Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
26/05/2024, 11:03
General
-
Target
d2455368ec6b2b8ad238b5f70c7d6b50_NeikiAnalytics.exe
-
Size
149KB
-
MD5
d2455368ec6b2b8ad238b5f70c7d6b50
-
SHA1
1fced3a52fec3a0d1a8dc27f5957fd05337749e7
-
SHA256
473a143992e66c610e862f0e0ee3a5a5dec6d94524e193628f5920d206d17b38
-
SHA512
333af17b9a8bbebdeeca4fcbebe502fd15b530ca2d06f9728b685cb970a87c49dbbf857128c8a8766536861401fbc05a36b40aafaacc2a4a3aeb240236e5890c
-
SSDEEP
3072:khOmTsF93UYfwC6GIoutpYcvrqrE66kropO6BWlPFH4t7:kcm4FmowdHoSphraHcpOFltH4t7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d2455368ec6b2b8ad238b5f70c7d6b50_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d2455368ec6b2b8ad238b5f70c7d6b50_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrxrf.exec:\xrlrxrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lfrrrf.exec:\3lfrrrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpd.exec:\vvvpd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frxffr.exec:\3frxffr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vpvj.exec:\3vpvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxlrfr.exec:\rrxlrfr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfflfl.exec:\xrfflfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbnt.exec:\hbhbnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjp.exec:\jdjjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlllr.exec:\frxlllr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbbt.exec:\tnbbbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddp.exec:\dpddp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrrrx.exec:\lflrrrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrflx.exec:\xxlrflx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbbnn.exec:\9bbbnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvd.exec:\dvpvd.exe17⤵
- Executes dropped EXE
-
\??\c:\dvdjj.exec:\dvdjj.exe18⤵
- Executes dropped EXE
-
\??\c:\xflxffl.exec:\xflxffl.exe19⤵
- Executes dropped EXE
-
\??\c:\3hbbbh.exec:\3hbbbh.exe20⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe21⤵
- Executes dropped EXE
-
\??\c:\rrrxlxl.exec:\rrrxlxl.exe22⤵
- Executes dropped EXE
-
\??\c:\lffrrxr.exec:\lffrrxr.exe23⤵
- Executes dropped EXE
-
\??\c:\1btbhn.exec:\1btbhn.exe24⤵
- Executes dropped EXE
-
\??\c:\vvdpp.exec:\vvdpp.exe25⤵
- Executes dropped EXE
-
\??\c:\lllfrff.exec:\lllfrff.exe26⤵
- Executes dropped EXE
-
\??\c:\xrfflll.exec:\xrfflll.exe27⤵
- Executes dropped EXE
-
\??\c:\1pvdp.exec:\1pvdp.exe28⤵
- Executes dropped EXE
-
\??\c:\vjvjj.exec:\vjvjj.exe29⤵
- Executes dropped EXE
-
\??\c:\7xlrrrx.exec:\7xlrrrx.exe30⤵
- Executes dropped EXE
-
\??\c:\nhnbnt.exec:\nhnbnt.exe31⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe32⤵
- Executes dropped EXE
-
\??\c:\xrrfflr.exec:\xrrfflr.exe33⤵
- Executes dropped EXE
-
\??\c:\7frxlrx.exec:\7frxlrx.exe34⤵
- Executes dropped EXE
-
\??\c:\1bthnt.exec:\1bthnt.exe35⤵
- Executes dropped EXE
-
\??\c:\1bnnbn.exec:\1bnnbn.exe36⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe37⤵
- Executes dropped EXE
-
\??\c:\vpvjv.exec:\vpvjv.exe38⤵
- Executes dropped EXE
-
\??\c:\xxlllrf.exec:\xxlllrf.exe39⤵
- Executes dropped EXE
-
\??\c:\tnbnnh.exec:\tnbnnh.exe40⤵
- Executes dropped EXE
-
\??\c:\hbnttb.exec:\hbnttb.exe41⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe42⤵
- Executes dropped EXE
-
\??\c:\7pddd.exec:\7pddd.exe43⤵
- Executes dropped EXE
-
\??\c:\ffxfllr.exec:\ffxfllr.exe44⤵
- Executes dropped EXE
-
\??\c:\5xrrrxf.exec:\5xrrrxf.exe45⤵
