Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
30/05/2024, 14:10
General
-
Target
76fe96754c1143f0a2a220039ea45580_NeikiAnalytics.exe
-
Size
395KB
-
MD5
76fe96754c1143f0a2a220039ea45580
-
SHA1
303792313ed244eedd160fd5d8077532880e2186
-
SHA256
00478da94fbb88bd1f6adb9e43374d5b5cdf50f5b103a275913722c57f4b8e28
-
SHA512
c5228d07fe06ad8ae110dfbbe9c3a811f1fa90aecaad9157246c9f7fb451fa0520a8a160869a30c60b76c043431b64cb0f1e5dd1f236c8c0a017cbbcfbf5f363
-
SSDEEP
6144:n3C9BRo7tvnJ9oH0IRgZvjkobjcSbcY+CaQdaFOY4iGFYtRdu/M:n3C9ytvngQjZbz+xt4vFBk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\76fe96754c1143f0a2a220039ea45580_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\76fe96754c1143f0a2a220039ea45580_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpj.exec:\pvdpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtnh.exec:\nnbtnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnbtt.exec:\7bnbtt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lfxllf.exec:\9lfxllf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjd.exec:\dddjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhhb.exec:\bbhhhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrrlx.exec:\xlxrrlx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvp.exec:\vpjvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvjd.exec:\9jvjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxrfx.exec:\lfxxrfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ffxxxr.exec:\7ffxxxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttnn.exec:\htttnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbnn.exec:\nhhbnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhnht.exec:\bnhnht.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflxxx.exec:\lfflxxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddj.exec:\jpddj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddv.exec:\jvddv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbtt.exec:\bbbbtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrllx.exec:\xlrrllx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9httnh.exec:\9httnh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvv.exec:\vvjvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrffx.exec:\xlxrffx.exe23⤵
- Executes dropped EXE
-
\??\c:\nbhbnh.exec:\nbhbnh.exe24⤵
- Executes dropped EXE
-
\??\c:\7tnhtb.exec:\7tnhtb.exe25⤵
- Executes dropped EXE
-
\??\c:\3bbtnh.exec:\3bbtnh.exe26⤵
- Executes dropped EXE
-
\??\c:\lffxrrl.exec:\lffxrrl.exe27⤵
- Executes dropped EXE
-
\??\c:\5tbtnt.exec:\5tbtnt.exe28⤵
- Executes dropped EXE
-
\??\c:\5ntnbb.exec:\5ntnbb.exe29⤵
- Executes dropped EXE
-
\??\c:\xffxxxx.exec:\xffxxxx.exe30⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe31⤵
- Executes dropped EXE
-
\??\c:\hhbtnh.exec:\hhbtnh.exe32⤵
- Executes dropped EXE
-
\??\c:\tnnhtt.exec:\tnnhtt.exe33⤵
- Executes dropped EXE
-
\??\c:\5jdvp.exec:\5jdvp.exe34⤵
- Executes dropped EXE
-
\??\c:\1bbtnh.exec:\1bbtnh.exe35⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe36⤵
- Executes dropped EXE
-
\??\c:\frlflfr.exec:\frlflfr.exe37⤵
- Executes dropped EXE
-
\??\c:\tnnbtn.exec:\tnnbtn.exe38⤵
- Executes dropped EXE
-
\??\c:\nhhbnn.exec:\nhhbnn.exe39⤵
- Executes dropped EXE
-
\??\c:\3jjdp.exec:\3jjdp.exe40⤵
- Executes dropped EXE
-
\??\c:\lflxrlf.exec:\lflxrlf.exe41⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe42⤵
- Executes dropped EXE
-
\??\c:\ttbnhh.exec:\ttbnhh.exe43⤵
- Executes dropped EXE
-
\??\c:\3jjdv.exec:\3jjdv.exe44⤵
- Executes dropped EXE
-
\??\c:\rxfxrrl.exec:\rxfxrrl.exe45⤵
- Executes dropped EXE
