Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
130s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
03/06/2024, 13:31
General
-
Target
a507f89791b8abffaded4a48717c9f60_NeikiAnalytics.exe
-
Size
95KB
-
MD5
a507f89791b8abffaded4a48717c9f60
-
SHA1
17cb54deab18d8d8fea5826ebdcf00c1faa78910
-
SHA256
b5be4639db0733d12076a36e0ffb68f0469bd13c328bde89f832d40ab2c32b55
-
SHA512
1e194f7e28d9e949c336ce330b15d827d1e836f256e304d61dfca791548551ad7c37ed06c45f6d3d1e193babc4730f7ad46c28afba8a3cb9a954614283e0cbd3
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxEPOfPrAB:ymb3NkkiQ3mdBjFo73PYP1lri3KuOnrE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a507f89791b8abffaded4a48717c9f60_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a507f89791b8abffaded4a48717c9f60_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhbh.exec:\bnnhbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\00048.exec:\00048.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpj.exec:\jpvpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdd.exec:\vpjdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxxxr.exec:\xrfxxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrrrx.exec:\xlxrrrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8404826.exec:\8404826.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e62266.exec:\e62266.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnhhh.exec:\1bnhhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\42260.exec:\42260.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2020404.exec:\2020404.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrfxf.exec:\rxxrfxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0482660.exec:\0482660.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbtnh.exec:\bhbtnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpj.exec:\jvdpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvp.exec:\jvdvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxrllx.exec:\1fxrllx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffxrr.exec:\xrffxrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvp.exec:\pjjvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\400600.exec:\400600.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\048048.exec:\048048.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u408602.exec:\u408602.exe23⤵
- Executes dropped EXE
-
\??\c:\848642.exec:\848642.exe24⤵
- Executes dropped EXE
-
\??\c:\68048.exec:\68048.exe25⤵
- Executes dropped EXE
-
\??\c:\2686822.exec:\2686822.exe26⤵
- Executes dropped EXE
-
\??\c:\208844.exec:\208844.exe27⤵
- Executes dropped EXE
-
\??\c:\lffxxxf.exec:\lffxxxf.exe28⤵
- Executes dropped EXE
-
\??\c:\06660.exec:\06660.exe29⤵
- Executes dropped EXE
-
\??\c:\lrlrlxx.exec:\lrlrlxx.exe30⤵
- Executes dropped EXE
-
\??\c:\08482.exec:\08482.exe31⤵
- Executes dropped EXE
-
\??\c:\04660.exec:\04660.exe32⤵
- Executes dropped EXE
-
\??\c:\48488.exec:\48488.exe33⤵
- Executes dropped EXE
-
\??\c:\nhhbnt.exec:\nhhbnt.exe34⤵
- Executes dropped EXE
-
\??\c:\4804628.exec:\4804628.exe35⤵
- Executes dropped EXE
-
\??\c:\m2006.exec:\m2006.exe36⤵
- Executes dropped EXE
-
\??\c:\6040228.exec:\6040228.exe37⤵
- Executes dropped EXE
-
\??\c:\k22648.exec:\k22648.exe38⤵
- Executes dropped EXE
-
\??\c:\i020042.exec:\i020042.exe39⤵
- Executes dropped EXE
-
\??\c:\06604.exec:\06604.exe40⤵
- Executes dropped EXE
-
\??\c:\xrflfll.exec:\xrflfll.exe41⤵
- Executes dropped EXE
-
\??\c:\2240666.exec:\2240666.exe42⤵
- Executes dropped EXE
-
\??\c:\6044882.exec:\6044882.exe43⤵
- Executes dropped EXE
-
\??\c:\1nnhbb.exec:\1nnhbb.exe44⤵
