Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
24/06/2024, 14:11
General
-
Target
7eb5404402d507e3ab70182391c2ce63662e358a4a99b8b3c0cd688110208920_NeikiAnalytics.exe
-
Size
78KB
-
MD5
25826b5e7e09848461d611c793e42460
-
SHA1
7dc4b8fddcb4075313c5df46f716392ba58172ef
-
SHA256
7eb5404402d507e3ab70182391c2ce63662e358a4a99b8b3c0cd688110208920
-
SHA512
3431018c24f3672782470900acd6219273b04abe48f5079ee9c7ae8f1217bde3638f1c6dd1c95e675dcae408617bee438825b95429821e97c4d628aca0bea28a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73tgygQwKjiawEmBg9t:ymb3NkkiQ3mdBjFo73thgQ/wEk2t
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7eb5404402d507e3ab70182391c2ce63662e358a4a99b8b3c0cd688110208920_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7eb5404402d507e3ab70182391c2ce63662e358a4a99b8b3c0cd688110208920_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxfxrl.exec:\5xxfxrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlllxrl.exec:\xlllxrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhnn.exec:\nnnhnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvj.exec:\jvvvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxllfl.exec:\xxxllfl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffrlff.exec:\xffrlff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjv.exec:\ddvjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjd.exec:\ddpjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrrxx.exec:\xrxrrxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbbt.exec:\tnbbbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhhbb.exec:\5hhhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddj.exec:\pjddj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflxrrf.exec:\lflxrrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbhb.exec:\nbhbhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbbt.exec:\thnbbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpp.exec:\pvvpp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffxfl.exec:\llffxfl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnnbt.exec:\ntnnbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpj.exec:\vjvpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrrrrl.exec:\7xrrrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhbn.exec:\tbnhbn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhtt.exec:\nhbhtt.exe23⤵
- Executes dropped EXE
-
\??\c:\pjjpj.exec:\pjjpj.exe24⤵
- Executes dropped EXE
-
\??\c:\rlfxxrl.exec:\rlfxxrl.exe25⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe26⤵
- Executes dropped EXE
-
\??\c:\pvdpj.exec:\pvdpj.exe27⤵
- Executes dropped EXE
-
\??\c:\rrxrfrr.exec:\rrxrfrr.exe28⤵
- Executes dropped EXE
-
\??\c:\hbhbbt.exec:\hbhbbt.exe29⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe30⤵
- Executes dropped EXE
-
\??\c:\rfflfff.exec:\rfflfff.exe31⤵
- Executes dropped EXE
-
\??\c:\ttnnbt.exec:\ttnnbt.exe32⤵
- Executes dropped EXE
-
\??\c:\rflfrrl.exec:\rflfrrl.exe33⤵
- Executes dropped EXE
-
\??\c:\htnttn.exec:\htnttn.exe34⤵
- Executes dropped EXE
-
\??\c:\llflfff.exec:\llflfff.exe35⤵
- Executes dropped EXE
-
\??\c:\hbttnh.exec:\hbttnh.exe36⤵
- Executes dropped EXE
-
\??\c:\dvjdv.exec:\dvjdv.exe37⤵
- Executes dropped EXE
-
\??\c:\vdjvj.exec:\vdjvj.exe38⤵
- Executes dropped EXE
-
\??\c:\jdddd.exec:\jdddd.exe39⤵
- Executes dropped EXE
-
\??\c:\fxxlrlr.exec:\fxxlrlr.exe40⤵
- Executes dropped EXE
-
\??\c:\thhbtn.exec:\thhbtn.exe41⤵
- Executes dropped EXE
-
\??\c:\hhbtbt.exec:\hhbtbt.exe42⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe43⤵
- Executes dropped EXE
-
\??\c:\frlfrxx.exec:\frlfrxx.exe44⤵
- Executes dropped EXE
-
