Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
08/06/2024, 03:00
General
-
Target
86220463e884eb87c5f637949a578440_NeikiAnalytics.exe
-
Size
480KB
-
MD5
86220463e884eb87c5f637949a578440
-
SHA1
bebd8f2833d5e6db55aad169699c7ff76bbdfa0b
-
SHA256
afa3e5aec89718cebdb5e7408a005433dd4355a667f5b6dc1ae3aa2228aea1fd
-
SHA512
dcdbe275534a23d9c9dd3d47b3e5d5ad2a67da8977d3a044259631362e7d3b4069737b0c35748cfbb8a3affbdb36bdf5f340356e31533401eab362f6626f1fea
-
SSDEEP
12288:n3C9uDVw6326pKZ9asZqoZHz+evcn0Meh2Fezu:Su326p0aroZt0su
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\86220463e884eb87c5f637949a578440_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\86220463e884eb87c5f637949a578440_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttbh.exec:\tnttbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjpv.exec:\pjjpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dpjj.exec:\9dpjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxfxf.exec:\frfxfxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnthn.exec:\3bnthn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjv.exec:\ppdjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllrrr.exec:\lxllrrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpv.exec:\jdvpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttbb.exec:\tnttbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvv.exec:\vjvvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbnth.exec:\nnbnth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbhnn.exec:\5bbhnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjpv.exec:\jjjpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrrrxl.exec:\lxrrrxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnth.exec:\nnhnth.exe17⤵
- Executes dropped EXE
-
\??\c:\3frrxrx.exec:\3frrxrx.exe18⤵
- Executes dropped EXE
-
\??\c:\xrrxflr.exec:\xrrxflr.exe19⤵
- Executes dropped EXE
-
\??\c:\1vdvv.exec:\1vdvv.exe20⤵
- Executes dropped EXE
-
\??\c:\flxfllr.exec:\flxfllr.exe21⤵
- Executes dropped EXE
-
\??\c:\5jjdj.exec:\5jjdj.exe22⤵
- Executes dropped EXE
-
\??\c:\3lxrrrx.exec:\3lxrrrx.exe23⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe24⤵
- Executes dropped EXE
-
\??\c:\frrllxf.exec:\frrllxf.exe25⤵
- Executes dropped EXE
-
\??\c:\nhbbhh.exec:\nhbbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\xrflxxl.exec:\xrflxxl.exe27⤵
- Executes dropped EXE
-
\??\c:\bbbhbh.exec:\bbbhbh.exe28⤵
- Executes dropped EXE
-
\??\c:\lfxxflr.exec:\lfxxflr.exe29⤵
- Executes dropped EXE
-
\??\c:\thbbhh.exec:\thbbhh.exe30⤵
- Executes dropped EXE
-
\??\c:\jdpvv.exec:\jdpvv.exe31⤵
- Executes dropped EXE
-
\??\c:\3thtnt.exec:\3thtnt.exe32⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe33⤵
- Executes dropped EXE
-
\??\c:\xrflxxf.exec:\xrflxxf.exe34⤵
- Executes dropped EXE
-
\??\c:\7bnntt.exec:\7bnntt.exe35⤵
- Executes dropped EXE
-
\??\c:\9pjvd.exec:\9pjvd.exe36⤵
- Executes dropped EXE
-
\??\c:\rlflxxx.exec:\rlflxxx.exe37⤵
- Executes dropped EXE
-
\??\c:\5bhntb.exec:\5bhntb.exe38⤵
- Executes dropped EXE
-
\??\c:\bbnhnn.exec:\bbnhnn.exe39⤵
- Executes dropped EXE
-
\??\c:\jvpjp.exec:\jvpjp.exe40⤵
- Executes dropped EXE
-
\??\c:\rfllxrx.exec:\rfllxrx.exe41⤵
- Executes dropped EXE
-
\??\c:\7thnnh.exec:\7thnnh.exe42⤵
- Executes dropped EXE
-
\??\c:\thttbt.exec:\thttbt.exe43⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe44⤵
- Executes dropped EXE
-
\??\c:\rfrrfxf.exec:\rfrrfxf.exe45⤵
- Executes dropped EXE
-
\??\c:\lfrxfll.exec:\lfrxfll.exe46⤵
