Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
27/05/2024, 08:19
General
-
Target
6e550c40c14154a48efd409fdf4ffef0_NeikiAnalytics.exe
-
Size
247KB
-
MD5
6e550c40c14154a48efd409fdf4ffef0
-
SHA1
403c3a0bf7130a5db09afc5b8b93848017962e3c
-
SHA256
b2338a3c77f6caa6ee825778a4fe3fef41c68f96297383ffdf2e852d8bd1562e
-
SHA512
8e9081f2071db8adb0aea339030b7cea9891a6eec176adf1a61d916638e3472f7fb1fb20025bfb0ba99500f9bb37c44741f937d54b87259536d8a8a31fb93787
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4MAWvGjR1+:n3C9BRo7MlrWKo+lxtvGt1+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6e550c40c14154a48efd409fdf4ffef0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6e550c40c14154a48efd409fdf4ffef0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1vdjp.exec:\1vdjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ffxrrl.exec:\7ffxrrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbtn.exec:\htbbtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hthtn.exec:\7hthtn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjd.exec:\jddjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvp.exec:\vjdvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrfrr.exec:\flrrfrr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtt.exec:\btbbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtnn.exec:\btbtnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ddvp.exec:\3ddvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxrxr.exec:\ffxxrxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfxxr.exec:\fxlfxxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttnn.exec:\hbttnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbtt.exec:\hbbbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvp.exec:\vpdvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxrxx.exec:\xxfxrxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhbh.exec:\hbhhbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbttb.exec:\ttbttb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvj.exec:\ddvvj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjd.exec:\vdpjd.exe23⤵
- Executes dropped EXE
-
\??\c:\xrfxffx.exec:\xrfxffx.exe24⤵
- Executes dropped EXE
-
\??\c:\bntnnt.exec:\bntnnt.exe25⤵
- Executes dropped EXE
-
\??\c:\llrlffx.exec:\llrlffx.exe26⤵
- Executes dropped EXE
-
\??\c:\lxffxll.exec:\lxffxll.exe27⤵
- Executes dropped EXE
-
\??\c:\hnbbbb.exec:\hnbbbb.exe28⤵
- Executes dropped EXE
-
\??\c:\pvjdj.exec:\pvjdj.exe29⤵
- Executes dropped EXE
-
\??\c:\frxflff.exec:\frxflff.exe30⤵
- Executes dropped EXE
-
\??\c:\ttthhh.exec:\ttthhh.exe31⤵
- Executes dropped EXE
-
\??\c:\3dvvv.exec:\3dvvv.exe32⤵
- Executes dropped EXE
-
\??\c:\fxlffxx.exec:\fxlffxx.exe33⤵
- Executes dropped EXE
-
\??\c:\fxllrrf.exec:\fxllrrf.exe34⤵
- Executes dropped EXE
-
\??\c:\5pppv.exec:\5pppv.exe35⤵
- Executes dropped EXE
-
\??\c:\xxffxff.exec:\xxffxff.exe36⤵
- Executes dropped EXE
-
\??\c:\hnnttt.exec:\hnnttt.exe37⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe38⤵
- Executes dropped EXE
-
\??\c:\llllxxl.exec:\llllxxl.exe39⤵
- Executes dropped EXE
-
\??\c:\nbbnnh.exec:\nbbnnh.exe40⤵
- Executes dropped EXE
-
\??\c:\9nbbtt.exec:\9nbbtt.exe41⤵
- Executes dropped EXE
-
\??\c:\dpddd.exec:\dpddd.exe42⤵
- Executes dropped EXE
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe43⤵
- Executes dropped EXE
-
\??\c:\1bhtnt.exec:\1bhtnt.exe44⤵
- Executes dropped EXE
-
\??\c:\1ttnhh.exec:\1ttnhh.exe45⤵
- Executes dropped EXE
-
\??\c:\5ppvj.exec:\5ppvj.exe46⤵
