Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
03/06/2024, 11:09
General
-
Target
a145b1276f3541b939527b9302ad4a80_NeikiAnalytics.exe
-
Size
55KB
-
MD5
a145b1276f3541b939527b9302ad4a80
-
SHA1
52caae4b4f57b0f3b934d556e3456e4720847c61
-
SHA256
23b91e7ecf1ab852ec8e7daa9f295d5fb74ab963a95d92a6987b0e5e967b0823
-
SHA512
f90fd737eaf869124aeffa007bbe6c6229b090f1f4cd554281998a3ab33cb35029acf01080a1fcd9990cf9ec1c863aca85f6e42a60a88f4c8f2fd252efb931d9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFyPYt:ymb3NkkiQ3mdBjFIFZt
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a145b1276f3541b939527b9302ad4a80_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a145b1276f3541b939527b9302ad4a80_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllrlx.exec:\ffllrlx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtbnn.exec:\bhtbnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrffl.exec:\xxlrffl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbnb.exec:\tnhbnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnntn.exec:\tnnntn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpp.exec:\dvjpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xllrxf.exec:\9xllrxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rfllxl.exec:\1rfllxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nnhnt.exec:\1nnhnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdj.exec:\dvjdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lffrxl.exec:\9lffrxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7flrlxr.exec:\7flrlxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbtbb.exec:\3hbtbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhbb.exec:\nbnhbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvv.exec:\jpvvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflllrr.exec:\lflllrr.exe17⤵
- Executes dropped EXE
-
\??\c:\bbbbbn.exec:\bbbbbn.exe18⤵
- Executes dropped EXE
-
\??\c:\nhntnt.exec:\nhntnt.exe19⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe20⤵
- Executes dropped EXE
-
\??\c:\lxlrrxf.exec:\lxlrrxf.exe21⤵
- Executes dropped EXE
-
\??\c:\7rxxrrx.exec:\7rxxrrx.exe22⤵
- Executes dropped EXE
-
\??\c:\hbhthh.exec:\hbhthh.exe23⤵
- Executes dropped EXE
-
\??\c:\dvdpd.exec:\dvdpd.exe24⤵
- Executes dropped EXE
-
\??\c:\vjjjv.exec:\vjjjv.exe25⤵
- Executes dropped EXE
-
\??\c:\rrflxxx.exec:\rrflxxx.exe26⤵
- Executes dropped EXE
-
\??\c:\xrlxfxx.exec:\xrlxfxx.exe27⤵
- Executes dropped EXE
-
\??\c:\ttnthh.exec:\ttnthh.exe28⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe29⤵
- Executes dropped EXE
-
\??\c:\vvpdp.exec:\vvpdp.exe30⤵
- Executes dropped EXE
-
\??\c:\1rlfllr.exec:\1rlfllr.exe31⤵
- Executes dropped EXE
-
\??\c:\btnbht.exec:\btnbht.exe32⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe33⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe34⤵
- Executes dropped EXE
-
\??\c:\fxrxffl.exec:\fxrxffl.exe35⤵
- Executes dropped EXE
-
\??\c:\xxrrxrx.exec:\xxrrxrx.exe36⤵
- Executes dropped EXE
-
\??\c:\htbbnn.exec:\htbbnn.exe37⤵
- Executes dropped EXE
-
\??\c:\thtbhn.exec:\thtbhn.exe38⤵
- Executes dropped EXE
-
\??\c:\jddpj.exec:\jddpj.exe39⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe40⤵
- Executes dropped EXE
-
\??\c:\lxfrllf.exec:\lxfrllf.exe41⤵
- Executes dropped EXE
-
\??\c:\fxffrrx.exec:\fxffrrx.exe42⤵
- Executes dropped EXE
-
\??\c:\nbthtt.exec:\nbthtt.exe43⤵
- Executes dropped EXE
-
\??\c:\7thnbh.exec:\7thnbh.exe44⤵
- Executes dropped EXE
-
