Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
03/06/2024, 02:42
General
-
Target
9896cd1b796bafac8faaa7a66aef4a70_NeikiAnalytics.exe
-
Size
92KB
-
MD5
9896cd1b796bafac8faaa7a66aef4a70
-
SHA1
7dc75f7e4a7168ce99a0f13435ad9a1eb065523c
-
SHA256
02e6da3b50bad1d34e88cfebd404318e698e3868a0da6b37502cd52489857f72
-
SHA512
0f518e2271bfa2d52c9cae295cdeb9ac91f4989f609991ffa7bca1ff988ce777cd3e22a1f557421bc73fba20181f64d78e038a3a567f597a1890f7b0fdcf85d8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/21+:ymb3NkkiQ3mdBjFo73PYP1lri3K8GN4f
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9896cd1b796bafac8faaa7a66aef4a70_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9896cd1b796bafac8faaa7a66aef4a70_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9dddd.exec:\9dddd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvv.exec:\jpdvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lllfff.exec:\9lllfff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbth.exec:\ttbbth.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppd.exec:\jjppd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllllr.exec:\lxllllr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhtth.exec:\hbhtth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbtb.exec:\ntbbtb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxxxx.exec:\frxxxxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnbnt.exec:\tbnbnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfxrl.exec:\fxlfxrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbhh.exec:\btbbhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddv.exec:\jvddv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrrxx.exec:\flrrrxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlfrrr.exec:\lxlfrrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhbtt.exec:\5hhbtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvp.exec:\jjjvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllxrrl.exec:\xllxrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttnn.exec:\htttnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddjd.exec:\vddjd.exe23⤵
- Executes dropped EXE
-
\??\c:\ddppp.exec:\ddppp.exe24⤵
- Executes dropped EXE
-
\??\c:\rrlxxrr.exec:\rrlxxrr.exe25⤵
- Executes dropped EXE
-
\??\c:\9hhbbt.exec:\9hhbbt.exe26⤵
- Executes dropped EXE
-
\??\c:\bnnhtt.exec:\bnnhtt.exe27⤵
- Executes dropped EXE
-
\??\c:\jdddd.exec:\jdddd.exe28⤵
- Executes dropped EXE
-
\??\c:\xllllll.exec:\xllllll.exe29⤵
- Executes dropped EXE
-
\??\c:\ttbtnn.exec:\ttbtnn.exe30⤵
- Executes dropped EXE
-
\??\c:\hhbbtt.exec:\hhbbtt.exe31⤵
- Executes dropped EXE
-
\??\c:\vvpjj.exec:\vvpjj.exe32⤵
- Executes dropped EXE
-
\??\c:\rffxllf.exec:\rffxllf.exe33⤵
- Executes dropped EXE
-
\??\c:\rxxxrxf.exec:\rxxxrxf.exe34⤵
- Executes dropped EXE
-
\??\c:\1dvvv.exec:\1dvvv.exe35⤵
- Executes dropped EXE
-
\??\c:\rllfxxr.exec:\rllfxxr.exe36⤵
- Executes dropped EXE
-
\??\c:\rffffff.exec:\rffffff.exe37⤵
- Executes dropped EXE
-
\??\c:\tntttb.exec:\tntttb.exe38⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe39⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe40⤵
- Executes dropped EXE
-
\??\c:\lrxfffx.exec:\lrxfffx.exe41⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe42⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe43⤵
- Executes dropped EXE
-
\??\c:\flxxxxx.exec:\flxxxxx.exe44⤵
- Executes dropped EXE
-
\??\c:\bnttnn.exec:\bnttnn.exe45⤵
- Executes dropped EXE
-
