Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
27/05/2024, 21:11
General
-
Target
1ae80551df6570005b4b063d8de75df0NeikiAnalytics.exe
-
Size
65KB
-
MD5
1ae80551df6570005b4b063d8de75df0
-
SHA1
fbc31232b6dda1f9152c5037a9e57227b1be6c1b
-
SHA256
07ce7578dafd7e47a7eb1b62b1e9be888f02ce4e37bad463dd87ff04e57272b5
-
SHA512
826e328310feb3a40ec4a84dc66cee3a9eaf16f1ab0bef2e137aef99de20b7a17af62c30555d4560df3652b2a38640d8c7c7d6f584bab42e11699d7ad98e76d6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfMTu:ymb3NkkiQ3mdBjFI4V4Tu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1ae80551df6570005b4b063d8de75df0NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1ae80551df6570005b4b063d8de75df0NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdv.exec:\jvpdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlllr.exec:\lfrlllr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbth.exec:\tbhbth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvp.exec:\ppvvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvdj.exec:\7dvdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxlx.exec:\rllfxlx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhtb.exec:\nhbhtb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpd.exec:\dvjpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvd.exec:\vvpvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxflrx.exec:\llxflrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhntbh.exec:\hhntbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bthtt.exec:\9bthtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppvj.exec:\1ppvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddj.exec:\jjddj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlflrl.exec:\rxlflrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrflx.exec:\fxfrflx.exe17⤵
- Executes dropped EXE
-
\??\c:\tbtbnn.exec:\tbtbnn.exe18⤵
- Executes dropped EXE
-
\??\c:\hbntbh.exec:\hbntbh.exe19⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe20⤵
- Executes dropped EXE
-
\??\c:\lllrxrl.exec:\lllrxrl.exe21⤵
- Executes dropped EXE
-
\??\c:\fxlrflx.exec:\fxlrflx.exe22⤵
- Executes dropped EXE
-
\??\c:\1nbbnt.exec:\1nbbnt.exe23⤵
- Executes dropped EXE
-
\??\c:\hhbtbn.exec:\hhbtbn.exe24⤵
- Executes dropped EXE
-
\??\c:\jdpvp.exec:\jdpvp.exe25⤵
- Executes dropped EXE
-
\??\c:\1rfflxr.exec:\1rfflxr.exe26⤵
- Executes dropped EXE
-
\??\c:\frflrrx.exec:\frflrrx.exe27⤵
- Executes dropped EXE
-
\??\c:\pvdjj.exec:\pvdjj.exe28⤵
- Executes dropped EXE
-
\??\c:\jvpjd.exec:\jvpjd.exe29⤵
- Executes dropped EXE
-
\??\c:\lxlxlrf.exec:\lxlxlrf.exe30⤵
- Executes dropped EXE
-
\??\c:\fxrxlxf.exec:\fxrxlxf.exe31⤵
- Executes dropped EXE
-
\??\c:\bntbtt.exec:\bntbtt.exe32⤵
- Executes dropped EXE
-
\??\c:\9pddp.exec:\9pddp.exe33⤵
- Executes dropped EXE
-
\??\c:\1jjdj.exec:\1jjdj.exe34⤵
- Executes dropped EXE
-
\??\c:\5xrrlrx.exec:\5xrrlrx.exe35⤵
- Executes dropped EXE
-
\??\c:\llxlrxl.exec:\llxlrxl.exe36⤵
- Executes dropped EXE
-
\??\c:\9hntnt.exec:\9hntnt.exe37⤵
- Executes dropped EXE
-
\??\c:\nbnttb.exec:\nbnttb.exe38⤵
- Executes dropped EXE
-
\??\c:\5jjdv.exec:\5jjdv.exe39⤵
- Executes dropped EXE
-
\??\c:\3dvjp.exec:\3dvjp.exe40⤵
- Executes dropped EXE
-
\??\c:\rllrxfr.exec:\rllrxfr.exe41⤵
- Executes dropped EXE
-
\??\c:\xrlxlrf.exec:\xrlxlrf.exe42⤵
- Executes dropped EXE
-
\??\c:\hbhhnt.exec:\hbhhnt.exe43⤵
- Executes dropped EXE
-
\??\c:\tnhbnn.exec:\tnhbnn.exe44⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe45⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe46⤵
