Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
01/06/2024, 07:07
General
-
Target
91ff6c48df9c11d80cf91dd37b3b1a10_NeikiAnalytics.exe
-
Size
103KB
-
MD5
91ff6c48df9c11d80cf91dd37b3b1a10
-
SHA1
c3ae48eb15c61b918b6a02a3366621534229bc4a
-
SHA256
c0396674dc1f3bd16806afe2fb51c53358126b51b28290139cce6bacf316a505
-
SHA512
06b54e9c84d4e938217eebbfdc4dd5ac11a4c02996b272734fbee0ba3c78c490d33d2c70524caa0be7a1c2ff63f8e54893500bf006bf2155b0e008ebfc4ee454
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoTNKDeS98hPUdHV7RNzfnLnN3oT:ymb3NkkiQ3mdBjFo5KDe88g1fR8R
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\91ff6c48df9c11d80cf91dd37b3b1a10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\91ff6c48df9c11d80cf91dd37b3b1a10_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxfrfl.exec:\9rxfrfl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbthh.exec:\btbthh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjvj.exec:\jvjvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rlxfrf.exec:\5rlxfrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bthtb.exec:\7bthtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpvp.exec:\jjpvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjj.exec:\dddjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfflrx.exec:\xrfflrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbnhh.exec:\9hbnhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdj.exec:\dpjdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfrrlx.exec:\xxfrrlx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxflr.exec:\lfxxflr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhtnb.exec:\3nhtnb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpvd.exec:\9vpvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxfxrl.exec:\rxxfxrl.exe17⤵
- Executes dropped EXE
-
\??\c:\3thntt.exec:\3thntt.exe18⤵
- Executes dropped EXE
-
\??\c:\pdvvj.exec:\pdvvj.exe19⤵
- Executes dropped EXE
-
\??\c:\7vpvj.exec:\7vpvj.exe20⤵
- Executes dropped EXE
-
\??\c:\lxlfxxx.exec:\lxlfxxx.exe21⤵
- Executes dropped EXE
-
\??\c:\rlxrllx.exec:\rlxrllx.exe22⤵
- Executes dropped EXE
-
\??\c:\5bbnbb.exec:\5bbnbb.exe23⤵
- Executes dropped EXE
-
\??\c:\7dvdv.exec:\7dvdv.exe24⤵
- Executes dropped EXE
-
\??\c:\1vjjp.exec:\1vjjp.exe25⤵
- Executes dropped EXE
-
\??\c:\xxlxllr.exec:\xxlxllr.exe26⤵
- Executes dropped EXE
-
\??\c:\nbttnb.exec:\nbttnb.exe27⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe28⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe29⤵
- Executes dropped EXE
-
\??\c:\xfrflff.exec:\xfrflff.exe30⤵
- Executes dropped EXE
-
\??\c:\frffxfr.exec:\frffxfr.exe31⤵
- Executes dropped EXE
-
\??\c:\5hhhnb.exec:\5hhhnb.exe32⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe33⤵
- Executes dropped EXE
-
\??\c:\lxflllr.exec:\lxflllr.exe34⤵
-
\??\c:\9hhnnt.exec:\9hhnnt.exe35⤵
- Executes dropped EXE
-
\??\c:\hbbbnh.exec:\hbbbnh.exe36⤵
- Executes dropped EXE
-
\??\c:\ddpvd.exec:\ddpvd.exe37⤵
- Executes dropped EXE
-
\??\c:\rllrxll.exec:\rllrxll.exe38⤵
- Executes dropped EXE
-
\??\c:\fxxfrrx.exec:\fxxfrrx.exe39⤵
- Executes dropped EXE
-
\??\c:\ntttnh.exec:\ntttnh.exe40⤵
- Executes dropped EXE
-
\??\c:\tnhhtb.exec:\tnhhtb.exe41⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe42⤵
- Executes dropped EXE
-
\??\c:\rxfflfx.exec:\rxfflfx.exe43⤵
- Executes dropped EXE
-
\??\c:\lrfrlfx.exec:\lrfrlfx.exe44⤵
- Executes dropped EXE
-
\??\c:\nhhbtb.exec:\nhhbtb.exe45⤵
- Executes dropped EXE
-
