Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
27/05/2024, 08:19
General
-
Target
6e550c40c14154a48efd409fdf4ffef0_NeikiAnalytics.exe
-
Size
247KB
-
MD5
6e550c40c14154a48efd409fdf4ffef0
-
SHA1
403c3a0bf7130a5db09afc5b8b93848017962e3c
-
SHA256
b2338a3c77f6caa6ee825778a4fe3fef41c68f96297383ffdf2e852d8bd1562e
-
SHA512
8e9081f2071db8adb0aea339030b7cea9891a6eec176adf1a61d916638e3472f7fb1fb20025bfb0ba99500f9bb37c44741f937d54b87259536d8a8a31fb93787
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4MAWvGjR1+:n3C9BRo7MlrWKo+lxtvGt1+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6e550c40c14154a48efd409fdf4ffef0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6e550c40c14154a48efd409fdf4ffef0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtthn.exec:\nbtthn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvj.exec:\ppjvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxflrf.exec:\ffxflrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhbh.exec:\tnbhbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjd.exec:\pjdjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxflfl.exec:\llxflfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhnt.exec:\tnbhnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdjv.exec:\7pdjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrffr.exec:\xxlrffr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthtb.exec:\hhthtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddj.exec:\vvddj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5flxlrf.exec:\5flxlrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnntb.exec:\1tnntb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnbht.exec:\7bnbht.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllxxr.exec:\xxllxxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrxlrf.exec:\5rrxlrf.exe17⤵
- Executes dropped EXE
-
\??\c:\9nttbt.exec:\9nttbt.exe18⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe19⤵
- Executes dropped EXE
-
\??\c:\lfffffr.exec:\lfffffr.exe20⤵
- Executes dropped EXE
-
\??\c:\9hbthh.exec:\9hbthh.exe21⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe22⤵
- Executes dropped EXE
-
\??\c:\lfrxflr.exec:\lfrxflr.exe23⤵
- Executes dropped EXE
-
\??\c:\5nbbht.exec:\5nbbht.exe24⤵
- Executes dropped EXE
-
\??\c:\9hhhbh.exec:\9hhhbh.exe25⤵
- Executes dropped EXE
-
\??\c:\9jjjv.exec:\9jjjv.exe26⤵
- Executes dropped EXE
-
\??\c:\rlrrxxl.exec:\rlrrxxl.exe27⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe28⤵
- Executes dropped EXE
-
\??\c:\fflrffr.exec:\fflrffr.exe29⤵
- Executes dropped EXE
-
\??\c:\nnbnbn.exec:\nnbnbn.exe30⤵
- Executes dropped EXE
-
\??\c:\ppdjd.exec:\ppdjd.exe31⤵
- Executes dropped EXE
-
\??\c:\dvjdv.exec:\dvjdv.exe32⤵
- Executes dropped EXE
-
\??\c:\btnntt.exec:\btnntt.exe33⤵
- Executes dropped EXE
-
\??\c:\nhthnt.exec:\nhthnt.exe34⤵
- Executes dropped EXE
-
\??\c:\dvjdv.exec:\dvjdv.exe35⤵
- Executes dropped EXE
-
\??\c:\xrxxfrl.exec:\xrxxfrl.exe36⤵
- Executes dropped EXE
-
\??\c:\llxrffx.exec:\llxrffx.exe37⤵
- Executes dropped EXE
-
\??\c:\9tntht.exec:\9tntht.exe38⤵
- Executes dropped EXE
-
\??\c:\nnhntb.exec:\nnhntb.exe39⤵
- Executes dropped EXE
-
\??\c:\3vjpp.exec:\3vjpp.exe40⤵
- Executes dropped EXE
-
\??\c:\lfxxlrf.exec:\lfxxlrf.exe41⤵
- Executes dropped EXE
-
\??\c:\xrrrxll.exec:\xrrrxll.exe42⤵
- Executes dropped EXE
-
\??\c:\3httbh.exec:\3httbh.exe43⤵
- Executes dropped EXE
-
\??\c:\vvpvd.exec:\vvpvd.exe44⤵
- Executes dropped EXE
-
\??\c:\rxrrflf.exec:\rxrrflf.exe45⤵
- Executes dropped EXE
