Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
28/05/2024, 08:58
General
-
Target
3c493674068d0af156602861c20661c0_NeikiAnalytics.exe
-
Size
153KB
-
MD5
3c493674068d0af156602861c20661c0
-
SHA1
f3ba9f6a2d77f52bc69a40b531f4b473583d3c69
-
SHA256
e04a147d4176fb7637c7ffd8b5c260818b4f65b0cc3b75a4b1e5bddb3e3d51c1
-
SHA512
5e5bcf9018f67caf96d044a29a4a24997ac414dc25af9631172805ae4a37230ba0a192f50d8e76a44853337e3859d985eac45d3815ef23007865d02a48b878dd
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmX5k2LrCimBaH8UH303g:n3C9BRIG0asYFm71mJkzpaH8m37
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3c493674068d0af156602861c20661c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3c493674068d0af156602861c20661c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflrrf.exec:\rlflrrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbhnt.exec:\9bbhnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddp.exec:\jvddp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjp.exec:\vpdjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrfrf.exec:\lffrfrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttnh.exec:\nnttnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btthh.exec:\9btthh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrllx.exec:\lfrrllx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nntnn.exec:\1nntnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpj.exec:\dvdpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxxffr.exec:\9rxxffr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hthnn.exec:\5hthnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtntb.exec:\hbtntb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfrxxx.exec:\flfrxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrlrlr.exec:\9rrlrlr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjvj.exec:\jvjvj.exe17⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe18⤵
- Executes dropped EXE
-
\??\c:\llxflxl.exec:\llxflxl.exe19⤵
- Executes dropped EXE
-
\??\c:\bbbbnn.exec:\bbbbnn.exe20⤵
- Executes dropped EXE
-
\??\c:\pjdjd.exec:\pjdjd.exe21⤵
- Executes dropped EXE
-
\??\c:\rlffllx.exec:\rlffllx.exe22⤵
- Executes dropped EXE
-
\??\c:\1hhnnt.exec:\1hhnnt.exe23⤵
- Executes dropped EXE
-
\??\c:\hbnbhh.exec:\hbnbhh.exe24⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe25⤵
- Executes dropped EXE
-
\??\c:\1xlxffl.exec:\1xlxffl.exe26⤵
- Executes dropped EXE
-
\??\c:\thttbh.exec:\thttbh.exe27⤵
- Executes dropped EXE
-
\??\c:\hbbbnb.exec:\hbbbnb.exe28⤵
- Executes dropped EXE
-
\??\c:\9pjpv.exec:\9pjpv.exe29⤵
- Executes dropped EXE
-
\??\c:\1rrrxxl.exec:\1rrrxxl.exe30⤵
- Executes dropped EXE
-
\??\c:\xxrxrxf.exec:\xxrxrxf.exe31⤵
- Executes dropped EXE
-
\??\c:\ddpvd.exec:\ddpvd.exe32⤵
- Executes dropped EXE
-
\??\c:\rlxlxxf.exec:\rlxlxxf.exe33⤵
- Executes dropped EXE
-
\??\c:\hhhnbb.exec:\hhhnbb.exe34⤵
- Executes dropped EXE
-
\??\c:\5ppdp.exec:\5ppdp.exe35⤵
- Executes dropped EXE
-
\??\c:\xrllxxf.exec:\xrllxxf.exe36⤵
- Executes dropped EXE
-
\??\c:\9frffxr.exec:\9frffxr.exe37⤵
- Executes dropped EXE
-
\??\c:\3hhhtt.exec:\3hhhtt.exe38⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe39⤵
- Executes dropped EXE
-
\??\c:\jddpv.exec:\jddpv.exe40⤵
- Executes dropped EXE
-
\??\c:\lfxlffl.exec:\lfxlffl.exe41⤵
- Executes dropped EXE
-
\??\c:\xxrxffx.exec:\xxrxffx.exe42⤵
- Executes dropped EXE
-
\??\c:\tttthn.exec:\tttthn.exe43⤵
- Executes dropped EXE
-
\??\c:\7ttbhn.exec:\7ttbhn.exe44⤵
- Executes dropped EXE
-
\??\c:\7vppp.exec:\7vppp.exe45⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe46⤵
