Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
29/05/2024, 07:36
General
-
Target
4af78181393af80dc69cb4ba28d031b0_NeikiAnalytics.exe
-
Size
100KB
-
MD5
4af78181393af80dc69cb4ba28d031b0
-
SHA1
dec68afa5f0d11be47295fdb513d2827f8b87408
-
SHA256
a2e6013fe104ddbbdb1604be27741c72a9e1c23af1f9bf8d46a06656e1bc86ad
-
SHA512
cbe7e238773f15dedbb75376f057d0549311b433d05c206284d1a02656b251360cb8830438cf8b00564e3ce95e4396ba20d48595f873c9ecdc3c299e4667848b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDodtzn6zDaE0R5J:ymb3NkkiQ3mdBjFodt2zE3J
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4af78181393af80dc69cb4ba28d031b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4af78181393af80dc69cb4ba28d031b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5lflfxl.exec:\5lflfxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nhntb.exec:\7nhntb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllllf.exec:\rfllllf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnntb.exec:\ntnntb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjd.exec:\vpjjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjjj.exec:\9pjjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxflrl.exec:\xlxflrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hthnn.exec:\9hthnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdv.exec:\jvpdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflrfxf.exec:\rflrfxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbnt.exec:\bhhbnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjv.exec:\ddvjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlrrrx.exec:\rxlrrrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbntb.exec:\3hbntb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhth.exec:\nnbhth.exe17⤵
- Executes dropped EXE
-
\??\c:\jddpj.exec:\jddpj.exe18⤵
- Executes dropped EXE
-
\??\c:\fffrxxl.exec:\fffrxxl.exe19⤵
- Executes dropped EXE
-
\??\c:\bbbbth.exec:\bbbbth.exe20⤵
- Executes dropped EXE
-
\??\c:\9nnbbb.exec:\9nnbbb.exe21⤵
- Executes dropped EXE
-
\??\c:\5vpvj.exec:\5vpvj.exe22⤵
- Executes dropped EXE
-
\??\c:\xflffxx.exec:\xflffxx.exe23⤵
- Executes dropped EXE
-
\??\c:\hhhtth.exec:\hhhtth.exe24⤵
- Executes dropped EXE
-
\??\c:\5tnhbh.exec:\5tnhbh.exe25⤵
- Executes dropped EXE
-
\??\c:\jpppd.exec:\jpppd.exe26⤵
- Executes dropped EXE
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe27⤵
- Executes dropped EXE
-
\??\c:\bhthhb.exec:\bhthhb.exe28⤵
- Executes dropped EXE
-
\??\c:\5nbbhn.exec:\5nbbhn.exe29⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe30⤵
- Executes dropped EXE
-
\??\c:\xrlxlxf.exec:\xrlxlxf.exe31⤵
- Executes dropped EXE
-
\??\c:\bhtnnn.exec:\bhtnnn.exe32⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe33⤵
- Executes dropped EXE
-
\??\c:\rrrlfxf.exec:\rrrlfxf.exe34⤵
- Executes dropped EXE
-
\??\c:\ttntnh.exec:\ttntnh.exe35⤵
- Executes dropped EXE
-
\??\c:\vppdd.exec:\vppdd.exe36⤵
- Executes dropped EXE
-
\??\c:\ddvjp.exec:\ddvjp.exe37⤵
- Executes dropped EXE
-
\??\c:\9rflxfr.exec:\9rflxfr.exe38⤵
- Executes dropped EXE
-
\??\c:\nnnhbb.exec:\nnnhbb.exe39⤵
- Executes dropped EXE
-
\??\c:\hbthht.exec:\hbthht.exe40⤵
- Executes dropped EXE
-
\??\c:\jjdpj.exec:\jjdpj.exe41⤵
- Executes dropped EXE
-
\??\c:\fffxxrx.exec:\fffxxrx.exe42⤵
- Executes dropped EXE
-
\??\c:\7rfxrfx.exec:\7rfxrfx.exe43⤵
- Executes dropped EXE
-
\??\c:\tnnnbb.exec:\tnnnbb.exe44⤵
- Executes dropped EXE
-
\??\c:\bhtnnb.exec:\bhtnnb.exe45⤵
- Executes dropped EXE
-
\??\c:\7jpvd.exec:\7jpvd.exe46⤵
- Executes dropped EXE
