Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
24/06/2024, 10:28
General
-
Target
6486a92d436cc53a45104816a7b6c04fa0393388f7a4da7dd0f6a037469ec477_NeikiAnalytics.exe
-
Size
88KB
-
MD5
572122dab9f2e7efcd30988c09151880
-
SHA1
1a7deadb2c3252f1908880b0b9024ef1e27e5926
-
SHA256
6486a92d436cc53a45104816a7b6c04fa0393388f7a4da7dd0f6a037469ec477
-
SHA512
446360475286a693edbc4d0938d2deb6ecf3f8a371c09494190fcf07da5da2c0d694d786600c57be3eb7db3182d7b15057f50588a5f0cb4802b54a3cea7259ed
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2iJvRirE0DmoLZsO4EUe:ymb3NkkiQ3mdBjF+3TU2iBRioSnZsTEZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6486a92d436cc53a45104816a7b6c04fa0393388f7a4da7dd0f6a037469ec477_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6486a92d436cc53a45104816a7b6c04fa0393388f7a4da7dd0f6a037469ec477_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhhbh.exec:\hnhhbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrrllf.exec:\llrrllf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbnh.exec:\thhbnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjd.exec:\dvpjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lfxlfx.exec:\5lfxlfx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nbhbn.exec:\9nbhbn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnhnn.exec:\3nnhnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdpj.exec:\3jdpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllrxx.exec:\rrllrxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbtb.exec:\tnnbtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvv.exec:\pppvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrrlf.exec:\rlfrrlf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxrllf.exec:\1xxrllf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbnb.exec:\thnbnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjd.exec:\dvpjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxflx.exec:\rrlxflx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnnn.exec:\htnnnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdv.exec:\dvpdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxlffx.exec:\rrxlffx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbbt.exec:\hhbbbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtnn.exec:\ttbtnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfxlff.exec:\9xfxlff.exe23⤵
- Executes dropped EXE
-
\??\c:\jpdpd.exec:\jpdpd.exe24⤵
- Executes dropped EXE
-
\??\c:\fxxxrlx.exec:\fxxxrlx.exe25⤵
- Executes dropped EXE
-
\??\c:\pjpvp.exec:\pjpvp.exe26⤵
- Executes dropped EXE
-
\??\c:\frlfflf.exec:\frlfflf.exe27⤵
- Executes dropped EXE
-
\??\c:\rxrxrlf.exec:\rxrxrlf.exe28⤵
- Executes dropped EXE
-
\??\c:\hbtnhh.exec:\hbtnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\nnbthb.exec:\nnbthb.exe30⤵
- Executes dropped EXE
-
\??\c:\7dddp.exec:\7dddp.exe31⤵
- Executes dropped EXE
-
\??\c:\hnttnh.exec:\hnttnh.exe32⤵
- Executes dropped EXE
-
\??\c:\bnhthh.exec:\bnhthh.exe33⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe34⤵
- Executes dropped EXE
-
\??\c:\lfxlfxl.exec:\lfxlfxl.exe35⤵
- Executes dropped EXE
-
\??\c:\xrrrxfx.exec:\xrrrxfx.exe36⤵
- Executes dropped EXE
-
\??\c:\bnhhnn.exec:\bnhhnn.exe37⤵
- Executes dropped EXE
-
\??\c:\ntntnb.exec:\ntntnb.exe38⤵
- Executes dropped EXE
-
\??\c:\jvjvp.exec:\jvjvp.exe39⤵
- Executes dropped EXE
-
\??\c:\dpvpv.exec:\dpvpv.exe40⤵
- Executes dropped EXE
-
\??\c:\thhtbb.exec:\thhtbb.exe41⤵
- Executes dropped EXE
-
\??\c:\httthb.exec:\httthb.exe42⤵
- Executes dropped EXE
-
\??\c:\3ddvp.exec:\3ddvp.exe43⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe44⤵
- Executes dropped EXE
-
\??\c:\lffrllf.exec:\lffrllf.exe45⤵
