Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
26/05/2024, 11:03
General
-
Target
d2455368ec6b2b8ad238b5f70c7d6b50_NeikiAnalytics.exe
-
Size
149KB
-
MD5
d2455368ec6b2b8ad238b5f70c7d6b50
-
SHA1
1fced3a52fec3a0d1a8dc27f5957fd05337749e7
-
SHA256
473a143992e66c610e862f0e0ee3a5a5dec6d94524e193628f5920d206d17b38
-
SHA512
333af17b9a8bbebdeeca4fcbebe502fd15b530ca2d06f9728b685cb970a87c49dbbf857128c8a8766536861401fbc05a36b40aafaacc2a4a3aeb240236e5890c
-
SSDEEP
3072:khOmTsF93UYfwC6GIoutpYcvrqrE66kropO6BWlPFH4t7:kcm4FmowdHoSphraHcpOFltH4t7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d2455368ec6b2b8ad238b5f70c7d6b50_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d2455368ec6b2b8ad238b5f70c7d6b50_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnhb.exec:\nbtnhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vdpp.exec:\7vdpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrlxx.exec:\fxxrlxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xfrxfr.exec:\1xfrxfr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnbb.exec:\bbnnbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvpj.exec:\5pvpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlflll.exec:\fxlflll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhtb.exec:\thnhtb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhbnb.exec:\3bhbnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxrlf.exec:\xffxrlf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbnhn.exec:\hhbnhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvpd.exec:\9dvpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxxr.exec:\xllfxxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhhtt.exec:\bhhhtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvp.exec:\dpvvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflfff.exec:\fxflfff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhnn.exec:\hbnhnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djjd.exec:\7djjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjj.exec:\vvpjj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxlfx.exec:\xxfxlfx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhtt.exec:\nbnhtt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvj.exec:\ddvvj.exe23⤵
- Executes dropped EXE
-
\??\c:\3lxrrrx.exec:\3lxrrrx.exe24⤵
- Executes dropped EXE
-
\??\c:\ntbthb.exec:\ntbthb.exe25⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe26⤵
- Executes dropped EXE
-
\??\c:\7jppj.exec:\7jppj.exe27⤵
- Executes dropped EXE
-
\??\c:\9fxrllf.exec:\9fxrllf.exe28⤵
- Executes dropped EXE
-
\??\c:\fxfxllr.exec:\fxfxllr.exe29⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe30⤵
- Executes dropped EXE
-
\??\c:\fllffxr.exec:\fllffxr.exe31⤵
- Executes dropped EXE
-
\??\c:\bnhbtn.exec:\bnhbtn.exe32⤵
- Executes dropped EXE
-
\??\c:\3ntttb.exec:\3ntttb.exe33⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe34⤵
- Executes dropped EXE
-
\??\c:\rxfrflf.exec:\rxfrflf.exe35⤵
- Executes dropped EXE
-
\??\c:\5xxrlll.exec:\5xxrlll.exe36⤵
- Executes dropped EXE
-
\??\c:\bnhbtt.exec:\bnhbtt.exe37⤵
- Executes dropped EXE
-
\??\c:\9hbtnh.exec:\9hbtnh.exe38⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe39⤵
- Executes dropped EXE
-
\??\c:\lxxrllf.exec:\lxxrllf.exe40⤵
- Executes dropped EXE
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe41⤵
- Executes dropped EXE
-
\??\c:\btnhbh.exec:\btnhbh.exe42⤵
- Executes dropped EXE
-
\??\c:\7ppjv.exec:\7ppjv.exe43⤵
- Executes dropped EXE
-
\??\c:\3ffxrrl.exec:\3ffxrrl.exe44⤵
- Executes dropped EXE
-
\??\c:\xlfxxrr.exec:\xlfxxrr.exe45⤵
