Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
02/06/2024, 20:19
General
-
Target
5e8866b36b2ee97022366a478b5e5fa0_NeikiAnalytics.exe
-
Size
480KB
-
MD5
5e8866b36b2ee97022366a478b5e5fa0
-
SHA1
bdce328c6c632a721cd77cb659f81566d2a3c1a9
-
SHA256
50fdba025f265f0981345b19be010ab5a3646d24b7b570ae02252f1a821a53b0
-
SHA512
e2cb9670ed3d45edcb491dbd762604ffc1534bf9e409cc7c3a757ac7ff9aea2b957db9d179e6dc484dd032dcccb56c79f44ea2f31034ecb8d1927ee91d3af8ae
-
SSDEEP
12288:n3C9uDVw6326pKZ9asZqoZHz+evcn0Meh2Fezf:Su326p0aroZt0sf
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e8866b36b2ee97022366a478b5e5fa0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5e8866b36b2ee97022366a478b5e5fa0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnhtn.exec:\9nnhtn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppdp.exec:\1ppdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllflxx.exec:\rllflxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrfrlx.exec:\lxrfrlx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhtbb.exec:\bbhtbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvj.exec:\pvdvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvjd.exec:\vdvjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjvj.exec:\5pjvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxxlr.exec:\rrlxxlr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhtt.exec:\hnnhtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdp.exec:\vvpdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntthb.exec:\tntthb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpd.exec:\vjvpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllflrl.exec:\rllflrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djdv.exec:\1djdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djvd.exec:\7djvd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhhh.exec:\nbhhhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpv.exec:\jvjpv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrfrlx.exec:\xlrfrlx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbht.exec:\ttnbht.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpd.exec:\pdvpd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtnhb.exec:\bhtnhb.exe23⤵
- Executes dropped EXE
-
\??\c:\jjpdv.exec:\jjpdv.exe24⤵
- Executes dropped EXE
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe25⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe26⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe27⤵
- Executes dropped EXE
-
\??\c:\9rrlxrf.exec:\9rrlxrf.exe28⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe29⤵
- Executes dropped EXE
-
\??\c:\9lfrffr.exec:\9lfrffr.exe30⤵
- Executes dropped EXE
-
\??\c:\5bnnhn.exec:\5bnnhn.exe31⤵
- Executes dropped EXE
-
\??\c:\ddjvd.exec:\ddjvd.exe32⤵
- Executes dropped EXE
-
\??\c:\frxrlff.exec:\frxrlff.exe33⤵
- Executes dropped EXE
-
\??\c:\ppvpd.exec:\ppvpd.exe34⤵
- Executes dropped EXE
-
\??\c:\pvdpj.exec:\pvdpj.exe35⤵
- Executes dropped EXE
-
\??\c:\1fxrlxl.exec:\1fxrlxl.exe36⤵
- Executes dropped EXE
-
\??\c:\nhbnht.exec:\nhbnht.exe37⤵
- Executes dropped EXE
-
\??\c:\vvvjp.exec:\vvvjp.exe38⤵
- Executes dropped EXE
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe39⤵
- Executes dropped EXE
-
\??\c:\3rxrlfl.exec:\3rxrlfl.exe40⤵
- Executes dropped EXE
-
\??\c:\bnntnh.exec:\bnntnh.exe41⤵
- Executes dropped EXE
-
\??\c:\7vjvp.exec:\7vjvp.exe42⤵
- Executes dropped EXE
-
\??\c:\lxffrfr.exec:\lxffrfr.exe43⤵
- Executes dropped EXE
-
\??\c:\nnbbbh.exec:\nnbbbh.exe44⤵
