Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
10/06/2024, 11:35
General
-
Target
100ffadba5aaf071814b14f9d8674a00_NeikiAnalytics.exe
-
Size
521KB
-
MD5
100ffadba5aaf071814b14f9d8674a00
-
SHA1
5552cf5680cb7a3c6230b6864d6c5e47478aa6e6
-
SHA256
d2cc2f875c6c7190ae3d0bccc96cfc394d57be89e8517d57f78b7373827e22a1
-
SHA512
aec74afd0256c3c0b30024e41d567d940462123ebf01ae47488ee798d1006b0db110dc3c44d2051bb9d1030872d8c6e4bf10aef64b584a0bb3746c5006f57cbf
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2CfNnkymTwaJ3o89H3r:q7Tc2NYHUrAwfMHNnpls4897
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\100ffadba5aaf071814b14f9d8674a00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\100ffadba5aaf071814b14f9d8674a00_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbnh.exec:\hbtbnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrlfxr.exec:\7lrlfxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2824208.exec:\2824208.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhnbt.exec:\1bhnbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjd.exec:\djjjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2282226.exec:\2282226.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbnnn.exec:\bnbnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnhhh.exec:\3bnhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s4660.exec:\s4660.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhhh.exec:\nhnhhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c804822.exec:\c804822.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\200882.exec:\200882.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\860000.exec:\860000.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\44004.exec:\44004.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\680444.exec:\680444.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8420000.exec:\8420000.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffxxx.exec:\lfffxxx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnhb.exec:\nbnnhb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbhhh.exec:\5bbhhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rfxflx.exec:\7rfxflx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\028226.exec:\028226.exe23⤵
- Executes dropped EXE
-
\??\c:\8226224.exec:\8226224.exe24⤵
- Executes dropped EXE
-
\??\c:\648860.exec:\648860.exe25⤵
- Executes dropped EXE
-
\??\c:\0448260.exec:\0448260.exe26⤵
- Executes dropped EXE
-
\??\c:\3xxrlll.exec:\3xxrlll.exe27⤵
- Executes dropped EXE
-
\??\c:\0060444.exec:\0060444.exe28⤵
- Executes dropped EXE
-
\??\c:\1tnnnn.exec:\1tnnnn.exe29⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe30⤵
- Executes dropped EXE
-
\??\c:\28882.exec:\28882.exe31⤵
- Executes dropped EXE
-
\??\c:\2246060.exec:\2246060.exe32⤵
- Executes dropped EXE
-
\??\c:\0244822.exec:\0244822.exe33⤵
- Executes dropped EXE
-
\??\c:\0026666.exec:\0026666.exe34⤵
- Executes dropped EXE
-
\??\c:\pvjpj.exec:\pvjpj.exe35⤵
- Executes dropped EXE
-
\??\c:\k84886.exec:\k84886.exe36⤵
- Executes dropped EXE
-
\??\c:\5pjjd.exec:\5pjjd.exe37⤵
- Executes dropped EXE
-
\??\c:\o460606.exec:\o460606.exe38⤵
- Executes dropped EXE
-
\??\c:\lffxrxl.exec:\lffxrxl.exe39⤵
- Executes dropped EXE
-
\??\c:\62448.exec:\62448.exe40⤵
- Executes dropped EXE
-
\??\c:\pvjjd.exec:\pvjjd.exe41⤵
- Executes dropped EXE
-
\??\c:\lxrllrr.exec:\lxrllrr.exe42⤵
- Executes dropped EXE
-
\??\c:\lrrrrrr.exec:\lrrrrrr.exe43⤵
- Executes dropped EXE
-
