Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
24/05/2024, 05:07
General
-
Target
afae590fee0f526a31fff02dd6ddfb80_NeikiAnalytics.exe
-
Size
74KB
-
MD5
afae590fee0f526a31fff02dd6ddfb80
-
SHA1
d6d5b7165f94e65e41526f890f7375f36527c946
-
SHA256
4d3c1495196558a78676b376ac9a4dde2dc92c685170b4bade09206d8bf24f65
-
SHA512
2c68b79a803cd76ff366257520df50ee8192326e87d07177b34f28c9893e7342dc006e911942ebc2076d90a2d56e61723c8845a1b050aa60fb87e7ff403110e0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5TEom:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCqJ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\afae590fee0f526a31fff02dd6ddfb80_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\afae590fee0f526a31fff02dd6ddfb80_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7dppd.exec:\7dppd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxfllr.exec:\xlxfllr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtthb.exec:\thtthb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnn.exec:\bthhnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddv.exec:\jdddv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvd.exec:\jdpvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bnbnt.exec:\9bnbnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tntht.exec:\9tntht.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdj.exec:\jdvdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppd.exec:\jdppd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfllr.exec:\xrxfllr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnntt.exec:\7tnntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhhn.exec:\tnhhhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjjp.exec:\1vjjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddp.exec:\jvddp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xlrrxf.exec:\7xlrrxf.exe17⤵
- Executes dropped EXE
-
\??\c:\rlfrxfr.exec:\rlfrxfr.exe18⤵
- Executes dropped EXE
-
\??\c:\5btbnt.exec:\5btbnt.exe19⤵
- Executes dropped EXE
-
\??\c:\jjpdp.exec:\jjpdp.exe20⤵
- Executes dropped EXE
-
\??\c:\vpppv.exec:\vpppv.exe21⤵
- Executes dropped EXE
-
\??\c:\xfrfxxr.exec:\xfrfxxr.exe22⤵
- Executes dropped EXE
-
\??\c:\nhtbhn.exec:\nhtbhn.exe23⤵
- Executes dropped EXE
-
\??\c:\nhttbn.exec:\nhttbn.exe24⤵
- Executes dropped EXE
-
\??\c:\nbtnbh.exec:\nbtnbh.exe25⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe26⤵
- Executes dropped EXE
-
\??\c:\xfxxflr.exec:\xfxxflr.exe27⤵
- Executes dropped EXE
-
\??\c:\7lffllr.exec:\7lffllr.exe28⤵
- Executes dropped EXE
-
\??\c:\lfrxlfl.exec:\lfrxlfl.exe29⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe30⤵
- Executes dropped EXE
-
\??\c:\jjddj.exec:\jjddj.exe31⤵
- Executes dropped EXE
-
\??\c:\lffrxxl.exec:\lffrxxl.exe32⤵
- Executes dropped EXE
-
\??\c:\fxfxffl.exec:\fxfxffl.exe33⤵
- Executes dropped EXE
-
\??\c:\3lrrffl.exec:\3lrrffl.exe34⤵
- Executes dropped EXE
-
\??\c:\hnntth.exec:\hnntth.exe35⤵
- Executes dropped EXE
-
\??\c:\dpppv.exec:\dpppv.exe36⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe37⤵
- Executes dropped EXE
-
\??\c:\ffrrxxl.exec:\ffrrxxl.exe38⤵
- Executes dropped EXE
-
\??\c:\lxlflff.exec:\lxlflff.exe39⤵
- Executes dropped EXE
-
\??\c:\hbbhth.exec:\hbbhth.exe40⤵
- Executes dropped EXE
-
\??\c:\5hhhtt.exec:\5hhhtt.exe41⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe42⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe43⤵
- Executes dropped EXE
-
\??\c:\3frrrrf.exec:\3frrrrf.exe44⤵
- Executes dropped EXE
-
\??\c:\fxrxfxf.exec:\fxrxfxf.exe45⤵
