Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
10/06/2024, 11:35
General
-
Target
100ffadba5aaf071814b14f9d8674a00_NeikiAnalytics.exe
-
Size
521KB
-
MD5
100ffadba5aaf071814b14f9d8674a00
-
SHA1
5552cf5680cb7a3c6230b6864d6c5e47478aa6e6
-
SHA256
d2cc2f875c6c7190ae3d0bccc96cfc394d57be89e8517d57f78b7373827e22a1
-
SHA512
aec74afd0256c3c0b30024e41d567d940462123ebf01ae47488ee798d1006b0db110dc3c44d2051bb9d1030872d8c6e4bf10aef64b584a0bb3746c5006f57cbf
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2CfNnkymTwaJ3o89H3r:q7Tc2NYHUrAwfMHNnpls4897
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 47 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\100ffadba5aaf071814b14f9d8674a00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\100ffadba5aaf071814b14f9d8674a00_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjv.exec:\jppjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\82402.exec:\82402.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20644.exec:\20644.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20480.exec:\20480.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48002.exec:\48002.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffflr.exec:\xrffflr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnbh.exec:\nnhnbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbh.exec:\nhttbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\004046.exec:\004046.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\886862.exec:\886862.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrxlrx.exec:\1lrxlrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\82402.exec:\82402.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfflrr.exec:\rlfflrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a0042.exec:\a0042.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22042.exec:\22042.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\080284.exec:\080284.exe17⤵
- Executes dropped EXE
-
\??\c:\20468.exec:\20468.exe18⤵
- Executes dropped EXE
-
\??\c:\btttnt.exec:\btttnt.exe19⤵
- Executes dropped EXE
-
\??\c:\4046446.exec:\4046446.exe20⤵
- Executes dropped EXE
-
\??\c:\lrxxlff.exec:\lrxxlff.exe21⤵
- Executes dropped EXE
-
\??\c:\06448.exec:\06448.exe22⤵
- Executes dropped EXE
-
\??\c:\nhbtbt.exec:\nhbtbt.exe23⤵
- Executes dropped EXE
-
\??\c:\5lfxffl.exec:\5lfxffl.exe24⤵
- Executes dropped EXE
-
\??\c:\tnnnnt.exec:\tnnnnt.exe25⤵
- Executes dropped EXE
-
\??\c:\bntttn.exec:\bntttn.exe26⤵
- Executes dropped EXE
-
\??\c:\42240.exec:\42240.exe27⤵
- Executes dropped EXE
-
\??\c:\60884.exec:\60884.exe28⤵
- Executes dropped EXE
-
\??\c:\0626648.exec:\0626648.exe29⤵
- Executes dropped EXE
-
\??\c:\48624.exec:\48624.exe30⤵
- Executes dropped EXE
-
\??\c:\3btntt.exec:\3btntt.exe31⤵
- Executes dropped EXE
-
\??\c:\602240.exec:\602240.exe32⤵
- Executes dropped EXE
-
\??\c:\jpppd.exec:\jpppd.exe33⤵
- Executes dropped EXE
-
\??\c:\llflrrf.exec:\llflrrf.exe34⤵
- Executes dropped EXE
-
\??\c:\fxrrffl.exec:\fxrrffl.exe35⤵
- Executes dropped EXE
-
\??\c:\ppjpv.exec:\ppjpv.exe36⤵
- Executes dropped EXE
-
\??\c:\llrllfl.exec:\llrllfl.exe37⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe38⤵
- Executes dropped EXE
-
\??\c:\bbnbhh.exec:\bbnbhh.exe39⤵
- Executes dropped EXE
-
\??\c:\fxxflrl.exec:\fxxflrl.exe40⤵
- Executes dropped EXE
-
\??\c:\486060.exec:\486060.exe41⤵
- Executes dropped EXE
-
\??\c:\488468.exec:\488468.exe42⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe43⤵
- Executes dropped EXE
