Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
30/05/2024, 00:26
General
-
Target
5c564f440fdf2cbff8f8288192ff6eb0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
5c564f440fdf2cbff8f8288192ff6eb0
-
SHA1
6b43a548e106349e23c4f40e2d9ccba47eb41d13
-
SHA256
4f14a8811874722b45e093a72fc3a1678d4a8e7c65056fb803af396b5812fae5
-
SHA512
e9e50113bc4afdd220124dbe67e256f15a6961e483684f0fb7a2ee219037248cc28854672958113b26a7aafe0a760952ea8f808127cbac609cfe810e85dbd2b2
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+C2HVM1p6T7A:zhOmTsF93UYfwC6GIoutiTU2HVS63A
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 63 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5c564f440fdf2cbff8f8288192ff6eb0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5c564f440fdf2cbff8f8288192ff6eb0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrlll.exec:\fxrrlll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flffxfx.exec:\flffxfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhhh.exec:\nbhhhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlllrr.exec:\rrlllrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnntnn.exec:\hnntnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpdd.exec:\9jpdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fffrxr.exec:\3fffrxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbtnn.exec:\thbtnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttnn.exec:\nnttnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxrxx.exec:\xfxxrxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrfffr.exec:\rfrfffr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbtnt.exec:\ntbtnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jpjd.exec:\5jpjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxllx.exec:\ffxxllx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxffxx.exec:\rrxffxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbth.exec:\tntbth.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjp.exec:\jjpjp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrlxr.exec:\rffrlxr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbhtt.exec:\bnbhtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttntb.exec:\tttntb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlffll.exec:\lxlffll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrrllf.exec:\1lrrllf.exe23⤵
- Executes dropped EXE
-
\??\c:\1hhbhb.exec:\1hhbhb.exe24⤵
- Executes dropped EXE
-
\??\c:\ddvpp.exec:\ddvpp.exe25⤵
- Executes dropped EXE
-
\??\c:\5rlxrlf.exec:\5rlxrlf.exe26⤵
- Executes dropped EXE
-
\??\c:\1nhntn.exec:\1nhntn.exe27⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe28⤵
- Executes dropped EXE
-
\??\c:\9jppj.exec:\9jppj.exe29⤵
- Executes dropped EXE
-
\??\c:\hnhbbt.exec:\hnhbbt.exe30⤵
- Executes dropped EXE
-
\??\c:\ppjdd.exec:\ppjdd.exe31⤵
- Executes dropped EXE
-
\??\c:\9frlfff.exec:\9frlfff.exe32⤵
- Executes dropped EXE
-
\??\c:\lflrlfx.exec:\lflrlfx.exe33⤵
- Executes dropped EXE
-
\??\c:\tnthbt.exec:\tnthbt.exe34⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe35⤵
- Executes dropped EXE
-
\??\c:\9vjpd.exec:\9vjpd.exe36⤵
- Executes dropped EXE
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe37⤵
- Executes dropped EXE
-
\??\c:\frfxxxx.exec:\frfxxxx.exe38⤵
- Executes dropped EXE
-
\??\c:\thtnhh.exec:\thtnhh.exe39⤵
- Executes dropped EXE
-
\??\c:\ddvpd.exec:\ddvpd.exe40⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe41⤵
- Executes dropped EXE
-
\??\c:\rlfrrrl.exec:\rlfrrrl.exe42⤵
- Executes dropped EXE
-
\??\c:\nbbnhh.exec:\nbbnhh.exe43⤵
- Executes dropped EXE
-
\??\c:\7dppd.exec:\7dppd.exe44⤵
- Executes dropped EXE