- Executes dropped EXE
-
\??\c:\vjjjv.exec:\vjjjv.exe47⤵
- Executes dropped EXE
-
\??\c:\9xxlrlx.exec:\9xxlrlx.exe48⤵
- Executes dropped EXE
-
\??\c:\bbhtbh.exec:\bbhtbh.exe49⤵
- Executes dropped EXE
-
\??\c:\9dvdp.exec:\9dvdp.exe50⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe51⤵
- Executes dropped EXE
-
\??\c:\1flrrrx.exec:\1flrrrx.exe52⤵
- Executes dropped EXE
-
\??\c:\9rxflfx.exec:\9rxflfx.exe53⤵
- Executes dropped EXE
-
\??\c:\tnnhbh.exec:\tnnhbh.exe54⤵
- Executes dropped EXE
-
\??\c:\3btnhh.exec:\3btnhh.exe55⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe56⤵
- Executes dropped EXE
-
\??\c:\dvjjd.exec:\dvjjd.exe57⤵
- Executes dropped EXE
-
\??\c:\3llrlrl.exec:\3llrlrl.exe58⤵
- Executes dropped EXE
-
\??\c:\nhnhtn.exec:\nhnhtn.exe59⤵
- Executes dropped EXE
-
\??\c:\hhnbbt.exec:\hhnbbt.exe60⤵
- Executes dropped EXE
-
\??\c:\7tnnnt.exec:\7tnnnt.exe61⤵
- Executes dropped EXE
-
\??\c:\vvvjp.exec:\vvvjp.exe62⤵
- Executes dropped EXE
-
\??\c:\1frlxrx.exec:\1frlxrx.exe63⤵
- Executes dropped EXE
-
\??\c:\xlfrffr.exec:\xlfrffr.exe64⤵
- Executes dropped EXE
-
\??\c:\3tnttn.exec:\3tnttn.exe65⤵
- Executes dropped EXE
-
\??\c:\nhhhbh.exec:\nhhhbh.exe66⤵
-
\??\c:\3vjdd.exec:\3vjdd.exe67⤵
-
\??\c:\9vjvp.exec:\9vjvp.exe68⤵
-
\??\c:\lxfxxrr.exec:\lxfxxrr.exe69⤵
-
\??\c:\hbhtnn.exec:\hbhtnn.exe70⤵
-
\??\c:\hnnnhh.exec:\hnnnhh.exe71⤵
-
\??\c:\nhbnth.exec:\nhbnth.exe72⤵
-
\??\c:\3pvvd.exec:\3pvvd.exe73⤵
-
\??\c:\xrfxffr.exec:\xrfxffr.exe74⤵
-
\??\c:\lfxxfxf.exec:\lfxxfxf.exe75⤵
-
\??\c:\3bhhtn.exec:\3bhhtn.exe76⤵
-
\??\c:\hthnnn.exec:\hthnnn.exe77⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe78⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe79⤵
-
\??\c:\frxlllr.exec:\frxlllr.exe80⤵
-
\??\c:\lxrfllr.exec:\lxrfllr.exe81⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe82⤵
-
\??\c:\9tbntb.exec:\9tbntb.exe83⤵
-
\??\c:\5vddv.exec:\5vddv.exe84⤵
-
\??\c:\5ddpv.exec:\5ddpv.exe85⤵
-
\??\c:\rrlxfff.exec:\rrlxfff.exe86⤵
-
\??\c:\llllllf.exec:\llllllf.exe87⤵
-
\??\c:\tnntbh.exec:\tnntbh.exe88⤵
-
\??\c:\bthbbh.exec:\bthbbh.exe89⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe90⤵
-
\??\c:\xlxxxrx.exec:\xlxxxrx.exe91⤵
-
\??\c:\rxrllll.exec:\rxrllll.exe92⤵
-
\??\c:\rrlxrxl.exec:\rrlxrxl.exe93⤵
-
\??\c:\ttbhbn.exec:\ttbhbn.exe94⤵
-
\??\c:\1ttnnt.exec:\1ttnnt.exe95⤵
-
\??\c:\jpjjp.exec:\jpjjp.exe96⤵
-
\??\c:\9dvvv.exec:\9dvvv.exe97⤵
-
\??\c:\rrrxrfx.exec:\rrrxrfx.exe98⤵
-
\??\c:\thttbb.exec:\thttbb.exe99⤵
-
\??\c:\thhbbh.exec:\thhbbh.exe100⤵
-
\??\c:\5vpjv.exec:\5vpjv.exe101⤵
-
\??\c:\7dppd.exec:\7dppd.exe102⤵
-
\??\c:\rlfrxrx.exec:\rlfrxrx.exe103⤵
-
\??\c:\lxlfxrl.exec:\lxlfxrl.exe104⤵
-
\??\c:\9ttbnt.exec:\9ttbnt.exe105⤵
-
\??\c:\1ttbnt.exec:\1ttbnt.exe106⤵
-
\??\c:\jjpvd.exec:\jjpvd.exe107⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe108⤵
-
\??\c:\rlrrllr.exec:\rlrrllr.exe109⤵
-
\??\c:\fflxfxx.exec:\fflxfxx.exe110⤵
-
\??\c:\bbnnbh.exec:\bbnnbh.exe111⤵
-
\??\c:\7hbnnt.exec:\7hbnnt.exe112⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe113⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe114⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe115⤵
-
\??\c:\7rlrxrl.exec:\7rlrxrl.exe116⤵
-
\??\c:\1rrrfxl.exec:\1rrrfxl.exe117⤵
-
\??\c:\tnnnbh.exec:\tnnnbh.exe118⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe119⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe120⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-