- Executes dropped EXE
-
\??\c:\nnhthn.exec:\nnhthn.exe46⤵
- Executes dropped EXE
-
\??\c:\hbnhnt.exec:\hbnhnt.exe47⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe48⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe49⤵
- Executes dropped EXE
-
\??\c:\rlrrffl.exec:\rlrrffl.exe50⤵
- Executes dropped EXE
-
\??\c:\9lxrxfl.exec:\9lxrxfl.exe51⤵
- Executes dropped EXE
-
\??\c:\nhtbbb.exec:\nhtbbb.exe52⤵
- Executes dropped EXE
-
\??\c:\hbbnnt.exec:\hbbnnt.exe53⤵
- Executes dropped EXE
-
\??\c:\vvjvv.exec:\vvjvv.exe54⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe55⤵
- Executes dropped EXE
-
\??\c:\rflrxff.exec:\rflrxff.exe56⤵
- Executes dropped EXE
-
\??\c:\fxlfrrf.exec:\fxlfrrf.exe57⤵
- Executes dropped EXE
-
\??\c:\fxrflxf.exec:\fxrflxf.exe58⤵
- Executes dropped EXE
-
\??\c:\nhnttt.exec:\nhnttt.exe59⤵
- Executes dropped EXE
-
\??\c:\hbtbht.exec:\hbtbht.exe60⤵
- Executes dropped EXE
-
\??\c:\9pjpv.exec:\9pjpv.exe61⤵
- Executes dropped EXE
-
\??\c:\7ppvd.exec:\7ppvd.exe62⤵
- Executes dropped EXE
-
\??\c:\1fxlllr.exec:\1fxlllr.exe63⤵
- Executes dropped EXE
-
\??\c:\5xxxffr.exec:\5xxxffr.exe64⤵
- Executes dropped EXE
-
\??\c:\bbbbbt.exec:\bbbbbt.exe65⤵
- Executes dropped EXE
-
\??\c:\htnnhn.exec:\htnnhn.exe66⤵
-
\??\c:\9htbhh.exec:\9htbhh.exe67⤵
-
\??\c:\7jvdd.exec:\7jvdd.exe68⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe69⤵
-
\??\c:\frfrxxf.exec:\frfrxxf.exe70⤵
-
\??\c:\rlxxflr.exec:\rlxxflr.exe71⤵
-
\??\c:\bbthbt.exec:\bbthbt.exe72⤵
-
\??\c:\hbbhnt.exec:\hbbhnt.exe73⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe74⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe75⤵
-
\??\c:\9frrxlf.exec:\9frrxlf.exe76⤵
-
\??\c:\rrffrrl.exec:\rrffrrl.exe77⤵
-
\??\c:\hbbnth.exec:\hbbnth.exe78⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe79⤵
-
\??\c:\pjddd.exec:\pjddd.exe80⤵
-
\??\c:\5dvpp.exec:\5dvpp.exe81⤵
-
\??\c:\1pdvv.exec:\1pdvv.exe82⤵
-
\??\c:\5lxflfl.exec:\5lxflfl.exe83⤵
-
\??\c:\rrflxxf.exec:\rrflxxf.exe84⤵
-
\??\c:\3hhntt.exec:\3hhntt.exe85⤵
-
\??\c:\nnnntt.exec:\nnnntt.exe86⤵
-
\??\c:\7jdvj.exec:\7jdvj.exe87⤵
-
\??\c:\vvjpj.exec:\vvjpj.exe88⤵
-
\??\c:\xrflxrf.exec:\xrflxrf.exe89⤵
-
\??\c:\rllrffl.exec:\rllrffl.exe90⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe91⤵
-
\??\c:\hhnnnh.exec:\hhnnnh.exe92⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe93⤵
-
\??\c:\7vjdd.exec:\7vjdd.exe94⤵
-
\??\c:\vjddd.exec:\vjddd.exe95⤵
-
\??\c:\xrflrrx.exec:\xrflrrx.exe96⤵
-
\??\c:\5flrrrf.exec:\5flrrrf.exe97⤵
-
\??\c:\5bthtt.exec:\5bthtt.exe98⤵
-
\??\c:\pppvd.exec:\pppvd.exe99⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe100⤵
-
\??\c:\lllxrlx.exec:\lllxrlx.exe101⤵
-
\??\c:\rllrfrl.exec:\rllrfrl.exe102⤵
-
\??\c:\9bhhtt.exec:\9bhhtt.exe103⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe104⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe105⤵
-
\??\c:\5ppjp.exec:\5ppjp.exe106⤵
-
\??\c:\vpppd.exec:\vpppd.exe107⤵
-
\??\c:\frlrrfl.exec:\frlrrfl.exe108⤵
-
\??\c:\9lflrxx.exec:\9lflrxx.exe109⤵
-
\??\c:\btnttb.exec:\btnttb.exe110⤵
-
\??\c:\7vppd.exec:\7vppd.exe111⤵
-
\??\c:\7jvdp.exec:\7jvdp.exe112⤵
-
\??\c:\xxfxxxf.exec:\xxfxxxf.exe113⤵
-
\??\c:\fflfxrx.exec:\fflfxrx.exe114⤵
-
\??\c:\lfllrrx.exec:\lfllrrx.exe115⤵
-
\??\c:\bttnnt.exec:\bttnnt.exe116⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe117⤵
-
\??\c:\pdjvp.exec:\pdjvp.exe118⤵
-
\??\c:\xxlllrf.exec:\xxlllrf.exe119⤵
-
\??\c:\9fxlxfx.exec:\9fxlxfx.exe120⤵
-
\??\c:\llxlrrx.exec:\llxlrrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-