-
\??\c:\7ddvj.exec:\7ddvj.exe45⤵
- Executes dropped EXE
-
\??\c:\rflffxr.exec:\rflffxr.exe46⤵
- Executes dropped EXE
-
\??\c:\hnnbtt.exec:\hnnbtt.exe47⤵
- Executes dropped EXE
-
\??\c:\5nnbnh.exec:\5nnbnh.exe48⤵
- Executes dropped EXE
-
\??\c:\5pjdv.exec:\5pjdv.exe49⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe50⤵
- Executes dropped EXE
-
\??\c:\lfrfllr.exec:\lfrfllr.exe51⤵
- Executes dropped EXE
-
\??\c:\rxrxrrl.exec:\rxrxrrl.exe52⤵
-
\??\c:\1nhbnn.exec:\1nhbnn.exe53⤵
- Executes dropped EXE
-
\??\c:\9nnbtt.exec:\9nnbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe55⤵
- Executes dropped EXE
-
\??\c:\vvpjp.exec:\vvpjp.exe56⤵
- Executes dropped EXE
-
\??\c:\lflxxrl.exec:\lflxxrl.exe57⤵
- Executes dropped EXE
-
\??\c:\nhbnth.exec:\nhbnth.exe58⤵
- Executes dropped EXE
-
\??\c:\5dvjv.exec:\5dvjv.exe59⤵
- Executes dropped EXE
-
\??\c:\pvpjv.exec:\pvpjv.exe60⤵
- Executes dropped EXE
-
\??\c:\rlfxxxl.exec:\rlfxxxl.exe61⤵
- Executes dropped EXE
-
\??\c:\bbhtbt.exec:\bbhtbt.exe62⤵
- Executes dropped EXE
-
\??\c:\htnnbb.exec:\htnnbb.exe63⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe64⤵
- Executes dropped EXE
-
\??\c:\lxrfxrl.exec:\lxrfxrl.exe65⤵
- Executes dropped EXE
-
\??\c:\fffrlfr.exec:\fffrlfr.exe66⤵
- Executes dropped EXE
-
\??\c:\bnttth.exec:\bnttth.exe67⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe68⤵
-
\??\c:\3djdp.exec:\3djdp.exe69⤵
-
\??\c:\rfrlllf.exec:\rfrlllf.exe70⤵
-
\??\c:\lrfxrlx.exec:\lrfxrlx.exe71⤵
-
\??\c:\nhhhhn.exec:\nhhhhn.exe72⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe73⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe74⤵
-
\??\c:\fflxrlf.exec:\fflxrlf.exe75⤵
-
\??\c:\ntbtnh.exec:\ntbtnh.exe76⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe77⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe78⤵
-
\??\c:\llrrlfr.exec:\llrrlfr.exe79⤵
-
\??\c:\tttthn.exec:\tttthn.exe80⤵
-
\??\c:\dppjv.exec:\dppjv.exe81⤵
-
\??\c:\1jddv.exec:\1jddv.exe82⤵
-
\??\c:\rxxrffx.exec:\rxxrffx.exe83⤵
-
\??\c:\9xxxrlf.exec:\9xxxrlf.exe84⤵
-
\??\c:\hhhbhb.exec:\hhhbhb.exe85⤵
-
\??\c:\7jjdp.exec:\7jjdp.exe86⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe87⤵
-
\??\c:\lfffllr.exec:\lfffllr.exe88⤵
-
\??\c:\lllxfrr.exec:\lllxfrr.exe89⤵
-
\??\c:\5tnhbt.exec:\5tnhbt.exe90⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe91⤵
-
\??\c:\ddjvv.exec:\ddjvv.exe92⤵
-
\??\c:\1rrfrlx.exec:\1rrfrlx.exe93⤵
-
\??\c:\llxrffl.exec:\llxrffl.exe94⤵
-
\??\c:\nttttt.exec:\nttttt.exe95⤵
-
\??\c:\nbbnbt.exec:\nbbnbt.exe96⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe97⤵
-
\??\c:\xxxlxlf.exec:\xxxlxlf.exe98⤵
-
\??\c:\rfxrllf.exec:\rfxrllf.exe99⤵
-
\??\c:\tbhnhb.exec:\tbhnhb.exe100⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe101⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe102⤵
-
\??\c:\xrllxrl.exec:\xrllxrl.exe103⤵
-
\??\c:\ffxrrrr.exec:\ffxrrrr.exe104⤵
-
\??\c:\7ntnhb.exec:\7ntnhb.exe105⤵
-
\??\c:\tnbnhb.exec:\tnbnhb.exe106⤵
-
\??\c:\pddvj.exec:\pddvj.exe107⤵
-
\??\c:\rrxrllf.exec:\rrxrllf.exe108⤵
-
\??\c:\lflrlll.exec:\lflrlll.exe109⤵
-
\??\c:\llfrxrr.exec:\llfrxrr.exe110⤵
-
\??\c:\5tbttn.exec:\5tbttn.exe111⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe112⤵
-
\??\c:\5dvjj.exec:\5dvjj.exe113⤵
-
\??\c:\rxxllrf.exec:\rxxllrf.exe114⤵
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe115⤵
-
\??\c:\hhtnnn.exec:\hhtnnn.exe116⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe117⤵
-
\??\c:\1tnbhb.exec:\1tnbhb.exe118⤵
-
\??\c:\vppjv.exec:\vppjv.exe119⤵
-
\??\c:\frxrfff.exec:\frxrfff.exe120⤵
-
\??\c:\xrxflfx.exec:\xrxflfx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-