- Executes dropped EXE
-
\??\c:\hhtnhh.exec:\hhtnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\pvdvj.exec:\pvdvj.exe47⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe48⤵
- Executes dropped EXE
-
\??\c:\fxxxxxr.exec:\fxxxxxr.exe49⤵
- Executes dropped EXE
-
\??\c:\tntnhh.exec:\tntnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\5bhbhh.exec:\5bhbhh.exe51⤵
- Executes dropped EXE
-
\??\c:\pjdpv.exec:\pjdpv.exe52⤵
- Executes dropped EXE
-
\??\c:\3pvpj.exec:\3pvpj.exe53⤵
- Executes dropped EXE
-
\??\c:\xxxlrrr.exec:\xxxlrrr.exe54⤵
- Executes dropped EXE
-
\??\c:\hhbhbb.exec:\hhbhbb.exe55⤵
- Executes dropped EXE
-
\??\c:\tntnbt.exec:\tntnbt.exe56⤵
- Executes dropped EXE
-
\??\c:\pddvd.exec:\pddvd.exe57⤵
- Executes dropped EXE
-
\??\c:\5dpjv.exec:\5dpjv.exe58⤵
- Executes dropped EXE
-
\??\c:\7lfxrll.exec:\7lfxrll.exe59⤵
- Executes dropped EXE
-
\??\c:\xllfxrl.exec:\xllfxrl.exe60⤵
- Executes dropped EXE
-
\??\c:\thnhnh.exec:\thnhnh.exe61⤵
- Executes dropped EXE
-
\??\c:\jddpp.exec:\jddpp.exe62⤵
- Executes dropped EXE
-
\??\c:\7vpjp.exec:\7vpjp.exe63⤵
- Executes dropped EXE
-
\??\c:\xffxrlf.exec:\xffxrlf.exe64⤵
- Executes dropped EXE
-
\??\c:\tttnhn.exec:\tttnhn.exe65⤵
- Executes dropped EXE
-
\??\c:\jdjvp.exec:\jdjvp.exe66⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe67⤵
-
\??\c:\lfxfxlf.exec:\lfxfxlf.exe68⤵
-
\??\c:\nnbbtt.exec:\nnbbtt.exe69⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe70⤵
-
\??\c:\pvdpp.exec:\pvdpp.exe71⤵
-
\??\c:\ddddv.exec:\ddddv.exe72⤵
-
\??\c:\7fxxrrx.exec:\7fxxrrx.exe73⤵
-
\??\c:\lrflrxf.exec:\lrflrxf.exe74⤵
-
\??\c:\vvppp.exec:\vvppp.exe75⤵
-
\??\c:\dpppp.exec:\dpppp.exe76⤵
-
\??\c:\pvpjj.exec:\pvpjj.exe77⤵
-
\??\c:\rrllxxl.exec:\rrllxxl.exe78⤵
-
\??\c:\tttttn.exec:\tttttn.exe79⤵
-
\??\c:\bntbbb.exec:\bntbbb.exe80⤵
-
\??\c:\djppp.exec:\djppp.exe81⤵
-
\??\c:\llxlrrx.exec:\llxlrrx.exe82⤵
-
\??\c:\hnbnbb.exec:\hnbnbb.exe83⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe84⤵
-
\??\c:\vvddd.exec:\vvddd.exe85⤵
-
\??\c:\lrlrffl.exec:\lrlrffl.exe86⤵
-
\??\c:\lflffff.exec:\lflffff.exe87⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe88⤵
-
\??\c:\htbhbb.exec:\htbhbb.exe89⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe90⤵
-
\??\c:\fflfxff.exec:\fflfxff.exe91⤵
-
\??\c:\rxxxxfx.exec:\rxxxxfx.exe92⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe93⤵
-
\??\c:\5vddj.exec:\5vddj.exe94⤵
-
\??\c:\lxxrfff.exec:\lxxrfff.exe95⤵
-
\??\c:\lrrfxrl.exec:\lrrfxrl.exe96⤵
-
\??\c:\nhhbhh.exec:\nhhbhh.exe97⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe98⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe99⤵
-
\??\c:\7xrlrrr.exec:\7xrlrrr.exe100⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe101⤵
-
\??\c:\hnnhbt.exec:\hnnhbt.exe102⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe103⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe104⤵
-
\??\c:\xrlfrrl.exec:\xrlfrrl.exe105⤵
-
\??\c:\5rfxxrl.exec:\5rfxxrl.exe106⤵
-
\??\c:\7bhbth.exec:\7bhbth.exe107⤵
-
\??\c:\vppjd.exec:\vppjd.exe108⤵
-
\??\c:\jpdpd.exec:\jpdpd.exe109⤵
-
\??\c:\frrfxlf.exec:\frrfxlf.exe110⤵
-
\??\c:\9lllfxr.exec:\9lllfxr.exe111⤵
-
\??\c:\1hnhhb.exec:\1hnhhb.exe112⤵
-
\??\c:\nhnhbh.exec:\nhnhbh.exe113⤵
-
\??\c:\pjddp.exec:\pjddp.exe114⤵
-
\??\c:\jpddd.exec:\jpddd.exe115⤵
-
\??\c:\fffxllf.exec:\fffxllf.exe116⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe117⤵
-
\??\c:\ttttnh.exec:\ttttnh.exe118⤵
-
\??\c:\1vjvp.exec:\1vjvp.exe119⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe120⤵
-
\??\c:\rllfxrl.exec:\rllfxrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-