Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
24/06/2024, 08:25 UTC
General
-
Target
56a82b7abec190fc13886043beb1038b42da64af1d8eb38f7fdf6abd540f7df1_NeikiAnalytics.exe
-
Size
92KB
-
MD5
dc9fdd20d3d133f9f31b41e16a7801b0
-
SHA1
dcd0c01d2c71fdfe0127f5150f3eea07541324ba
-
SHA256
56a82b7abec190fc13886043beb1038b42da64af1d8eb38f7fdf6abd540f7df1
-
SHA512
bb1a54aabb65017a740ffa67894e39f9902f4e892be54e1e03b41b6b7fc1fdc3a9881baf559b6c82d07cc19e27a1a313c44c147abb18d5d543b390e5c4d3ab4d
-
SSDEEP
1536:8vQBeOGtrYS3srx93UBWfwC6Ggnouy80fg3Cip8iXAsG5M0u5YoWpcw:8hOmTsF93UYfwC6GIout0fmCiiiXA6mR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\56a82b7abec190fc13886043beb1038b42da64af1d8eb38f7fdf6abd540f7df1_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\56a82b7abec190fc13886043beb1038b42da64af1d8eb38f7fdf6abd540f7df1_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\8204440.exec:\8204440.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2800444.exec:\2800444.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\288828.exec:\288828.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrlfx.exec:\frxrlfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\062600.exec:\062600.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\26888.exec:\26888.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\88448.exec:\88448.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2022228.exec:\2022228.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxrrr.exec:\rrxxrrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\46842.exec:\46842.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdv.exec:\vdjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\40608.exec:\40608.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrffrr.exec:\frrffrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tbtbb.exec:\1tbtbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a6608.exec:\a6608.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdpd.exec:\vjdpd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\448866.exec:\448866.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvj.exec:\dpjvj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btnbt.exec:\9btnbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\00662.exec:\00662.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjp.exec:\vvvjp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtthb.exec:\nhtthb.exe23⤵
- Executes dropped EXE
-
\??\c:\jpdvj.exec:\jpdvj.exe24⤵
- Executes dropped EXE
-
\??\c:\28864.exec:\28864.exe25⤵
- Executes dropped EXE
-
\??\c:\0860220.exec:\0860220.exe26⤵
- Executes dropped EXE
-
\??\c:\5xxfrlx.exec:\5xxfrlx.exe27⤵
- Executes dropped EXE
-
\??\c:\xrlflff.exec:\xrlflff.exe28⤵
- Executes dropped EXE
-
\??\c:\8660426.exec:\8660426.exe29⤵
- Executes dropped EXE
-
\??\c:\lfrfrlf.exec:\lfrfrlf.exe30⤵
- Executes dropped EXE
-
\??\c:\688664.exec:\688664.exe31⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe32⤵
- Executes dropped EXE
-
\??\c:\vddpj.exec:\vddpj.exe33⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe34⤵
- Executes dropped EXE
-
\??\c:\1xxrlll.exec:\1xxrlll.exe35⤵
- Executes dropped EXE
-
\??\c:\lfllfff.exec:\lfllfff.exe36⤵
- Executes dropped EXE
-
\??\c:\rxrxfrf.exec:\rxrxfrf.exe37⤵
- Executes dropped EXE
-
\??\c:\bttttt.exec:\bttttt.exe38⤵
- Executes dropped EXE
-
\??\c:\dpvpv.exec:\dpvpv.exe39⤵
- Executes dropped EXE
-
\??\c:\263hh.exec:\263hh.exe40⤵
- Executes dropped EXE
-
\??\c:\vjdpd.exec:\vjdpd.exe41⤵
- Executes dropped EXE
-
\??\c:\844888.exec:\844888.exe42⤵
- Executes dropped EXE
-
