Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
24/05/2024, 05:07
General
-
Target
afae590fee0f526a31fff02dd6ddfb80_NeikiAnalytics.exe
-
Size
74KB
-
MD5
afae590fee0f526a31fff02dd6ddfb80
-
SHA1
d6d5b7165f94e65e41526f890f7375f36527c946
-
SHA256
4d3c1495196558a78676b376ac9a4dde2dc92c685170b4bade09206d8bf24f65
-
SHA512
2c68b79a803cd76ff366257520df50ee8192326e87d07177b34f28c9893e7342dc006e911942ebc2076d90a2d56e61723c8845a1b050aa60fb87e7ff403110e0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5TEom:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCqJ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\afae590fee0f526a31fff02dd6ddfb80_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\afae590fee0f526a31fff02dd6ddfb80_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5nnbtb.exec:\5nnbtb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdjp.exec:\jpdjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxlxll.exec:\1lxlxll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbtt.exec:\nhtbtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxxr.exec:\xllfxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnhn.exec:\bhnnhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnhh.exec:\hbtnhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvpd.exec:\7vvpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxxlf.exec:\xxfxxlf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnhb.exec:\htnnhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llfrlf.exec:\3llfrlf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxlfr.exec:\lxfxlfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnbt.exec:\nbtnbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pppd.exec:\3pppd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpj.exec:\jpvpj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfllf.exec:\rflfllf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhbb.exec:\btnhbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpd.exec:\vdvpd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrffx.exec:\xlfrffx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbtnn.exec:\hhbtnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ntnhb.exec:\5ntnhb.exe23⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe24⤵
- Executes dropped EXE
-
\??\c:\rrxrrrl.exec:\rrxrrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\7btthb.exec:\7btthb.exe26⤵
- Executes dropped EXE
-
\??\c:\5djjd.exec:\5djjd.exe27⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe28⤵
- Executes dropped EXE
-
\??\c:\rlfrfrr.exec:\rlfrfrr.exe29⤵
- Executes dropped EXE
-
\??\c:\9ntnhn.exec:\9ntnhn.exe30⤵
- Executes dropped EXE
-
\??\c:\1jjdv.exec:\1jjdv.exe31⤵
- Executes dropped EXE
-
\??\c:\3ppjd.exec:\3ppjd.exe32⤵
- Executes dropped EXE
-
\??\c:\lffxrrl.exec:\lffxrrl.exe33⤵
- Executes dropped EXE
-
\??\c:\nbtbtt.exec:\nbtbtt.exe34⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe35⤵
- Executes dropped EXE
-
\??\c:\9jvpp.exec:\9jvpp.exe36⤵
- Executes dropped EXE
-
\??\c:\9frffff.exec:\9frffff.exe37⤵
- Executes dropped EXE
-
\??\c:\lrffxxr.exec:\lrffxxr.exe38⤵
- Executes dropped EXE
-
\??\c:\nnnhhb.exec:\nnnhhb.exe39⤵
- Executes dropped EXE
-
\??\c:\dvvjp.exec:\dvvjp.exe40⤵
- Executes dropped EXE
-
\??\c:\vjdvv.exec:\vjdvv.exe41⤵
- Executes dropped EXE
-
\??\c:\lxlrrlf.exec:\lxlrrlf.exe42⤵
- Executes dropped EXE
-
\??\c:\hbhhhb.exec:\hbhhhb.exe43⤵
- Executes dropped EXE
-
\??\c:\pjvdd.exec:\pjvdd.exe44⤵
- Executes dropped EXE
-
\??\c:\frxxrrl.exec:\frxxrrl.exe45⤵
- Executes dropped EXE
-
\??\c:\xlffllf.exec:\xlffllf.exe46⤵