\??\c:\thtnbh.exec:\thtnbh.exe46⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe47⤵
- Executes dropped EXE
-
\??\c:\lfffxxx.exec:\lfffxxx.exe48⤵
- Executes dropped EXE
-
\??\c:\tnnnhn.exec:\tnnnhn.exe49⤵
- Executes dropped EXE
-
\??\c:\hnnhbb.exec:\hnnhbb.exe50⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe51⤵
- Executes dropped EXE
-
\??\c:\djjjd.exec:\djjjd.exe52⤵
- Executes dropped EXE
-
\??\c:\1xxxlll.exec:\1xxxlll.exe53⤵
- Executes dropped EXE
-
\??\c:\5bbttb.exec:\5bbttb.exe54⤵
- Executes dropped EXE
-
\??\c:\tnhbtb.exec:\tnhbtb.exe55⤵
-
\??\c:\vddvv.exec:\vddvv.exe56⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe57⤵
- Executes dropped EXE
-
\??\c:\frfxrll.exec:\frfxrll.exe58⤵
- Executes dropped EXE
-
\??\c:\nttttb.exec:\nttttb.exe59⤵
- Executes dropped EXE
-
\??\c:\vdpjd.exec:\vdpjd.exe60⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe61⤵
- Executes dropped EXE
-
\??\c:\xrxfrxf.exec:\xrxfrxf.exe62⤵
- Executes dropped EXE
-
\??\c:\rxxxxfx.exec:\rxxxxfx.exe63⤵
- Executes dropped EXE
-
\??\c:\bthbbh.exec:\bthbbh.exe64⤵
- Executes dropped EXE
-
\??\c:\nbtbhh.exec:\nbtbhh.exe65⤵
- Executes dropped EXE
-
\??\c:\pdddv.exec:\pdddv.exe66⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe67⤵
-
\??\c:\1rfxrxx.exec:\1rfxrxx.exe68⤵
-
\??\c:\flrrllf.exec:\flrrllf.exe69⤵
-
\??\c:\nbbhhn.exec:\nbbhhn.exe70⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe71⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe72⤵
-
\??\c:\1pjpj.exec:\1pjpj.exe73⤵
-
\??\c:\lfllfll.exec:\lfllfll.exe74⤵
-
\??\c:\lfffxxr.exec:\lfffxxr.exe75⤵
-
\??\c:\1bbtnn.exec:\1bbtnn.exe76⤵
-
\??\c:\3nttbb.exec:\3nttbb.exe77⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe78⤵
-
\??\c:\vppjd.exec:\vppjd.exe79⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe80⤵
-
\??\c:\xrrrrrx.exec:\xrrrrrx.exe81⤵
-
\??\c:\rflxxxr.exec:\rflxxxr.exe82⤵
-
\??\c:\nhnhhb.exec:\nhnhhb.exe83⤵
-
\??\c:\jvvpv.exec:\jvvpv.exe84⤵
-
\??\c:\xllfffr.exec:\xllfffr.exe85⤵
-
\??\c:\ffrrlxx.exec:\ffrrlxx.exe86⤵
-
\??\c:\thbnhh.exec:\thbnhh.exe87⤵
-
\??\c:\bthnhn.exec:\bthnhn.exe88⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe89⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe90⤵
-
\??\c:\rrrlllr.exec:\rrrlllr.exe91⤵
-
\??\c:\lflxllx.exec:\lflxllx.exe92⤵
-
\??\c:\1htbbb.exec:\1htbbb.exe93⤵
-
\??\c:\5hhbbb.exec:\5hhbbb.exe94⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe95⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe96⤵
-
\??\c:\3llllxx.exec:\3llllxx.exe97⤵
-
\??\c:\thbbth.exec:\thbbth.exe98⤵
-
\??\c:\bntthb.exec:\bntthb.exe99⤵
-
\??\c:\pvpjp.exec:\pvpjp.exe100⤵
-
\??\c:\dppvp.exec:\dppvp.exe101⤵
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe102⤵
-
\??\c:\fxfffff.exec:\fxfffff.exe103⤵
-
\??\c:\1nnnnt.exec:\1nnnnt.exe104⤵
-
\??\c:\nntntt.exec:\nntntt.exe105⤵
-
\??\c:\3jddv.exec:\3jddv.exe106⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe107⤵
-
\??\c:\5lrrlll.exec:\5lrrlll.exe108⤵
-
\??\c:\1xxfffl.exec:\1xxfffl.exe109⤵
-
\??\c:\bttttb.exec:\bttttb.exe110⤵
-
\??\c:\5ddvv.exec:\5ddvv.exe111⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe112⤵
-
\??\c:\xllxffr.exec:\xllxffr.exe113⤵
-
\??\c:\xxrlxrf.exec:\xxrlxrf.exe114⤵
-
\??\c:\3tttnn.exec:\3tttnn.exe115⤵
-
\??\c:\thnnbb.exec:\thnnbb.exe116⤵
-
\??\c:\3dppv.exec:\3dppv.exe117⤵
-
\??\c:\rffrlfx.exec:\rffrlfx.exe118⤵
-
\??\c:\lllfffx.exec:\lllfffx.exe119⤵
-
\??\c:\5nbtnh.exec:\5nbtnh.exe120⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-