
-
\??\c:\fxffxff.exec:\fxffxff.exe92⤵
-
\??\c:\tntthh.exec:\tntthh.exe93⤵
-
\??\c:\hntttt.exec:\hntttt.exe94⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe95⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe96⤵
-
\??\c:\fxlfxrr.exec:\fxlfxrr.exe97⤵
-
\??\c:\rlxrlrr.exec:\rlxrlrr.exe98⤵
-
\??\c:\tbthtn.exec:\tbthtn.exe99⤵
-
\??\c:\9nnbnn.exec:\9nnbnn.exe100⤵
-
\??\c:\vdvpd.exec:\vdvpd.exe101⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe102⤵
-
\??\c:\llxxlrf.exec:\llxxlrf.exe103⤵
-
\??\c:\fxxrllx.exec:\fxxrllx.exe104⤵
-
\??\c:\7hbtnn.exec:\7hbtnn.exe105⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe106⤵
-
\??\c:\9nttbt.exec:\9nttbt.exe107⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe108⤵
-
\??\c:\3pppv.exec:\3pppv.exe109⤵
-
\??\c:\xlrlfxr.exec:\xlrlfxr.exe110⤵
-
\??\c:\frxrrfx.exec:\frxrrfx.exe111⤵
-
\??\c:\bhhbnn.exec:\bhhbnn.exe112⤵
-
\??\c:\1jvpj.exec:\1jvpj.exe113⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe114⤵
-
\??\c:\ffrxrrr.exec:\ffrxrrr.exe115⤵
-
\??\c:\xxfxllf.exec:\xxfxllf.exe116⤵
-
\??\c:\httnnn.exec:\httnnn.exe117⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe118⤵
-
\??\c:\pddpj.exec:\pddpj.exe119⤵
-
\??\c:\rrrlfll.exec:\rrrlfll.exe120⤵
-
\??\c:\1lxrllf.exec:\1lxrllf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-