- Executes dropped EXE
-
\??\c:\nhhhhh.exec:\nhhhhh.exe47⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe48⤵
- Executes dropped EXE
-
\??\c:\5fllrrx.exec:\5fllrrx.exe49⤵
- Executes dropped EXE
-
\??\c:\xlxxxxf.exec:\xlxxxxf.exe50⤵
- Executes dropped EXE
-
\??\c:\9btbhh.exec:\9btbhh.exe51⤵
- Executes dropped EXE
-
\??\c:\5dpjd.exec:\5dpjd.exe52⤵
- Executes dropped EXE
-
\??\c:\3vpvj.exec:\3vpvj.exe53⤵
- Executes dropped EXE
-
\??\c:\xlxrxrl.exec:\xlxrxrl.exe54⤵
- Executes dropped EXE
-
\??\c:\hhttbh.exec:\hhttbh.exe55⤵
- Executes dropped EXE
-
\??\c:\bnhhhh.exec:\bnhhhh.exe56⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe57⤵
- Executes dropped EXE
-
\??\c:\fxrrrrf.exec:\fxrrrrf.exe58⤵
- Executes dropped EXE
-
\??\c:\frxllrr.exec:\frxllrr.exe59⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe60⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe61⤵
- Executes dropped EXE
-
\??\c:\5jdvp.exec:\5jdvp.exe62⤵
- Executes dropped EXE
-
\??\c:\3rxlrrx.exec:\3rxlrrx.exe63⤵
- Executes dropped EXE
-
\??\c:\bthnnn.exec:\bthnnn.exe64⤵
- Executes dropped EXE
-
\??\c:\1htnbh.exec:\1htnbh.exe65⤵
- Executes dropped EXE
-
\??\c:\pvvjv.exec:\pvvjv.exe66⤵
-
\??\c:\xlxxlfl.exec:\xlxxlfl.exe67⤵
-
\??\c:\lfxfllx.exec:\lfxfllx.exe68⤵
-
\??\c:\nhthhh.exec:\nhthhh.exe69⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe70⤵
-
\??\c:\1vdvd.exec:\1vdvd.exe71⤵
-
\??\c:\frfflfr.exec:\frfflfr.exe72⤵
-
\??\c:\nbtthb.exec:\nbtthb.exe73⤵
-
\??\c:\nnttbt.exec:\nnttbt.exe74⤵
-
\??\c:\3pddj.exec:\3pddj.exe75⤵
-
\??\c:\7lxfrlr.exec:\7lxfrlr.exe76⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe77⤵
-
\??\c:\3nnhhh.exec:\3nnhhh.exe78⤵
-
\??\c:\vjjvv.exec:\vjjvv.exe79⤵
-
\??\c:\xlllfxf.exec:\xlllfxf.exe80⤵
-
\??\c:\lxrlxxf.exec:\lxrlxxf.exe81⤵
-
\??\c:\tnbtbh.exec:\tnbtbh.exe82⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe83⤵
-
\??\c:\ddppp.exec:\ddppp.exe84⤵
-
\??\c:\1xrxllr.exec:\1xrxllr.exe85⤵
-
\??\c:\frffrrx.exec:\frffrrx.exe86⤵
-
\??\c:\9thbbb.exec:\9thbbb.exe87⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe88⤵
-
\??\c:\lfrlrlr.exec:\lfrlrlr.exe89⤵
-
\??\c:\rfllfff.exec:\rfllfff.exe90⤵
-
\??\c:\5hnbbb.exec:\5hnbbb.exe91⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe92⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe93⤵
-
\??\c:\1frrrxx.exec:\1frrrxx.exe94⤵
-
\??\c:\thtttt.exec:\thtttt.exe95⤵
-
\??\c:\thttbb.exec:\thttbb.exe96⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe97⤵
-
\??\c:\xlxxxxl.exec:\xlxxxxl.exe98⤵
-
\??\c:\fxlllfx.exec:\fxlllfx.exe99⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe100⤵
-
\??\c:\1djjj.exec:\1djjj.exe101⤵
-
\??\c:\1ppjv.exec:\1ppjv.exe102⤵
-
\??\c:\lxllxrr.exec:\lxllxrr.exe103⤵
-
\??\c:\thttbb.exec:\thttbb.exe104⤵
-
\??\c:\tnhtbb.exec:\tnhtbb.exe105⤵
-
\??\c:\vvppv.exec:\vvppv.exe106⤵
-
\??\c:\5rfxxxf.exec:\5rfxxxf.exe107⤵
-
\??\c:\tntbhn.exec:\tntbhn.exe108⤵
-
\??\c:\htntbb.exec:\htntbb.exe109⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe110⤵
-
\??\c:\9rfxxfl.exec:\9rfxxfl.exe111⤵
-
\??\c:\fxllxfr.exec:\fxllxfr.exe112⤵
-
\??\c:\3httbh.exec:\3httbh.exe113⤵
-
\??\c:\9vjpp.exec:\9vjpp.exe114⤵
-
\??\c:\3pjjd.exec:\3pjjd.exe115⤵
-
\??\c:\xxllrlr.exec:\xxllrlr.exe116⤵
-
\??\c:\hthnbb.exec:\hthnbb.exe117⤵
-
\??\c:\9hbbtt.exec:\9hbbtt.exe118⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe119⤵
-
\??\c:\lxrxflx.exec:\lxrxflx.exe120⤵
-
\??\c:\3tbttb.exec:\3tbttb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-