- Executes dropped EXE
-
\??\c:\bhnnbh.exec:\bhnnbh.exe46⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe47⤵
- Executes dropped EXE
-
\??\c:\pjjvj.exec:\pjjvj.exe48⤵
- Executes dropped EXE
-
\??\c:\9lllxrr.exec:\9lllxrr.exe49⤵
- Executes dropped EXE
-
\??\c:\nnntnt.exec:\nnntnt.exe50⤵
- Executes dropped EXE
-
\??\c:\nnhtnh.exec:\nnhtnh.exe51⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe52⤵
- Executes dropped EXE
-
\??\c:\lrffxrr.exec:\lrffxrr.exe53⤵
- Executes dropped EXE
-
\??\c:\xfffxrl.exec:\xfffxrl.exe54⤵
- Executes dropped EXE
-
\??\c:\nnnnbb.exec:\nnnnbb.exe55⤵
- Executes dropped EXE
-
\??\c:\tbhhhh.exec:\tbhhhh.exe56⤵
- Executes dropped EXE
-
\??\c:\lxrlxxr.exec:\lxrlxxr.exe57⤵
- Executes dropped EXE
-
\??\c:\llrlfxr.exec:\llrlfxr.exe58⤵
- Executes dropped EXE
-
\??\c:\hnhbtt.exec:\hnhbtt.exe59⤵
- Executes dropped EXE
-
\??\c:\bbnhnt.exec:\bbnhnt.exe60⤵
- Executes dropped EXE
-
\??\c:\jpvvj.exec:\jpvvj.exe61⤵
- Executes dropped EXE
-
\??\c:\rrxxrxr.exec:\rrxxrxr.exe62⤵
- Executes dropped EXE
-
\??\c:\xlrllll.exec:\xlrllll.exe63⤵
- Executes dropped EXE
-
\??\c:\pjdjd.exec:\pjdjd.exe64⤵
- Executes dropped EXE
-
\??\c:\dppjv.exec:\dppjv.exe65⤵
- Executes dropped EXE
-
\??\c:\xrflfff.exec:\xrflfff.exe66⤵
-
\??\c:\llllfxr.exec:\llllfxr.exe67⤵
-
\??\c:\thhnbb.exec:\thhnbb.exe68⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe69⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe70⤵
-
\??\c:\xlfrffx.exec:\xlfrffx.exe71⤵
-
\??\c:\hbnnbt.exec:\hbnnbt.exe72⤵
-
\??\c:\7nnhbb.exec:\7nnhbb.exe73⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe74⤵
-
\??\c:\dddpd.exec:\dddpd.exe75⤵
-
\??\c:\9lrlflf.exec:\9lrlflf.exe76⤵
-
\??\c:\lfxfflf.exec:\lfxfflf.exe77⤵
-
\??\c:\hbtbbt.exec:\hbtbbt.exe78⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe79⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe80⤵
-
\??\c:\rlfrrll.exec:\rlfrrll.exe81⤵
-
\??\c:\rffllfr.exec:\rffllfr.exe82⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe83⤵
-
\??\c:\pdddp.exec:\pdddp.exe84⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe85⤵
-
\??\c:\fxxxlfx.exec:\fxxxlfx.exe86⤵
-
\??\c:\lrflllr.exec:\lrflllr.exe87⤵
-
\??\c:\7bbhbt.exec:\7bbhbt.exe88⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe89⤵
-
\??\c:\lfxrllf.exec:\lfxrllf.exe90⤵
-
\??\c:\lfxrlrf.exec:\lfxrlrf.exe91⤵
-
\??\c:\lrxxxfx.exec:\lrxxxfx.exe92⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe93⤵
-
\??\c:\vdjdj.exec:\vdjdj.exe94⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe95⤵
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe96⤵
-
\??\c:\lflrrrl.exec:\lflrrrl.exe97⤵
-
\??\c:\nbttnn.exec:\nbttnn.exe98⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe99⤵
-
\??\c:\jdddd.exec:\jdddd.exe100⤵
-
\??\c:\9rrrllf.exec:\9rrrllf.exe101⤵
-
\??\c:\rlrlrrr.exec:\rlrlrrr.exe102⤵
-
\??\c:\bnhhhh.exec:\bnhhhh.exe103⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe104⤵
-
\??\c:\vvddv.exec:\vvddv.exe105⤵
-
\??\c:\djjdv.exec:\djjdv.exe106⤵
-
\??\c:\pddvj.exec:\pddvj.exe107⤵
-
\??\c:\lflflfr.exec:\lflflfr.exe108⤵
-
\??\c:\btbttt.exec:\btbttt.exe109⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe110⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe111⤵
-
\??\c:\3lllfrl.exec:\3lllfrl.exe112⤵
-
\??\c:\ffrrrrx.exec:\ffrrrrx.exe113⤵
-
\??\c:\btttnt.exec:\btttnt.exe114⤵
-
\??\c:\1ppdp.exec:\1ppdp.exe115⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe116⤵
-
\??\c:\lfxrxxf.exec:\lfxrxxf.exe117⤵
-
\??\c:\frrlfxl.exec:\frrlfxl.exe118⤵
-
\??\c:\hbnhbb.exec:\hbnhbb.exe119⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe120⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-