-
\??\c:\xrfffxx.exec:\xrfffxx.exe44⤵
- Executes dropped EXE
-
\??\c:\3hnnbh.exec:\3hnnbh.exe45⤵
- Executes dropped EXE
-
\??\c:\02068.exec:\02068.exe46⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe47⤵
- Executes dropped EXE
-
\??\c:\2848066.exec:\2848066.exe48⤵
- Executes dropped EXE
-
\??\c:\g2468.exec:\g2468.exe49⤵
- Executes dropped EXE
-
\??\c:\fflfrxx.exec:\fflfrxx.exe50⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe51⤵
- Executes dropped EXE
-
\??\c:\nnhhht.exec:\nnhhht.exe52⤵
- Executes dropped EXE
-
\??\c:\1ddpv.exec:\1ddpv.exe53⤵
- Executes dropped EXE
-
\??\c:\040080.exec:\040080.exe54⤵
- Executes dropped EXE
-
\??\c:\20266.exec:\20266.exe55⤵
- Executes dropped EXE
-
\??\c:\8862266.exec:\8862266.exe56⤵
- Executes dropped EXE
-
\??\c:\7lxffff.exec:\7lxffff.exe57⤵
- Executes dropped EXE
-
\??\c:\rfrrxxf.exec:\rfrrxxf.exe58⤵
- Executes dropped EXE
-
\??\c:\lfllrrx.exec:\lfllrrx.exe59⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe60⤵
- Executes dropped EXE
-
\??\c:\64666.exec:\64666.exe61⤵
- Executes dropped EXE
-
\??\c:\o244480.exec:\o244480.exe62⤵
- Executes dropped EXE
-
\??\c:\8640846.exec:\8640846.exe63⤵
- Executes dropped EXE
-
\??\c:\pjjpp.exec:\pjjpp.exe64⤵
- Executes dropped EXE
-
\??\c:\ppdvv.exec:\ppdvv.exe65⤵
- Executes dropped EXE
-
\??\c:\s4000.exec:\s4000.exe66⤵
-
\??\c:\lfxfrrr.exec:\lfxfrrr.exe67⤵
-
\??\c:\9htnnn.exec:\9htnnn.exe68⤵
-
\??\c:\66666.exec:\66666.exe69⤵
-
\??\c:\60228.exec:\60228.exe70⤵
-
\??\c:\6866262.exec:\6866262.exe71⤵
-
\??\c:\0604684.exec:\0604684.exe72⤵
-
\??\c:\0844400.exec:\0844400.exe73⤵
-
\??\c:\lflllfl.exec:\lflllfl.exe74⤵
-
\??\c:\642282.exec:\642282.exe75⤵
-
\??\c:\6462400.exec:\6462400.exe76⤵
-
\??\c:\02668.exec:\02668.exe77⤵
-
\??\c:\o808406.exec:\o808406.exe78⤵
-
\??\c:\02824.exec:\02824.exe79⤵
-
\??\c:\xlfxffl.exec:\xlfxffl.exe80⤵
-
\??\c:\08484.exec:\08484.exe81⤵
-
\??\c:\vpddp.exec:\vpddp.exe82⤵
-
\??\c:\4644040.exec:\4644040.exe83⤵
-
\??\c:\rfrxrrr.exec:\rfrxrrr.exe84⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe85⤵
-
\??\c:\4800628.exec:\4800628.exe86⤵
-
\??\c:\rxllxfl.exec:\rxllxfl.exe87⤵
-
\??\c:\thntbb.exec:\thntbb.exe88⤵
-
\??\c:\082644.exec:\082644.exe89⤵
-
\??\c:\422248.exec:\422248.exe90⤵
-
\??\c:\bbtbnn.exec:\bbtbnn.exe91⤵
-
\??\c:\46062.exec:\46062.exe92⤵
-
\??\c:\djjjd.exec:\djjjd.exe93⤵
-
\??\c:\266240.exec:\266240.exe94⤵
-
\??\c:\42828.exec:\42828.exe95⤵
-
\??\c:\8284406.exec:\8284406.exe96⤵
-
\??\c:\ffrxffl.exec:\ffrxffl.exe97⤵
-
\??\c:\lrrlrfl.exec:\lrrlrfl.exe98⤵
-
\??\c:\tnbnbh.exec:\tnbnbh.exe99⤵
-
\??\c:\480066.exec:\480066.exe100⤵
-
\??\c:\1xlrxlr.exec:\1xlrxlr.exe101⤵
-
\??\c:\4248006.exec:\4248006.exe102⤵
-
\??\c:\3btbnn.exec:\3btbnn.exe103⤵
-
\??\c:\8688040.exec:\8688040.exe104⤵
-
\??\c:\82040.exec:\82040.exe105⤵
-
\??\c:\jdppv.exec:\jdppv.exe106⤵
-
\??\c:\080066.exec:\080066.exe107⤵
-
\??\c:\s2002.exec:\s2002.exe108⤵
-
\??\c:\g6284.exec:\g6284.exe109⤵
-
\??\c:\8802048.exec:\8802048.exe110⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe111⤵
-
\??\c:\hthhnn.exec:\hthhnn.exe112⤵
-
\??\c:\hthntt.exec:\hthntt.exe113⤵
-
\??\c:\frlxrlx.exec:\frlxrlx.exe114⤵
-
\??\c:\04662.exec:\04662.exe115⤵
-
\??\c:\0488404.exec:\0488404.exe116⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe117⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe118⤵
-
\??\c:\7lfxffl.exec:\7lfxffl.exe119⤵
-
\??\c:\6082884.exec:\6082884.exe120⤵
-
\??\c:\64440.exec:\64440.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-