Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
28/05/2024, 00:18
General
-
Target
28dafbfb70746a46d5c57b7b03416ed0_NeikiAnalytics.exe
-
Size
82KB
-
MD5
28dafbfb70746a46d5c57b7b03416ed0
-
SHA1
388896c5a9a354c074f6bccaf549387ba8bc62cd
-
SHA256
fe3ed9ef1414624e5972a1e302523b7d0623b5a254d139013ec29ac06aaeb618
-
SHA512
137627af8eea2d016e63bcf132426281b31414a35adfd9c307e9db8e941d654c4000131d3b4dcd878f318321c6214a6a45130af7c5366022d3e6a83f66fe25cd
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+C2HVM1p6TQpCi1PC:zhOmTsF93UYfwC6GIoutiTU2HVS64NC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\28dafbfb70746a46d5c57b7b03416ed0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\28dafbfb70746a46d5c57b7b03416ed0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpv.exec:\jvvpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrfrxr.exec:\rfrfrxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfrxlx.exec:\frfrxlx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnnh.exec:\nbnnnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbtth.exec:\3hbtth.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdpj.exec:\vvdpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllfxx.exec:\xxllfxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbbn.exec:\tnhbbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhnbn.exec:\1nhnbn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrrrlf.exec:\xfrrrlf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrlxxl.exec:\xfrlxxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthnb.exec:\hhthnb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvd.exec:\pddvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrllfr.exec:\frrllfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlrfxf.exec:\lrlrfxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttbbt.exec:\nttbbt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvj.exec:\jvdvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxflr.exec:\fxrxflr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhbb.exec:\btnhbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbth.exec:\nhtbth.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpdp.exec:\ddpdp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxlxrl.exec:\ffxlxrl.exe23⤵
- Executes dropped EXE
-
\??\c:\bnhhnt.exec:\bnhhnt.exe24⤵
- Executes dropped EXE
-
\??\c:\dpppd.exec:\dpppd.exe25⤵
- Executes dropped EXE
-
\??\c:\lrxfrll.exec:\lrxfrll.exe26⤵
- Executes dropped EXE
-
\??\c:\hbbtnb.exec:\hbbtnb.exe27⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe28⤵
- Executes dropped EXE
-
\??\c:\vvppv.exec:\vvppv.exe29⤵
- Executes dropped EXE
-
\??\c:\9flrfrx.exec:\9flrfrx.exe30⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe31⤵
- Executes dropped EXE
-
\??\c:\nbttth.exec:\nbttth.exe32⤵
- Executes dropped EXE
-
\??\c:\jjdpj.exec:\jjdpj.exe33⤵
- Executes dropped EXE
-
\??\c:\rrxrxff.exec:\rrxrxff.exe34⤵
- Executes dropped EXE
-
\??\c:\hthntb.exec:\hthntb.exe35⤵
- Executes dropped EXE
-
\??\c:\jpdvd.exec:\jpdvd.exe36⤵
- Executes dropped EXE
-
\??\c:\xffrflr.exec:\xffrflr.exe37⤵
- Executes dropped EXE
-
\??\c:\7nhntt.exec:\7nhntt.exe38⤵
- Executes dropped EXE
-
\??\c:\5bbthn.exec:\5bbthn.exe39⤵
- Executes dropped EXE
-
\??\c:\dpppp.exec:\dpppp.exe40⤵
- Executes dropped EXE
-
\??\c:\llffxxl.exec:\llffxxl.exe41⤵
- Executes dropped EXE
-
\??\c:\rxfllrx.exec:\rxfllrx.exe42⤵
- Executes dropped EXE
-
\??\c:\bbtnhh.exec:\bbtnhh.exe43⤵
- Executes dropped EXE
-
\??\c:\jpdpj.exec:\jpdpj.exe44⤵
- Executes dropped EXE
-
\??\c:\lffffrl.exec:\lffffrl.exe45⤵