- Executes dropped EXE
-
\??\c:\3fllfxr.exec:\3fllfxr.exe47⤵
- Executes dropped EXE
-
\??\c:\btnhtt.exec:\btnhtt.exe48⤵
- Executes dropped EXE
-
\??\c:\nbtnbh.exec:\nbtnbh.exe49⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe50⤵
- Executes dropped EXE
-
\??\c:\xrlffff.exec:\xrlffff.exe51⤵
- Executes dropped EXE
-
\??\c:\hbtnnb.exec:\hbtnnb.exe52⤵
- Executes dropped EXE
-
\??\c:\pvppv.exec:\pvppv.exe53⤵
- Executes dropped EXE
-
\??\c:\ppddj.exec:\ppddj.exe54⤵
- Executes dropped EXE
-
\??\c:\xlxrrrl.exec:\xlxrrrl.exe55⤵
- Executes dropped EXE
-
\??\c:\1nnnhh.exec:\1nnnhh.exe56⤵
- Executes dropped EXE
-
\??\c:\ddjdj.exec:\ddjdj.exe57⤵
- Executes dropped EXE
-
\??\c:\llxxflr.exec:\llxxflr.exe58⤵
- Executes dropped EXE
-
\??\c:\bttnbt.exec:\bttnbt.exe59⤵
- Executes dropped EXE
-
\??\c:\pvppp.exec:\pvppp.exe60⤵
- Executes dropped EXE
-
\??\c:\3vpjj.exec:\3vpjj.exe61⤵
- Executes dropped EXE
-
\??\c:\7ffxrrl.exec:\7ffxrrl.exe62⤵
- Executes dropped EXE
-
\??\c:\fxfxrfx.exec:\fxfxrfx.exe63⤵
- Executes dropped EXE
-
\??\c:\btbtnh.exec:\btbtnh.exe64⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe65⤵
- Executes dropped EXE
-
\??\c:\vdpjd.exec:\vdpjd.exe66⤵
-
\??\c:\llxxxxx.exec:\llxxxxx.exe67⤵
-
\??\c:\xxxxrxr.exec:\xxxxrxr.exe68⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe69⤵
-
\??\c:\3djdd.exec:\3djdd.exe70⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe71⤵
-
\??\c:\9ffxxxx.exec:\9ffxxxx.exe72⤵
-
\??\c:\7tnbtt.exec:\7tnbtt.exe73⤵
-
\??\c:\tbnhhh.exec:\tbnhhh.exe74⤵
-
\??\c:\3pppj.exec:\3pppj.exe75⤵
-
\??\c:\lxxfxxx.exec:\lxxfxxx.exe76⤵
-
\??\c:\lflllll.exec:\lflllll.exe77⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe78⤵
-
\??\c:\nhtnnb.exec:\nhtnnb.exe79⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe80⤵
-
\??\c:\9xxrlll.exec:\9xxrlll.exe81⤵
-
\??\c:\fxfxrxx.exec:\fxfxrxx.exe82⤵
-
\??\c:\nbhbnn.exec:\nbhbnn.exe83⤵
-
\??\c:\djjvj.exec:\djjvj.exe84⤵
-
\??\c:\fxxxrxx.exec:\fxxxrxx.exe85⤵
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe86⤵
-
\??\c:\5thtnb.exec:\5thtnb.exe87⤵
-
\??\c:\1hnnnt.exec:\1hnnnt.exe88⤵
-
\??\c:\7vppj.exec:\7vppj.exe89⤵
-
\??\c:\ddddp.exec:\ddddp.exe90⤵
-
\??\c:\xllfffx.exec:\xllfffx.exe91⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe92⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe93⤵
-
\??\c:\7jpdv.exec:\7jpdv.exe94⤵
-
\??\c:\xfxrlll.exec:\xfxrlll.exe95⤵
-
\??\c:\lxfffxl.exec:\lxfffxl.exe96⤵
-
\??\c:\btbbnt.exec:\btbbnt.exe97⤵
-
\??\c:\tbhbht.exec:\tbhbht.exe98⤵
-
\??\c:\1djdv.exec:\1djdv.exe99⤵
-
\??\c:\9flllrr.exec:\9flllrr.exe100⤵
-
\??\c:\3xfffxf.exec:\3xfffxf.exe101⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe102⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe103⤵
-
\??\c:\jdddp.exec:\jdddp.exe104⤵
-
\??\c:\7xffrxl.exec:\7xffrxl.exe105⤵
-
\??\c:\7tbtbb.exec:\7tbtbb.exe106⤵
-
\??\c:\frxxrrl.exec:\frxxrrl.exe107⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe108⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe109⤵
-
\??\c:\xrllfff.exec:\xrllfff.exe110⤵
-
\??\c:\tttttn.exec:\tttttn.exe111⤵
-
\??\c:\3jvdj.exec:\3jvdj.exe112⤵
-
\??\c:\1jpjd.exec:\1jpjd.exe113⤵
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe114⤵
-
\??\c:\bbtnhb.exec:\bbtnhb.exe115⤵
-
\??\c:\ddjvv.exec:\ddjvv.exe116⤵
-
\??\c:\fxrflxr.exec:\fxrflxr.exe117⤵
-
\??\c:\5xrrllf.exec:\5xrrllf.exe118⤵
-
\??\c:\tnbtnt.exec:\tnbtnt.exe119⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe120⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-