Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
02/06/2024, 20:19
General
-
Target
5e8866b36b2ee97022366a478b5e5fa0_NeikiAnalytics.exe
-
Size
480KB
-
MD5
5e8866b36b2ee97022366a478b5e5fa0
-
SHA1
bdce328c6c632a721cd77cb659f81566d2a3c1a9
-
SHA256
50fdba025f265f0981345b19be010ab5a3646d24b7b570ae02252f1a821a53b0
-
SHA512
e2cb9670ed3d45edcb491dbd762604ffc1534bf9e409cc7c3a757ac7ff9aea2b957db9d179e6dc484dd032dcccb56c79f44ea2f31034ecb8d1927ee91d3af8ae
-
SSDEEP
12288:n3C9uDVw6326pKZ9asZqoZHz+evcn0Meh2Fezf:Su326p0aroZt0sf
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e8866b36b2ee97022366a478b5e5fa0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5e8866b36b2ee97022366a478b5e5fa0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbth.exec:\thnbth.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppdv.exec:\1ppdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxxxlx.exec:\1rxxxlx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhtb.exec:\ttnhtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllrlrl.exec:\xllrlrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhnt.exec:\nhhhnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddp.exec:\jdddp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbttb.exec:\thbttb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpdv.exec:\pvpdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxfff.exec:\rrxxfff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntttnn.exec:\ntttnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrllfl.exec:\lrrllfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhthn.exec:\nnhthn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxfflx.exec:\5xxfflx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhthn.exec:\nhhthn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrxllx.exec:\5lrxllx.exe17⤵
- Executes dropped EXE
-
\??\c:\1hntht.exec:\1hntht.exe18⤵
- Executes dropped EXE
-
\??\c:\bntnht.exec:\bntnht.exe19⤵
- Executes dropped EXE
-
\??\c:\nnthhb.exec:\nnthhb.exe20⤵
- Executes dropped EXE
-
\??\c:\3ffxrfr.exec:\3ffxrfr.exe21⤵
- Executes dropped EXE
-
\??\c:\tbtnnb.exec:\tbtnnb.exe22⤵
- Executes dropped EXE
-
\??\c:\xflrrrf.exec:\xflrrrf.exe23⤵
- Executes dropped EXE
-
\??\c:\ttnbhn.exec:\ttnbhn.exe24⤵
- Executes dropped EXE
-
\??\c:\jjpdj.exec:\jjpdj.exe25⤵
- Executes dropped EXE
-
\??\c:\hthtth.exec:\hthtth.exe26⤵
- Executes dropped EXE
-
\??\c:\tnthtb.exec:\tnthtb.exe27⤵
- Executes dropped EXE
-
\??\c:\1dvpj.exec:\1dvpj.exe28⤵
- Executes dropped EXE
-
\??\c:\ntthhn.exec:\ntthhn.exe29⤵
- Executes dropped EXE
-
\??\c:\pvvvv.exec:\pvvvv.exe30⤵
- Executes dropped EXE
-
\??\c:\1rlrrff.exec:\1rlrrff.exe31⤵
- Executes dropped EXE
-
\??\c:\hhthth.exec:\hhthth.exe32⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe33⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe34⤵
- Executes dropped EXE
-
\??\c:\xflrflf.exec:\xflrflf.exe35⤵
- Executes dropped EXE
-
\??\c:\nhtbhb.exec:\nhtbhb.exe36⤵
- Executes dropped EXE
-
\??\c:\ppppv.exec:\ppppv.exe37⤵
- Executes dropped EXE
-
\??\c:\jjjpv.exec:\jjjpv.exe38⤵
- Executes dropped EXE
-
\??\c:\rrrxlrf.exec:\rrrxlrf.exe39⤵
- Executes dropped EXE
-
\??\c:\tntbhn.exec:\tntbhn.exe40⤵
- Executes dropped EXE
-
\??\c:\dddjv.exec:\dddjv.exe41⤵
- Executes dropped EXE
-
\??\c:\lllxffr.exec:\lllxffr.exe42⤵
- Executes dropped EXE
-
\??\c:\fxrxflx.exec:\fxrxflx.exe43⤵
- Executes dropped EXE
-
\??\c:\thhbbn.exec:\thhbbn.exe44⤵
- Executes dropped EXE
-
