Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
08/06/2024, 03:00
General
-
Target
86220463e884eb87c5f637949a578440_NeikiAnalytics.exe
-
Size
480KB
-
MD5
86220463e884eb87c5f637949a578440
-
SHA1
bebd8f2833d5e6db55aad169699c7ff76bbdfa0b
-
SHA256
afa3e5aec89718cebdb5e7408a005433dd4355a667f5b6dc1ae3aa2228aea1fd
-
SHA512
dcdbe275534a23d9c9dd3d47b3e5d5ad2a67da8977d3a044259631362e7d3b4069737b0c35748cfbb8a3affbdb36bdf5f340356e31533401eab362f6626f1fea
-
SSDEEP
12288:n3C9uDVw6326pKZ9asZqoZHz+evcn0Meh2Fezu:Su326p0aroZt0su
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\86220463e884eb87c5f637949a578440_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\86220463e884eb87c5f637949a578440_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xllxrxx.exec:\xllxrxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhtt.exec:\nnnhtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdpj.exec:\djdpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3flxfff.exec:\3flxfff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntnbt.exec:\nntnbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjdv.exec:\1vjdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthtn.exec:\hbthtn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvj.exec:\ppdvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxffxrl.exec:\rxffxrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrfflx.exec:\xfrfflx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbthh.exec:\nhbthh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjdp.exec:\5pjdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnnhb.exec:\9nnnhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvj.exec:\dvdvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhtnh.exec:\nhhtnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrfrrl.exec:\ffrfrrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxxl.exec:\rllfxxl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvv.exec:\vjdvv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllrllf.exec:\fllrllf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvdp.exec:\jvvdp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbttn.exec:\nbbttn.exe23⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe24⤵
- Executes dropped EXE
-
\??\c:\1rxxrfx.exec:\1rxxrfx.exe25⤵
- Executes dropped EXE
-
\??\c:\tthhbb.exec:\tthhbb.exe26⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe27⤵
- Executes dropped EXE
-
\??\c:\5tnhbb.exec:\5tnhbb.exe28⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe29⤵
- Executes dropped EXE
-
\??\c:\xxxxxrf.exec:\xxxxxrf.exe30⤵
- Executes dropped EXE
-
\??\c:\bttnhb.exec:\bttnhb.exe31⤵
- Executes dropped EXE
-
\??\c:\5hbtnn.exec:\5hbtnn.exe32⤵
- Executes dropped EXE
-
\??\c:\bnhhbt.exec:\bnhhbt.exe33⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe34⤵
- Executes dropped EXE
-
\??\c:\rrrffrf.exec:\rrrffrf.exe35⤵
- Executes dropped EXE
-
\??\c:\hbhhht.exec:\hbhhht.exe36⤵
- Executes dropped EXE
-
\??\c:\5dvjv.exec:\5dvjv.exe37⤵
- Executes dropped EXE
-
\??\c:\xlfrrlr.exec:\xlfrrlr.exe38⤵
- Executes dropped EXE
-
\??\c:\5ttnhh.exec:\5ttnhh.exe39⤵
- Executes dropped EXE
-
\??\c:\jvdvj.exec:\jvdvj.exe40⤵
- Executes dropped EXE
-
\??\c:\flfxrlf.exec:\flfxrlf.exe41⤵
- Executes dropped EXE
-
\??\c:\tnbbhn.exec:\tnbbhn.exe42⤵
- Executes dropped EXE
-
\??\c:\pjdpv.exec:\pjdpv.exe43⤵
- Executes dropped EXE
-
\??\c:\fxfxrlf.exec:\fxfxrlf.exe44⤵
- Executes dropped EXE
-
