Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
153s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
03/06/2024, 13:33
General
-
Target
a51478a253606bfc805b40f17fb5dc30_NeikiAnalytics.exe
-
Size
116KB
-
MD5
a51478a253606bfc805b40f17fb5dc30
-
SHA1
cf77c9027979b4fc4ca34e5967d833212bdd1491
-
SHA256
a91a69f7a43cdb18d829a5a1d0559712052c93bde345bdffd5de8dacfdbd569e
-
SHA512
c6a89e0f828cd8b94e2c895ea69b6d9f8d9ae8a4cea188adf149e373ce29d3cb3233069cc874395845f9ac7839d27dc7aec1bf2884f5409e14d663d1eaba8097
-
SSDEEP
3072:ymb3NkkiQ3mdBjFosxXGPXbXQMFHLgDWSmjlkFn:n3C9BRosxW8MFHLMWvlO
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a51478a253606bfc805b40f17fb5dc30_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a51478a253606bfc805b40f17fb5dc30_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\18w66iv.exec:\18w66iv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v2e87u5.exec:\v2e87u5.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b192e.exec:\b192e.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1v69k.exec:\1v69k.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\cgl9a7.exec:\cgl9a7.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gk7ucg3.exec:\gk7ucg3.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v6i92.exec:\v6i92.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k99799p.exec:\k99799p.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrv637.exec:\xrv637.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\li3s307.exec:\li3s307.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\71p7a.exec:\71p7a.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\820u719.exec:\820u719.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4agfn.exec:\4agfn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m2a5qh.exec:\m2a5qh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\790r5gv.exec:\790r5gv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w3clm2.exec:\w3clm2.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q0u4bi.exec:\q0u4bi.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\svg08m.exec:\svg08m.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2hhf45.exec:\2hhf45.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v418r0f.exec:\v418r0f.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fmmeisk.exec:\fmmeisk.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b9k926o.exec:\b9k926o.exe23⤵
- Executes dropped EXE
-
\??\c:\x9d6u5.exec:\x9d6u5.exe24⤵
- Executes dropped EXE
-
\??\c:\gg694q8.exec:\gg694q8.exe25⤵
- Executes dropped EXE
-
\??\c:\2080x0u.exec:\2080x0u.exe26⤵
- Executes dropped EXE
-
\??\c:\no95p37.exec:\no95p37.exe27⤵
- Executes dropped EXE
-
\??\c:\3c7r8m1.exec:\3c7r8m1.exe28⤵
- Executes dropped EXE
-
\??\c:\g77mk4.exec:\g77mk4.exe29⤵
- Executes dropped EXE
-
\??\c:\d0ses.exec:\d0ses.exe30⤵
- Executes dropped EXE
-
\??\c:\781n4.exec:\781n4.exe31⤵
- Executes dropped EXE
-
\??\c:\fc46g7.exec:\fc46g7.exe32⤵
- Executes dropped EXE
-
\??\c:\50vn8tc.exec:\50vn8tc.exe33⤵
- Executes dropped EXE
-
\??\c:\3f578.exec:\3f578.exe34⤵
- Executes dropped EXE
-
\??\c:\0wuvqi.exec:\0wuvqi.exe35⤵
- Executes dropped EXE
-
\??\c:\ot8ehos.exec:\ot8ehos.exe36⤵
- Executes dropped EXE
-
\??\c:\70957.exec:\70957.exe37⤵
- Executes dropped EXE
-
\??\c:\r9q8oc.exec:\r9q8oc.exe38⤵
- Executes dropped EXE
-
\??\c:\davp3q7.exec:\davp3q7.exe39⤵
- Executes dropped EXE
-
\??\c:\der79.exec:\der79.exe40⤵
- Executes dropped EXE
-
\??\c:\tk1h3.exec:\tk1h3.exe41⤵
- Executes dropped EXE
-
