Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
04/06/2024, 22:33
General
-
Target
0f94d45ab5800f079ea8e6e1e4db5500_NeikiAnalytics.exe
-
Size
206KB
-
MD5
0f94d45ab5800f079ea8e6e1e4db5500
-
SHA1
0f00c10756732e71d0aaedefcb2cf0f6367426f9
-
SHA256
e451fda26406ceef6f017b3e414317049e478002b9a58604a7272a083dd96ac9
-
SHA512
dd6853f08208c72b0d580b8e7319949bcc31fe402129f94367effb4c8ef27b900027f53b028ea9d0698b4691e522d9d52d295745044526cfd5d14cc2d58372ef
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqgT4+C2HVM1p6TQpCihyo:PhOm2sI93UufdC67ciJTU2HVS64hyo
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0f94d45ab5800f079ea8e6e1e4db5500_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0f94d45ab5800f079ea8e6e1e4db5500_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxllf.exec:\rxfxllf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnhb.exec:\tntnhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttbb.exec:\hbttbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xffxxf.exec:\9xffxxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbbb.exec:\ntbbbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrrff.exec:\rxxrrff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvjd.exec:\jpvjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlrxr.exec:\rfrlrxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnhh.exec:\httnhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdd.exec:\vjjdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxffxxx.exec:\lxffxxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntttnt.exec:\ntttnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dpjj.exec:\1dpjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbhn.exec:\hhhbhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbnn.exec:\nbhbnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjd.exec:\pjpjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrfxfx.exec:\lxrfxfx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbnhh.exec:\nbbnhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpvv.exec:\djpvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlllxr.exec:\lrlllxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbbn.exec:\nbhbbn.exe23⤵
- Executes dropped EXE
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe24⤵
- Executes dropped EXE
-
\??\c:\htttnh.exec:\htttnh.exe25⤵
- Executes dropped EXE
-
\??\c:\dvvvd.exec:\dvvvd.exe26⤵
- Executes dropped EXE
-
\??\c:\9hbttt.exec:\9hbttt.exe27⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe28⤵
- Executes dropped EXE
-
\??\c:\pvppd.exec:\pvppd.exe29⤵
- Executes dropped EXE
-
\??\c:\vdjdd.exec:\vdjdd.exe30⤵
- Executes dropped EXE
-
\??\c:\nbhbtn.exec:\nbhbtn.exe31⤵
- Executes dropped EXE
-
\??\c:\ddddj.exec:\ddddj.exe32⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe33⤵
- Executes dropped EXE
-
\??\c:\lllxlrx.exec:\lllxlrx.exe34⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe35⤵
- Executes dropped EXE
-
\??\c:\rlxflll.exec:\rlxflll.exe36⤵
- Executes dropped EXE
-
\??\c:\rrfxrrr.exec:\rrfxrrr.exe37⤵
- Executes dropped EXE
-
\??\c:\5hhhbh.exec:\5hhhbh.exe38⤵
- Executes dropped EXE
-
\??\c:\rrfxxxl.exec:\rrfxxxl.exe39⤵
- Executes dropped EXE
-
\??\c:\fxlxfff.exec:\fxlxfff.exe40⤵
- Executes dropped EXE
-
\??\c:\hnbttt.exec:\hnbttt.exe41⤵
- Executes dropped EXE
-
\??\c:\bbhbnn.exec:\bbhbnn.exe42⤵
- Executes dropped EXE
-
\??\c:\3djjd.exec:\3djjd.exe43⤵
- Executes dropped EXE
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe44⤵
- Executes dropped EXE
-
\??\c:\1rxrxfl.exec:\1rxrxfl.exe45⤵
- Executes dropped EXE
-
