Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
03/06/2024, 02:42
General
-
Target
9896cd1b796bafac8faaa7a66aef4a70_NeikiAnalytics.exe
-
Size
92KB
-
MD5
9896cd1b796bafac8faaa7a66aef4a70
-
SHA1
7dc75f7e4a7168ce99a0f13435ad9a1eb065523c
-
SHA256
02e6da3b50bad1d34e88cfebd404318e698e3868a0da6b37502cd52489857f72
-
SHA512
0f518e2271bfa2d52c9cae295cdeb9ac91f4989f609991ffa7bca1ff988ce777cd3e22a1f557421bc73fba20181f64d78e038a3a567f597a1890f7b0fdcf85d8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/21+:ymb3NkkiQ3mdBjFo73PYP1lri3K8GN4f
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9896cd1b796bafac8faaa7a66aef4a70_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9896cd1b796bafac8faaa7a66aef4a70_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frfrrxx.exec:\frfrrxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfflxl.exec:\rrfflxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdj.exec:\vpvdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllxlr.exec:\fxllxlr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfxxx.exec:\rlxfxxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjp.exec:\pdpjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppjv.exec:\1ppjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxllx.exec:\rrxxllx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrfrf.exec:\fxlrfrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtbh.exec:\tnbtbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbtb.exec:\hnnbtb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpd.exec:\dvjpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlrfr.exec:\llrlrfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxrrl.exec:\rfxxrrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntbhb.exec:\hntbhb.exe17⤵
- Executes dropped EXE
-
\??\c:\hhbthn.exec:\hhbthn.exe18⤵
- Executes dropped EXE
-
\??\c:\5nhntb.exec:\5nhntb.exe19⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe20⤵
- Executes dropped EXE
-
\??\c:\llffxff.exec:\llffxff.exe21⤵
- Executes dropped EXE
-
\??\c:\9hbnbb.exec:\9hbnbb.exe22⤵
- Executes dropped EXE
-
\??\c:\btntht.exec:\btntht.exe23⤵
- Executes dropped EXE
-
\??\c:\vvjpj.exec:\vvjpj.exe24⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe25⤵
- Executes dropped EXE
-
\??\c:\xrlrxlx.exec:\xrlrxlx.exe26⤵
- Executes dropped EXE
-
\??\c:\5frrlfl.exec:\5frrlfl.exe27⤵
- Executes dropped EXE
-
\??\c:\tbttbh.exec:\tbttbh.exe28⤵
- Executes dropped EXE
-
\??\c:\ntbtth.exec:\ntbtth.exe29⤵
- Executes dropped EXE
-
\??\c:\lxrrxxf.exec:\lxrrxxf.exe30⤵
- Executes dropped EXE
-
\??\c:\tbhttn.exec:\tbhttn.exe31⤵
- Executes dropped EXE
-
\??\c:\nbthbn.exec:\nbthbn.exe32⤵
- Executes dropped EXE
-
\??\c:\ddjvj.exec:\ddjvj.exe33⤵
- Executes dropped EXE
-
\??\c:\xxrrffr.exec:\xxrrffr.exe34⤵
- Executes dropped EXE
-
\??\c:\lrxxffl.exec:\lrxxffl.exe35⤵
- Executes dropped EXE
-
\??\c:\nhbtht.exec:\nhbtht.exe36⤵
- Executes dropped EXE
-
\??\c:\hthntb.exec:\hthntb.exe37⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe38⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe39⤵
- Executes dropped EXE
-
\??\c:\xflfxff.exec:\xflfxff.exe40⤵
- Executes dropped EXE
-
\??\c:\9rlllrr.exec:\9rlllrr.exe41⤵
- Executes dropped EXE
-
\??\c:\httttt.exec:\httttt.exe42⤵
- Executes dropped EXE
-
\??\c:\ttntbt.exec:\ttntbt.exe43⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe44⤵
- Executes dropped EXE
-
\??\c:\pjjdj.exec:\pjjdj.exe45⤵
- Executes dropped EXE
-
\??\c:\1fxrxfl.exec:\1fxrxfl.exe46⤵