- Executes dropped EXE
-
\??\c:\nhttnn.exec:\nhttnn.exe47⤵
- Executes dropped EXE
-
\??\c:\thnnnn.exec:\thnnnn.exe48⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe49⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe50⤵
- Executes dropped EXE
-
\??\c:\rrrlflf.exec:\rrrlflf.exe51⤵
- Executes dropped EXE
-
\??\c:\xrffxxr.exec:\xrffxxr.exe52⤵
- Executes dropped EXE
-
\??\c:\thnhbb.exec:\thnhbb.exe53⤵
- Executes dropped EXE
-
\??\c:\tnbnnn.exec:\tnbnnn.exe54⤵
- Executes dropped EXE
-
\??\c:\vdpdv.exec:\vdpdv.exe55⤵
- Executes dropped EXE
-
\??\c:\1pppj.exec:\1pppj.exe56⤵
- Executes dropped EXE
-
\??\c:\lfxxlll.exec:\lfxxlll.exe57⤵
- Executes dropped EXE
-
\??\c:\5tbbbb.exec:\5tbbbb.exe58⤵
- Executes dropped EXE
-
\??\c:\1bbbtb.exec:\1bbbtb.exe59⤵
- Executes dropped EXE
-
\??\c:\pvvvp.exec:\pvvvp.exe60⤵
- Executes dropped EXE
-
\??\c:\djvdj.exec:\djvdj.exe61⤵
- Executes dropped EXE
-
\??\c:\1xfxllf.exec:\1xfxllf.exe62⤵
- Executes dropped EXE
-
\??\c:\3rrffrr.exec:\3rrffrr.exe63⤵
- Executes dropped EXE
-
\??\c:\htbbtt.exec:\htbbtt.exe64⤵
- Executes dropped EXE
-
\??\c:\hhhbtt.exec:\hhhbtt.exe65⤵
- Executes dropped EXE
-
\??\c:\3jvpj.exec:\3jvpj.exe66⤵
-
\??\c:\vdddv.exec:\vdddv.exe67⤵
-
\??\c:\rrrrfll.exec:\rrrrfll.exe68⤵
-
\??\c:\bhbtnh.exec:\bhbtnh.exe69⤵
-
\??\c:\1nnhnn.exec:\1nnhnn.exe70⤵
-
\??\c:\3dpjv.exec:\3dpjv.exe71⤵
-
\??\c:\3vpjd.exec:\3vpjd.exe72⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe73⤵
-
\??\c:\5xrrlfx.exec:\5xrrlfx.exe74⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe75⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe76⤵
-
\??\c:\7jppp.exec:\7jppp.exe77⤵
-
\??\c:\xlxxrrr.exec:\xlxxrrr.exe78⤵
-
\??\c:\llfxrxr.exec:\llfxrxr.exe79⤵
-
\??\c:\3nbtnh.exec:\3nbtnh.exe80⤵
-
\??\c:\pjppd.exec:\pjppd.exe81⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe82⤵
-
\??\c:\1lllxxr.exec:\1lllxxr.exe83⤵
-
\??\c:\xlfrffl.exec:\xlfrffl.exe84⤵
-
\??\c:\btbbbt.exec:\btbbbt.exe85⤵
-
\??\c:\hhhtbb.exec:\hhhtbb.exe86⤵
-
\??\c:\pvddp.exec:\pvddp.exe87⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe88⤵
-
\??\c:\lfxrlrr.exec:\lfxrlrr.exe89⤵
-
\??\c:\1frxrrf.exec:\1frxrrf.exe90⤵
-
\??\c:\tnnhht.exec:\tnnhht.exe91⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe92⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe93⤵
-
\??\c:\flxxrrr.exec:\flxxrrr.exe94⤵
-
\??\c:\3flffrl.exec:\3flffrl.exe95⤵
-
\??\c:\bhbtth.exec:\bhbtth.exe96⤵
-
\??\c:\7jjjd.exec:\7jjjd.exe97⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe98⤵
-
\??\c:\7fffxff.exec:\7fffxff.exe99⤵
-
\??\c:\llrrrrx.exec:\llrrrrx.exe100⤵
-
\??\c:\nbbttn.exec:\nbbttn.exe101⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe102⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe103⤵
-
\??\c:\xrxrllf.exec:\xrxrllf.exe104⤵
-
\??\c:\tbtnbn.exec:\tbtnbn.exe105⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe106⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe107⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe108⤵
-
\??\c:\xxlllrx.exec:\xxlllrx.exe109⤵
-
\??\c:\5lffllf.exec:\5lffllf.exe110⤵
-
\??\c:\thtnbn.exec:\thtnbn.exe111⤵
-
\??\c:\pjppp.exec:\pjppp.exe112⤵
-
\??\c:\jddvv.exec:\jddvv.exe113⤵
-
\??\c:\xlrrrff.exec:\xlrrrff.exe114⤵
-
\??\c:\lrxxrrl.exec:\lrxxrrl.exe115⤵
-
\??\c:\7bhbhb.exec:\7bhbhb.exe116⤵
-
\??\c:\bthbhb.exec:\bthbhb.exe117⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe118⤵
-
\??\c:\9pvpd.exec:\9pvpd.exe119⤵
-
\??\c:\fxrrrlf.exec:\fxrrrlf.exe120⤵
-
\??\c:\5fxrllf.exec:\5fxrllf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-