Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
03/06/2024, 11:09
General
-
Target
a145b1276f3541b939527b9302ad4a80_NeikiAnalytics.exe
-
Size
55KB
-
MD5
a145b1276f3541b939527b9302ad4a80
-
SHA1
52caae4b4f57b0f3b934d556e3456e4720847c61
-
SHA256
23b91e7ecf1ab852ec8e7daa9f295d5fb74ab963a95d92a6987b0e5e967b0823
-
SHA512
f90fd737eaf869124aeffa007bbe6c6229b090f1f4cd554281998a3ab33cb35029acf01080a1fcd9990cf9ec1c863aca85f6e42a60a88f4c8f2fd252efb931d9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFyPYt:ymb3NkkiQ3mdBjFIFZt
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a145b1276f3541b939527b9302ad4a80_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a145b1276f3541b939527b9302ad4a80_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtnhb.exec:\bhtnhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvp.exec:\vpjvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfxrxr.exec:\flfxrxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbntt.exec:\nhbntt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdv.exec:\dvpdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrllf.exec:\lfxrllf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhbb.exec:\hbhhbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnnt.exec:\nnnnnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxrxx.exec:\xlxxrxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnnn.exec:\nttnnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbhnt.exec:\hnbhnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvppd.exec:\pvppd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxrlxr.exec:\flxrlxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbhb.exec:\hhbbhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpd.exec:\jpvpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xxrrlf.exec:\9xxrrlf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllllfx.exec:\fllllfx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbtnn.exec:\thbtnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pddp.exec:\1pddp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrrrl.exec:\xlxrrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxfxxx.exec:\5fxfxxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nbbhh.exec:\9nbbhh.exe23⤵
- Executes dropped EXE
-
\??\c:\jvvvj.exec:\jvvvj.exe24⤵
- Executes dropped EXE
-
\??\c:\jjjjd.exec:\jjjjd.exe25⤵
- Executes dropped EXE
-
\??\c:\3xxrfxr.exec:\3xxrfxr.exe26⤵
- Executes dropped EXE
-
\??\c:\hbttbb.exec:\hbttbb.exe27⤵
- Executes dropped EXE
-
\??\c:\7pdvj.exec:\7pdvj.exe28⤵
- Executes dropped EXE
-
\??\c:\3frlxxf.exec:\3frlxxf.exe29⤵
- Executes dropped EXE
-
\??\c:\3xfxrlf.exec:\3xfxrlf.exe30⤵
- Executes dropped EXE
-
\??\c:\tthhnn.exec:\tthhnn.exe31⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe32⤵
- Executes dropped EXE
-
\??\c:\3llrrrl.exec:\3llrrrl.exe33⤵
- Executes dropped EXE
-
\??\c:\lflrllf.exec:\lflrllf.exe34⤵
- Executes dropped EXE
-
\??\c:\bttnhh.exec:\bttnhh.exe35⤵
- Executes dropped EXE
-
\??\c:\9bhhbt.exec:\9bhhbt.exe36⤵
- Executes dropped EXE
-
\??\c:\pddvv.exec:\pddvv.exe37⤵
- Executes dropped EXE
-
\??\c:\5rlfxxx.exec:\5rlfxxx.exe38⤵
- Executes dropped EXE
-
\??\c:\rxrfxxr.exec:\rxrfxxr.exe39⤵
- Executes dropped EXE
-
\??\c:\thnbnn.exec:\thnbnn.exe40⤵
- Executes dropped EXE
-
\??\c:\nhhhtt.exec:\nhhhtt.exe41⤵
- Executes dropped EXE
-
\??\c:\dpjdv.exec:\dpjdv.exe42⤵
- Executes dropped EXE
-
\??\c:\fxxllfx.exec:\fxxllfx.exe43⤵
- Executes dropped EXE
-
\??\c:\frrllff.exec:\frrllff.exe44⤵
- Executes dropped EXE
-
\??\c:\hnhtnb.exec:\hnhtnb.exe45⤵
- Executes dropped EXE
-
\??\c:\ntbtnt.exec:\ntbtnt.exe46⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe47⤵
