Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
24/06/2024, 14:11
General
-
Target
7eb5404402d507e3ab70182391c2ce63662e358a4a99b8b3c0cd688110208920_NeikiAnalytics.exe
-
Size
78KB
-
MD5
25826b5e7e09848461d611c793e42460
-
SHA1
7dc4b8fddcb4075313c5df46f716392ba58172ef
-
SHA256
7eb5404402d507e3ab70182391c2ce63662e358a4a99b8b3c0cd688110208920
-
SHA512
3431018c24f3672782470900acd6219273b04abe48f5079ee9c7ae8f1217bde3638f1c6dd1c95e675dcae408617bee438825b95429821e97c4d628aca0bea28a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73tgygQwKjiawEmBg9t:ymb3NkkiQ3mdBjFo73thgQ/wEk2t
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7eb5404402d507e3ab70182391c2ce63662e358a4a99b8b3c0cd688110208920_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7eb5404402d507e3ab70182391c2ce63662e358a4a99b8b3c0cd688110208920_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdpd.exec:\1pdpd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxllrx.exec:\lrxllrx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tthnt.exec:\5tthnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnthh.exec:\3bnthh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddv.exec:\dvddv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbbn.exec:\ttbbbn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nbnbn.exec:\9nbnbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdpj.exec:\jjdpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvd.exec:\pjpvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffflffx.exec:\ffflffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnthn.exec:\nhnthn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbbh.exec:\thnbbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdj.exec:\pjvdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxlxl.exec:\rrrxlxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxlffr.exec:\flxlffr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntnh.exec:\nhntnh.exe17⤵
- Executes dropped EXE
-
\??\c:\ppdjp.exec:\ppdjp.exe18⤵
- Executes dropped EXE
-
\??\c:\jjvjv.exec:\jjvjv.exe19⤵
- Executes dropped EXE
-
\??\c:\lfrfrxr.exec:\lfrfrxr.exe20⤵
- Executes dropped EXE
-
\??\c:\9rxlrxf.exec:\9rxlrxf.exe21⤵
- Executes dropped EXE
-
\??\c:\bththh.exec:\bththh.exe22⤵
- Executes dropped EXE
-
\??\c:\1vppd.exec:\1vppd.exe23⤵
- Executes dropped EXE
-
\??\c:\dvdpj.exec:\dvdpj.exe24⤵
- Executes dropped EXE
-
\??\c:\llrflrf.exec:\llrflrf.exe25⤵
- Executes dropped EXE
-
\??\c:\tthhtt.exec:\tthhtt.exe26⤵
- Executes dropped EXE
-
\??\c:\hbtttt.exec:\hbtttt.exe27⤵
- Executes dropped EXE
-
\??\c:\ddvvd.exec:\ddvvd.exe28⤵
- Executes dropped EXE
-
\??\c:\fxrlxfx.exec:\fxrlxfx.exe29⤵
- Executes dropped EXE
-
\??\c:\xfxxxfl.exec:\xfxxxfl.exe30⤵
- Executes dropped EXE
-
\??\c:\btnntb.exec:\btnntb.exe31⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe32⤵
- Executes dropped EXE
-
\??\c:\jjvdd.exec:\jjvdd.exe33⤵
- Executes dropped EXE
-
\??\c:\lxlxllx.exec:\lxlxllx.exe34⤵
- Executes dropped EXE
-
\??\c:\hnbbbt.exec:\hnbbbt.exe35⤵
- Executes dropped EXE
-
\??\c:\5tbttn.exec:\5tbttn.exe36⤵
- Executes dropped EXE
-
\??\c:\nhttbb.exec:\nhttbb.exe37⤵
- Executes dropped EXE
-
\??\c:\1ddjj.exec:\1ddjj.exe38⤵
- Executes dropped EXE
-
\??\c:\7rrrffl.exec:\7rrrffl.exe39⤵
- Executes dropped EXE
-
\??\c:\llxfxfr.exec:\llxfxfr.exe40⤵
- Executes dropped EXE
-
\??\c:\btnhnh.exec:\btnhnh.exe41⤵
- Executes dropped EXE
-
\??\c:\bbtnbb.exec:\bbtnbb.exe42⤵
- Executes dropped EXE
-
\??\c:\jjjjp.exec:\jjjjp.exe43⤵
- Executes dropped EXE
-
\??\c:\dpdvd.exec:\dpdvd.exe44⤵
- Executes dropped EXE
-
