Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
31/05/2024, 20:53
General
-
Target
7f4bb024edda2b324c8c66345dc662c0_NeikiAnalytics.exe
-
Size
93KB
-
MD5
7f4bb024edda2b324c8c66345dc662c0
-
SHA1
eac039c2ec1f76194277cea6584b9a92894b17fc
-
SHA256
1cfbc47565f530bcccf69ef02e628d64d1d79fdaf5a3bb007d88ab31c6a14252
-
SHA512
0b1c056fe465a41262b7d43f2e174a893958bc7481a00c26f71adb6f656c2f534fb8c50affab3380aaa2eee284377da87878549edd38952d56ca368cd928587d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7NANTBuQG1np24+2OX6:ymb3NkkiQ3mdBjFo7NguQG1n0US6
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f4bb024edda2b324c8c66345dc662c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7f4bb024edda2b324c8c66345dc662c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrrfr.exec:\rlfrrfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhhnn.exec:\5bhhnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbh.exec:\nhhhbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlffx.exec:\ffrlffx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnhhh.exec:\ntnhhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbbb.exec:\nntbbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvpj.exec:\5dvpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrrxx.exec:\rfrrrxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjj.exec:\djpjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxrxf.exec:\xxxxrxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbbb.exec:\nbhbbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnnnt.exec:\3nnnnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvj.exec:\jdjvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrlfff.exec:\7rrlfff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbbb.exec:\hhhbbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddv.exec:\vvddv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrrlrr.exec:\xfrrlrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfflrr.exec:\xrfflrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbbb.exec:\hhhbbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppp.exec:\ppppp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrfrrl.exec:\rlrfrrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtnhb.exec:\tbtnhb.exe23⤵
- Executes dropped EXE
-
\??\c:\rrxlxfr.exec:\rrxlxfr.exe24⤵
- Executes dropped EXE
-
\??\c:\nhnnhn.exec:\nhnnhn.exe25⤵
- Executes dropped EXE
-
\??\c:\vdjjp.exec:\vdjjp.exe26⤵
- Executes dropped EXE
-
\??\c:\ffffrxx.exec:\ffffrxx.exe27⤵
- Executes dropped EXE
-
\??\c:\rffrlll.exec:\rffrlll.exe28⤵
- Executes dropped EXE
-
\??\c:\hbnnht.exec:\hbnnht.exe29⤵
- Executes dropped EXE
-
\??\c:\tnnnhh.exec:\tnnnhh.exe30⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe31⤵
- Executes dropped EXE
-
\??\c:\flfflrf.exec:\flfflrf.exe32⤵
- Executes dropped EXE
-
\??\c:\tbhbtt.exec:\tbhbtt.exe33⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe34⤵
- Executes dropped EXE
-
\??\c:\ddvdj.exec:\ddvdj.exe35⤵
- Executes dropped EXE
-
\??\c:\flrxlrf.exec:\flrxlrf.exe36⤵
- Executes dropped EXE
-
\??\c:\hnnhbn.exec:\hnnhbn.exe37⤵
- Executes dropped EXE
-
\??\c:\btbtnn.exec:\btbtnn.exe38⤵
- Executes dropped EXE
-
\??\c:\pvppd.exec:\pvppd.exe39⤵
- Executes dropped EXE
-
\??\c:\7frllrl.exec:\7frllrl.exe40⤵
- Executes dropped EXE
-
\??\c:\tbtnnh.exec:\tbtnnh.exe41⤵
- Executes dropped EXE
-
\??\c:\7djjj.exec:\7djjj.exe42⤵
- Executes dropped EXE
-
\??\c:\frrlfff.exec:\frrlfff.exe43⤵
- Executes dropped EXE
-
\??\c:\hhbtnn.exec:\hhbtnn.exe44⤵
- Executes dropped EXE
-
\??\c:\nnnhbb.exec:\nnnhbb.exe45⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe46⤵