- Executes dropped EXE
-
\??\c:\ffrrlfr.exec:\ffrrlfr.exe46⤵
- Executes dropped EXE
-
\??\c:\nttnbb.exec:\nttnbb.exe47⤵
- Executes dropped EXE
-
\??\c:\pvjdv.exec:\pvjdv.exe48⤵
- Executes dropped EXE
-
\??\c:\xxflxxf.exec:\xxflxxf.exe49⤵
- Executes dropped EXE
-
\??\c:\9xlxllf.exec:\9xlxllf.exe50⤵
- Executes dropped EXE
-
\??\c:\nbhnbt.exec:\nbhnbt.exe51⤵
- Executes dropped EXE
-
\??\c:\jjppj.exec:\jjppj.exe52⤵
- Executes dropped EXE
-
\??\c:\lrfrlxf.exec:\lrfrlxf.exe53⤵
- Executes dropped EXE
-
\??\c:\rxflrrx.exec:\rxflrrx.exe54⤵
- Executes dropped EXE
-
\??\c:\hbthtt.exec:\hbthtt.exe55⤵
- Executes dropped EXE
-
\??\c:\dddpp.exec:\dddpp.exe56⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe57⤵
- Executes dropped EXE
-
\??\c:\ffxrxlf.exec:\ffxrxlf.exe58⤵
- Executes dropped EXE
-
\??\c:\fllxflf.exec:\fllxflf.exe59⤵
- Executes dropped EXE
-
\??\c:\tthbht.exec:\tthbht.exe60⤵
- Executes dropped EXE
-
\??\c:\jjjvp.exec:\jjjvp.exe61⤵
- Executes dropped EXE
-
\??\c:\xrffxrl.exec:\xrffxrl.exe62⤵
- Executes dropped EXE
-
\??\c:\xfxrlfx.exec:\xfxrlfx.exe63⤵
- Executes dropped EXE
-
\??\c:\thnbnb.exec:\thnbnb.exe64⤵
- Executes dropped EXE
-
\??\c:\bthhnt.exec:\bthhnt.exe65⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe66⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe67⤵
-
\??\c:\7rxxrrx.exec:\7rxxrrx.exe68⤵
-
\??\c:\flxrxxl.exec:\flxrxxl.exe69⤵
-
\??\c:\nnhbnh.exec:\nnhbnh.exe70⤵
-
\??\c:\nhtthb.exec:\nhtthb.exe71⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe72⤵
-
\??\c:\xxlfrxx.exec:\xxlfrxx.exe73⤵
-
\??\c:\ntnthb.exec:\ntnthb.exe74⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe75⤵
-
\??\c:\frlrlxl.exec:\frlrlxl.exe76⤵
-
\??\c:\3bnnnb.exec:\3bnnnb.exe77⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe78⤵
-
\??\c:\1xfrlrx.exec:\1xfrlrx.exe79⤵
-
\??\c:\nnhntb.exec:\nnhntb.exe80⤵
-
\??\c:\bbtnbt.exec:\bbtnbt.exe81⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe82⤵
-
\??\c:\fxffffx.exec:\fxffffx.exe83⤵
-
\??\c:\tbhhbh.exec:\tbhhbh.exe84⤵
-
\??\c:\tbhhbh.exec:\tbhhbh.exe85⤵
-
\??\c:\jdddp.exec:\jdddp.exe86⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe87⤵
-
\??\c:\lrrlllf.exec:\lrrlllf.exe88⤵
-
\??\c:\llfxrrl.exec:\llfxrrl.exe89⤵
-
\??\c:\ttnhhh.exec:\ttnhhh.exe90⤵
-
\??\c:\vdpvp.exec:\vdpvp.exe91⤵
-
\??\c:\fxxxxrr.exec:\fxxxxrr.exe92⤵
-
\??\c:\nhtbbn.exec:\nhtbbn.exe93⤵
-
\??\c:\ntbtht.exec:\ntbtht.exe94⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe95⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe96⤵
-
\??\c:\xxxrlfx.exec:\xxxrlfx.exe97⤵
-
\??\c:\9bbbbt.exec:\9bbbbt.exe98⤵
-
\??\c:\tththn.exec:\tththn.exe99⤵
-
\??\c:\pdpdd.exec:\pdpdd.exe100⤵
-
\??\c:\rlfxllf.exec:\rlfxllf.exe101⤵
-
\??\c:\llxxrfr.exec:\llxxrfr.exe102⤵
-
\??\c:\httnnn.exec:\httnnn.exe103⤵
-
\??\c:\nhnhhn.exec:\nhnhhn.exe104⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe105⤵
-
\??\c:\vppvd.exec:\vppvd.exe106⤵
-
\??\c:\lxrrrxx.exec:\lxrrrxx.exe107⤵
-
\??\c:\bhhtnt.exec:\bhhtnt.exe108⤵
-
\??\c:\nbhbnh.exec:\nbhbnh.exe109⤵
-
\??\c:\bbhhhh.exec:\bbhhhh.exe110⤵
-
\??\c:\3jjdv.exec:\3jjdv.exe111⤵
-
\??\c:\7xlrxrf.exec:\7xlrxrf.exe112⤵
-
\??\c:\xlxlxxx.exec:\xlxlxxx.exe113⤵
-
\??\c:\nthhhh.exec:\nthhhh.exe114⤵
-
\??\c:\xrlrfrl.exec:\xrlrfrl.exe115⤵
-
\??\c:\7btnhh.exec:\7btnhh.exe116⤵
-
\??\c:\hnbtnn.exec:\hnbtnn.exe117⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe118⤵
-
\??\c:\xflxlfl.exec:\xflxlfl.exe119⤵
-
\??\c:\fxxxrxl.exec:\fxxxrxl.exe120⤵
-
\??\c:\htbttt.exec:\htbttt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-