Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
03/06/2024, 13:31
General
-
Target
a507f89791b8abffaded4a48717c9f60_NeikiAnalytics.exe
-
Size
95KB
-
MD5
a507f89791b8abffaded4a48717c9f60
-
SHA1
17cb54deab18d8d8fea5826ebdcf00c1faa78910
-
SHA256
b5be4639db0733d12076a36e0ffb68f0469bd13c328bde89f832d40ab2c32b55
-
SHA512
1e194f7e28d9e949c336ce330b15d827d1e836f256e304d61dfca791548551ad7c37ed06c45f6d3d1e193babc4730f7ad46c28afba8a3cb9a954614283e0cbd3
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxEPOfPrAB:ymb3NkkiQ3mdBjFo73PYP1lri3KuOnrE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a507f89791b8abffaded4a48717c9f60_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a507f89791b8abffaded4a48717c9f60_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbhh.exec:\thtbhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvp.exec:\jjjvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdp.exec:\jdvdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrrxl.exec:\lffrrxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhtht.exec:\nnhtht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvvd.exec:\5dvvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfflxl.exec:\xrfflxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflflx.exec:\lfflflx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbhb.exec:\bntbhb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhbb.exec:\tnbhbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jvdp.exec:\7jvdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxlx.exec:\fxlrxlx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxrffl.exec:\3xxrffl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhnb.exec:\nhnhnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjjp.exec:\5jjjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjp.exec:\pjvjp.exe17⤵
- Executes dropped EXE
-
\??\c:\9rfflrx.exec:\9rfflrx.exe18⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe19⤵
- Executes dropped EXE
-
\??\c:\hthhbt.exec:\hthhbt.exe20⤵
- Executes dropped EXE
-
\??\c:\3jvvv.exec:\3jvvv.exe21⤵
- Executes dropped EXE
-
\??\c:\5rfffrx.exec:\5rfffrx.exe22⤵
- Executes dropped EXE
-
\??\c:\tnbtnn.exec:\tnbtnn.exe23⤵
- Executes dropped EXE
-
\??\c:\htnhnh.exec:\htnhnh.exe24⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe25⤵
- Executes dropped EXE
-
\??\c:\lfxfxfr.exec:\lfxfxfr.exe26⤵
- Executes dropped EXE
-
\??\c:\rfrxffl.exec:\rfrxffl.exe27⤵
- Executes dropped EXE
-
\??\c:\5dddj.exec:\5dddj.exe28⤵
- Executes dropped EXE
-
\??\c:\3jjjp.exec:\3jjjp.exe29⤵
- Executes dropped EXE
-
\??\c:\ffxxrlf.exec:\ffxxrlf.exe30⤵
- Executes dropped EXE
-
\??\c:\ttnthn.exec:\ttnthn.exe31⤵
- Executes dropped EXE
-
\??\c:\bhhhtn.exec:\bhhhtn.exe32⤵
- Executes dropped EXE
-
\??\c:\ddpdp.exec:\ddpdp.exe33⤵
- Executes dropped EXE
-
\??\c:\5frxxrx.exec:\5frxxrx.exe34⤵
- Executes dropped EXE
-
\??\c:\fxlfxfr.exec:\fxlfxfr.exe35⤵
- Executes dropped EXE
-
\??\c:\hbbhhh.exec:\hbbhhh.exe36⤵
- Executes dropped EXE
-
\??\c:\dppdd.exec:\dppdd.exe37⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe38⤵
- Executes dropped EXE
-
\??\c:\xlxfxxl.exec:\xlxfxxl.exe39⤵
- Executes dropped EXE
-
\??\c:\xlxxxxf.exec:\xlxxxxf.exe40⤵
- Executes dropped EXE
-
\??\c:\nhntbn.exec:\nhntbn.exe41⤵
- Executes dropped EXE
-
\??\c:\pdddd.exec:\pdddd.exe42⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe43⤵
- Executes dropped EXE
-
\??\c:\rfxffxf.exec:\rfxffxf.exe44⤵
- Executes dropped EXE
-