- Executes dropped EXE
-
\??\c:\lffxlxr.exec:\lffxlxr.exe47⤵
- Executes dropped EXE
-
\??\c:\ththbt.exec:\ththbt.exe48⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe49⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe50⤵
- Executes dropped EXE
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe51⤵
- Executes dropped EXE
-
\??\c:\httnbb.exec:\httnbb.exe52⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe53⤵
- Executes dropped EXE
-
\??\c:\xflfxxr.exec:\xflfxxr.exe54⤵
- Executes dropped EXE
-
\??\c:\nhhthb.exec:\nhhthb.exe55⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe56⤵
- Executes dropped EXE
-
\??\c:\frffxfx.exec:\frffxfx.exe57⤵
- Executes dropped EXE
-
\??\c:\7bbnht.exec:\7bbnht.exe58⤵
- Executes dropped EXE
-
\??\c:\1djdv.exec:\1djdv.exe59⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe60⤵
- Executes dropped EXE
-
\??\c:\lxlrlfx.exec:\lxlrlfx.exe61⤵
- Executes dropped EXE
-
\??\c:\bhbhth.exec:\bhbhth.exe62⤵
- Executes dropped EXE
-
\??\c:\rrxfxxr.exec:\rrxfxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\9frllll.exec:\9frllll.exe64⤵
- Executes dropped EXE
-
\??\c:\bhbtnn.exec:\bhbtnn.exe65⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe66⤵
-
\??\c:\7rxxrrf.exec:\7rxxrrf.exe67⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe68⤵
-
\??\c:\5jvpj.exec:\5jvpj.exe69⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe70⤵
-
\??\c:\3xfxlrl.exec:\3xfxlrl.exe71⤵
-
\??\c:\rlffffx.exec:\rlffffx.exe72⤵
-
\??\c:\nhhbtb.exec:\nhhbtb.exe73⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe74⤵
-
\??\c:\3pvpp.exec:\3pvpp.exe75⤵
-
\??\c:\3xxrlll.exec:\3xxrlll.exe76⤵
-
\??\c:\nhbbhn.exec:\nhbbhn.exe77⤵
-
\??\c:\hhbttt.exec:\hhbttt.exe78⤵
-
\??\c:\9vjdd.exec:\9vjdd.exe79⤵
-
\??\c:\jvppj.exec:\jvppj.exe80⤵
-
\??\c:\xlrrlll.exec:\xlrrlll.exe81⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe82⤵
-
\??\c:\btbbnt.exec:\btbbnt.exe83⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe84⤵
-
\??\c:\llxrflr.exec:\llxrflr.exe85⤵
-
\??\c:\rllrrxf.exec:\rllrrxf.exe86⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe87⤵
-
\??\c:\ttnhhh.exec:\ttnhhh.exe88⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe89⤵
-
\??\c:\1jjdd.exec:\1jjdd.exe90⤵
-
\??\c:\xlrlflf.exec:\xlrlflf.exe91⤵
-
\??\c:\ttbbhn.exec:\ttbbhn.exe92⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe93⤵
-
\??\c:\frrlfff.exec:\frrlfff.exe94⤵
-
\??\c:\ffrxxll.exec:\ffrxxll.exe95⤵
-
\??\c:\tthhhn.exec:\tthhhn.exe96⤵
-
\??\c:\tttthh.exec:\tttthh.exe97⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe98⤵
-
\??\c:\ddddp.exec:\ddddp.exe99⤵
-
\??\c:\fxxlfrl.exec:\fxxlfrl.exe100⤵
-
\??\c:\btbhbb.exec:\btbhbb.exe101⤵
-
\??\c:\jjddj.exec:\jjddj.exe102⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe103⤵
-
\??\c:\xlrlfff.exec:\xlrlfff.exe104⤵
-
\??\c:\httttt.exec:\httttt.exe105⤵
-
\??\c:\1hnhbb.exec:\1hnhbb.exe106⤵
-
\??\c:\5jdvp.exec:\5jdvp.exe107⤵
-
\??\c:\vppjv.exec:\vppjv.exe108⤵
-
\??\c:\lfrrlrr.exec:\lfrrlrr.exe109⤵
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe110⤵
-
\??\c:\rxlxrrl.exec:\rxlxrrl.exe111⤵
-
\??\c:\lfrrxlr.exec:\lfrrxlr.exe112⤵
-
\??\c:\1hbhhn.exec:\1hbhhn.exe113⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe114⤵
-
\??\c:\9jddd.exec:\9jddd.exe115⤵
-
\??\c:\5rxrxxx.exec:\5rxrxxx.exe116⤵
-
\??\c:\rxfxrxr.exec:\rxfxrxr.exe117⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe118⤵
-
\??\c:\pvjjv.exec:\pvjjv.exe119⤵
-
\??\c:\xlrrllr.exec:\xlrrllr.exe120⤵
-
\??\c:\lrlllll.exec:\lrlllll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-