\??\c:\r53pg3w.exec:\r53pg3w.exe42⤵
- Executes dropped EXE
-
\??\c:\rsj0n.exec:\rsj0n.exe43⤵
- Executes dropped EXE
-
\??\c:\pu486.exec:\pu486.exe44⤵
- Executes dropped EXE
-
\??\c:\0469ewc.exec:\0469ewc.exe45⤵
- Executes dropped EXE
-
\??\c:\cxurjq.exec:\cxurjq.exe46⤵
- Executes dropped EXE
-
\??\c:\o8hdr.exec:\o8hdr.exe47⤵
- Executes dropped EXE
-
\??\c:\q694c9.exec:\q694c9.exe48⤵
- Executes dropped EXE
-
\??\c:\gt8r7.exec:\gt8r7.exe49⤵
- Executes dropped EXE
-
\??\c:\bb67u.exec:\bb67u.exe50⤵
- Executes dropped EXE
-
\??\c:\dciapri.exec:\dciapri.exe51⤵
- Executes dropped EXE
-
\??\c:\9xisbu.exec:\9xisbu.exe52⤵
- Executes dropped EXE
-
\??\c:\54mg6.exec:\54mg6.exe53⤵
- Executes dropped EXE
-
\??\c:\i38ff7.exec:\i38ff7.exe54⤵
- Executes dropped EXE
-
\??\c:\1r1p4.exec:\1r1p4.exe55⤵
- Executes dropped EXE
-
\??\c:\b7d0aj.exec:\b7d0aj.exe56⤵
- Executes dropped EXE
-
\??\c:\s77ox1.exec:\s77ox1.exe57⤵
- Executes dropped EXE
-
\??\c:\87fhoov.exec:\87fhoov.exe58⤵
- Executes dropped EXE
-
\??\c:\v6j157.exec:\v6j157.exe59⤵
- Executes dropped EXE
-
\??\c:\459nxp3.exec:\459nxp3.exe60⤵
- Executes dropped EXE
-
\??\c:\kspureu.exec:\kspureu.exe61⤵
- Executes dropped EXE
-
\??\c:\a15q2.exec:\a15q2.exe62⤵
- Executes dropped EXE
-
\??\c:\tm4l1.exec:\tm4l1.exe63⤵
- Executes dropped EXE
-
\??\c:\1589p.exec:\1589p.exe64⤵
- Executes dropped EXE
-
\??\c:\rvm95.exec:\rvm95.exe65⤵
- Executes dropped EXE
-
\??\c:\wt7r53g.exec:\wt7r53g.exe66⤵
-
\??\c:\qi9ug.exec:\qi9ug.exe67⤵
-
\??\c:\2du974.exec:\2du974.exe68⤵
-
\??\c:\sa935vd.exec:\sa935vd.exe69⤵
-
\??\c:\6533rro.exec:\6533rro.exe70⤵
-
\??\c:\4r5mtt7.exec:\4r5mtt7.exe71⤵
-
\??\c:\da8q1m.exec:\da8q1m.exe72⤵
-
\??\c:\ja97k.exec:\ja97k.exe73⤵
-
\??\c:\36ew3.exec:\36ew3.exe74⤵
-
\??\c:\92g7o9.exec:\92g7o9.exe75⤵
-
\??\c:\1kw21x.exec:\1kw21x.exe76⤵
-
\??\c:\wwe99.exec:\wwe99.exe77⤵
-
\??\c:\43j6b.exec:\43j6b.exe78⤵
-
\??\c:\29626.exec:\29626.exe79⤵
-
\??\c:\eg03i49.exec:\eg03i49.exe80⤵
-
\??\c:\6e5q2o.exec:\6e5q2o.exe81⤵
-
\??\c:\la089c.exec:\la089c.exe82⤵
-
\??\c:\019n9js.exec:\019n9js.exe83⤵
-
\??\c:\k96hu.exec:\k96hu.exe84⤵
-
\??\c:\53en66.exec:\53en66.exe85⤵
-
\??\c:\j285m.exec:\j285m.exe86⤵
-
\??\c:\17a4s5h.exec:\17a4s5h.exe87⤵
-
\??\c:\lmqm4fh.exec:\lmqm4fh.exe88⤵
-
\??\c:\it63c3g.exec:\it63c3g.exe89⤵
-
\??\c:\77m6n.exec:\77m6n.exe90⤵
-
\??\c:\lggq2.exec:\lggq2.exe91⤵
-
\??\c:\m9q9v.exec:\m9q9v.exe92⤵
-
\??\c:\cfgkcp.exec:\cfgkcp.exe93⤵
-
\??\c:\417v83.exec:\417v83.exe94⤵
-
\??\c:\3w3q3g.exec:\3w3q3g.exe95⤵
-
\??\c:\0fmv758.exec:\0fmv758.exe96⤵
-
\??\c:\gc398li.exec:\gc398li.exe97⤵
-
\??\c:\12lf3x.exec:\12lf3x.exe98⤵
-
\??\c:\3l5ci.exec:\3l5ci.exe99⤵
-
\??\c:\9v1wu.exec:\9v1wu.exe100⤵
-
\??\c:\8iaq7e.exec:\8iaq7e.exe101⤵
-
\??\c:\jjvwil0.exec:\jjvwil0.exe102⤵
-
\??\c:\n9491.exec:\n9491.exe103⤵
-
\??\c:\i91ru.exec:\i91ru.exe104⤵
-
\??\c:\4op294s.exec:\4op294s.exe105⤵
-
\??\c:\i76281h.exec:\i76281h.exe106⤵
-
\??\c:\abh515o.exec:\abh515o.exe107⤵
-
\??\c:\4j1c71.exec:\4j1c71.exe108⤵
-
\??\c:\76w295a.exec:\76w295a.exe109⤵
-
\??\c:\rc2p71q.exec:\rc2p71q.exe110⤵
-
\??\c:\2h5lrr.exec:\2h5lrr.exe111⤵
-
\??\c:\wphmv.exec:\wphmv.exe112⤵
-
\??\c:\04775.exec:\04775.exe113⤵
-
\??\c:\3a529b.exec:\3a529b.exe114⤵
-
\??\c:\br56u.exec:\br56u.exe115⤵
-
\??\c:\sj9jg7.exec:\sj9jg7.exe116⤵
-
\??\c:\mpwi172.exec:\mpwi172.exe117⤵
-
\??\c:\9s47338.exec:\9s47338.exe118⤵
-
\??\c:\rq515.exec:\rq515.exe119⤵
-
\??\c:\2k82r.exec:\2k82r.exe120⤵
-
\??\c:\5gpb9ig.exec:\5gpb9ig.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-