\??\c:\hhtnnn.exec:\hhtnnn.exe46⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe47⤵
- Executes dropped EXE
-
\??\c:\3rxxrxr.exec:\3rxxrxr.exe48⤵
- Executes dropped EXE
-
\??\c:\tbbbbt.exec:\tbbbbt.exe49⤵
- Executes dropped EXE
-
\??\c:\thnhbb.exec:\thnhbb.exe50⤵
- Executes dropped EXE
-
\??\c:\vvpdv.exec:\vvpdv.exe51⤵
- Executes dropped EXE
-
\??\c:\lrxrxlr.exec:\lrxrxlr.exe52⤵
- Executes dropped EXE
-
\??\c:\xffxfxx.exec:\xffxfxx.exe53⤵
- Executes dropped EXE
-
\??\c:\bhhhbb.exec:\bhhhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\nhbhbh.exec:\nhbhbh.exe55⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe56⤵
- Executes dropped EXE
-
\??\c:\rfllffx.exec:\rfllffx.exe57⤵
- Executes dropped EXE
-
\??\c:\flxlffr.exec:\flxlffr.exe58⤵
- Executes dropped EXE
-
\??\c:\hhtttt.exec:\hhtttt.exe59⤵
- Executes dropped EXE
-
\??\c:\3nnnhb.exec:\3nnnhb.exe60⤵
- Executes dropped EXE
-
\??\c:\vddjv.exec:\vddjv.exe61⤵
- Executes dropped EXE
-
\??\c:\9rfxffl.exec:\9rfxffl.exe62⤵
- Executes dropped EXE
-
\??\c:\tbhhnt.exec:\tbhhnt.exe63⤵
- Executes dropped EXE
-
\??\c:\btnnnt.exec:\btnnnt.exe64⤵
- Executes dropped EXE
-
\??\c:\vvvpp.exec:\vvvpp.exe65⤵
- Executes dropped EXE
-
\??\c:\xrrlrrr.exec:\xrrlrrr.exe66⤵
-
\??\c:\rflxxxr.exec:\rflxxxr.exe67⤵
-
\??\c:\thnnhn.exec:\thnnhn.exe68⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe69⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe70⤵
-
\??\c:\3rllxxr.exec:\3rllxxr.exe71⤵
-
\??\c:\xflffff.exec:\xflffff.exe72⤵
-
\??\c:\btbttn.exec:\btbttn.exe73⤵
-
\??\c:\bhbthh.exec:\bhbthh.exe74⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe75⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe76⤵
-
\??\c:\7xfxrlf.exec:\7xfxrlf.exe77⤵
-
\??\c:\fffxrrl.exec:\fffxrrl.exe78⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe79⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe80⤵
-
\??\c:\xllfxfx.exec:\xllfxfx.exe81⤵
-
\??\c:\nnhnnn.exec:\nnhnnn.exe82⤵
-
\??\c:\btbnnn.exec:\btbnnn.exe83⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe84⤵
-
\??\c:\xflfxxf.exec:\xflfxxf.exe85⤵
-
\??\c:\1bbthh.exec:\1bbthh.exe86⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe87⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe88⤵
-
\??\c:\3djvp.exec:\3djvp.exe89⤵
-
\??\c:\fxxrffx.exec:\fxxrffx.exe90⤵
-
\??\c:\bnttbn.exec:\bnttbn.exe91⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe92⤵
-
\??\c:\3fllxxx.exec:\3fllxxx.exe93⤵
-
\??\c:\9lrlrxf.exec:\9lrlrxf.exe94⤵
-
\??\c:\nthbtt.exec:\nthbtt.exe95⤵
-
\??\c:\hhttnn.exec:\hhttnn.exe96⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe97⤵
-
\??\c:\xrfrfrr.exec:\xrfrfrr.exe98⤵
-
\??\c:\9hnhbb.exec:\9hnhbb.exe99⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe100⤵
-
\??\c:\dppjv.exec:\dppjv.exe101⤵
-
\??\c:\rxxrrlf.exec:\rxxrrlf.exe102⤵
-
\??\c:\xxxrlrf.exec:\xxxrlrf.exe103⤵
-
\??\c:\nntnbb.exec:\nntnbb.exe104⤵
-
\??\c:\pjddv.exec:\pjddv.exe105⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe106⤵
-
\??\c:\lfxxrxx.exec:\lfxxrxx.exe107⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe108⤵
-
\??\c:\hbtbht.exec:\hbtbht.exe109⤵
-
\??\c:\vjddv.exec:\vjddv.exe110⤵
-
\??\c:\vdjvd.exec:\vdjvd.exe111⤵
-
\??\c:\1frlxxr.exec:\1frlxxr.exe112⤵
-
\??\c:\9tbhhb.exec:\9tbhhb.exe113⤵
-
\??\c:\btnhhh.exec:\btnhhh.exe114⤵
-
\??\c:\dppjj.exec:\dppjj.exe115⤵
-
\??\c:\vppjd.exec:\vppjd.exe116⤵
-
\??\c:\flrrrrr.exec:\flrrrrr.exe117⤵
-
\??\c:\tthbhh.exec:\tthbhh.exe118⤵
-
\??\c:\7tthtt.exec:\7tthtt.exe119⤵
-
\??\c:\djpvd.exec:\djpvd.exe120⤵
-
\??\c:\pdvpd.exec:\pdvpd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-