-
\??\c:\llxflxl.exec:\llxflxl.exe46⤵
- Executes dropped EXE
-
\??\c:\bnthbt.exec:\bnthbt.exe47⤵
- Executes dropped EXE
-
\??\c:\3pjdd.exec:\3pjdd.exe48⤵
- Executes dropped EXE
-
\??\c:\vjvpd.exec:\vjvpd.exe49⤵
- Executes dropped EXE
-
\??\c:\fxfxllf.exec:\fxfxllf.exe50⤵
- Executes dropped EXE
-
\??\c:\nnbttn.exec:\nnbttn.exe51⤵
- Executes dropped EXE
-
\??\c:\9tbnhh.exec:\9tbnhh.exe52⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe53⤵
- Executes dropped EXE
-
\??\c:\rlfrflx.exec:\rlfrflx.exe54⤵
- Executes dropped EXE
-
\??\c:\bhbthh.exec:\bhbthh.exe55⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe56⤵
- Executes dropped EXE
-
\??\c:\1ffxllf.exec:\1ffxllf.exe57⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe58⤵
- Executes dropped EXE
-
\??\c:\jddvd.exec:\jddvd.exe59⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe60⤵
- Executes dropped EXE
-
\??\c:\3ffxrll.exec:\3ffxrll.exe61⤵
- Executes dropped EXE
-
\??\c:\hhnhbb.exec:\hhnhbb.exe62⤵
- Executes dropped EXE
-
\??\c:\1djdd.exec:\1djdd.exe63⤵
- Executes dropped EXE
-
\??\c:\rllrfxr.exec:\rllrfxr.exe64⤵
- Executes dropped EXE
-
\??\c:\htbtnn.exec:\htbtnn.exe65⤵
- Executes dropped EXE
-
\??\c:\hthbbb.exec:\hthbbb.exe66⤵
-
\??\c:\vdjvp.exec:\vdjvp.exe67⤵
-
\??\c:\lflfxxl.exec:\lflfxxl.exe68⤵
-
\??\c:\hbhbtn.exec:\hbhbtn.exe69⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe70⤵
-
\??\c:\tbttnn.exec:\tbttnn.exe71⤵
-
\??\c:\3jjpj.exec:\3jjpj.exe72⤵
-
\??\c:\fxxfxfx.exec:\fxxfxfx.exe73⤵
-
\??\c:\bbhnnb.exec:\bbhnnb.exe74⤵
-
\??\c:\dvddv.exec:\dvddv.exe75⤵
-
\??\c:\xfxxlfr.exec:\xfxxlfr.exe76⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe77⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe78⤵
-
\??\c:\rfxxlfr.exec:\rfxxlfr.exe79⤵
-
\??\c:\bhtbnb.exec:\bhtbnb.exe80⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe81⤵
-
\??\c:\3pjdd.exec:\3pjdd.exe82⤵
-
\??\c:\lrxrllx.exec:\lrxrllx.exe83⤵
-
\??\c:\1hhhbb.exec:\1hhhbb.exe84⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe85⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe86⤵
-
\??\c:\rxlfllr.exec:\rxlfllr.exe87⤵
-
\??\c:\5hnhhh.exec:\5hnhhh.exe88⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe89⤵
-
\??\c:\1vvpd.exec:\1vvpd.exe90⤵
-
\??\c:\fffxffl.exec:\fffxffl.exe91⤵
-
\??\c:\1flllrl.exec:\1flllrl.exe92⤵
-
\??\c:\htnhhh.exec:\htnhhh.exe93⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe94⤵
-
\??\c:\pvddv.exec:\pvddv.exe95⤵
-
\??\c:\ffffffl.exec:\ffffffl.exe96⤵
-
\??\c:\9hbbtn.exec:\9hbbtn.exe97⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe98⤵
-
\??\c:\3htnhh.exec:\3htnhh.exe99⤵
-
\??\c:\pjppp.exec:\pjppp.exe100⤵
-
\??\c:\rfxrrlf.exec:\rfxrrlf.exe101⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe102⤵
-
\??\c:\1pdvd.exec:\1pdvd.exe103⤵
-
\??\c:\7xlfffl.exec:\7xlfffl.exe104⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe105⤵
-
\??\c:\vdvpd.exec:\vdvpd.exe106⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe107⤵
-
\??\c:\9nnhhb.exec:\9nnhhb.exe108⤵
-
\??\c:\5tbbtt.exec:\5tbbtt.exe109⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe110⤵
-
\??\c:\rxrrxlr.exec:\rxrrxlr.exe111⤵
-
\??\c:\ttbnbb.exec:\ttbnbb.exe112⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe113⤵
-
\??\c:\9rfxrrl.exec:\9rfxrrl.exe114⤵
-
\??\c:\ththhh.exec:\ththhh.exe115⤵
-
\??\c:\7bbbtt.exec:\7bbbtt.exe116⤵
-
\??\c:\jpvvd.exec:\jpvvd.exe117⤵
-
\??\c:\fflfrlr.exec:\fflfrlr.exe118⤵
-
\??\c:\3nnhhn.exec:\3nnhhn.exe119⤵
-
\??\c:\1jvpp.exec:\1jvpp.exe120⤵
-
\??\c:\xxrlrrf.exec:\xxrlrrf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-