Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
24/06/2024, 10:28
General
-
Target
6486a92d436cc53a45104816a7b6c04fa0393388f7a4da7dd0f6a037469ec477_NeikiAnalytics.exe
-
Size
88KB
-
MD5
572122dab9f2e7efcd30988c09151880
-
SHA1
1a7deadb2c3252f1908880b0b9024ef1e27e5926
-
SHA256
6486a92d436cc53a45104816a7b6c04fa0393388f7a4da7dd0f6a037469ec477
-
SHA512
446360475286a693edbc4d0938d2deb6ecf3f8a371c09494190fcf07da5da2c0d694d786600c57be3eb7db3182d7b15057f50588a5f0cb4802b54a3cea7259ed
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2iJvRirE0DmoLZsO4EUe:ymb3NkkiQ3mdBjF+3TU2iBRioSnZsTEZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6486a92d436cc53a45104816a7b6c04fa0393388f7a4da7dd0f6a037469ec477_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6486a92d436cc53a45104816a7b6c04fa0393388f7a4da7dd0f6a037469ec477_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhntbb.exec:\hhntbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpp.exec:\pdvpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdp.exec:\vvpdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlfllr.exec:\xxlfllr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddv.exec:\pjddv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppv.exec:\pjppv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrxrf.exec:\rfrrxrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flflxrf.exec:\flflxrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbnb.exec:\nbhbnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvvv.exec:\1jvvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxfxx.exec:\lfrxfxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrflx.exec:\fxlrflx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbhnn.exec:\7nbhnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdp.exec:\jvjdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvjp.exec:\1dvjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxffr.exec:\rxxxffr.exe17⤵
- Executes dropped EXE
-
\??\c:\hbntht.exec:\hbntht.exe18⤵
- Executes dropped EXE
-
\??\c:\nhbhtt.exec:\nhbhtt.exe19⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe20⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe21⤵
- Executes dropped EXE
-
\??\c:\ffxlrrx.exec:\ffxlrrx.exe22⤵
- Executes dropped EXE
-
\??\c:\tththn.exec:\tththn.exe23⤵
- Executes dropped EXE
-
\??\c:\bbthtb.exec:\bbthtb.exe24⤵
- Executes dropped EXE
-
\??\c:\jvpdv.exec:\jvpdv.exe25⤵
- Executes dropped EXE
-
\??\c:\1jjvj.exec:\1jjvj.exe26⤵
- Executes dropped EXE
-
\??\c:\7llxxlf.exec:\7llxxlf.exe27⤵
- Executes dropped EXE
-
\??\c:\hhtbnt.exec:\hhtbnt.exe28⤵
- Executes dropped EXE
-
\??\c:\1pdvj.exec:\1pdvj.exe29⤵
- Executes dropped EXE
-
\??\c:\jpdvd.exec:\jpdvd.exe30⤵
- Executes dropped EXE
-
\??\c:\rrllxxl.exec:\rrllxxl.exe31⤵
- Executes dropped EXE
-
\??\c:\7flllrx.exec:\7flllrx.exe32⤵
- Executes dropped EXE
-
\??\c:\nnhbbt.exec:\nnhbbt.exe33⤵
- Executes dropped EXE
-
\??\c:\9ddvj.exec:\9ddvj.exe34⤵
- Executes dropped EXE
-
\??\c:\pdvpv.exec:\pdvpv.exe35⤵
- Executes dropped EXE
-
\??\c:\7fxlrxf.exec:\7fxlrxf.exe36⤵
- Executes dropped EXE
-
\??\c:\5bbbtt.exec:\5bbbtt.exe37⤵
- Executes dropped EXE
-
\??\c:\5hbbbb.exec:\5hbbbb.exe38⤵
- Executes dropped EXE
-
\??\c:\3dpvj.exec:\3dpvj.exe39⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe40⤵
- Executes dropped EXE
-
\??\c:\1rfflrr.exec:\1rfflrr.exe41⤵
- Executes dropped EXE
-
\??\c:\rllrfrr.exec:\rllrfrr.exe42⤵
- Executes dropped EXE
-
\??\c:\hthnnt.exec:\hthnnt.exe43⤵
- Executes dropped EXE
-
\??\c:\7nntbh.exec:\7nntbh.exe44⤵