\??\c:\m0848.exec:\m0848.exe44⤵
- Executes dropped EXE
-
\??\c:\1nnhhh.exec:\1nnhhh.exe45⤵
- Executes dropped EXE
-
\??\c:\66882.exec:\66882.exe46⤵
- Executes dropped EXE
-
\??\c:\m0266.exec:\m0266.exe47⤵
- Executes dropped EXE
-
\??\c:\9hhbhh.exec:\9hhbhh.exe48⤵
- Executes dropped EXE
-
\??\c:\bthbhn.exec:\bthbhn.exe49⤵
- Executes dropped EXE
-
\??\c:\lffxfff.exec:\lffxfff.exe50⤵
- Executes dropped EXE
-
\??\c:\q88260.exec:\q88260.exe51⤵
- Executes dropped EXE
-
\??\c:\60664.exec:\60664.exe52⤵
- Executes dropped EXE
-
\??\c:\thhtbt.exec:\thhtbt.exe53⤵
- Executes dropped EXE
-
\??\c:\268484.exec:\268484.exe54⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe55⤵
- Executes dropped EXE
-
\??\c:\nbttnt.exec:\nbttnt.exe56⤵
- Executes dropped EXE
-
\??\c:\tnhbtb.exec:\tnhbtb.exe57⤵
- Executes dropped EXE
-
\??\c:\lflrffr.exec:\lflrffr.exe58⤵
- Executes dropped EXE
-
\??\c:\lfrlxfx.exec:\lfrlxfx.exe59⤵
- Executes dropped EXE
-
\??\c:\9vjjv.exec:\9vjjv.exe60⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe61⤵
- Executes dropped EXE
-
\??\c:\o008260.exec:\o008260.exe62⤵
- Executes dropped EXE
-
\??\c:\vdddv.exec:\vdddv.exe63⤵
- Executes dropped EXE
-
\??\c:\26842.exec:\26842.exe64⤵
- Executes dropped EXE
-
\??\c:\flrlffx.exec:\flrlffx.exe65⤵
- Executes dropped EXE
-
\??\c:\flrrxrl.exec:\flrrxrl.exe66⤵
-
\??\c:\0066062.exec:\0066062.exe67⤵
-
\??\c:\vjjvv.exec:\vjjvv.exe68⤵
-
\??\c:\dpppj.exec:\dpppj.exe69⤵
-
\??\c:\48484.exec:\48484.exe70⤵
-
\??\c:\s0200.exec:\s0200.exe71⤵
-
\??\c:\jppjj.exec:\jppjj.exe72⤵
-
\??\c:\m4848.exec:\m4848.exe73⤵
-
\??\c:\tbhnbt.exec:\tbhnbt.exe74⤵
-
\??\c:\m8420.exec:\m8420.exe75⤵
-
\??\c:\djjvj.exec:\djjvj.exe76⤵
-
\??\c:\u664260.exec:\u664260.exe77⤵
-
\??\c:\482604.exec:\482604.exe78⤵
-
\??\c:\m2866.exec:\m2866.exe79⤵
-
\??\c:\82424.exec:\82424.exe80⤵
-
\??\c:\rfxxlfx.exec:\rfxxlfx.exe81⤵
-
\??\c:\488248.exec:\488248.exe82⤵
-
\??\c:\664426.exec:\664426.exe83⤵
-
\??\c:\26804.exec:\26804.exe84⤵
-
\??\c:\88042.exec:\88042.exe85⤵
-
\??\c:\bhbhtn.exec:\bhbhtn.exe86⤵
-
\??\c:\802266.exec:\802266.exe87⤵
-
\??\c:\88046.exec:\88046.exe88⤵
-
\??\c:\llfrllf.exec:\llfrllf.exe89⤵
-
\??\c:\o280428.exec:\o280428.exe90⤵
-
\??\c:\1nhbtt.exec:\1nhbtt.exe91⤵
-
\??\c:\26228.exec:\26228.exe92⤵
-
\??\c:\djjvv.exec:\djjvv.exe93⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe94⤵
-
\??\c:\xxlfffl.exec:\xxlfffl.exe95⤵
-
\??\c:\hhthbb.exec:\hhthbb.exe96⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe97⤵
-
\??\c:\6682604.exec:\6682604.exe98⤵
-
\??\c:\hhhthb.exec:\hhhthb.exe99⤵
-
\??\c:\ttbbhh.exec:\ttbbhh.exe100⤵
-
\??\c:\248226.exec:\248226.exe101⤵
-
\??\c:\42682.exec:\42682.exe102⤵
-
\??\c:\llrfxxr.exec:\llrfxxr.exe103⤵
-
\??\c:\42688.exec:\42688.exe104⤵
-
\??\c:\tnhbbt.exec:\tnhbbt.exe105⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe106⤵
-
\??\c:\624684.exec:\624684.exe107⤵
-
\??\c:\nththb.exec:\nththb.exe108⤵
-
\??\c:\26606.exec:\26606.exe109⤵
-
\??\c:\a8826.exec:\a8826.exe110⤵
-
\??\c:\c686606.exec:\c686606.exe111⤵
-
\??\c:\nbhhtn.exec:\nbhhtn.exe112⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe113⤵
-
\??\c:\88482.exec:\88482.exe114⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe115⤵
-
\??\c:\20040.exec:\20040.exe116⤵
-
\??\c:\6848246.exec:\6848246.exe117⤵
-
\??\c:\lfrrxff.exec:\lfrrxff.exe118⤵
-
\??\c:\nnthhb.exec:\nnthhb.exe119⤵
-
\??\c:\06222.exec:\06222.exe120⤵
-
\??\c:\c440886.exec:\c440886.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-