\??\c:\5pjjp.exec:\5pjjp.exe45⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe46⤵
- Executes dropped EXE
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe47⤵
- Executes dropped EXE
-
\??\c:\7tnttt.exec:\7tnttt.exe48⤵
- Executes dropped EXE
-
\??\c:\nhbbhn.exec:\nhbbhn.exe49⤵
- Executes dropped EXE
-
\??\c:\jjjjp.exec:\jjjjp.exe50⤵
- Executes dropped EXE
-
\??\c:\jjjpd.exec:\jjjpd.exe51⤵
- Executes dropped EXE
-
\??\c:\rlfxffr.exec:\rlfxffr.exe52⤵
- Executes dropped EXE
-
\??\c:\ttnhtn.exec:\ttnhtn.exe53⤵
- Executes dropped EXE
-
\??\c:\httnnt.exec:\httnnt.exe54⤵
- Executes dropped EXE
-
\??\c:\9pvpj.exec:\9pvpj.exe55⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe56⤵
- Executes dropped EXE
-
\??\c:\9lflrxx.exec:\9lflrxx.exe57⤵
- Executes dropped EXE
-
\??\c:\9lffllr.exec:\9lffllr.exe58⤵
- Executes dropped EXE
-
\??\c:\bnttbh.exec:\bnttbh.exe59⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe60⤵
- Executes dropped EXE
-
\??\c:\7ppvj.exec:\7ppvj.exe61⤵
- Executes dropped EXE
-
\??\c:\xfrffrl.exec:\xfrffrl.exe62⤵
- Executes dropped EXE
-
\??\c:\xxllrxf.exec:\xxllrxf.exe63⤵
- Executes dropped EXE
-
\??\c:\tbnhbh.exec:\tbnhbh.exe64⤵
- Executes dropped EXE
-
\??\c:\5vdjv.exec:\5vdjv.exe65⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe66⤵
-
\??\c:\xrlrxxl.exec:\xrlrxxl.exe67⤵
-
\??\c:\xxllrxx.exec:\xxllrxx.exe68⤵
-
\??\c:\hnbbnh.exec:\hnbbnh.exe69⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe70⤵
-
\??\c:\1pdpp.exec:\1pdpp.exe71⤵
-
\??\c:\pdppp.exec:\pdppp.exe72⤵
-
\??\c:\xrfxrrf.exec:\xrfxrrf.exe73⤵
-
\??\c:\1llxffl.exec:\1llxffl.exe74⤵
-
\??\c:\hbhbhn.exec:\hbhbhn.exe75⤵
-
\??\c:\nbbbht.exec:\nbbbht.exe76⤵
-
\??\c:\1vppv.exec:\1vppv.exe77⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe78⤵
-
\??\c:\lfrxflx.exec:\lfrxflx.exe79⤵
-
\??\c:\lxflxfr.exec:\lxflxfr.exe80⤵
-
\??\c:\bnthbn.exec:\bnthbn.exe81⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe82⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe83⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe84⤵
-
\??\c:\7lxxfxr.exec:\7lxxfxr.exe85⤵
-
\??\c:\rxxxlff.exec:\rxxxlff.exe86⤵
-
\??\c:\1tntbn.exec:\1tntbn.exe87⤵
-
\??\c:\dddvp.exec:\dddvp.exe88⤵
-
\??\c:\3jvjv.exec:\3jvjv.exe89⤵
-
\??\c:\rxlflxl.exec:\rxlflxl.exe90⤵
-
\??\c:\rxxrxxx.exec:\rxxrxxx.exe91⤵
-
\??\c:\hnhnnb.exec:\hnhnnb.exe92⤵
-
\??\c:\tththh.exec:\tththh.exe93⤵
-
\??\c:\9jpvd.exec:\9jpvd.exe94⤵
-
\??\c:\pjddd.exec:\pjddd.exe95⤵
-
\??\c:\xflfrxf.exec:\xflfrxf.exe96⤵
-
\??\c:\1flxrff.exec:\1flxrff.exe97⤵
-
\??\c:\hbthbh.exec:\hbthbh.exe98⤵
-
\??\c:\3hhtnh.exec:\3hhtnh.exe99⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe100⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe101⤵
-
\??\c:\rrflfxx.exec:\rrflfxx.exe102⤵
-
\??\c:\llrfxll.exec:\llrfxll.exe103⤵
-
\??\c:\nthttt.exec:\nthttt.exe104⤵
-
\??\c:\1tbnht.exec:\1tbnht.exe105⤵
-
\??\c:\pjddp.exec:\pjddp.exe106⤵
-
\??\c:\djdpp.exec:\djdpp.exe107⤵
-
\??\c:\frffrxf.exec:\frffrxf.exe108⤵
-
\??\c:\3rxfrxf.exec:\3rxfrxf.exe109⤵
-
\??\c:\nnbnht.exec:\nnbnht.exe110⤵
-
\??\c:\hthbtb.exec:\hthbtb.exe111⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe112⤵
-
\??\c:\7ddpj.exec:\7ddpj.exe113⤵
-
\??\c:\rlrlrrr.exec:\rlrlrrr.exe114⤵
-
\??\c:\ffxxflr.exec:\ffxxflr.exe115⤵
-
\??\c:\bbtbht.exec:\bbtbht.exe116⤵
-
\??\c:\hthbtn.exec:\hthbtn.exe117⤵
-
\??\c:\1dpvj.exec:\1dpvj.exe118⤵
-
\??\c:\1dpdp.exec:\1dpdp.exe119⤵
-
\??\c:\rrlrxfl.exec:\rrlrxfl.exe120⤵
-
\??\c:\9rffrxf.exec:\9rffrxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-