- Executes dropped EXE
-
\??\c:\7vddd.exec:\7vddd.exe45⤵
- Executes dropped EXE
-
\??\c:\dpddd.exec:\dpddd.exe46⤵
- Executes dropped EXE
-
\??\c:\lxlrrrx.exec:\lxlrrrx.exe47⤵
- Executes dropped EXE
-
\??\c:\5lffrrx.exec:\5lffrrx.exe48⤵
- Executes dropped EXE
-
\??\c:\nhbnbn.exec:\nhbnbn.exe49⤵
- Executes dropped EXE
-
\??\c:\nbnnbt.exec:\nbnnbt.exe50⤵
- Executes dropped EXE
-
\??\c:\7jjjp.exec:\7jjjp.exe51⤵
- Executes dropped EXE
-
\??\c:\1pvdv.exec:\1pvdv.exe52⤵
- Executes dropped EXE
-
\??\c:\rrlxrfx.exec:\rrlxrfx.exe53⤵
- Executes dropped EXE
-
\??\c:\rlllrrx.exec:\rlllrrx.exe54⤵
- Executes dropped EXE
-
\??\c:\bthbnn.exec:\bthbnn.exe55⤵
- Executes dropped EXE
-
\??\c:\bthhnt.exec:\bthhnt.exe56⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe57⤵
- Executes dropped EXE
-
\??\c:\5pvjd.exec:\5pvjd.exe58⤵
- Executes dropped EXE
-
\??\c:\9rffffl.exec:\9rffffl.exe59⤵
- Executes dropped EXE
-
\??\c:\rrrxrfr.exec:\rrrxrfr.exe60⤵
- Executes dropped EXE
-
\??\c:\thhnnn.exec:\thhnnn.exe61⤵
- Executes dropped EXE
-
\??\c:\thnbbt.exec:\thnbbt.exe62⤵
- Executes dropped EXE
-
\??\c:\vjjjj.exec:\vjjjj.exe63⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe64⤵
- Executes dropped EXE
-
\??\c:\xxffxfx.exec:\xxffxfx.exe65⤵
- Executes dropped EXE
-
\??\c:\xlxflll.exec:\xlxflll.exe66⤵
-
\??\c:\tbnbtn.exec:\tbnbtn.exe67⤵
-
\??\c:\btnntt.exec:\btnntt.exe68⤵
-
\??\c:\jppdd.exec:\jppdd.exe69⤵
-
\??\c:\vpddp.exec:\vpddp.exe70⤵
-
\??\c:\fxfrxxx.exec:\fxfrxxx.exe71⤵
-
\??\c:\xrxfxff.exec:\xrxfxff.exe72⤵
-
\??\c:\3ntbbt.exec:\3ntbbt.exe73⤵
-
\??\c:\3vdjj.exec:\3vdjj.exe74⤵
-
\??\c:\djpjp.exec:\djpjp.exe75⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe76⤵
-
\??\c:\9lxrxfr.exec:\9lxrxfr.exe77⤵
-
\??\c:\rrffllr.exec:\rrffllr.exe78⤵
-
\??\c:\7htttn.exec:\7htttn.exe79⤵
-
\??\c:\3hbbbt.exec:\3hbbbt.exe80⤵
-
\??\c:\djvdd.exec:\djvdd.exe81⤵
-
\??\c:\ddjvv.exec:\ddjvv.exe82⤵
-
\??\c:\lfxxlrx.exec:\lfxxlrx.exe83⤵
-
\??\c:\7fxxlfr.exec:\7fxxlfr.exe84⤵
-
\??\c:\nhtnnn.exec:\nhtnnn.exe85⤵
-
\??\c:\htbnnt.exec:\htbnnt.exe86⤵
-
\??\c:\vjppd.exec:\vjppd.exe87⤵
-
\??\c:\7dvvp.exec:\7dvvp.exe88⤵
-
\??\c:\7rxrrrr.exec:\7rxrrrr.exe89⤵
-
\??\c:\lfrxlfl.exec:\lfrxlfl.exe90⤵
-
\??\c:\bntbhh.exec:\bntbhh.exe91⤵
-
\??\c:\nnhnhb.exec:\nnhnhb.exe92⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe93⤵
-
\??\c:\7vpdv.exec:\7vpdv.exe94⤵
-
\??\c:\jvvdd.exec:\jvvdd.exe95⤵
-
\??\c:\frlxlfl.exec:\frlxlfl.exe96⤵
-
\??\c:\lfxfrlf.exec:\lfxfrlf.exe97⤵
-
\??\c:\3tbbbb.exec:\3tbbbb.exe98⤵
-
\??\c:\nttntn.exec:\nttntn.exe99⤵
-
\??\c:\5dddp.exec:\5dddp.exe100⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe101⤵
-
\??\c:\vdppp.exec:\vdppp.exe102⤵
-
\??\c:\lxrlflr.exec:\lxrlflr.exe103⤵
-
\??\c:\lxxxxfl.exec:\lxxxxfl.exe104⤵
-
\??\c:\htbhtt.exec:\htbhtt.exe105⤵
-
\??\c:\bnnhhh.exec:\bnnhhh.exe106⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe107⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe108⤵
-
\??\c:\5fxxfxf.exec:\5fxxfxf.exe109⤵
-
\??\c:\rflllrr.exec:\rflllrr.exe110⤵
-
\??\c:\lxlflxr.exec:\lxlflxr.exe111⤵
-
\??\c:\nhtbbb.exec:\nhtbbb.exe112⤵
-
\??\c:\jvddd.exec:\jvddd.exe113⤵
-
\??\c:\dpddj.exec:\dpddj.exe114⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe115⤵
-
\??\c:\xlxxxxl.exec:\xlxxxxl.exe116⤵
-
\??\c:\9xrxxxf.exec:\9xrxxxf.exe117⤵
-
\??\c:\nhnnnt.exec:\nhnnnt.exe118⤵
-
\??\c:\nhhbht.exec:\nhhbht.exe119⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe120⤵
-
\??\c:\7pppv.exec:\7pppv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-