- Executes dropped EXE
-
\??\c:\rlxxrrx.exec:\rlxxrrx.exe47⤵
- Executes dropped EXE
-
\??\c:\btnthn.exec:\btnthn.exe48⤵
- Executes dropped EXE
-
\??\c:\3bbbhh.exec:\3bbbhh.exe49⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe50⤵
- Executes dropped EXE
-
\??\c:\9jvpp.exec:\9jvpp.exe51⤵
- Executes dropped EXE
-
\??\c:\lfxlxlx.exec:\lfxlxlx.exe52⤵
- Executes dropped EXE
-
\??\c:\xrfrllf.exec:\xrfrllf.exe53⤵
- Executes dropped EXE
-
\??\c:\3tnnbh.exec:\3tnnbh.exe54⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe55⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe56⤵
- Executes dropped EXE
-
\??\c:\xffxffl.exec:\xffxffl.exe57⤵
- Executes dropped EXE
-
\??\c:\7lffllf.exec:\7lffllf.exe58⤵
- Executes dropped EXE
-
\??\c:\7hbtbn.exec:\7hbtbn.exe59⤵
- Executes dropped EXE
-
\??\c:\1htthn.exec:\1htthn.exe60⤵
- Executes dropped EXE
-
\??\c:\djjpd.exec:\djjpd.exe61⤵
- Executes dropped EXE
-
\??\c:\7xffrxr.exec:\7xffrxr.exe62⤵
- Executes dropped EXE
-
\??\c:\rlrxrxl.exec:\rlrxrxl.exe63⤵
- Executes dropped EXE
-
\??\c:\nhtbhn.exec:\nhtbhn.exe64⤵
- Executes dropped EXE
-
\??\c:\pjvjp.exec:\pjvjp.exe65⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe66⤵
-
\??\c:\rfrxxrr.exec:\rfrxxrr.exe67⤵
-
\??\c:\lfrfrxx.exec:\lfrfrxx.exe68⤵
-
\??\c:\1ffxllr.exec:\1ffxllr.exe69⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe70⤵
-
\??\c:\pppvp.exec:\pppvp.exe71⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe72⤵
-
\??\c:\3rfrfrf.exec:\3rfrfrf.exe73⤵
-
\??\c:\1fxflrf.exec:\1fxflrf.exe74⤵
-
\??\c:\nbtthb.exec:\nbtthb.exe75⤵
-
\??\c:\9nbhnb.exec:\9nbhnb.exe76⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe77⤵
-
\??\c:\3dvpv.exec:\3dvpv.exe78⤵
-
\??\c:\llxxlrf.exec:\llxxlrf.exe79⤵
-
\??\c:\xrxxffr.exec:\xrxxffr.exe80⤵
-
\??\c:\7tnntb.exec:\7tnntb.exe81⤵
-
\??\c:\hbnbhh.exec:\hbnbhh.exe82⤵
-
\??\c:\pjddv.exec:\pjddv.exe83⤵
-
\??\c:\xxfxrxl.exec:\xxfxrxl.exe84⤵
-
\??\c:\fxxlrrf.exec:\fxxlrrf.exe85⤵
-
\??\c:\1tnthh.exec:\1tnthh.exe86⤵
-
\??\c:\5htbnt.exec:\5htbnt.exe87⤵
-
\??\c:\3pdpv.exec:\3pdpv.exe88⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe89⤵
-
\??\c:\rlrrffr.exec:\rlrrffr.exe90⤵
-
\??\c:\nhnbnt.exec:\nhnbnt.exe91⤵
-
\??\c:\3nbhtt.exec:\3nbhtt.exe92⤵
-
\??\c:\5ppdv.exec:\5ppdv.exe93⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe94⤵
-
\??\c:\rllxrfr.exec:\rllxrfr.exe95⤵
-
\??\c:\rfxrlrf.exec:\rfxrlrf.exe96⤵
-
\??\c:\bbnntb.exec:\bbnntb.exe97⤵
-
\??\c:\7bhntt.exec:\7bhntt.exe98⤵
-
\??\c:\9ddpv.exec:\9ddpv.exe99⤵
-
\??\c:\jdppj.exec:\jdppj.exe100⤵
-
\??\c:\lxxfflf.exec:\lxxfflf.exe101⤵
-
\??\c:\fxrrffl.exec:\fxrrffl.exe102⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe103⤵
-
\??\c:\nthtbb.exec:\nthtbb.exe104⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe105⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe106⤵
-
\??\c:\5rrrlrf.exec:\5rrrlrf.exe107⤵
-
\??\c:\5lfrxrx.exec:\5lfrxrx.exe108⤵
-
\??\c:\hhbnhn.exec:\hhbnhn.exe109⤵
-
\??\c:\nhtbnh.exec:\nhtbnh.exe110⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe111⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe112⤵
-
\??\c:\rllrrrf.exec:\rllrrrf.exe113⤵
-
\??\c:\7bntbh.exec:\7bntbh.exe114⤵
-
\??\c:\thtnbh.exec:\thtnbh.exe115⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe116⤵
-
\??\c:\jddvd.exec:\jddvd.exe117⤵
-
\??\c:\pddvj.exec:\pddvj.exe118⤵
-
\??\c:\rlxrffl.exec:\rlxrffl.exe119⤵
-
\??\c:\bthnbt.exec:\bthnbt.exe120⤵
-
\??\c:\nhnntb.exec:\nhnntb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-