\??\c:\8284260.exec:\8284260.exe43⤵
- Executes dropped EXE
-
\??\c:\hbbtnb.exec:\hbbtnb.exe44⤵
- Executes dropped EXE
-
\??\c:\tnthth.exec:\tnthth.exe45⤵
- Executes dropped EXE
-
\??\c:\2020260.exec:\2020260.exe46⤵
- Executes dropped EXE
-
\??\c:\bbbthh.exec:\bbbthh.exe47⤵
- Executes dropped EXE
-
\??\c:\nhbnhb.exec:\nhbnhb.exe48⤵
- Executes dropped EXE
-
\??\c:\rxrffxl.exec:\rxrffxl.exe49⤵
- Executes dropped EXE
-
\??\c:\488068.exec:\488068.exe50⤵
- Executes dropped EXE
-
\??\c:\nbbtth.exec:\nbbtth.exe51⤵
- Executes dropped EXE
-
\??\c:\llrlrlf.exec:\llrlrlf.exe52⤵
- Executes dropped EXE
-
\??\c:\442648.exec:\442648.exe53⤵
- Executes dropped EXE
-
\??\c:\rlfxlfx.exec:\rlfxlfx.exe54⤵
- Executes dropped EXE
-
\??\c:\9llffxr.exec:\9llffxr.exe55⤵
- Executes dropped EXE
-
\??\c:\djvpv.exec:\djvpv.exe56⤵
- Executes dropped EXE
-
\??\c:\04262.exec:\04262.exe57⤵
- Executes dropped EXE
-
\??\c:\28420.exec:\28420.exe58⤵
- Executes dropped EXE
-
\??\c:\tbbhbb.exec:\tbbhbb.exe59⤵
- Executes dropped EXE
-
\??\c:\jjdpp.exec:\jjdpp.exe60⤵
- Executes dropped EXE
-
\??\c:\208086.exec:\208086.exe61⤵
- Executes dropped EXE
-
\??\c:\ffffrlf.exec:\ffffrlf.exe62⤵
- Executes dropped EXE
-
\??\c:\o000482.exec:\o000482.exe63⤵
- Executes dropped EXE
-
\??\c:\0068282.exec:\0068282.exe64⤵
- Executes dropped EXE
-
\??\c:\262662.exec:\262662.exe65⤵
- Executes dropped EXE
-
\??\c:\btnhth.exec:\btnhth.exe66⤵
-
\??\c:\ntnhbt.exec:\ntnhbt.exe67⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe68⤵
-
\??\c:\48484.exec:\48484.exe69⤵
-
\??\c:\e06044.exec:\e06044.exe70⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe71⤵
-
\??\c:\c886608.exec:\c886608.exe72⤵
-
\??\c:\u260482.exec:\u260482.exe73⤵
-
\??\c:\3nhbnh.exec:\3nhbnh.exe74⤵
-
\??\c:\pppdv.exec:\pppdv.exe75⤵
-
\??\c:\lllxxrr.exec:\lllxxrr.exe76⤵
-
\??\c:\4460000.exec:\4460000.exe77⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe78⤵
-
\??\c:\a2648.exec:\a2648.exe79⤵
-
\??\c:\frlxlfx.exec:\frlxlfx.exe80⤵
-
\??\c:\7vjjv.exec:\7vjjv.exe81⤵
-
\??\c:\nhbnbn.exec:\nhbnbn.exe82⤵
-
\??\c:\5vvpd.exec:\5vvpd.exe83⤵
-
\??\c:\a8882.exec:\a8882.exe84⤵
-
\??\c:\64200.exec:\64200.exe85⤵
-
\??\c:\pvjvj.exec:\pvjvj.exe86⤵
-
\??\c:\hhhbhb.exec:\hhhbhb.exe87⤵
-
\??\c:\xxfllxr.exec:\xxfllxr.exe88⤵
-
\??\c:\48882.exec:\48882.exe89⤵
-
\??\c:\00042.exec:\00042.exe90⤵
-
\??\c:\9rlrxxl.exec:\9rlrxxl.exe91⤵
-
\??\c:\llrfrxf.exec:\llrfrxf.exe92⤵
-
\??\c:\i048604.exec:\i048604.exe93⤵
-
\??\c:\g2480.exec:\g2480.exe94⤵
-
\??\c:\thbnbt.exec:\thbnbt.exe95⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe96⤵
-
\??\c:\8282048.exec:\8282048.exe97⤵
-
\??\c:\lfrlxxr.exec:\lfrlxxr.exe98⤵
-
\??\c:\8888604.exec:\8888604.exe99⤵
-
\??\c:\pppjv.exec:\pppjv.exe100⤵
-
\??\c:\dppdv.exec:\dppdv.exe101⤵
-
\??\c:\8068480.exec:\8068480.exe102⤵
-
\??\c:\btnbtn.exec:\btnbtn.exe103⤵
-
\??\c:\m2864.exec:\m2864.exe104⤵
-
\??\c:\0008260.exec:\0008260.exe105⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe106⤵
-
\??\c:\fxfrlff.exec:\fxfrlff.exe107⤵
-
\??\c:\668882.exec:\668882.exe108⤵
-
\??\c:\0460444.exec:\0460444.exe109⤵
-
\??\c:\e44426.exec:\e44426.exe110⤵
-
\??\c:\xlrllxr.exec:\xlrllxr.exe111⤵
-
\??\c:\84622.exec:\84622.exe112⤵
-
\??\c:\rxxrllf.exec:\rxxrllf.exe113⤵
-
\??\c:\9jdvp.exec:\9jdvp.exe114⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe115⤵
-
\??\c:\fllfxrl.exec:\fllfxrl.exe116⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe117⤵
-
\??\c:\48826.exec:\48826.exe118⤵
-
\??\c:\48028.exec:\48028.exe119⤵
-
\??\c:\o022444.exec:\o022444.exe120⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-