- Executes dropped EXE
-
\??\c:\xxlrlll.exec:\xxlrlll.exe48⤵
- Executes dropped EXE
-
\??\c:\bntttn.exec:\bntttn.exe49⤵
- Executes dropped EXE
-
\??\c:\3dppp.exec:\3dppp.exe50⤵
- Executes dropped EXE
-
\??\c:\pvpjj.exec:\pvpjj.exe51⤵
- Executes dropped EXE
-
\??\c:\frrlfff.exec:\frrlfff.exe52⤵
- Executes dropped EXE
-
\??\c:\xffxlll.exec:\xffxlll.exe53⤵
- Executes dropped EXE
-
\??\c:\hbhnnn.exec:\hbhnnn.exe54⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe55⤵
- Executes dropped EXE
-
\??\c:\dppvv.exec:\dppvv.exe56⤵
- Executes dropped EXE
-
\??\c:\frrlffx.exec:\frrlffx.exe57⤵
- Executes dropped EXE
-
\??\c:\bbhnth.exec:\bbhnth.exe58⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe59⤵
- Executes dropped EXE
-
\??\c:\rffllrl.exec:\rffllrl.exe60⤵
- Executes dropped EXE
-
\??\c:\5tnhbb.exec:\5tnhbb.exe61⤵
- Executes dropped EXE
-
\??\c:\bnhhtt.exec:\bnhhtt.exe62⤵
- Executes dropped EXE
-
\??\c:\jjdpj.exec:\jjdpj.exe63⤵
- Executes dropped EXE
-
\??\c:\5vpjd.exec:\5vpjd.exe64⤵
- Executes dropped EXE
-
\??\c:\rllxlll.exec:\rllxlll.exe65⤵
- Executes dropped EXE
-
\??\c:\rlxfxll.exec:\rlxfxll.exe66⤵
-
\??\c:\nbttnn.exec:\nbttnn.exe67⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe68⤵
-
\??\c:\9vdvp.exec:\9vdvp.exe69⤵
-
\??\c:\fflxxfx.exec:\fflxxfx.exe70⤵
-
\??\c:\rlxrxxf.exec:\rlxrxxf.exe71⤵
-
\??\c:\5hbnhb.exec:\5hbnhb.exe72⤵
-
\??\c:\tttthh.exec:\tttthh.exe73⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe74⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe75⤵
-
\??\c:\rfrxlrl.exec:\rfrxlrl.exe76⤵
-
\??\c:\btthhb.exec:\btthhb.exe77⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe78⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe79⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe80⤵
-
\??\c:\fxrlfff.exec:\fxrlfff.exe81⤵
-
\??\c:\rrfxfff.exec:\rrfxfff.exe82⤵
-
\??\c:\5nnbtb.exec:\5nnbtb.exe83⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe84⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe85⤵
-
\??\c:\djppj.exec:\djppj.exe86⤵
-
\??\c:\1rrlffr.exec:\1rrlffr.exe87⤵
-
\??\c:\hbtnnn.exec:\hbtnnn.exe88⤵
-
\??\c:\bnnnhn.exec:\bnnnhn.exe89⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe90⤵
-
\??\c:\bnhbbt.exec:\bnhbbt.exe91⤵
-
\??\c:\1htnbn.exec:\1htnbn.exe92⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe93⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe94⤵
-
\??\c:\xxfxxll.exec:\xxfxxll.exe95⤵
-
\??\c:\nbbnhh.exec:\nbbnhh.exe96⤵
-
\??\c:\hnnhhn.exec:\hnnhhn.exe97⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe98⤵
-
\??\c:\rlffxff.exec:\rlffxff.exe99⤵
-
\??\c:\rlxxlrf.exec:\rlxxlrf.exe100⤵
-
\??\c:\nhnnnt.exec:\nhnnnt.exe101⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe102⤵
-
\??\c:\dvddd.exec:\dvddd.exe103⤵
-
\??\c:\fffffff.exec:\fffffff.exe104⤵
-
\??\c:\fxllfrr.exec:\fxllfrr.exe105⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe106⤵
-
\??\c:\nnnntt.exec:\nnnntt.exe107⤵
-
\??\c:\vdppj.exec:\vdppj.exe108⤵
-
\??\c:\dddvj.exec:\dddvj.exe109⤵
-
\??\c:\5lxrllx.exec:\5lxrllx.exe110⤵
-
\??\c:\xlxxxxf.exec:\xlxxxxf.exe111⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe112⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe113⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe114⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe115⤵
-
\??\c:\lflfxxx.exec:\lflfxxx.exe116⤵
-
\??\c:\1frrxxl.exec:\1frrxxl.exe117⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe118⤵
-
\??\c:\tbttnn.exec:\tbttnn.exe119⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe120⤵
-
\??\c:\pppjj.exec:\pppjj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-