- Executes dropped EXE
-
\??\c:\3ddvj.exec:\3ddvj.exe45⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe46⤵
- Executes dropped EXE
-
\??\c:\rllxxrx.exec:\rllxxrx.exe47⤵
- Executes dropped EXE
-
\??\c:\hnnnbt.exec:\hnnnbt.exe48⤵
- Executes dropped EXE
-
\??\c:\dvvjd.exec:\dvvjd.exe49⤵
- Executes dropped EXE
-
\??\c:\pdjpv.exec:\pdjpv.exe50⤵
- Executes dropped EXE
-
\??\c:\9lfrfxl.exec:\9lfrfxl.exe51⤵
- Executes dropped EXE
-
\??\c:\nbnhtn.exec:\nbnhtn.exe52⤵
- Executes dropped EXE
-
\??\c:\9ppdp.exec:\9ppdp.exe53⤵
- Executes dropped EXE
-
\??\c:\djvpj.exec:\djvpj.exe54⤵
- Executes dropped EXE
-
\??\c:\bnthhb.exec:\bnthhb.exe55⤵
- Executes dropped EXE
-
\??\c:\tntntn.exec:\tntntn.exe56⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe57⤵
- Executes dropped EXE
-
\??\c:\3xfrlll.exec:\3xfrlll.exe58⤵
- Executes dropped EXE
-
\??\c:\3thbbb.exec:\3thbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\3pvjd.exec:\3pvjd.exe60⤵
- Executes dropped EXE
-
\??\c:\rflxlfr.exec:\rflxlfr.exe61⤵
- Executes dropped EXE
-
\??\c:\rxxllfx.exec:\rxxllfx.exe62⤵
- Executes dropped EXE
-
\??\c:\bbthbb.exec:\bbthbb.exe63⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe64⤵
- Executes dropped EXE
-
\??\c:\5llxllx.exec:\5llxllx.exe65⤵
- Executes dropped EXE
-
\??\c:\lffxllf.exec:\lffxllf.exe66⤵
-
\??\c:\nbhbnh.exec:\nbhbnh.exe67⤵
-
\??\c:\3vpjv.exec:\3vpjv.exe68⤵
-
\??\c:\llrlfxr.exec:\llrlfxr.exe69⤵
-
\??\c:\3bbnbt.exec:\3bbnbt.exe70⤵
-
\??\c:\1htnhb.exec:\1htnhb.exe71⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe72⤵
-
\??\c:\lfrfrlx.exec:\lfrfrlx.exe73⤵
-
\??\c:\ffxrrff.exec:\ffxrrff.exe74⤵
-
\??\c:\btnhnh.exec:\btnhnh.exe75⤵
-
\??\c:\9vpvp.exec:\9vpvp.exe76⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe77⤵
-
\??\c:\frrlfxf.exec:\frrlfxf.exe78⤵
-
\??\c:\tbbthh.exec:\tbbthh.exe79⤵
-
\??\c:\dpddj.exec:\dpddj.exe80⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe81⤵
-
\??\c:\rffffll.exec:\rffffll.exe82⤵
-
\??\c:\thbtnb.exec:\thbtnb.exe83⤵
-
\??\c:\jppjv.exec:\jppjv.exe84⤵
-
\??\c:\xffrllx.exec:\xffrllx.exe85⤵
-
\??\c:\frxrrrl.exec:\frxrrrl.exe86⤵
-
\??\c:\7bnthh.exec:\7bnthh.exe87⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe88⤵
-
\??\c:\rrrlffx.exec:\rrrlffx.exe89⤵
-
\??\c:\tnnhtn.exec:\tnnhtn.exe90⤵
-
\??\c:\bnhnbb.exec:\bnhnbb.exe91⤵
-
\??\c:\7jpdv.exec:\7jpdv.exe92⤵
-
\??\c:\flllfxr.exec:\flllfxr.exe93⤵
-
\??\c:\htbntt.exec:\htbntt.exe94⤵
-
\??\c:\1pvpp.exec:\1pvpp.exe95⤵
-
\??\c:\xllxrrl.exec:\xllxrrl.exe96⤵
-
\??\c:\ttbnbt.exec:\ttbnbt.exe97⤵
-
\??\c:\nhhhnn.exec:\nhhhnn.exe98⤵
-
\??\c:\dpdpv.exec:\dpdpv.exe99⤵
-
\??\c:\rrxxffr.exec:\rrxxffr.exe100⤵
-
\??\c:\xlrfrlr.exec:\xlrfrlr.exe101⤵
-
\??\c:\tbnhtt.exec:\tbnhtt.exe102⤵
-
\??\c:\dddjd.exec:\dddjd.exe103⤵
-
\??\c:\lxfxllf.exec:\lxfxllf.exe104⤵
-
\??\c:\bhbbtt.exec:\bhbbtt.exe105⤵
-
\??\c:\7nnnhh.exec:\7nnnhh.exe106⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe107⤵
-
\??\c:\rllrllf.exec:\rllrllf.exe108⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe109⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe110⤵
-
\??\c:\3xrrfff.exec:\3xrrfff.exe111⤵
-
\??\c:\3hhhbb.exec:\3hhhbb.exe112⤵
-
\??\c:\5htnnt.exec:\5htnnt.exe113⤵
-
\??\c:\9pdvp.exec:\9pdvp.exe114⤵
-
\??\c:\7lfrxrl.exec:\7lfrxrl.exe115⤵
-
\??\c:\xrrllll.exec:\xrrllll.exe116⤵
-
\??\c:\7hhttn.exec:\7hhttn.exe117⤵
-
\??\c:\pddvj.exec:\pddvj.exe118⤵
-
\??\c:\3lrffff.exec:\3lrffff.exe119⤵
-
\??\c:\btnhbn.exec:\btnhbn.exe120⤵
-
\??\c:\hhhtnh.exec:\hhhtnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-