-
\??\c:\9jjjp.exec:\9jjjp.exe47⤵
- Executes dropped EXE
-
\??\c:\rlxlxff.exec:\rlxlxff.exe48⤵
- Executes dropped EXE
-
\??\c:\7nhbnb.exec:\7nhbnb.exe49⤵
- Executes dropped EXE
-
\??\c:\hbbbtt.exec:\hbbbtt.exe50⤵
- Executes dropped EXE
-
\??\c:\7jdpp.exec:\7jdpp.exe51⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe52⤵
- Executes dropped EXE
-
\??\c:\3llxrfx.exec:\3llxrfx.exe53⤵
- Executes dropped EXE
-
\??\c:\3xrfxff.exec:\3xrfxff.exe54⤵
- Executes dropped EXE
-
\??\c:\nhthtt.exec:\nhthtt.exe55⤵
- Executes dropped EXE
-
\??\c:\bbbthh.exec:\bbbthh.exe56⤵
- Executes dropped EXE
-
\??\c:\pjvdv.exec:\pjvdv.exe57⤵
- Executes dropped EXE
-
\??\c:\dvvvd.exec:\dvvvd.exe58⤵
- Executes dropped EXE
-
\??\c:\rrlxrxl.exec:\rrlxrxl.exe59⤵
- Executes dropped EXE
-
\??\c:\flxllll.exec:\flxllll.exe60⤵
- Executes dropped EXE
-
\??\c:\tbtbhb.exec:\tbtbhb.exe61⤵
- Executes dropped EXE
-
\??\c:\btntnt.exec:\btntnt.exe62⤵
- Executes dropped EXE
-
\??\c:\ppjpv.exec:\ppjpv.exe63⤵
- Executes dropped EXE
-
\??\c:\7djpv.exec:\7djpv.exe64⤵
- Executes dropped EXE
-
\??\c:\llxrrfr.exec:\llxrrfr.exe65⤵
- Executes dropped EXE
-
\??\c:\lxrrxfr.exec:\lxrrxfr.exe66⤵
-
\??\c:\thtbnn.exec:\thtbnn.exe67⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe68⤵
-
\??\c:\vddvd.exec:\vddvd.exe69⤵
-
\??\c:\xrflxxl.exec:\xrflxxl.exe70⤵
-
\??\c:\llrxxxr.exec:\llrxxxr.exe71⤵
-
\??\c:\tntthn.exec:\tntthn.exe72⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe73⤵
-
\??\c:\vdddj.exec:\vdddj.exe74⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe75⤵
-
\??\c:\lfxfxfr.exec:\lfxfxfr.exe76⤵
-
\??\c:\7xrlxrl.exec:\7xrlxrl.exe77⤵
-
\??\c:\tnntbh.exec:\tnntbh.exe78⤵
-
\??\c:\bbthht.exec:\bbthht.exe79⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe80⤵
-
\??\c:\pdddp.exec:\pdddp.exe81⤵
-
\??\c:\lffxfrl.exec:\lffxfrl.exe82⤵
-
\??\c:\lfflrxx.exec:\lfflrxx.exe83⤵
-
\??\c:\5tttnn.exec:\5tttnn.exe84⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe85⤵
-
\??\c:\jjddv.exec:\jjddv.exe86⤵
-
\??\c:\3xrlfrf.exec:\3xrlfrf.exe87⤵
-
\??\c:\xrfrrxl.exec:\xrfrrxl.exe88⤵
-
\??\c:\hbtnnb.exec:\hbtnnb.exe89⤵
-
\??\c:\bhnhhh.exec:\bhnhhh.exe90⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe91⤵
-
\??\c:\vdvjp.exec:\vdvjp.exe92⤵
-
\??\c:\flfxxxf.exec:\flfxxxf.exe93⤵
-
\??\c:\hbnnbh.exec:\hbnnbh.exe94⤵
-
\??\c:\hbnbtn.exec:\hbnbtn.exe95⤵
-
\??\c:\9jvpv.exec:\9jvpv.exe96⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe97⤵
-
\??\c:\xrfflfr.exec:\xrfflfr.exe98⤵
-
\??\c:\tttnhn.exec:\tttnhn.exe99⤵
-
\??\c:\5nhtbn.exec:\5nhtbn.exe100⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe101⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe102⤵
-
\??\c:\3flrrxl.exec:\3flrrxl.exe103⤵
-
\??\c:\llfllrf.exec:\llfllrf.exe104⤵
-
\??\c:\3thhnb.exec:\3thhnb.exe105⤵
-
\??\c:\hnbbbh.exec:\hnbbbh.exe106⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe107⤵
-
\??\c:\rxfxrrf.exec:\rxfxrrf.exe108⤵
-
\??\c:\lrxrffl.exec:\lrxrffl.exe109⤵
-
\??\c:\ntnbtn.exec:\ntnbtn.exe110⤵
-
\??\c:\1nhttb.exec:\1nhttb.exe111⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe112⤵
-
\??\c:\9vdjd.exec:\9vdjd.exe113⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe114⤵
-
\??\c:\hhthnt.exec:\hhthnt.exe115⤵
-
\??\c:\1nhtbb.exec:\1nhtbb.exe116⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe117⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe118⤵
-
\??\c:\lxrfrrx.exec:\lxrfrrx.exe119⤵
-
\??\c:\9rlxllf.exec:\9rlxllf.exe120⤵
-
\??\c:\ntthbt.exec:\ntthbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-