- Executes dropped EXE
-
\??\c:\7rxrffr.exec:\7rxrffr.exe47⤵
- Executes dropped EXE
-
\??\c:\nhhhhn.exec:\nhhhhn.exe48⤵
- Executes dropped EXE
-
\??\c:\bhbnnb.exec:\bhbnnb.exe49⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe50⤵
- Executes dropped EXE
-
\??\c:\vjddd.exec:\vjddd.exe51⤵
- Executes dropped EXE
-
\??\c:\9xlllff.exec:\9xlllff.exe52⤵
- Executes dropped EXE
-
\??\c:\7bbbhn.exec:\7bbbhn.exe53⤵
- Executes dropped EXE
-
\??\c:\tnttbh.exec:\tnttbh.exe54⤵
- Executes dropped EXE
-
\??\c:\ppdvj.exec:\ppdvj.exe55⤵
- Executes dropped EXE
-
\??\c:\1dvdp.exec:\1dvdp.exe56⤵
- Executes dropped EXE
-
\??\c:\xxfrxll.exec:\xxfrxll.exe57⤵
- Executes dropped EXE
-
\??\c:\xrflxxf.exec:\xrflxxf.exe58⤵
- Executes dropped EXE
-
\??\c:\bhtbhh.exec:\bhtbhh.exe59⤵
- Executes dropped EXE
-
\??\c:\bbtbnh.exec:\bbtbnh.exe60⤵
- Executes dropped EXE
-
\??\c:\ppvpp.exec:\ppvpp.exe61⤵
- Executes dropped EXE
-
\??\c:\jjdpj.exec:\jjdpj.exe62⤵
- Executes dropped EXE
-
\??\c:\lflflxf.exec:\lflflxf.exe63⤵
- Executes dropped EXE
-
\??\c:\lfllrxl.exec:\lfllrxl.exe64⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe65⤵
- Executes dropped EXE
-
\??\c:\5vppv.exec:\5vppv.exe66⤵
-
\??\c:\lxlxlrf.exec:\lxlxlrf.exe67⤵
-
\??\c:\5lxffxf.exec:\5lxffxf.exe68⤵
-
\??\c:\nhbnhn.exec:\nhbnhn.exe69⤵
-
\??\c:\pdppv.exec:\pdppv.exe70⤵
-
\??\c:\1pdjv.exec:\1pdjv.exe71⤵
-
\??\c:\rfrrrlx.exec:\rfrrrlx.exe72⤵
-
\??\c:\5lxxfxr.exec:\5lxxfxr.exe73⤵
-
\??\c:\nnbbnb.exec:\nnbbnb.exe74⤵
-
\??\c:\hhthtb.exec:\hhthtb.exe75⤵
-
\??\c:\9djpd.exec:\9djpd.exe76⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe77⤵
-
\??\c:\lfrlrrf.exec:\lfrlrrf.exe78⤵
-
\??\c:\3xffrxl.exec:\3xffrxl.exe79⤵
-
\??\c:\5nnnhn.exec:\5nnnhn.exe80⤵
-
\??\c:\tthbnt.exec:\tthbnt.exe81⤵
-
\??\c:\9bbbnt.exec:\9bbbnt.exe82⤵
-
\??\c:\3vppv.exec:\3vppv.exe83⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe84⤵
-
\??\c:\rlflfxl.exec:\rlflfxl.exe85⤵
-
\??\c:\rrfxffr.exec:\rrfxffr.exe86⤵
-
\??\c:\tnbhtt.exec:\tnbhtt.exe87⤵
-
\??\c:\1tbhnb.exec:\1tbhnb.exe88⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe89⤵
-
\??\c:\5jdvp.exec:\5jdvp.exe90⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe91⤵
-
\??\c:\fxlflxr.exec:\fxlflxr.exe92⤵
-
\??\c:\1rllrxr.exec:\1rllrxr.exe93⤵
-
\??\c:\5nttbh.exec:\5nttbh.exe94⤵
-
\??\c:\5pvjv.exec:\5pvjv.exe95⤵
-
\??\c:\vpddj.exec:\vpddj.exe96⤵
-
\??\c:\jvppv.exec:\jvppv.exe97⤵
-
\??\c:\lfllrrx.exec:\lfllrrx.exe98⤵
-
\??\c:\hbhtbb.exec:\hbhtbb.exe99⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe100⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe101⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe102⤵
-
\??\c:\9pjdp.exec:\9pjdp.exe103⤵
-
\??\c:\xlxxxfr.exec:\xlxxxfr.exe104⤵
-
\??\c:\lxfxfxx.exec:\lxfxfxx.exe105⤵
-
\??\c:\hbbbnt.exec:\hbbbnt.exe106⤵
-
\??\c:\thbbtt.exec:\thbbtt.exe107⤵
-
\??\c:\djdjd.exec:\djdjd.exe108⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe109⤵
-
\??\c:\flffrlx.exec:\flffrlx.exe110⤵
-
\??\c:\3xflxfr.exec:\3xflxfr.exe111⤵
-
\??\c:\nhhtbb.exec:\nhhtbb.exe112⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe113⤵
-
\??\c:\3jvvd.exec:\3jvvd.exe114⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe115⤵
-
\??\c:\fxrxllx.exec:\fxrxllx.exe116⤵
-
\??\c:\lfflxfr.exec:\lfflxfr.exe117⤵
-
\??\c:\ntbbhn.exec:\ntbbhn.exe118⤵
-
\??\c:\tbttht.exec:\tbttht.exe119⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe120⤵
-
\??\c:\fxxfxxx.exec:\fxxfxxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-