- Executes dropped EXE
-
\??\c:\btbnbh.exec:\btbnbh.exe46⤵
- Executes dropped EXE
-
\??\c:\bnhhhn.exec:\bnhhhn.exe47⤵
- Executes dropped EXE
-
\??\c:\dvdpd.exec:\dvdpd.exe48⤵
- Executes dropped EXE
-
\??\c:\jpjpd.exec:\jpjpd.exe49⤵
- Executes dropped EXE
-
\??\c:\lrxrxrr.exec:\lrxrxrr.exe50⤵
- Executes dropped EXE
-
\??\c:\nnhttt.exec:\nnhttt.exe51⤵
- Executes dropped EXE
-
\??\c:\nnbhbb.exec:\nnbhbb.exe52⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe53⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe54⤵
- Executes dropped EXE
-
\??\c:\frxxxfl.exec:\frxxxfl.exe55⤵
- Executes dropped EXE
-
\??\c:\1btbtt.exec:\1btbtt.exe56⤵
- Executes dropped EXE
-
\??\c:\thhbbb.exec:\thhbbb.exe57⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe58⤵
- Executes dropped EXE
-
\??\c:\1lrrxrf.exec:\1lrrxrf.exe59⤵
- Executes dropped EXE
-
\??\c:\rlxxxxf.exec:\rlxxxxf.exe60⤵
- Executes dropped EXE
-
\??\c:\ttnthn.exec:\ttnthn.exe61⤵
- Executes dropped EXE
-
\??\c:\ppdpp.exec:\ppdpp.exe62⤵
- Executes dropped EXE
-
\??\c:\pdvpv.exec:\pdvpv.exe63⤵
- Executes dropped EXE
-
\??\c:\3xrxxxf.exec:\3xrxxxf.exe64⤵
- Executes dropped EXE
-
\??\c:\hnnbbn.exec:\hnnbbn.exe65⤵
- Executes dropped EXE
-
\??\c:\bbtthn.exec:\bbtthn.exe66⤵
-
\??\c:\jvvpv.exec:\jvvpv.exe67⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe68⤵
-
\??\c:\rrfrlxr.exec:\rrfrlxr.exe69⤵
-
\??\c:\btnthh.exec:\btnthh.exe70⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe71⤵
-
\??\c:\jpdpp.exec:\jpdpp.exe72⤵
-
\??\c:\rlrflrx.exec:\rlrflrx.exe73⤵
-
\??\c:\5rflxff.exec:\5rflxff.exe74⤵
-
\??\c:\hbhntt.exec:\hbhntt.exe75⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe76⤵
-
\??\c:\jvvjp.exec:\jvvjp.exe77⤵
-
\??\c:\llflfxl.exec:\llflfxl.exe78⤵
-
\??\c:\tthnbn.exec:\tthnbn.exe79⤵
-
\??\c:\thntnn.exec:\thntnn.exe80⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe81⤵
-
\??\c:\rrxrxll.exec:\rrxrxll.exe82⤵
-
\??\c:\hbnnbn.exec:\hbnnbn.exe83⤵
-
\??\c:\ntbnht.exec:\ntbnht.exe84⤵
-
\??\c:\1jdjj.exec:\1jdjj.exe85⤵
-
\??\c:\lfllllr.exec:\lfllllr.exe86⤵
-
\??\c:\rlffflx.exec:\rlffflx.exe87⤵
-
\??\c:\bhthbt.exec:\bhthbt.exe88⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe89⤵
-
\??\c:\vppdp.exec:\vppdp.exe90⤵
-
\??\c:\rrllxfx.exec:\rrllxfx.exe91⤵
-
\??\c:\tnbnht.exec:\tnbnht.exe92⤵
-
\??\c:\7httbn.exec:\7httbn.exe93⤵
-
\??\c:\vpddd.exec:\vpddd.exe94⤵
-
\??\c:\3ddjd.exec:\3ddjd.exe95⤵
-
\??\c:\bbhnnb.exec:\bbhnnb.exe96⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe97⤵
-
\??\c:\lxrxrxx.exec:\lxrxrxx.exe98⤵
-
\??\c:\lxlxffx.exec:\lxlxffx.exe99⤵
-
\??\c:\bbbhtb.exec:\bbbhtb.exe100⤵
-
\??\c:\9hnbbb.exec:\9hnbbb.exe101⤵
-
\??\c:\jjjpv.exec:\jjjpv.exe102⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe103⤵
-
\??\c:\fxxxxff.exec:\fxxxxff.exe104⤵
-
\??\c:\thtntt.exec:\thtntt.exe105⤵
-
\??\c:\9tttbt.exec:\9tttbt.exe106⤵
-
\??\c:\vjpvj.exec:\vjpvj.exe107⤵
-
\??\c:\pvvjv.exec:\pvvjv.exe108⤵
-
\??\c:\rrrxfrl.exec:\rrrxfrl.exe109⤵
-
\??\c:\tbtbhh.exec:\tbtbhh.exe110⤵
-
\??\c:\hbntth.exec:\hbntth.exe111⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe112⤵
-
\??\c:\rrxrrll.exec:\rrxrrll.exe113⤵
-
\??\c:\rlrrffl.exec:\rlrrffl.exe114⤵
-
\??\c:\bthntt.exec:\bthntt.exe115⤵
-
\??\c:\9djvv.exec:\9djvv.exe116⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe117⤵
-
\??\c:\3fxlllr.exec:\3fxlllr.exe118⤵
-
\??\c:\9xflrrf.exec:\9xflrrf.exe119⤵
-
\??\c:\3bnhhb.exec:\3bnhhb.exe120⤵
-
\??\c:\9dvvd.exec:\9dvvd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-