\??\c:\3jvjp.exec:\3jvjp.exe45⤵
- Executes dropped EXE
-
\??\c:\xlrrfrl.exec:\xlrrfrl.exe46⤵
- Executes dropped EXE
-
\??\c:\5nhnth.exec:\5nhnth.exe47⤵
- Executes dropped EXE
-
\??\c:\7bhbtb.exec:\7bhbtb.exe48⤵
- Executes dropped EXE
-
\??\c:\jvvdj.exec:\jvvdj.exe49⤵
- Executes dropped EXE
-
\??\c:\9lrfxlf.exec:\9lrfxlf.exe50⤵
- Executes dropped EXE
-
\??\c:\nhbhth.exec:\nhbhth.exe51⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe52⤵
- Executes dropped EXE
-
\??\c:\lrrxlrf.exec:\lrrxlrf.exe53⤵
- Executes dropped EXE
-
\??\c:\ntnhhh.exec:\ntnhhh.exe54⤵
- Executes dropped EXE
-
\??\c:\5jvdd.exec:\5jvdd.exe55⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe56⤵
- Executes dropped EXE
-
\??\c:\3frxlrf.exec:\3frxlrf.exe57⤵
- Executes dropped EXE
-
\??\c:\thhtnt.exec:\thhtnt.exe58⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe59⤵
- Executes dropped EXE
-
\??\c:\pvpvv.exec:\pvpvv.exe60⤵
- Executes dropped EXE
-
\??\c:\rrllflf.exec:\rrllflf.exe61⤵
- Executes dropped EXE
-
\??\c:\nhhnht.exec:\nhhnht.exe62⤵
- Executes dropped EXE
-
\??\c:\pjdjd.exec:\pjdjd.exe63⤵
- Executes dropped EXE
-
\??\c:\rrfflrr.exec:\rrfflrr.exe64⤵
- Executes dropped EXE
-
\??\c:\rrrxrxl.exec:\rrrxrxl.exe65⤵
- Executes dropped EXE
-
\??\c:\1bttht.exec:\1bttht.exe66⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe67⤵
-
\??\c:\5rrxlxl.exec:\5rrxlxl.exe68⤵
-
\??\c:\fxrffrf.exec:\fxrffrf.exe69⤵
-
\??\c:\tbtbhn.exec:\tbtbhn.exe70⤵
-
\??\c:\vdvpd.exec:\vdvpd.exe71⤵
-
\??\c:\fxrxllf.exec:\fxrxllf.exe72⤵
-
\??\c:\9nnbbb.exec:\9nnbbb.exe73⤵
-
\??\c:\hbbbnh.exec:\hbbbnh.exe74⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe75⤵
-
\??\c:\frllrfx.exec:\frllrfx.exe76⤵
-
\??\c:\lrxxxxl.exec:\lrxxxxl.exe77⤵
-
\??\c:\3bttbh.exec:\3bttbh.exe78⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe79⤵
-
\??\c:\1ddjp.exec:\1ddjp.exe80⤵
-
\??\c:\1lrrllf.exec:\1lrrllf.exe81⤵
-
\??\c:\bbbhnn.exec:\bbbhnn.exe82⤵
-
\??\c:\hhbhth.exec:\hhbhth.exe83⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe84⤵
-
\??\c:\5xrlflx.exec:\5xrlflx.exe85⤵
-
\??\c:\9lffrrl.exec:\9lffrrl.exe86⤵
-
\??\c:\nnbhnt.exec:\nnbhnt.exe87⤵
-
\??\c:\dddjv.exec:\dddjv.exe88⤵
-
\??\c:\jvjvv.exec:\jvjvv.exe89⤵
-
\??\c:\5lrxlrx.exec:\5lrxlrx.exe90⤵
-
\??\c:\bhbtbt.exec:\bhbtbt.exe91⤵
-
\??\c:\9vdvp.exec:\9vdvp.exe92⤵
-
\??\c:\rlflflf.exec:\rlflflf.exe93⤵
-
\??\c:\1nbbnt.exec:\1nbbnt.exe94⤵
-
\??\c:\tthnbb.exec:\tthnbb.exe95⤵
-
\??\c:\pvdpv.exec:\pvdpv.exe96⤵
-
\??\c:\rlxxffr.exec:\rlxxffr.exe97⤵
-
\??\c:\fxrxrxr.exec:\fxrxrxr.exe98⤵
-
\??\c:\nhbnbn.exec:\nhbnbn.exe99⤵
-
\??\c:\7jdjj.exec:\7jdjj.exe100⤵
-
\??\c:\fxlrffx.exec:\fxlrffx.exe101⤵
-
\??\c:\ffflffr.exec:\ffflffr.exe102⤵
-
\??\c:\tnnthh.exec:\tnnthh.exe103⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe104⤵
-
\??\c:\rrlxlrf.exec:\rrlxlrf.exe105⤵
-
\??\c:\xlfrrxr.exec:\xlfrrxr.exe106⤵
-
\??\c:\nnnttt.exec:\nnnttt.exe107⤵
-
\??\c:\9dvjv.exec:\9dvjv.exe108⤵
-
\??\c:\rxxlxfx.exec:\rxxlxfx.exe109⤵
-
\??\c:\tnbnth.exec:\tnbnth.exe110⤵
-
\??\c:\9hhthn.exec:\9hhthn.exe111⤵
-
\??\c:\vppjv.exec:\vppjv.exe112⤵
-
\??\c:\lfxxlrf.exec:\lfxxlrf.exe113⤵
-
\??\c:\bthntb.exec:\bthntb.exe114⤵
-
\??\c:\bbnhnb.exec:\bbnhnb.exe115⤵
-
\??\c:\vpddp.exec:\vpddp.exe116⤵
-
\??\c:\flfxxxr.exec:\flfxxxr.exe117⤵
-
\??\c:\9nhnbb.exec:\9nhnbb.exe118⤵
-
\??\c:\nnhhth.exec:\nnhhth.exe119⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe120⤵
-
\??\c:\3fxfrxl.exec:\3fxfrxl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-