\??\c:\frxxxxf.exec:\frxxxxf.exe45⤵
- Executes dropped EXE
-
\??\c:\3llxlrx.exec:\3llxlrx.exe46⤵
- Executes dropped EXE
-
\??\c:\7bbbbt.exec:\7bbbbt.exe47⤵
- Executes dropped EXE
-
\??\c:\bttttb.exec:\bttttb.exe48⤵
- Executes dropped EXE
-
\??\c:\jvjjd.exec:\jvjjd.exe49⤵
- Executes dropped EXE
-
\??\c:\pdjdj.exec:\pdjdj.exe50⤵
- Executes dropped EXE
-
\??\c:\xrfrxxl.exec:\xrfrxxl.exe51⤵
- Executes dropped EXE
-
\??\c:\3xrxfff.exec:\3xrxfff.exe52⤵
- Executes dropped EXE
-
\??\c:\bbtbhn.exec:\bbtbhn.exe53⤵
- Executes dropped EXE
-
\??\c:\hbnhbb.exec:\hbnhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\jjvdj.exec:\jjvdj.exe55⤵
- Executes dropped EXE
-
\??\c:\rrxlrrr.exec:\rrxlrrr.exe56⤵
- Executes dropped EXE
-
\??\c:\lfrlxfr.exec:\lfrlxfr.exe57⤵
- Executes dropped EXE
-
\??\c:\1lfrlfl.exec:\1lfrlfl.exe58⤵
- Executes dropped EXE
-
\??\c:\bbntbh.exec:\bbntbh.exe59⤵
- Executes dropped EXE
-
\??\c:\bttbtb.exec:\bttbtb.exe60⤵
- Executes dropped EXE
-
\??\c:\dddjd.exec:\dddjd.exe61⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe62⤵
- Executes dropped EXE
-
\??\c:\frffrrf.exec:\frffrrf.exe63⤵
- Executes dropped EXE
-
\??\c:\fxlxfll.exec:\fxlxfll.exe64⤵
- Executes dropped EXE
-
\??\c:\hthntb.exec:\hthntb.exe65⤵
- Executes dropped EXE
-
\??\c:\7nhnbb.exec:\7nhnbb.exe66⤵
-
\??\c:\pjppd.exec:\pjppd.exe67⤵
-
\??\c:\1vdvd.exec:\1vdvd.exe68⤵
-
\??\c:\9ddjj.exec:\9ddjj.exe69⤵
-
\??\c:\rlfrxfr.exec:\rlfrxfr.exe70⤵
-
\??\c:\rlxffrf.exec:\rlxffrf.exe71⤵
-
\??\c:\1tnbbn.exec:\1tnbbn.exe72⤵
-
\??\c:\nhhttt.exec:\nhhttt.exe73⤵
-
\??\c:\ddppp.exec:\ddppp.exe74⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe75⤵
-
\??\c:\ffrxllr.exec:\ffrxllr.exe76⤵
-
\??\c:\5xrfllx.exec:\5xrfllx.exe77⤵
-
\??\c:\7frlrfr.exec:\7frlrfr.exe78⤵
-
\??\c:\5thhnt.exec:\5thhnt.exe79⤵
-
\??\c:\9hhtht.exec:\9hhtht.exe80⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe81⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe82⤵
-
\??\c:\9dppv.exec:\9dppv.exe83⤵
-
\??\c:\lxrffll.exec:\lxrffll.exe84⤵
-
\??\c:\xfrxfrf.exec:\xfrxfrf.exe85⤵
-
\??\c:\bbnbhh.exec:\bbnbhh.exe86⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe87⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe88⤵
-
\??\c:\vjddd.exec:\vjddd.exe89⤵
-
\??\c:\9frxffr.exec:\9frxffr.exe90⤵
-
\??\c:\frrrllf.exec:\frrrllf.exe91⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe92⤵
-
\??\c:\nntbtt.exec:\nntbtt.exe93⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe94⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe95⤵
-
\??\c:\1rlxffr.exec:\1rlxffr.exe96⤵
-
\??\c:\rfrxllx.exec:\rfrxllx.exe97⤵
-
\??\c:\5nhthn.exec:\5nhthn.exe98⤵
-
\??\c:\flrrrll.exec:\flrrrll.exe99⤵
-
\??\c:\hbtntt.exec:\hbtntt.exe100⤵
-
\??\c:\dpddv.exec:\dpddv.exe101⤵
-
\??\c:\dvddj.exec:\dvddj.exe102⤵
-
\??\c:\rllxrxr.exec:\rllxrxr.exe103⤵
-
\??\c:\9fxlxxf.exec:\9fxlxxf.exe104⤵
-
\??\c:\btnbhh.exec:\btnbhh.exe105⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe106⤵
-
\??\c:\ppvdp.exec:\ppvdp.exe107⤵
-
\??\c:\9vvjd.exec:\9vvjd.exe108⤵
-
\??\c:\7jvvv.exec:\7jvvv.exe109⤵
-
\??\c:\lfxxllf.exec:\lfxxllf.exe110⤵
-
\??\c:\frrrxff.exec:\frrrxff.exe111⤵
-
\??\c:\btthnn.exec:\btthnn.exe112⤵
-
\??\c:\nhntbn.exec:\nhntbn.exe113⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe114⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe115⤵
-
\??\c:\frrlrfl.exec:\frrlrfl.exe116⤵
-
\??\c:\fxllxfl.exec:\fxllxfl.exe117⤵
-
\??\c:\9fllrlr.exec:\9fllrlr.exe118⤵
-
\??\c:\1nthnn.exec:\1nthnn.exe119⤵
-
\??\c:\vjddd.exec:\vjddd.exe120⤵
-
\??\c:\7vddd.exec:\7vddd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-