\??\c:\rfxrrrx.exec:\rfxrrrx.exe45⤵
- Executes dropped EXE
-
\??\c:\3ttnbt.exec:\3ttnbt.exe46⤵
- Executes dropped EXE
-
\??\c:\7hhbbt.exec:\7hhbbt.exe47⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe48⤵
- Executes dropped EXE
-
\??\c:\fxxrllf.exec:\fxxrllf.exe49⤵
- Executes dropped EXE
-
\??\c:\fxrxxxx.exec:\fxrxxxx.exe50⤵
- Executes dropped EXE
-
\??\c:\hbtnhb.exec:\hbtnhb.exe51⤵
- Executes dropped EXE
-
\??\c:\tnhbtn.exec:\tnhbtn.exe52⤵
- Executes dropped EXE
-
\??\c:\5ppdv.exec:\5ppdv.exe53⤵
- Executes dropped EXE
-
\??\c:\jppdv.exec:\jppdv.exe54⤵
- Executes dropped EXE
-
\??\c:\lfxfrxr.exec:\lfxfrxr.exe55⤵
- Executes dropped EXE
-
\??\c:\3nhnhn.exec:\3nhnhn.exe56⤵
- Executes dropped EXE
-
\??\c:\pvdjd.exec:\pvdjd.exe57⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe58⤵
- Executes dropped EXE
-
\??\c:\fxrlxrf.exec:\fxrlxrf.exe59⤵
- Executes dropped EXE
-
\??\c:\frrfxrr.exec:\frrfxrr.exe60⤵
- Executes dropped EXE
-
\??\c:\hhhhth.exec:\hhhhth.exe61⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe62⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe63⤵
- Executes dropped EXE
-
\??\c:\llrlxxr.exec:\llrlxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\flfrlfx.exec:\flfrlfx.exe65⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe66⤵
-
\??\c:\vpppj.exec:\vpppj.exe67⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe68⤵
-
\??\c:\xrxrxxf.exec:\xrxrxxf.exe69⤵
-
\??\c:\tnbthh.exec:\tnbthh.exe70⤵
-
\??\c:\htbttt.exec:\htbttt.exe71⤵
-
\??\c:\1ppjd.exec:\1ppjd.exe72⤵
-
\??\c:\hbhtnh.exec:\hbhtnh.exe73⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe74⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe75⤵
-
\??\c:\5fxfrlf.exec:\5fxfrlf.exe76⤵
-
\??\c:\tnhhhb.exec:\tnhhhb.exe77⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe78⤵
-
\??\c:\1vpdv.exec:\1vpdv.exe79⤵
-
\??\c:\rxxxrll.exec:\rxxxrll.exe80⤵
-
\??\c:\3bhbnh.exec:\3bhbnh.exe81⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe82⤵
-
\??\c:\9jjdd.exec:\9jjdd.exe83⤵
-
\??\c:\flrfxxr.exec:\flrfxxr.exe84⤵
-
\??\c:\rxffxll.exec:\rxffxll.exe85⤵
-
\??\c:\thbbtt.exec:\thbbtt.exe86⤵
-
\??\c:\5vvdd.exec:\5vvdd.exe87⤵
-
\??\c:\5vvpp.exec:\5vvpp.exe88⤵
-
\??\c:\lrrlxrl.exec:\lrrlxrl.exe89⤵
-
\??\c:\tnnnnh.exec:\tnnnnh.exe90⤵
-
\??\c:\nbtnnn.exec:\nbtnnn.exe91⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe92⤵
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe93⤵
-
\??\c:\1lflflx.exec:\1lflflx.exe94⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe95⤵
-
\??\c:\hbnbnh.exec:\hbnbnh.exe96⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe97⤵
-
\??\c:\djjvp.exec:\djjvp.exe98⤵
-
\??\c:\xlffxxr.exec:\xlffxxr.exe99⤵
-
\??\c:\bnbtnb.exec:\bnbtnb.exe100⤵
-
\??\c:\bbtnbt.exec:\bbtnbt.exe101⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe102⤵
-
\??\c:\9lrlllr.exec:\9lrlllr.exe103⤵
-
\??\c:\xxxrfff.exec:\xxxrfff.exe104⤵
-
\??\c:\tnntbt.exec:\tnntbt.exe105⤵
-
\??\c:\5bbtnh.exec:\5bbtnh.exe106⤵
-
\??\c:\djjdp.exec:\djjdp.exe107⤵
-
\??\c:\xllfffx.exec:\xllfffx.exe108⤵
-
\??\c:\5fllflf.exec:\5fllflf.exe109⤵
-
\??\c:\hhhbbt.exec:\hhhbbt.exe110⤵
-
\??\c:\3bbthb.exec:\3bbthb.exe111⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe112⤵
-
\??\c:\xrfxllx.exec:\xrfxllx.exe113⤵
-
\??\c:\frrlxrl.exec:\frrlxrl.exe114⤵
-
\??\c:\tnnhhb.exec:\tnnhhb.exe115⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe116⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe117⤵
-
\??\c:\xxlfxrr.exec:\xxlfxrr.exe118⤵
-
\??\c:\xxrlxrl.exec:\xxrlxrl.exe119⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe120⤵
-
\??\c:\vddvj.exec:\vddvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-