\??\c:\lrxrlrl.exec:\lrxrlrl.exe45⤵
- Executes dropped EXE
-
\??\c:\tnnnnh.exec:\tnnnnh.exe46⤵
- Executes dropped EXE
-
\??\c:\btbhtt.exec:\btbhtt.exe47⤵
- Executes dropped EXE
-
\??\c:\7pppj.exec:\7pppj.exe48⤵
- Executes dropped EXE
-
\??\c:\bbnnbt.exec:\bbnnbt.exe49⤵
- Executes dropped EXE
-
\??\c:\bnbtbh.exec:\bnbtbh.exe50⤵
- Executes dropped EXE
-
\??\c:\dvjvv.exec:\dvjvv.exe51⤵
- Executes dropped EXE
-
\??\c:\9jvpp.exec:\9jvpp.exe52⤵
- Executes dropped EXE
-
\??\c:\lfrlrrl.exec:\lfrlrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\rflrrrl.exec:\rflrrrl.exe54⤵
- Executes dropped EXE
-
\??\c:\xrxlrrx.exec:\xrxlrrx.exe55⤵
- Executes dropped EXE
-
\??\c:\9thhnn.exec:\9thhnn.exe56⤵
- Executes dropped EXE
-
\??\c:\7nhtbh.exec:\7nhtbh.exe57⤵
- Executes dropped EXE
-
\??\c:\5vvvd.exec:\5vvvd.exe58⤵
- Executes dropped EXE
-
\??\c:\pjvjd.exec:\pjvjd.exe59⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe60⤵
- Executes dropped EXE
-
\??\c:\fffrfxx.exec:\fffrfxx.exe61⤵
- Executes dropped EXE
-
\??\c:\xxlflrl.exec:\xxlflrl.exe62⤵
- Executes dropped EXE
-
\??\c:\tbnhbn.exec:\tbnhbn.exe63⤵
- Executes dropped EXE
-
\??\c:\nhhhnh.exec:\nhhhnh.exe64⤵
- Executes dropped EXE
-
\??\c:\vvpjp.exec:\vvpjp.exe65⤵
- Executes dropped EXE
-
\??\c:\rrllxff.exec:\rrllxff.exe66⤵
-
\??\c:\1lxlxxl.exec:\1lxlxxl.exe67⤵
-
\??\c:\htnnhh.exec:\htnnhh.exe68⤵
-
\??\c:\hbnhth.exec:\hbnhth.exe69⤵
-
\??\c:\1pjjp.exec:\1pjjp.exe70⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe71⤵
-
\??\c:\rrrrxfl.exec:\rrrrxfl.exe72⤵
-
\??\c:\9frrfff.exec:\9frrfff.exe73⤵
-
\??\c:\xfrfrxl.exec:\xfrfrxl.exe74⤵
-
\??\c:\3tnbnn.exec:\3tnbnn.exe75⤵
-
\??\c:\3dppp.exec:\3dppp.exe76⤵
-
\??\c:\vdvdp.exec:\vdvdp.exe77⤵
-
\??\c:\xrlrxxr.exec:\xrlrxxr.exe78⤵
-
\??\c:\7rlrrff.exec:\7rlrrff.exe79⤵
-
\??\c:\xxxlffr.exec:\xxxlffr.exe80⤵
-
\??\c:\nhtbht.exec:\nhtbht.exe81⤵
-
\??\c:\bthnnt.exec:\bthnnt.exe82⤵
-
\??\c:\1jppd.exec:\1jppd.exe83⤵
-
\??\c:\7pjjv.exec:\7pjjv.exe84⤵
-
\??\c:\3fflllr.exec:\3fflllr.exe85⤵
-
\??\c:\xlflrrf.exec:\xlflrrf.exe86⤵
-
\??\c:\1rlxxrf.exec:\1rlxxrf.exe87⤵
-
\??\c:\hbtbtt.exec:\hbtbtt.exe88⤵
-
\??\c:\nbtttt.exec:\nbtttt.exe89⤵
-
\??\c:\jddjj.exec:\jddjj.exe90⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe91⤵
-
\??\c:\rllllrf.exec:\rllllrf.exe92⤵
-
\??\c:\lffrxfl.exec:\lffrxfl.exe93⤵
-
\??\c:\ttnbhh.exec:\ttnbhh.exe94⤵
-
\??\c:\nbtbbb.exec:\nbtbbb.exe95⤵
-
\??\c:\vvdjd.exec:\vvdjd.exe96⤵
-
\??\c:\vjjjp.exec:\vjjjp.exe97⤵
-
\??\c:\xrfflxl.exec:\xrfflxl.exe98⤵
-
\??\c:\3lfrxff.exec:\3lfrxff.exe99⤵
-
\??\c:\btntht.exec:\btntht.exe100⤵
-
\??\c:\7hbbbb.exec:\7hbbbb.exe101⤵
-
\??\c:\7pjvp.exec:\7pjvp.exe102⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe103⤵
-
\??\c:\rrllxfx.exec:\rrllxfx.exe104⤵
-
\??\c:\3rflllr.exec:\3rflllr.exe105⤵
-
\??\c:\bthbnt.exec:\bthbnt.exe106⤵
-
\??\c:\htttbh.exec:\htttbh.exe107⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe108⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe109⤵
-
\??\c:\7jvjv.exec:\7jvjv.exe110⤵
-
\??\c:\fxlrxrl.exec:\fxlrxrl.exe111⤵
-
\??\c:\fxlrxxr.exec:\fxlrxxr.exe112⤵
-
\??\c:\hbtbbh.exec:\hbtbbh.exe113⤵
-
\??\c:\tnhtbb.exec:\tnhtbb.exe114⤵
-
\??\c:\dddjj.exec:\dddjj.exe115⤵
-
\??\c:\9jdjp.exec:\9jdjp.exe116⤵
-
\??\c:\5vpdd.exec:\5vpdd.exe117⤵
-
\??\c:\1rflxll.exec:\1rflxll.exe118⤵
-
\??\c:\xlxrxxf.exec:\xlxrxxf.exe119⤵
-
\??\c:\bbhhtt.exec:\bbhhtt.exe120⤵
-
\??\c:\7pddd.exec:\7pddd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-