- Executes dropped EXE
-
\??\c:\04608.exec:\04608.exe45⤵
- Executes dropped EXE
-
\??\c:\6282626.exec:\6282626.exe46⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe47⤵
- Executes dropped EXE
-
\??\c:\lflxrlf.exec:\lflxrlf.exe48⤵
- Executes dropped EXE
-
\??\c:\0820800.exec:\0820800.exe49⤵
- Executes dropped EXE
-
\??\c:\8224488.exec:\8224488.exe50⤵
- Executes dropped EXE
-
\??\c:\vjvdv.exec:\vjvdv.exe51⤵
- Executes dropped EXE
-
\??\c:\6800440.exec:\6800440.exe52⤵
- Executes dropped EXE
-
\??\c:\3dvpv.exec:\3dvpv.exe53⤵
- Executes dropped EXE
-
\??\c:\frxlxrx.exec:\frxlxrx.exe54⤵
- Executes dropped EXE
-
\??\c:\tnbbth.exec:\tnbbth.exe55⤵
- Executes dropped EXE
-
\??\c:\9pvpd.exec:\9pvpd.exe56⤵
- Executes dropped EXE
-
\??\c:\ntnhbt.exec:\ntnhbt.exe57⤵
- Executes dropped EXE
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe58⤵
- Executes dropped EXE
-
\??\c:\444860.exec:\444860.exe59⤵
- Executes dropped EXE
-
\??\c:\82688.exec:\82688.exe60⤵
- Executes dropped EXE
-
\??\c:\w48826.exec:\w48826.exe61⤵
- Executes dropped EXE
-
\??\c:\2226448.exec:\2226448.exe62⤵
- Executes dropped EXE
-
\??\c:\frffxrr.exec:\frffxrr.exe63⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe64⤵
- Executes dropped EXE
-
\??\c:\vjvpd.exec:\vjvpd.exe65⤵
- Executes dropped EXE
-
\??\c:\2004464.exec:\2004464.exe66⤵
-
\??\c:\8068080.exec:\8068080.exe67⤵
-
\??\c:\600488.exec:\600488.exe68⤵
-
\??\c:\88624.exec:\88624.exe69⤵
-
\??\c:\thnbnh.exec:\thnbnh.exe70⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe71⤵
-
\??\c:\3ddvp.exec:\3ddvp.exe72⤵
-
\??\c:\lxrrffx.exec:\lxrrffx.exe73⤵
-
\??\c:\lrrlflf.exec:\lrrlflf.exe74⤵
-
\??\c:\0686004.exec:\0686004.exe75⤵
-
\??\c:\9ddvv.exec:\9ddvv.exe76⤵
-
\??\c:\446406.exec:\446406.exe77⤵
-
\??\c:\hnnbbt.exec:\hnnbbt.exe78⤵
-
\??\c:\lflffxf.exec:\lflffxf.exe79⤵
-
\??\c:\vdjvp.exec:\vdjvp.exe80⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe81⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe82⤵
-
\??\c:\0682008.exec:\0682008.exe83⤵
-
\??\c:\lflffff.exec:\lflffff.exe84⤵
-
\??\c:\bbthbn.exec:\bbthbn.exe85⤵
-
\??\c:\dddvp.exec:\dddvp.exe86⤵
-
\??\c:\k80480.exec:\k80480.exe87⤵
-
\??\c:\hbhbnn.exec:\hbhbnn.exe88⤵
-
\??\c:\m2004.exec:\m2004.exe89⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe90⤵
-
\??\c:\ntbntn.exec:\ntbntn.exe91⤵
-
\??\c:\446068.exec:\446068.exe92⤵
-
\??\c:\o444848.exec:\o444848.exe93⤵
-
\??\c:\624868.exec:\624868.exe94⤵
-
\??\c:\86666.exec:\86666.exe95⤵
-
\??\c:\vddvv.exec:\vddvv.exe96⤵
-
\??\c:\nbttnn.exec:\nbttnn.exe97⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe98⤵
-
\??\c:\flrfrlf.exec:\flrfrlf.exe99⤵
-
\??\c:\djpjv.exec:\djpjv.exe100⤵
-
\??\c:\046266.exec:\046266.exe101⤵
-
\??\c:\4886660.exec:\4886660.exe102⤵
-
\??\c:\862682.exec:\862682.exe103⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe104⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe105⤵
-
\??\c:\86422.exec:\86422.exe106⤵
-
\??\c:\bhtnbb.exec:\bhtnbb.exe107⤵
-
\??\c:\m8044.exec:\m8044.exe108⤵
-
\??\c:\7lrllrr.exec:\7lrllrr.exe109⤵
-
\??\c:\lfrllfx.exec:\lfrllfx.exe110⤵
-
\??\c:\4022660.exec:\4022660.exe111⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe112⤵
-
\??\c:\08006.exec:\08006.exe113⤵
-
\??\c:\rrfxrrl.exec:\rrfxrrl.exe114⤵
-
\??\c:\484882.exec:\484882.exe115⤵
-
\??\c:\pdppv.exec:\pdppv.exe116⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe117⤵
-
\??\c:\hntbhh.exec:\hntbhh.exe118⤵
-
\??\c:\840444.exec:\840444.exe119⤵
-
\??\c:\06260.exec:\06260.exe120⤵
-
\??\c:\04266.exec:\04266.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-