\??\c:\rrxrlfx.exec:\rrxrlfx.exe45⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe46⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe47⤵
- Executes dropped EXE
-
\??\c:\fxffxlr.exec:\fxffxlr.exe48⤵
- Executes dropped EXE
-
\??\c:\hbtbbh.exec:\hbtbbh.exe49⤵
- Executes dropped EXE
-
\??\c:\pvjvp.exec:\pvjvp.exe50⤵
- Executes dropped EXE
-
\??\c:\rlfxlfr.exec:\rlfxlfr.exe51⤵
- Executes dropped EXE
-
\??\c:\rlrlrfl.exec:\rlrlrfl.exe52⤵
- Executes dropped EXE
-
\??\c:\tnnhtn.exec:\tnnhtn.exe53⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe54⤵
- Executes dropped EXE
-
\??\c:\9pdpp.exec:\9pdpp.exe55⤵
- Executes dropped EXE
-
\??\c:\fxxrlfx.exec:\fxxrlfx.exe56⤵
- Executes dropped EXE
-
\??\c:\ttthbt.exec:\ttthbt.exe57⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe58⤵
- Executes dropped EXE
-
\??\c:\xfxrlfx.exec:\xfxrlfx.exe59⤵
- Executes dropped EXE
-
\??\c:\7hhhbb.exec:\7hhhbb.exe60⤵
- Executes dropped EXE
-
\??\c:\tnttnt.exec:\tnttnt.exe61⤵
- Executes dropped EXE
-
\??\c:\5ddvd.exec:\5ddvd.exe62⤵
- Executes dropped EXE
-
\??\c:\xflfllx.exec:\xflfllx.exe63⤵
- Executes dropped EXE
-
\??\c:\rlxlxrr.exec:\rlxlxrr.exe64⤵
- Executes dropped EXE
-
\??\c:\ttbtnh.exec:\ttbtnh.exe65⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe66⤵
-
\??\c:\7vpdp.exec:\7vpdp.exe67⤵
-
\??\c:\xflxrrf.exec:\xflxrrf.exe68⤵
-
\??\c:\hbnhth.exec:\hbnhth.exe69⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe70⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe71⤵
-
\??\c:\rxfrffr.exec:\rxfrffr.exe72⤵
-
\??\c:\bnhbnb.exec:\bnhbnb.exe73⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe74⤵
-
\??\c:\djpdd.exec:\djpdd.exe75⤵
-
\??\c:\rxfrlfr.exec:\rxfrlfr.exe76⤵
-
\??\c:\htbtbb.exec:\htbtbb.exe77⤵
-
\??\c:\nhthhh.exec:\nhthhh.exe78⤵
-
\??\c:\7ppjj.exec:\7ppjj.exe79⤵
-
\??\c:\xfllfxr.exec:\xfllfxr.exe80⤵
-
\??\c:\nbntht.exec:\nbntht.exe81⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe82⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe83⤵
-
\??\c:\xfrlxxx.exec:\xfrlxxx.exe84⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe85⤵
-
\??\c:\rffxxxr.exec:\rffxxxr.exe86⤵
-
\??\c:\nhbhbh.exec:\nhbhbh.exe87⤵
-
\??\c:\3jppj.exec:\3jppj.exe88⤵
-
\??\c:\9lxrxxr.exec:\9lxrxxr.exe89⤵
-
\??\c:\xxxrllf.exec:\xxxrllf.exe90⤵
-
\??\c:\7nnnnt.exec:\7nnnnt.exe91⤵
-
\??\c:\1vddd.exec:\1vddd.exe92⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe93⤵
-
\??\c:\frxrrrl.exec:\frxrrrl.exe94⤵
-
\??\c:\htbhhn.exec:\htbhhn.exe95⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe96⤵
-
\??\c:\rrxrrrx.exec:\rrxrrrx.exe97⤵
-
\??\c:\9tnhbt.exec:\9tnhbt.exe98⤵
-
\??\c:\bnnnhb.exec:\bnnnhb.exe99⤵
-
\??\c:\3vvvv.exec:\3vvvv.exe100⤵
-
\??\c:\3xxxlxr.exec:\3xxxlxr.exe101⤵
-
\??\c:\3fffflr.exec:\3fffflr.exe102⤵
-
\??\c:\3tbtht.exec:\3tbtht.exe103⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe104⤵
-
\??\c:\1lfffff.exec:\1lfffff.exe105⤵
-
\??\c:\rlfxrlx.exec:\rlfxrlx.exe106⤵
-
\??\c:\hbtnnh.exec:\hbtnnh.exe107⤵
-
\??\c:\djvpd.exec:\djvpd.exe108⤵
-
\??\c:\1djdv.exec:\1djdv.exe109⤵
-
\??\c:\xlrlffr.exec:\xlrlffr.exe110⤵
-
\??\c:\bnhhnt.exec:\bnhhnt.exe111⤵
-
\??\c:\pvppj.exec:\pvppj.exe112⤵
-
\??\c:\rfffxxx.exec:\rfffxxx.exe113⤵
-
\??\c:\lxxrllf.exec:\lxxrllf.exe114⤵
-
\??\c:\httntt.exec:\httntt.exe115⤵
-
\??\c:\vdpjp.exec:\vdpjp.exe116⤵
-
\??\c:\rrrfxxr.exec:\rrrfxxr.exe117⤵
-
\??\c:\ttbttt.exec:\ttbttt.exe118⤵
-
\??\c:\jdddv.exec:\jdddv.exe119⤵
-
\??\c:\flrlrlf.exec:\flrlrlf.exe120⤵
-
\??\c:\7bbthb.exec:\7bbthb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-