\??\c:\5bnthn.exec:\5bnthn.exe46⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe47⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe48⤵
- Executes dropped EXE
-
\??\c:\1jpdv.exec:\1jpdv.exe49⤵
- Executes dropped EXE
-
\??\c:\1fxxlxr.exec:\1fxxlxr.exe50⤵
- Executes dropped EXE
-
\??\c:\rrxlfrf.exec:\rrxlfrf.exe51⤵
- Executes dropped EXE
-
\??\c:\bbthbh.exec:\bbthbh.exe52⤵
- Executes dropped EXE
-
\??\c:\tttthh.exec:\tttthh.exe53⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe54⤵
- Executes dropped EXE
-
\??\c:\jjvjd.exec:\jjvjd.exe55⤵
- Executes dropped EXE
-
\??\c:\rrxrfrl.exec:\rrxrfrl.exe56⤵
- Executes dropped EXE
-
\??\c:\rlfrllf.exec:\rlfrllf.exe57⤵
- Executes dropped EXE
-
\??\c:\fxlrflf.exec:\fxlrflf.exe58⤵
- Executes dropped EXE
-
\??\c:\bnhhnn.exec:\bnhhnn.exe59⤵
- Executes dropped EXE
-
\??\c:\hnnbnt.exec:\hnnbnt.exe60⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe61⤵
- Executes dropped EXE
-
\??\c:\lfrxrfr.exec:\lfrxrfr.exe62⤵
- Executes dropped EXE
-
\??\c:\lxrrllf.exec:\lxrrllf.exe63⤵
- Executes dropped EXE
-
\??\c:\hbtnbt.exec:\hbtnbt.exe64⤵
- Executes dropped EXE
-
\??\c:\bhhthh.exec:\bhhthh.exe65⤵
- Executes dropped EXE
-
\??\c:\vvdjv.exec:\vvdjv.exe66⤵
- Executes dropped EXE
-
\??\c:\jjjvv.exec:\jjjvv.exe67⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe68⤵
-
\??\c:\llxfrrf.exec:\llxfrrf.exe69⤵
-
\??\c:\fffxflr.exec:\fffxflr.exe70⤵
-
\??\c:\hbhhth.exec:\hbhhth.exe71⤵
-
\??\c:\9nhthh.exec:\9nhthh.exe72⤵
-
\??\c:\vvddp.exec:\vvddp.exe73⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe74⤵
-
\??\c:\fxlrflf.exec:\fxlrflf.exe75⤵
-
\??\c:\lrlxrxl.exec:\lrlxrxl.exe76⤵
-
\??\c:\lllflxf.exec:\lllflxf.exe77⤵
-
\??\c:\bbtthn.exec:\bbtthn.exe78⤵
-
\??\c:\nnbnbh.exec:\nnbnbh.exe79⤵
-
\??\c:\pjpdd.exec:\pjpdd.exe80⤵
-
\??\c:\xrlxlxf.exec:\xrlxlxf.exe81⤵
-
\??\c:\rrlrffx.exec:\rrlrffx.exe82⤵
-
\??\c:\rrfllrf.exec:\rrfllrf.exe83⤵
-
\??\c:\7ttnbh.exec:\7ttnbh.exe84⤵
-
\??\c:\hnhhnt.exec:\hnhhnt.exe85⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe86⤵
-
\??\c:\3jvdp.exec:\3jvdp.exe87⤵
-
\??\c:\lrfrlxr.exec:\lrfrlxr.exe88⤵
-
\??\c:\fxxfxrf.exec:\fxxfxrf.exe89⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe90⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe91⤵
-
\??\c:\9jvdp.exec:\9jvdp.exe92⤵
-
\??\c:\xxlxlrf.exec:\xxlxlrf.exe93⤵
-
\??\c:\7flrllf.exec:\7flrllf.exe94⤵
-
\??\c:\bhnnbt.exec:\bhnnbt.exe95⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe96⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe97⤵
-
\??\c:\9dvdj.exec:\9dvdj.exe98⤵
-
\??\c:\llflllx.exec:\llflllx.exe99⤵
-
\??\c:\xxfllxl.exec:\xxfllxl.exe100⤵
-
\??\c:\bthnbb.exec:\bthnbb.exe101⤵
-
\??\c:\jjppv.exec:\jjppv.exe102⤵
-
\??\c:\pvdpp.exec:\pvdpp.exe103⤵
-
\??\c:\3rfllrl.exec:\3rfllrl.exe104⤵
-
\??\c:\5fxfxfr.exec:\5fxfxfr.exe105⤵
-
\??\c:\5bhbnb.exec:\5bhbnb.exe106⤵
-
\??\c:\5httbh.exec:\5httbh.exe107⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe108⤵
-
\??\c:\3pvdp.exec:\3pvdp.exe109⤵
-
\??\c:\5lflrrf.exec:\5lflrrf.exe110⤵
-
\??\c:\7fxfrxf.exec:\7fxfrxf.exe111⤵
-
\??\c:\hhnhnb.exec:\hhnhnb.exe112⤵
-
\??\c:\3bnntt.exec:\3bnntt.exe113⤵
-
\??\c:\vjpjp.exec:\vjpjp.exe114⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe115⤵
-
\??\c:\1xlrffx.exec:\1xlrffx.exe116⤵
-
\??\c:\3rxfrxr.exec:\3rxfrxr.exe117⤵
-
\??\c:\7htbhh.exec:\7htbhh.exe118⤵
-
\??\c:\tnnntt.exec:\tnnntt.exe119⤵
-
\??\c:\vpppd.exec:\vpppd.exe120⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-