-
\??\c:\nhthtt.exec:\nhthtt.exe46⤵
- Executes dropped EXE
-
\??\c:\hbhnnn.exec:\hbhnnn.exe47⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe48⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe49⤵
- Executes dropped EXE
-
\??\c:\xrxrxxl.exec:\xrxrxxl.exe50⤵
- Executes dropped EXE
-
\??\c:\htbhnn.exec:\htbhnn.exe51⤵
- Executes dropped EXE
-
\??\c:\nhbthn.exec:\nhbthn.exe52⤵
- Executes dropped EXE
-
\??\c:\7dpjp.exec:\7dpjp.exe53⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe54⤵
- Executes dropped EXE
-
\??\c:\ffffrxf.exec:\ffffrxf.exe55⤵
- Executes dropped EXE
-
\??\c:\7bbntb.exec:\7bbntb.exe56⤵
- Executes dropped EXE
-
\??\c:\bbthth.exec:\bbthth.exe57⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe58⤵
- Executes dropped EXE
-
\??\c:\3xxfrrr.exec:\3xxfrrr.exe59⤵
- Executes dropped EXE
-
\??\c:\5lxllrx.exec:\5lxllrx.exe60⤵
- Executes dropped EXE
-
\??\c:\nhtntt.exec:\nhtntt.exe61⤵
- Executes dropped EXE
-
\??\c:\bbthbb.exec:\bbthbb.exe62⤵
- Executes dropped EXE
-
\??\c:\ppvvj.exec:\ppvvj.exe63⤵
- Executes dropped EXE
-
\??\c:\xrffrxx.exec:\xrffrxx.exe64⤵
- Executes dropped EXE
-
\??\c:\rrfxffr.exec:\rrfxffr.exe65⤵
- Executes dropped EXE
-
\??\c:\bnbhnt.exec:\bnbhnt.exe66⤵
-
\??\c:\3jjpd.exec:\3jjpd.exe67⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe68⤵
-
\??\c:\1rxrlfl.exec:\1rxrlfl.exe69⤵
-
\??\c:\llxlrfr.exec:\llxlrfr.exe70⤵
-
\??\c:\3nhbnn.exec:\3nhbnn.exe71⤵
-
\??\c:\nbnthn.exec:\nbnthn.exe72⤵
-
\??\c:\1vdvd.exec:\1vdvd.exe73⤵
-
\??\c:\llflxfr.exec:\llflxfr.exe74⤵
-
\??\c:\1fxxxfl.exec:\1fxxxfl.exe75⤵
-
\??\c:\tnbthh.exec:\tnbthh.exe76⤵
-
\??\c:\ddddp.exec:\ddddp.exe77⤵
-
\??\c:\9jjpp.exec:\9jjpp.exe78⤵
-
\??\c:\9rllrrx.exec:\9rllrrx.exe79⤵
-
\??\c:\7rfllrf.exec:\7rfllrf.exe80⤵
-
\??\c:\5htttt.exec:\5htttt.exe81⤵
-
\??\c:\dddvd.exec:\dddvd.exe82⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe83⤵
-
\??\c:\xxrlxxf.exec:\xxrlxxf.exe84⤵
-
\??\c:\rrxxfff.exec:\rrxxfff.exe85⤵
-
\??\c:\7bbbnn.exec:\7bbbnn.exe86⤵
-
\??\c:\vpddj.exec:\vpddj.exe87⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe88⤵
-
\??\c:\3fffrlx.exec:\3fffrlx.exe89⤵
-
\??\c:\3btbbb.exec:\3btbbb.exe90⤵
-
\??\c:\5nbnhb.exec:\5nbnhb.exe91⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe92⤵
-
\??\c:\9vvdv.exec:\9vvdv.exe93⤵
-
\??\c:\7xrlrxf.exec:\7xrlrxf.exe94⤵
-
\??\c:\rlfxlrf.exec:\rlfxlrf.exe95⤵
-
\??\c:\bttnbt.exec:\bttnbt.exe96⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe97⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe98⤵
-
\??\c:\lfxfllx.exec:\lfxfllx.exe99⤵
-
\??\c:\xrfrxfr.exec:\xrfrxfr.exe100⤵
-
\??\c:\5bthtb.exec:\5bthtb.exe101⤵
-
\??\c:\5hhbtb.exec:\5hhbtb.exe102⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe103⤵
-
\??\c:\xxlxlrx.exec:\xxlxlrx.exe104⤵
-
\??\c:\llfrxxl.exec:\llfrxxl.exe105⤵
-
\??\c:\nnhhnt.exec:\nnhhnt.exe106⤵
-
\??\c:\nnntht.exec:\nnntht.exe107⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe108⤵
-
\??\c:\3pjpv.exec:\3pjpv.exe109⤵
-
\??\c:\fxffrrx.exec:\fxffrrx.exe110⤵
-
\??\c:\bnbhtn.exec:\bnbhtn.exe111⤵
-
\??\c:\7jvvd.exec:\7jvvd.exe112⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe113⤵
-
\??\c:\rlxxffr.exec:\rlxxffr.exe114⤵
-
\??\c:\fxrfxlr.exec:\fxrfxlr.exe115⤵
-
\??\c:\nbtnbh.exec:\nbtnbh.exe116⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe117⤵
-
\??\c:\1jddp.exec:\1jddp.exe118⤵
-
\??\c:\xrfflrf.exec:\xrfflrf.exe119⤵
-
\??\c:\llxlxxl.exec:\llxlxxl.exe120⤵
-
\??\c:\hhbnbh.exec:\hhbnbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-